Bug #93617 Conditional jump or depends on uninitialized value(s) in Field_num::Field_num
Submitted: 14 Dec 2018 15:00 Modified: 22 Jan 2019 13:24
Reporter: Laurynas Biveinis (OCA) Email Updates:
Status: Can't repeat Impact on me:
None 
Category:MySQL Server: Replication Severity:S3 (Non-critical)
Version:8.0.13 OS:Any
Assigned to: CPU Architecture:Any
Tags: valgrind

[14 Dec 2018 15:00] Laurynas Biveinis 
Description:
[ 33%] rpl.rpl_json 'mix'                       [ fail ]  Found warnings/errors in server log file!
        Test ended at 2018-12-14 16:57:30
line
==25356== Thread 38:
==25356== Conditional jump or move depends on uninitialised value(s)
==25356==    at 0x2F4FAFD: Field_num::Field_num(unsigned char*, unsigned int, unsigned char*, unsigned char, unsigned char, char const*, unsigned char, bool, bool) (field.cc:1327)
==25356==    by 0x2F7443F: Field_longlong::Field_longlong(unsigned char*, unsigned int, unsigned char*, unsigned char, unsigned char, char const*, bool, bool) (field.h:2325)
==25356==    by 0x2F6F677: make_field(TABLE_SHARE*, unsigned char*, unsigned long, unsigned char*, unsigned char, enum_field_types, CHARSET_INFO const*, Field::geometry_type, unsigned char, TYPELIB*, char const*, bool, bool, bool, unsigned int, bool, unsigned int, Mysql::Nullable<unsigned int>) (field.cc:9956)
==25356==    by 0x2F70094: make_field(Create_field const&, TABLE_SHARE*, char const*, unsigned long, unsigned char*, unsigned char*, unsigned long) (field.cc:10017)
==25356==    by 0x2F7015F: make_field(Create_field const&, TABLE_SHARE*, unsigned char*, unsigned char*, unsigned long) (field.cc:10030)
==25356==    by 0x2D409E1: create_tmp_table_from_fields(THD*, List<Create_field>&, bool, unsigned long long, char const*) (sql_tmp_table.cc:1945)
==25356==    by 0x32467B6: Table_function::create_result_table(unsigned long long, char const*) (table_function.cc:66)
==25356==    by 0x3215D7B: TABLE_LIST::setup_table_function(THD*) (sql_derived.cc:647)
==25356==    by 0x2CA251D: SELECT_LEX::resolve_placeholder_tables(THD*, bool) (sql_resolver.cc:1003)
==25356==    by 0x2C9FD8E: SELECT_LEX::prepare(THD*) (sql_resolver.cc:206)
==25356==    by 0x2D52888: SELECT_LEX_UNIT::prepare(THD*, Query_result*, unsigned long long, unsigned long long) (sql_union.cc:563)
==25356==    by 0x3225573: Sql_cmd_insert_base::prepare_inner(THD*) (sql_insert.cc:1294)
==25356==    by 0x2CB2371: Sql_cmd_dml::prepare(THD*) (sql_select.cc:405)
==25356==    by 0x2CB29DC: Sql_cmd_dml::execute(THD*) (sql_select.cc:533)
==25356==    by 0x2C4B0C8: mysql_execute_command(THD*, bool) (sql_parse.cc:3325)
==25356==    by 0x2C50FFD: mysql_parse(THD*, Parser_state*, bool) (sql_parse.cc:5041)
==25356==  Uninitialised value was created by a heap allocation
==25356==    at 0x713574F: malloc (vg_replace_malloc.c:299)
==25356==    by 0x417D43A: my_raw_malloc(unsigned long, int) (my_malloc.cc:199)
==25356==    by 0x417D092: my_malloc(unsigned int, unsigned long, int) (my_malloc.cc:81)
==25356==    by 0x4174917: MEM_ROOT::AllocBlock(unsigned long) (my_alloc.cc:72)
==25356==    by 0x4174A39: MEM_ROOT::AllocSlow(unsigned long) (my_alloc.cc:100)
==25356==    by 0x2ACD4FE: MEM_ROOT::Alloc(unsigned long) (my_alloc.h:154)
==25356==    by 0x2E1C0C7: alloc_root(MEM_ROOT*, unsigned long) (my_alloc.h:315)
==25356==    by 0x2E6BF77: Parse_tree_node_tmpl<Parse_context>::operator new(unsigned long, MEM_ROOT*, std::nothrow_t const&) (parse_tree_node_base.h:129)
==25356==    by 0x2E3B15C: MYSQLparse(THD*, Parse_tree_root**) (sql_yacc.yy:10832)
==25356==    by 0x2BBD797: THD::sql_parser() (sql_class.cc:2790)
==25356==    by 0x2C55A76: parse_sql(THD*, Parser_state*, Object_creation_ctx*) (sql_parse.cc:6797)
==25356==    by 0x2C50AEA: mysql_parse(THD*, Parser_state*, bool) (sql_parse.cc:4947)
==25356==    by 0x2C465E6: dispatch_command(THD*, COM_DATA const*, enum_server_command) (sql_parse.cc:1687)
==25356==    by 0x2C44C68: do_command(THD*) (sql_parse.cc:1260)
==25356==    by 0x2DF98C9: handle_connection (connection_handler_per_thread.cc:308)
==25356==    by 0x47B7077: pfs_spawn_thread (pfs.cc:2836)

