Bug #61986 Valgrind errors in various ctype tests 5.5 rev 3477
Submitted: 26 Jul 2011 14:30 Modified: 11 Apr 2018 11:55
Reporter: Laurynas Biveinis (OCA) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Charsets Severity:S3 (Non-critical)
Version:5.5.16 OS:Linux
Assigned to: CPU Architecture:Any
Triage: Needs Triage: D1 (Critical)

[26 Jul 2011 14:30] Laurynas Biveinis
Description:
The failing tests are ctype_cp1251, ctype_ucs, ctype_utf16, ctype_utf32.

Some of the backtraces repeat between the tests.

main.ctype_cp1251                        w1 [ fail ]  Found warnings/errors in server log file!
        Test ended at 2011-07-22 05:16:05
line
==15746== Thread 15:
==15746== Conditional jump or move depends on uninitialised value(s)
==15746==    at 0x9F9E83: my_strtod (dtoa.c:1409)
==15746==    by 0x68DBB6: Field_float::store(char const*, unsigned int, charset_info_st*) (field.cc:4120)
==15746==    by 0x6A70C7: Item::save_in_field(Field*, bool) (item.cc:5439)
==15746==    by 0x77B7FC: sp_eval_expr(THD*, Field*, Item**) (sp_head.cc:404)
==15746==    by 0x779BC9: sp_instr_freturn::exec_core(THD*, unsigned int*) (sp_head.cc:3456)
==15746==    by 0x780368: sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned int*, bool, sp_instr*) (sp_head.cc:2959)
==15746==    by 0x77C86A: sp_head::execute(THD*, bool) (sp_head.cc:1420)
==15746==    by 0x77D8D0: sp_head::execute_function(THD*, Item**, unsigned int, Field*) (sp_head.cc:1941)
==15746==    by 0x6F46E4: Item_func_sp::execute_impl(THD*) (item_func.cc:6410)
==15746==    by 0x6F47A4: Item_func_sp::execute() (item_func.cc:6339)
==15746==    by 0x6FC600: Item_func_sp::val_real() (item_func.h:1796)
==15746==    by 0x6F24A4: Item_func_set_user_var::check(bool) (item_func.cc:4534)
==15746==    by 0x5236EA: set_var_user::check(THD*) (set_var.cc:688)
==15746==    by 0x5247F1: sql_set_variables(THD*, List<set_var_base>*) (set_var.cc:570)
==15746==    by 0x589200: mysql_execute_command(THD*) (sql_parse.cc:3169)
==15746==    by 0x58F442: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5680)

