drop table if exists `t2`,`t1`; create table `t2`(`a` int,key(`a`))engine=innodb; insert into `t2` values (1),(2); create table `t1`(`b` int,primary key(`b`))engine=innodb; insert into t1 values (0),(254); select 1 from `t2` where `a` like (select export_set('1',`b`,`b`,`b`,`b`)from `t1` limit 1); [sbester@levovo mysql-5.5.10-linux-x86_64]$ valgrind -v --leak-check=full --show-reachable=yes --db-attach=yes --track-origins=yes --tool=memcheck --num-callers=50 ./bin/mysqld --no-defaults --basedir=. --datadir=./data --skip-gr --myisam-recover=force --open-files-limit=2000 --port=3306 --tmpdir=. --socket=sock --gdb --skip-na --innodb-flush-log-at-trx-commit=0 --innodb-lock-wait-timeout=1 --lock-wait-timeout=1 ==13056== Memcheck, a memory error detector ==13056== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al. ==13056== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info ==13056== Command: ./bin/mysqld --no-defaults --basedir=. --datadir=./data --skip-gr --myisam-recover=force --open-files-limit=2000 --port=3306 --tmpdir=. --socket=sock --gdb --skip-na --innodb-flush-log-at-trx-commit=0 --innodb-lock-wait-timeout=1 --lock-wait-timeout=1 ==13056== --13056-- Valgrind options: --13056-- -v --13056-- --leak-check=full --13056-- --show-reachable=yes --13056-- --db-attach=yes --13056-- --track-origins=yes --13056-- --tool=memcheck --13056-- --num-callers=50 --13056-- Contents of /proc/version: --13056-- Linux version 2.6.33.3-85.fc13.x86_64 (mockbuild@x86-02.phx2.fedoraproject.org) (gcc version 4.4.4 20100503 (Red Hat 4.4.4-2) (GCC) ) #1 SMP Thu May 6 18:09:49 UTC 2010 --13056-- Arch and hwcaps: AMD64, amd64-sse3-cx16 --13056-- Page sizes: currently 4096, max supported 4096 --13056-- Valgrind library directory: /usr/lib64/valgrind --13056-- Reading syms from /home/sbester/mysql/5.5/mysql-5.5.10-linux-x86_64/bin/mysqld (0x400000) --13056-- Reading syms from /usr/lib64/valgrind/memcheck-amd64-linux (0x38000000) --13056-- object doesn't have a dynamic symbol table --13056-- Reading syms from /lib64/ld-2.12.so (0x30e1000000) --13056-- Reading debug info from /usr/lib/debug/lib64/ld-2.12.so.debug .. --13056-- Reading suppressions file: /usr/lib64/valgrind/default.supp --13056-- REDIR: 0x30e1017590 (strlen) redirected to 0x3803f6f7 (vgPlain_amd64_linux_REDIR_FOR_strlen) --13056-- Reading syms from /usr/lib64/valgrind/vgpreload_core-amd64-linux.so (0x4801000) --13056-- Reading syms from /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so (0x4a02000) ==13056== WARNING: new redirection conflicts with existing -- ignoring it --13056-- new: 0x30e1017590 (strlen ) R-> 0x04a06340 strlen --13056-- REDIR: 0x30e1017400 (index) redirected to 0x4a05f80 (index) --13056-- REDIR: 0x30e1017480 (strcmp) redirected to 0x4a06900 (strcmp) --13056-- Reading syms from /lib64/libpthread-2.12.so (0x30e1800000) --13056-- Reading debug info from /usr/lib/debug/lib64/libpthread-2.12.so.debug .. --13056-- Reading syms from /lib64/libz.so.1.2.3 (0x30e2400000) --13056-- Reading debug info from /usr/lib/debug/lib64/libz.so.1.2.3.debug .. --13056-- Reading syms from /lib64/libm-2.12.so (0x30e1c00000) --13056-- Reading debug info from /usr/lib/debug/lib64/libm-2.12.so.debug .. --13056-- Reading syms