Description:
==917== Conditional jump or move depends on uninitialised value(s)
==917== at 0xEACDEA: my_wildcmp_unicode_impl (ctype-utf8.c:4937)
==917== by 0xEAD1AF: my_wildcmp_unicode (ctype-utf8.c:5060)
==917== by 0xEAE898: my_wildcmp_utf8 (ctype-utf8.c:5994)
==917== by 0x690EBC: Item_func_like::val_int() (item_cmpfunc.cc:5297)
==917== by 0x66E5B3: Item::send(Protocol*, String*) (item.cc:6936)
==917== by 0x72F963: Protocol::send_result_set_row(List<Item>*) (protocol.cc:844)
==917== by 0x7A13AC: select_send::send_data(List<Item>&) (sql_class.cc:2526)
==917== by 0x7B8539: JOIN::exec() (sql_executor.cc:151)
==917== by 0x81BC5E: mysql_execute_select(THD*, st_select_lex*, bool) (sql_select.cc:1101)
==917== by 0x81BF50: mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, SQL_I_List<st_order>*, SQL_I_List<st_order>*, Item*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:1222)
==917== by 0x81A049: handle_select(THD*, select_result*, unsigned long) (sql_select.cc:110)
==917== by 0x7F277F: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5237)
==917== by 0x7EB005: mysql_execute_command(THD*) (sql_parse.cc:2695)
==917== by 0x7F528B: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:6489)
==917== by 0x7E8005: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1377)
==917== by 0x7E7037: do_command(THD*) (sql_parse.cc:1040)
==917== by 0x20973B67: threadpool_process_request(THD*) (threadpool_common.cc:321)
==917== by 0x20976A37: handle_event(connection_t*) (threadpool_unix.cc:1611)
==917== by 0x20976C94: worker_main(void*) (threadpool_unix.cc:1664)
==917== by 0xB99FDC: pfs_spawn_thread (pfs.cc:1860)
==917== by 0x5043DC4: start_thread (in /usr/lib64/libpthread-2.17.so)
==917== by 0x61AC21C: clone (in /usr/lib64/libc-2.17.so)
==917== Uninitialised value was created by a client request
==917== at 0xAC907F: free_root (my_alloc.c:391)
==917== by 0x7E95AF: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1829)
==917== by 0x7E7037: do_command(THD*) (sql_parse.cc:1040)
==917== by 0x20973B67: threadpool_process_request(THD*) (threadpool_common.cc:321)
==917== by 0x20976A37: handle_event(connection_t*) (threadpool_unix.cc:1611)
==917== by 0x20976C94: worker_main(void*) (threadpool_unix.cc:1664)
==917== by 0xB99FDC: pfs_spawn_thread (pfs.cc:1860)
==917== by 0x5043DC4: start_thread (in /usr/lib64/libpthread-2.17.so)
==917== by 0x61AC21C: clone (in /usr/lib64/libc-2.17.so)
How to repeat:
pquery is random execute sql statement, so it hard to find which statement cause this issue,but it happened every day in my daily test.
Suggested fix:
my_wildcmp_unicode_impl (ctype-utf8.c:4937)
if (w_wc == (my_wc_t) escape && wildstr < wildend)
escape is not initialized
my_wildcmp_unicode_impl (ctype-utf8.c:4937) call from
my_wildcmp_unicode (ctype-utf8.c:5060)
my_wildcmp_unicode(const CHARSET_INFO *cs,
const char *str,const char *str_end,
const char *wildstr,const char *wildend,
int escape, int w_one, int w_many,
MY_UNICASE_INFO *weights)
{
return my_wildcmp_unicode_impl(cs, str, str_end,
wildstr, wildend,
escape, w_one, w_many, weights, 1);
}
escape not initialized in this layer
next layer is
static
int my_wildcmp_utf8(const CHARSET_INFO *cs,
const char *str,const char *str_end,
const char *wildstr,const char *wildend,
int escape, int w_one, int w_many)
{
MY_UNICASE_INFO *uni_plane= cs->caseinfo;
return my_wildcmp_unicode(cs,str,str_end,wildstr,wildend,
escape,w_one,w_many,uni_plane);
}
escape not initialized in this layer
next layer
longlong Item_func_like::val_int()
{
DBUG_ASSERT(fixed == 1);
String* res = args[0]->val_str(&cmp.value1);
if (args[0]->null_value)
{
null_value=1;
return 0;
}
String* res2 = args[1]->val_str(&cmp.value2);
if (args[1]->null_value)
{
null_value=1;
return 0;
}
null_value=0;
if (canDoTurboBM)
return turboBM_matches(res->ptr(), res->length()) ? 1 : 0;
return my_wildcmp(cmp.cmp_collation.collation,
res->ptr(),res->ptr()+res->length(),
res2->ptr(),res2->ptr()+res2->length(),
escape,wild_one,wild_many) ? 0 : 1;
}
escape not initialized in this layer
longlong val_int() is from class Item_func_like and class Item_func_like have no initialized escape
class Item_func_like :public Item_bool_func2
{
// Turbo Boyer-Moore data
bool canDoTurboBM; // pattern is '%abcd%' case
const char* pattern;
int pattern_len;
// TurboBM buffers, *this is owner
int* bmGs; // good suffix shift table, size is pattern_len + 1
int* bmBc; // bad character shift table, size is alphabet_size
void turboBM_compute_suffixes(int* suff);
void turboBM_compute_good_suffix_shifts(int* suff);
void turboBM_compute_bad_character_shifts();
bool turboBM_matches(const char* text, int text_len) const;
enum { alphabet_size = 256 };
Item *escape_item;
bool escape_used_in_parsing;
public:
int escape;
Item_func_like(Item *a,Item *b, Item *escape_arg, bool escape_used)
:Item_bool_func2(a,b), canDoTurboBM(FALSE), pattern(0), pattern_len(0),
bmGs(0), bmBc(0), escape_item(escape_arg),
escape_used_in_parsing(escape_used) {}
longlong val_int();
enum Functype functype() const { return LIKE_FUNC; }
optimize_type select_optimize() const;
cond_result eq_cmp_result() const { return COND_TRUE; }
const char *func_name() const { return "like"; }
bool fix_fields(THD *thd, Item **ref);
void cleanup();
/**
@retval true non default escape char specified
using "expr LIKE pat ESCAPE 'escape_char'" syntax
*/
bool escape_was_used_in_parsing() const { return escape_used_in_parsing; }
};