How to repeat:
Valgrind rpl_json testcase:

$ ./mtr --debug-server --valgrind-mysqld rpl_json --valgrind-option=--track-origins=yes
[14 Dec 2018 21:11] MySQL Verification Team 
Thank you for the bug report.
[9 Jan 2019 10:14] Laurynas Biveinis 
This is not S7, because this a server and not testcase bug, which happens to be exposed by a certain testcase.

Same on json.json_no_table:

[100%] json.json_no_table                       [ fail ]  Found warnings/errors in server log file!
        Test ended at 2019-01-09 12:11:45
line
==5283== Thread 38:
==5283== Conditional jump or move depends on uninitialised value(s)
==5283==    at 0x2F4FAFD: Field_num::Field_num(unsigned char*, unsigned int, unsigned char*, unsigned char, unsigned char, char const*, unsigned char, bool, bool) (field.cc:1327)
==5283==    by 0x2F7443F: Field_longlong::Field_longlong(unsigned char*, unsigned int, unsigned char*, unsigned char, unsigned char, char const*, bool, bool) (field.h:2325)
==5283==    by 0x2F6F677: make_field(TABLE_SHARE*, unsigned char*, unsigned long, unsigned char*, unsigned char, enum_field_types, CHARSET_INFO const*, Field::geometry_type, unsigned char, TYPELIB*, char const*, bool, bool, bool, unsigned int, bool, unsigned int, Mysql::Nullable<unsigned int>) (field.cc:9956)
==5283==    by 0x2F70094: make_field(Create_field const&, TABLE_SHARE*, char const*, unsigned long, unsigned char*, unsigned char*, unsigned long) (field.cc:10017)
==5283==    by 0x2F7015F: make_field(Create_field const&, TABLE_SHARE*, unsigned char*, unsigned char*, unsigned long) (field.cc:10030)
==5283==    by 0x2D409E1: create_tmp_table_from_fields(THD*, List<Create_field>&, bool, unsigned long long, char const*) (sql_tmp_table.cc:1945)
==5283==    by 0x32467B6: Table_function::create_result_table(unsigned long long, char const*) (table_function.cc:66)
==5283==    by 0x3215D7B: TABLE_LIST::setup_table_function(THD*) (sql_derived.cc:647)
==5283==    by 0x2CA251D: SELECT_LEX::resolve_placeholder_tables(THD*, bool) (sql_resolver.cc:1003)
==5283==    by 0x2C9FD8E: SELECT_LEX::prepare(THD*) (sql_resolver.cc:206)
==5283==    by 0x2CB27D8: Sql_cmd_select::prepare_inner(THD*) (sql_select.cc:466)
==5283==    by 0x2CB2371: Sql_cmd_dml::prepare(THD*) (sql_select.cc:405)
==5283==    by 0x2CB29DC: Sql_cmd_dml::execute(THD*) (sql_select.cc:533)
==5283==    by 0x2C4E5AB: mysql_execute_command(THD*, bool) (sql_parse.cc:4307)
==5283==    by 0x2C50FFD: mysql_parse(THD*, Parser_state*, bool) (sql_parse.cc:5041)
==5283==    by 0x2C465E6: dispatch_command(THD*, COM_DATA const*, enum_server_command) (sql_parse.cc:1687)
...
[21 Jan 2019 13:01] Erlend Dahl 
I can repro on 8.0.13, but not on 8.0.14 which was just released.

Can you please try with 8.0.14?
[22 Jan 2019 11:14] Laurynas Biveinis 
The issue does not reproduce with 8.0.14, thank you
[22 Jan 2019 13:24] Erlend Dahl 
Can't repeat, we assume it has been fixed in 8.0.14.