main.ctype_ucs                           w1 [ fail ]  Found warnings/errors in server log file!
        Test ended at 2011-07-24 08:43:30
line
==6070== Thread 13:
==6070== Conditional jump or move depends on uninitialised value(s)
==6070==    at 0x9D2ED3: my_strtod (dtoa.c:1409)
==6070==    by 0x9C43A4: my_strntod_mb2_or_mb4 (ctype-ucs2.c:553)
==6070==    by 0x67E635: Field_varstring::val_real() (field.cc:6844)
==6070==    by 0x6E4B7B: Item_func_plus::real_op() (item_func.cc:1129)
==6070==    by 0x6DE7E0: Item_func_numhybrid::val_real() (item_func.cc:832)
==6070==    by 0x69E5ED: Item::save_in_field(Field*, bool) (item.cc:5512)
==6070==    by 0x5507A3: fill_record_n_invoke_before_triggers(THD*, List<Item>&, List<Item>&, bool, Table_triggers_list*, trg_event_type) (sql_base.cc:8543)
==6070==    by 0x5FDB4B: mysql_update(THD*, TABLE_LIST*, List<Item>&, List<Item>&, Item*, unsigned int, st_order*, unsigned long long, enum_duplicates, bool, unsigned long long*, unsigned long long*) (sql_update.cc:654)
==6070==    by 0x5889C1: mysql_execute_command(THD*) (sql_parse.cc:2728)
==6070==    by 0x58D1F7: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5548)
==6070==    by 0x58E5BF: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1034)
==6070==    by 0x629D9E: do_handle_one_connection(THD*) (sql_connect.cc:789)
==6070==    by 0x629E50: handle_one_connection (sql_connect.cc:708)
==6070==    by 0x9543F8: pfs_spawn_thread (pfs.cc:1015)
==6070==    by 0x5037D8B: start_thread (pthread_create.c:304)
==6070==    by 0x610704C: clone (clone.S:112)
==6070== Conditional jump or move depends on uninitialised value(s)
==6070==    at 0x9D2ED3: my_strtod (dtoa.c:1409)
==6070==    by 0x9C43A4: my_strntod_mb2_or_mb4 (ctype-ucs2.c:553)
==6070==    by 0x6856E6: Field_float::store(char const*, unsigned int, charset_info_st*) (field.cc:4121)
==6070==    by 0x69E4F7: Item::save_in_field(Field*, bool) (item.cc:5498)
==6070==    by 0x77285C: sp_eval_expr(THD*, Field*, Item**) (sp_head.cc:405)
==6070==    by 0x770C29: sp_instr_freturn::exec_core(THD*, unsigned int*) (sp_head.cc:3473)
==6070==    by 0x7773C8: sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned int*, bool, sp_instr*) (sp_head.cc:2976)
==6070==    by 0x7738CA: sp_head::execute(THD*, bool) (sp_head.cc:1421)
==6070==    by 0x774930: sp_head::execute_function(THD*, Item**, unsigned int, Field*) (sp_head.cc:1942)
==6070==    by 0x6EBCBC: Item_func_sp::execute_impl(THD*) (item_func.cc:6424)
==6070==    by 0x6EBD84: Item_func_sp::execute() (item_func.cc:6353)
==6070==    by 0x6F3BE0: Item_func_sp::val_real() (item_func.h:1796)
==6070==    by 0x6EA174: Item_func_set_user_var::check(bool) (item_func.cc:4547)
==6070==    by 0x52228A: set_var_user::check(THD*) (set_var.cc:689)
==6070==    by 0x523391: sql_set_variables(THD*, List<set_var_base>*) (set_var.cc:571)
==6070==    by 0x587100: mysql_execute_command(THD*) (sql_parse.cc:3105)

main.ctype_utf16                         w1 [ fail ]  Found warnings/errors in server log file!
        Test ended at 2011-07-24 08:48:50
line
==11362== Thread 13:
==11362== Conditional jump or move depends on uninitialised value(s)
==11362==    at 0x9D2ED3: my_strtod (dtoa.c:1409)
==11362==    by 0x9C43A4: my_strntod_mb2_or_mb4 (ctype-ucs2.c:553)
==11362==    by 0x6A64E7: double_from_string_with_check(charset_info_st*, char const*, char*) (item.cc:2656)
==11362==    by 0x6E4B91: Item_func_plus::real_op() (item_func.cc:1129)
==11362==    by 0x6DE7E0: Item_func_numhybrid::val_real() (item_func.cc:832)
==11362==    by 0x69C1CB: Item::send(Protocol*, String*) (item.cc:5998)
==11362==    by 0x51E460: Protocol::send_result_set_row(List<Item>*) (protocol.cc:845)
==11362==    by 0x55B9D6: select_send::send_data(List<Item>&) (sql_class.cc:2126)
==11362==    by 0x5C8876: JOIN::exec() (sql_select.cc:1866)
==11362==    by 0x5C3A02: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2579)
==11362==    by 0x5C9E94: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:297)
==11362==    by 0x580D3D: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:4511)
==11362==    by 0x58881E: mysql_execute_command(THD*) (sql_parse.cc:2118)
==11362==    by 0x58D1F7: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5548)
==11362==    by 0x58E5BF: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1034)
==11362==    by 0x629D9E: do_handle_one_connection(THD*) (sql_connect.cc:789)

ctype_utf32 backtrace is identical to that of ctype_utf16

How to repeat:
cmake options: -DWITH_VALGRIND=ON, -DHAVE_purify in CFLAGS and CXXFLAGS
[1 Aug 2011 8:10] Shane Bester
I reported at least one occurrence of this bug report in:

Bug 12819417 - UTF16: UNINITIALIZED VALUE CREATED IN MY_STRNTOD_MB2_OR_MB4 USED IN MY_STRTOD

The testcase was:

drop table if exists `t`;
create table `t`(`a` text character set utf16 collate utf16_turkish_ci not
null)engine=myisam;
insert into `t` values (0x0030002E0032003800390031);
select 1 from `t` t91 where `a` >= 1;
[10 Aug 2011 18:04] Sveta Smirnova
Thank you for the report.

