Percona Server moved to https://jira.percona.com/projects/PS

Uninitialized flush_counters_t::unzip_LRU_evicted use

Bug #1326348 reported by Laurynas Biveinis on 2014-06-04

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Percona Server moved to https://jira.percona.com/projects/PS	Fix Released	Medium	Laurynas Biveinis	Percona Server moved to https://jira.percona.com/projects/PS 5.6.19-67.0
5.1	Invalid	Undecided	Unassigned
5.5	Invalid	Undecided	Unassigned
5.6	Fix Released	Medium	Laurynas Biveinis	Percona Server moved to https://jira.percona.com/projects/PS 5.6.19-67.0

Bug Description

==5873== Thread 23:
==5873== Conditional jump or move depends on uninitialised value(s)
==5873== at 0xA15646: buf_do_LRU_batch(buf_pool_t*, unsigned long, bool, flush_counters_t*) (buf0flu.cc:1657)
==5873== by 0xA15A71: buf_flush_batch(buf_pool_t*, buf_flush_t, unsigned long, unsigned long, bool, flush_counters_t*) (buf0flu.cc:1790)
==5873== by 0xA15F04: buf_flush_LRU(buf_pool_t*, unsigned long, bool, flush_counters_t*) (buf0flu.cc:1954)
==5873== by 0xA1618C: buf_flush_LRU_tail() (buf0flu.cc:2259)
==5873== by 0xA16469: buf_flush_lru_manager_thread (buf0flu.cc:2850)
==5873== by 0x506A9D0: start_thread (in /lib64/libpthread-2.12.so)
==5873== by 0x634CB6C: clone (in /lib64/libc-2.12.so)
==5873== Uninitialised value was created by a stack allocation
==5873== at 0xA15F44: buf_flush_LRU_tail() (buf0flu.cc:2211)
==5873==

The cause is

if (max > n->unzip_LRU_evicted) {

in buf_do_LRU_batch propagated from

n->unzip_LRU_evicted
+= buf_free_from_unzip_LRU_list_batch(buf_pool, max);

in the same function, called from buf_flush_LRU, called from buf_flush_LRU_tail, which has a stack-allocated uninitialised flush_counters_t variable propagated down. Regression introduced by bug 1295268 fix.

Tags:

Related branches

lp:~laurynas-biveinis/percona-server/bug1326348

Merged into lp:percona-server/5.6 at revision 608

Laurynas Biveinis (community): Approve on 2014-06-10

Laurynas Biveinis (laurynas-biveinis) on 2014-06-04

tags:

added: low-hanging-fruit xtradb

Laurynas Biveinis (laurynas-biveinis) on 2014-06-04

tags:

added: valgrind

Revision history for this message

Laurynas Biveinis (laurynas-biveinis) wrote on 2014-06-10:

Reproducible by valgrinding any of innodb_zip.innodb_bug36172 innodb_zip.innodb-create-options innodb_zip.innodb_cmp_per_index innodb_zip.innodb-wl5522-zip innodb_zip.innodb_index_large_prefix innodb_zip.innodb-zip MTR tests.

Revision history for this message

Shahriyar Rzayev (rzayev-sehriyar) wrote on 2018-01-25:

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PS-1509

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.