from /lib64/librt-2.12.so (0x30e2800000) --13056-- Reading debug info from /usr/lib/debug/lib64/librt-2.12.so.debug .. --13056-- Reading syms from /lib64/libcrypt-2.12.so (0x3ce5000000) --13056-- Reading debug info from /usr/lib/debug/lib64/libcrypt-2.12.so.debug .. --13056-- Reading syms from /lib64/libdl-2.12.so (0x30e2000000) --13056-- Reading debug info from /usr/lib/debug/lib64/libdl-2.12.so.debug .. --13056-- Reading syms from /lib64/libc-2.12.so (0x30e1400000) --13056-- Reading debug info from /usr/lib/debug/lib64/libc-2.12.so.debug .. --13056-- Reading syms from /lib64/libfreebl3.so (0x3ce4c00000) --13056-- Reading debug info from /usr/lib/debug/lib64/libfreebl3.so.debug .. --13056-- REDIR: 0x30e1481ad0 (__GI_strrchr) redirected to 0x4a05e00 (__GI_strrchr) --13056-- REDIR: 0x30e147ffe0 (strlen) redirected to 0x480155c (_vgnU_ifunc_wrapper) ==13056== WARNING: new redirection conflicts with existing -- ignoring it --13056-- new: 0x30e1480010 (__GI_strlen ) R-> 0x04a062e0 strlen --13056-- REDIR: 0x30e1480010 (__GI_strlen) redirected to 0x4a06300 (__GI_strlen) --13056-- REDIR: 0x30e1482850 (memset) redirected to 0x4a07540 (memset) --13056-- REDIR: 0x30e1479610 (calloc) redirected to 0x4a043d3 (calloc) --13056-- REDIR: 0x30e147e5a0 (strcmp) redirected to 0x480155c (_vgnU_ifunc_wrapper) --13056-- REDIR: 0x30e1527820 (__strcmp_ssse3) redirected to 0x4a06860 (strcmp) --13056-- REDIR: 0x30e1480060 (strnlen) redirected to 0x4a06280 (strnlen) --13056-- REDIR: 0x30e1482690 (memmove) redirected to 0x4a075b0 (memmove) --13056-- REDIR: 0x30e1485260 (strchrnul) redirected to 0x4a07620 (strchrnul) --13056-- REDIR: 0x30e1483c60 (memcpy) redirected to 0x4a069d0 (memcpy) --13056-- REDIR: 0x30e14799d0 (malloc) redirected to 0x4a050db (malloc) --13056-- Reading syms from /lib64/libgcc_s-4.4.4-20100630.so.1 (0x30ec000000) --13056-- Reading debug info from /usr/lib/debug/lib64/libgcc_s-4.4.4-20100630.so.1.debug .. ==13056== WARNING: new redirection conflicts with existing -- ignoring it --13056-- new: 0x30e1480010 (__GI_strlen ) R-> 0x04a062e0 strlen --13056-- REDIR: 0x30e147a750 (free) redirected to 0x4a04ceb (free) --13056-- REDIR: 0x30e1480220 (__GI_strncmp) redirected to 0x4a06800 (__GI_strncmp) --13056-- REDIR: 0x30e147fa30 (strcpy) redirected to 0x480155c (_vgnU_ifunc_wrapper) --13056-- REDIR: 0x30e1524280 (???) redirected to 0x4a06360 (strcpy) --13056-- REDIR: 0x30e1482260 (bcmp) redirected to 0x480155c (_vgnU_ifunc_wrapper) --13056-- REDIR: 0x30e1482290 (__GI_memcmp) redirected to 0x4a07160 (bcmp) --13056-- REDIR: 0x30e147abd0 (realloc) redirected to 0x4a0518c (realloc) --13056-- REDIR: 0x30e147fa60 (__GI_strcpy) redirected to 0x4a06430 (__GI_strcpy) --13056-- REDIR: 0x30e147e5e0 (__GI_strcmp) redirected to 0x4a068b0 (__GI_strcmp) --13056-- REDIR: 0xffffffffff600400 (???) redirected to 0x3803f6ed (vgPlain_amd64_linux_REDIR_FOR_vtime) --13056-- REDIR: 0x30e1485210 (__GI___rawmemchr) redirected to 0x4a07670 (__GI___rawmemchr) --13056-- REDIR: 0x30e1481aa0 (rindex) redirected to 0x480155c (_vgnU_ifunc_wrapper) ==13056== WARNING: new redirection conflicts with existing -- ignoring it --13056-- new: 0x30e1481ad0 (__GI_strrchr ) R-> 0x04a05dd0 rindex --13056-- REDIR: 0x30e147e4f0 (index) redirected to 0x480155c (_vgnU_ifunc_wrapper) ==13056== WARNING: new redirection conflicts with existing -- ignoring it --13056-- new: 0x30e147e520 (__GI_strchr ) R-> 0x04a05e90 index --13056-- REDIR: 0x30e147e520 (__GI_strchr) redirected to 0x4a05ec0 (__GI_strchr) --13056-- REDIR: 0x30e1480140 (strncat) redirected to 0x4a06170 (strncat) --13056-- REDIR: 0x30e1483380 (mempcpy) redirected to 0x4a07690 (mempcpy) --13056-- REDIR: 0x30e14821e0 (memchr) redirected to 0x4a069a0 (memchr) --13056-- REDIR: 0x30e1483990 (stpcpy) redirected to 0x480155c (_vgnU_ifunc_wrapper) --13056-- REDIR: 0x30e1525c20 (???) redirected to 0x4a07200 (stpcpy) --13056-- REDIR: 0x30e14801e0 (strncmp) redirected to 0x480155c (_vgnU_ifunc_wrapper) --13056-- REDIR: 0x30e1528a80 (__strncmp_ssse3) redirected to 0x4a067a0 (strncmp) 110131 17:58:01 [Note] Plugin 'FEDERATED' is disabled. 110131 17:58:01 InnoDB: !!!!!!!! UNIV_DEBUG switched on !!!!!!!!! 110131 17:58:01 InnoDB: The InnoDB memory heap is disabled 110131 17:58:01 InnoDB: Mutexes and rw_locks use GCC atomic builtins 110131 17:58:01 InnoDB: Compressed tables use zlib 1.2.3 --13056-- REDIR: 0xffffffffff600000 (???) redirected to 0x3803f6e3 (vgPlain_amd64_linux_REDIR_FOR_vgettimeofday) 110131 17:58:03 InnoDB: Initializing buffer pool, size = 128.0M 110131 17:58:07 InnoDB: Completed initialization of buffer pool 110131 17:58:08 InnoDB: highest supported file format is Barracuda. 110131 17:58:20 InnoDB: Waiting for the background threads to start 110131 17:58:21 InnoDB: 1.1.5 started; log sequence number 1599916 110131 17:58:23 [Note] ./bin/mysqld: ready for connections. Version: '5.5.10-valgrind-max-debug' socket: 'sock' port: 3306 Source distribution ==13056== Thread 17: ==13056== Conditional jump or move depends on uninitialised value(s) ==13056== at 0x788606: Item_func_like::select_optimize() const (item_cmpfunc.cc:4696) ==13056== by 0x626D18: add_key_fields(JOIN*, key_field_t**, unsigned int*, Item*, unsigned long long, st_sargable_param**) (sql_select.cc:3577) ==13056== by 0x627FFD: update_ref_and_keys(THD*, st_dynamic_array*, st_join_table*, unsigned int, Item*, COND_EQUAL*, unsigned long long, st_select_lex*, st_sargable_param**) (sql_select.cc:3971) ==13056== by 0x624B01: make_join_statistics(JOIN*, TABLE_LIST*, Item*, st_dynamic_array*) (sql_select.cc:2814) ==13056== by 0x61E48E: JOIN::optimize() (sql_select.cc:1051) ==13056== by 0x623DDD: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2557) ==13056== by 0x61C017: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:297) ==13056== by 0x5F8B1D: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:4472) ==13056== by 0x5F16D6: mysql_execute_command(THD*) (sql_parse.cc:2053) ==13056== by 0x5FAC81: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5509) ==13056== by 0x5EEFB4: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1035) ==13056== by 0x5EE2C0: do_command(THD*) (sql_parse.cc:772) ==13056== by 0x6CBB05: do_handle_one_connection(THD*) (sql_connect.cc:748) ==13056== by 0x6CB696: handle_one_connection (sql_connect.cc:684) ==13056== by 0x30E1807760: start_thread (pthread_create.c:301) ==13056== by 0x1AA7170F: ??? ==13056== Uninitialised value was created by a heap allocation ==13056== at 0x4A0515D: malloc (vg_replace_malloc.c:195) ==13056== by 0x8BD1E9: my_malloc (my_malloc.c:38) ==13056== by 0x8B4D15: alloc_root (my_alloc.c:166) ==13056== by 0x6A52C4: sql_alloc(unsigned long) (thr_malloc.cc:73) ==13056== by 0x569AFA: Item::operator new(unsigned long) (item.h:511) ==13056== by 0x7718E5: Item_cache::get_cache(Item const*, Item_result) (item.cc:7377) ==13056== by 0x771752: Item_cache::get_cache(Item const*) (item.cc:7349) ==13056== by 0x7D4991: subselect_engine::set_row(List&, Item_cache**) (item_subselect.cc:1836) ==13056== by 0x7D4AC2: subselect_single_select_engine::fix_length_and_dec(Item_cache**) (item_subselect.cc:1848) ==13056== by 0x7D0643: Item_singlerow_subselect::fix_length_and_dec() (item_subselect.cc:518) ==13056== by 0x7CF777: Item_subselect::fix_fields(THD*, Item**) (item_subselect.cc:199) ==13056== by 0x7A1A6A: Item_func::fix_fields(THD*, Item**) (item_func.cc:199) ==13056== by 0x7886D4: Item_func_like::fix_fields(THD*, Item**) (item_cmpfunc.cc:4709) ==13056== by 0x5ACA18: setup_conds(THD*, TABLE_LIST*, TABLE_LIST*, Item**) (sql_base.cc:8317) ==13056== by 0x64DEB4: setup_without_group(THD*, Item**, TABLE_LIST*, TABLE_LIST*, List&, List&, Item**, st_order*, st_order*, bool*) (sql_select.cc:461) ==13056== by 0x61C8E9: JOIN::prepare(Item***, TABLE_LIST*, unsigned int, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) (sql_select.cc:543) ==13056== by 0x623DBF: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2550) ==13056== by 0x61C017: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:297) ==13056== by 0x5F8B1D: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:4472) ==13056== by 0x5F16D6: mysql_execute_command(THD*) (sql_parse.cc:2053) ==13056== by 0x5FAC81: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5509) ==13056== by 0x5EEFB4: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1035) ==13056== by 0x5EE2C0: do_command(THD*) (sql_parse.cc:772) ==13056== by 0x6CBB05: do_handle_one_connection(THD*) (sql_connect.cc:748) ==13056== by 0x6CB696: handle_one_connection (sql_connect.cc:684) ==13056== by 0x30E1807760: start_thread (pthread_create.c:301) ==13056== by 0x1AA7170F: ??? ==13056== ==13056== ==13056== ---- Attach to debugger ? --- [Return/N/n/Y/y/C/c] ---- c ==13056== Conditional jump or move depends on uninitialised value(s) ==13056== at 0x788606: Item_func_like::select_optimize() const (item_cmpfunc.cc:4696) ==13056== by 0x8343E4: get_mm_tree(RANGE_OPT_PARAM*, Item*) (opt_range.cc:5598) ==13056== by 0x82CF8E: SQL_SELECT::test_quick_select(THD*, Bitmap<64u>, unsigned long long, unsigned long long, bool) (opt_range.cc:2275) ==13056== by 0x624049: get_quick_record_count(THD*, SQL_SELECT*, TABLE*, Bitmap<64u> const*, unsigned long long) (sql_select.cc:2606) ==13056== by 0x625863: make_join_statistics(JOIN*, TABLE_LIST*, Item*, st_dynamic_array*) (sql_select.cc:3040) ==13056== by 0x61E48E: JOIN::optimize() (sql_select.cc:1051) ==13056== by 0x623DDD: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2557) ==13056== by 0x61C017: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:297) ==13056== by 0x5F8B1D: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:4472) ==13056== by 0x5F16D6: mysql_execute_command(THD*) (sql_parse.cc:2053) ==13056== by 0x5FAC81: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5509) ==13056== by 0x5EEFB4: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1035) ==13056== by 0x5EE2C0: do_command(THD*) (sql_parse.cc:772) ==13056== by 0x6CBB05: do_handle_one_connection(THD*) (sql_connect.cc:748) ==13056== by 0x6CB696: handle_one_connection (sql_connect.cc:684) ==13056== by 0x30E1807760: start_thread (pthread_create.c:301) ==13056== by 0x1AA7170F: ??? ==13056== Uninitialised value was created by a heap allocation ==13056== at 0x4A0515D: malloc (vg_replace_malloc.c:195) ==13056== by 0x8BD1E9: my_malloc (my_malloc.c:38) ==13056== by 0x8B4D15: alloc_root (my_alloc.c:166) ==13056== by 0x6A52C4: sql_alloc(unsigned long) (thr_malloc.cc:73) ==13056== by 0x569AFA: Item::operator new(unsigned long) (item.h:511) ==13056== by 0x7718E5: Item_cache::get_cache(Item const*, Item_result) (item.cc:7377) ==13056== by 0x771752: Item_cache::get_cache(Item const*) (item.cc:7349) ==13056== by 0x7D4991: subselect_engine::set_row(List&, Item_cache**) (item_subselect.cc:1836) ==13056== by 0x7D4AC2: subselect_single_select_engine::fix_length_and_dec(Item_cache**) (item_subselect.cc:1848) ==13056== by 0x7D0643: Item_singlerow_subselect::fix_length_and_dec() (item_subselect.cc:518) ==13056== by 0x7CF777: Item_subselect::fix_fields(THD*, Item**) (item_subselect.cc:199) ==13056== by 0x7A1A6A: Item_func::fix_fields(THD*, Item**) (item_func.cc:199) ==13056== by 0x7886D4: Item_func_like::fix_fields(THD*, Item**) (item_cmpfunc.cc:4709) ==13056== by 0x5ACA18: setup_conds(THD*, TABLE_LIST*, TABLE_LIST*, Item**) (sql_base.cc:8317) ==13056== by 0x64DEB4: setup_without_group(THD*, Item**, TABLE_LIST*, TABLE_LIST*, List&, List&, Item**, st_order*, st_order*, bool*) (sql_select.cc:461) ==13056== by 0x61C8E9: JOIN::prepare(Item***, TABLE_LIST*, unsigned int, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) (sql_select.cc:543) ==13056== by 0x623DBF: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2550) ==13056== by 0x61C017: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:297) ==13056== by 0x5F8B1D: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:4472) ==13056== by 0x5F16D6: mysql_execute_command(THD*) (sql_parse.cc:2053) ==13056== by 0x5FAC81: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5509) ==13056== by 0x5EEFB4: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1035) ==13056== by 0x5EE2C0: do_command(THD*) (sql_parse.cc:772) ==13056== by 0x6CBB05: do_handle_one_connection(THD*) (sql_connect.cc:748) ==13056== by 0x6CB696: handle_one_connection (sql_connect.cc:684) ==13056== by 0x30E1807760: start_thread (pthread_create.c:301) ==13056== by 0x1AA7170F: ??? ==13056== 0x0000000000788606 in Item_func_like::select_optimize (this=0xf777750) at /home/sbester/build/bzr/mysql-5.5-security/sql/item_cmpfunc.cc:4696 4696 if (*ptr2 != wild_many) (gdb) list 4691 const char *ptr2; 4692 4693 if (!res2 || !(ptr2= res2->ptr())) 4694 return OPTIMIZE_NONE; 4695 4696 if (*ptr2 != wild_many) 4697 { 4698 if (args[0]->result_type() != STRING_RESULT || *ptr2 != wild_one) 4699 return OPTIMIZE_OP; 4700 } (gdb) p wild_many $1 = 37 '%' (gdb) p ptr2 $2 = 0xf777f45 "" (gdb) p *ptr2 $3 = 0 '\000'