Verified as described using compile options provided in bug #61985
[25 Jun 2014 8:37] Laurynas Biveinis
Still happens with 5.5.38, Ubuntu 14.04

Server built with -DWITH_DEBUG=ON -DWITH_VALGRIND=ON -DCMAKE_C_FLAGS=-DHAVE_purify -DCMAKE_CXX_FLAGS=-DHAVE_purify -DBUILD_CONFIG=mysql_release -DFEATURE_SET=community -DWITH_EMBEDDED_SERVER=OFF -DENABLE_DTRACE=OFF -DWITH_EXAMPLE_STORAGE_ENGINE=1 -DWITH_SSL=system

main.ctype_eucjpms                       [ fail ]  Found warnings/errors in server log file!
        Test ended at 2014-06-25 11:34:38
line
==1327== Thread 13:
==1327== Syscall param write(buf) points to uninitialised byte(s)
==1327==    at 0x504835D: ??? (syscall-template.S:81)
==1327==    by 0x7E52DE: my_write (my_write.c:43)
==1327==    by 0x7CDD16: my_b_flush_io_cache (mysql_file.h:1134)
==1327==    by 0x7CE390: _my_b_write (mf_iocache.c:1549)
==1327==    by 0x6A06D1: write_keys(st_sort_param*, unsigned char**, unsigned int, st_io_cache*, st_io_cache*) (filesort.cc:760)
==1327==    by 0x6A29CC: filesort(THD*, TABLE*, st_sort_field*, unsigned int, SQL_SELECT*, unsigned long long, bool, unsigned long long*) (filesort.cc:662)
==1327==    by 0x5BDD1F: create_sort_index(THD*, JOIN*, st_order*, unsigned long long, unsigned long long, bool) (sql_select.cc:14254)
==1327==    by 0x5D0C4C: JOIN::exec() (sql_select.cc:2354)
==1327==    by 0x5CAD39: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2604)
==1327==    by 0x5CAF30: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:297)
==1327==    by 0x5815B6: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:4625)
==1327==    by 0x587A80: mysql_execute_command(THD*) (sql_parse.cc:2176)
==1327==    by 0x58F20B: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5662)
==1327==    by 0x590A96: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1038)
==1327==    by 0x592905: do_command(THD*) (sql_parse.cc:773)
==1327==    by 0x63DEAD: do_handle_one_connection(THD*) (sql_connect.cc:862)
==1327==  Address 0x10abaf57 is 23 bytes inside a block of size 65,536 alloc'd
==1327==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1327==    by 0x7E13D4: my_malloc (my_malloc.c:38)
==1327==    by 0x7CD4E1: init_io_cache (mf_iocache.c:232)
==1327==    by 0x7CAB06: open_cached_file (mf_cache.c:69)
==1327==    by 0x6A0640: write_keys(st_sort_param*, unsigned char**, unsigned int, st_io_cache*, st_io_cache*) (filesort.cc:750)
==1327==    by 0x6A29CC: filesort(THD*, TABLE*, st_sort_field*, unsigned int, SQL_SELECT*, unsigned long long, bool, unsigned long long*) (filesort.cc:662)
==1327==    by 0x5BDD1F: create_sort_index(THD*, JOIN*, st_order*, unsigned long long, unsigned long long, bool) (sql_select.cc:14254)
==1327==    by 0x5D0C4C: JOIN::exec() (sql_select.cc:2354)
==1327==    by 0x5CAD39: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2604)
==1327==    by 0x5CAF30: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:297)
==1327==    by 0x5815B6: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:4625)
==1327==    by 0x587A80: mysql_execute_command(THD*) (sql_parse.cc:2176)
==1327==    by 0x58F20B: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5662)
==1327==    by 0x590A96: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1038)
==1327==    by 0x592905: do_command(THD*) (sql_parse.cc:773)
==1327==    by 0x63DEAD: do_handle_one_connection(THD*) (sql_connect.cc:862)
[25 Jun 2014 8:39] Laurynas Biveinis
Hm, even though it is a ctype test, the Valgrind stacktrace is different. Probably a wrong bug to comment on.
[11 Apr 2018 11:55] Paul Dubois
Posted by developer:
 
Fixed in 5.5.26.

Code cleanup. No changelog entry needed.