Bug #69202 Valgrind warnings in inflate on UNCOMPRESS
Submitted: 11 May 2013 16:40 Modified: 9 Nov 2014 22:58
Reporter: Elena Stepanova Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: DML Severity:S3 (Non-critical)
Version:5.5, 5.6, 5.7 OS:Any
Assigned to: CPU Architecture:Any

[11 May 2013 16:40] Elena Stepanova
Description:
==22271== Thread 18:
==22271== Conditional jump or move depends on uninitialised value(s)
==22271==    at 0xE2F576: inflate (inflate.c:611)
==22271==    by 0xE36394: uncompress (uncompr.c:50)
==22271==    by 0x6DAF7D: Item_func_uncompress::val_str(String*) (item_strfunc.cc:4181)
==22271==    by 0x65F38E: Item::send(Protocol*, String*) (item.cc:6750)
==22271==    by 0x71C837: Protocol::send_result_set_row(List<Item>*) (protocol.cc:847)
==22271==    by 0x787248: select_send::send_data(List<Item>&) (sql_class.cc:2473)
==22271==    by 0x79BB66: JOIN::exec() (sql_executor.cc:148)
==22271==    by 0x7EE735: mysql_execute_select(THD*, st_select_lex*, bool) (sql_select.cc:1100)
==22271==    by 0x7EEA32: mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, SQL_I_List<st_order>*, SQL_I_List<st_order>*, Item*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:1221)
==22271==    by 0x7ECA8B: handle_select(THD*, select_result*, unsigned long) (sql_select.cc:110)
==22271==    by 0x7C6C93: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:4846)
==22271==    by 0x7BFA61: mysql_execute_command(THD*) (sql_parse.cc:2461)
==22271==    by 0x7C9393: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5994)
==22271==    by 0x7BCEFA: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1331)
==22271==    by 0x7BC0A0: do_command(THD*) (sql_parse.cc:1028)
==22271==    by 0x791908: do_handle_one_connection(THD*) (sql_connect.cc:982)

Stack trace from 5.7 revno 5216

How to repeat:
SELECT UNCOMPRESS( CAST( 0 AS BINARY(5) ) );
[11 May 2013 17:48] MySQL Verification Team
fyi: http://www.zlib.net/zlib_faq.html#faq36

We Need to check via examination of the code if/what really is being used as uninitialized here and whether it matters?
[2 May 2014 5:57] Erlend Dahl
It reproduces on latest 5.7, so I guess we can set the report to 'verified' at least.
[6 Jun 2014 2:45] Paul DuBois
Noted in 5.7.5 changelog.

Calls to UNCOMPRESS() produced Valgrind warnings during verification
of the zip header of the compressed data.
[9 Nov 2014 22:58] Elena Stepanova
revno: 8002
revision-id: tor.didriksen@oracle.com-20140513113847-4ibrwic6moadne9v
parent: anitha.gopi@oracle.com-20140513113110-zaw6h206p2tn93bx
committer: Tor Didriksen <tor.didriksen@oracle.com>
branch nick: trunk-valgrind
timestamp: Tue 2014-05-13 13:38:47 +0200
message:
  Bug#18693654 VALGRIND WARNINGS IN INFLATE ON UNCOMPRESS
  
  The value of the sourceLen argument to uncompress() was wrong,
  and we got valgrind warnings when trying to verify the zip header of the compressed data.