MariaDB

Crash/valgrind warning in Bitmap<64u>::intersect in maria-5.1-wl21

Bug #684117 reported by Philip Stoev on 2010-12-02

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	MariaDB	Fix Released	High	Igor Babaev	MariaDB 5.1

Bug Description

backtrace:

#5 0x081c13a9 in Bitmap<64u>::intersect (this=0xae9dd114, map2=...) at sql_bitmap.h:153
#6 0x08386601 in sel_trees_have_common_keys (tree1=0xa905010, tree2=0x0, common_keys=0xae9dd114) at opt_range.cc:7818
#7 0x08386661 in sel_trees_can_be_ored (param=0xae9dd41c, tree1=0xa905010, tree2=0x0, common_keys=0xae9dd114) at opt_range.cc:7861
#8 0x08377839 in SEL_IMERGE::or_sel_tree_with_checks (this=0xa904fc0, param=0xae9dd41c, n_trees=3, tree=0x0, is_first_check_pass=true,
    is_last_check_pass=0xae9dd183) at opt_range.cc:1101
#9 0x08377b0b in SEL_IMERGE::or_sel_imerge_with_checks (this=0xa904fc0, param=0xae9dd41c, n_trees=3, imerge=0xa905c80, is_first_check_pass=true,
    is_last_check_pass=0xae9dd1cf) at opt_range.cc:1203
#10 0x08377ee7 in imerge_list_or_list (param=0xae9dd41c, im1=0xa9053c0, im2=0xa905c40) at opt_range.cc:1385
#11 0x083872a6 in tree_or (param=0xae9dd41c, tree1=0xa9052b0, tree2=0xa905b30) at opt_range.cc:8176
#12 0x0838413c in get_mm_tree (param=0xae9dd41c, cond=0xa901898) at opt_range.cc:6969
#13 0x0837b855 in SQL_SELECT::test_quick_select (this=0xa9041b8, thd=0xa76a4a0, keys_to_use=..., prev_tables=0, limit=18446744073709551615,
    force_quick_range=false) at opt_range.cc:2983
#14 0x082e7b1b in get_quick_record_count (thd=0xa76a4a0, select=0xa9041b8, table=0xa8f3440, keys=0xa903904, limit=18446744073709551615) at sql_select.cc:2600
#15 0x082e98d9 in make_join_statistics (join=0xa902130, tables_arg=0xa901568, conds=0xa901898, keyuse_array=0xa903250) at sql_select.cc:3037
#16 0x082e2067 in JOIN::optimize (this=0xa902130) at sql_select.cc:1029
#17 0x082e7843 in mysql_select (thd=0xa76a4a0, rref_pointer_array=0xa76bb40, tables=0xa901568, wild_num=0, fields=..., conds=0xa901898, og_num=0, order=0x0,
    group=0x0, having=0x0, proc_param=0x0, select_options=2147764736, result=0xa8eb4c8, unit=0xa76b7b0, select_lex=0xa76ba28) at sql_select.cc:2538
#18 0x082dff49 in handle_select (thd=0xa76a4a0, lex=0xa76b750, result=0xa8eb4c8, setup_tables_done_option=0) at sql_select.cc:280
#19 0x08286dda in execute_sqlcom_select (thd=0xa76a4a0, all_tables=0xa901568) at sql_parse.cc:5166
#20 0x0827d736 in mysql_execute_command (thd=0xa76a4a0) at sql_parse.cc:2340
#21 0x08288e46 in mysql_parse (thd=0xa76a4a0,
    rawbuf=0xa8eb0f8 "SELECT f5 FROM t1\nWHERE f2 != 'Missouri'\nOR f1 IS NULL\nOR f4 = 4\nOR f2\nAND ( f4 BETWEEN 6 AND 255 OR f3 IS NULL )", length=113,
    found_semicolon=0xae9e1220) at sql_parse.cc:6092
#22 0x0827b222 in dispatch_command (command=COM_QUERY, thd=0xa76a4a0,
    packet=0xa8b2179 "SELECT f5 FROM t1\nWHERE f2 != 'Missouri'\nOR f1 IS NULL\nOR f4 = 4\nOR f2\nAND ( f4 BETWEEN 6 AND 255 OR f3 IS NULL ) ",
    packet_length=114) at sql_parse.cc:1269
#23 0x0827a47f in do_command (thd=0xa76a4a0) at sql_parse.cc:895
#24 0x08277490 in handle_one_connection (arg=0xa76a4a0) at sql_connect.cc:1138
#25 0x00821919 in start_thread () from /lib/libpthread.so.0
#26 0x0076acce in clone () from /lib/libc.so.6

testcase:

CREATE TABLE t1 (f1 int,f2 int,f3 int,f4 int,f5 int,
PRIMARY KEY (f4),KEY (f1),KEY (f2),KEY (f3)) ;
INSERT IGNORE INTO t1 VALUES (0,0,NULL,9,5),(0,0,1,9425,NULL);

SELECT f5 FROM t1
WHERE f2 != 'Missouri'
OR f1 IS NULL
OR f4 = 4
OR f2
AND ( f4 BETWEEN 6 AND 255 OR f3 IS NULL ) ;

Tags:

Related branches

lp:~maria-captains/maria/maria-5.1-wl21

Revision history for this message

Philip Stoev (philip-stoev) wrote on 2010-12-02:

Not repeatable with maria-5.1

valgrind warning:

==24571== Use of uninitialised value of size 4
==24571== by 0x8377838: SEL_IMERGE::or_sel_tree_with_checks(RANGE_OPT_PARAM*, unsigned int, SEL_TREE*, bool, bool*) (opt_range.cc:1101)
==24571== by 0x8377B0A: SEL_IMERGE::or_sel_imerge_with_checks(RANGE_OPT_PARAM*, unsigned int, SEL_IMERGE*, bool, bool*) (opt_range.cc:1203)
==24571== by 0x8377EE6: imerge_list_or_list(RANGE_OPT_PARAM*, List<SEL_IMERGE>*, List<SEL_IMERGE>*) (opt_range.cc:1385)
==24571== by 0x83872A5: tree_or(RANGE_OPT_PARAM*, SEL_TREE*, SEL_TREE*) (opt_range.cc:8176)
==24571== by 0x838413B: get_mm_tree(RANGE_OPT_PARAM*, Item*) (opt_range.cc:6969)
==24571== by 0x837B854: SQL_SELECT::test_quick_select(THD*, Bitmap<64u>, unsigned long long, unsigned long long, bool) (opt_range.cc:2983)
==24571== by 0x82E7B1A: get_quick_record_count(THD*, SQL_SELECT*, st_table*, Bitmap<64u> const*, unsigned long long) (sql_select.cc:2600)
==24571== by 0x82E98D8: make_join_statistics(JOIN*, TABLE_LIST*, Item*, st_dynamic_array*) (sql_select.cc:3037)
==24571== by 0x82E2066: JOIN::optimize() (sql_select.cc:1029)
==24571== by 0x82E7842: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, un
signed long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2538)
==24571== by 0x82DFF48: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:280)
==24571== by 0x8286DD9: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5166)
==24571== by 0x827D735: mysql_execute_command(THD*) (sql_parse.cc:2340)

Changed in maria:
milestone:	none → 5.1
assignee:	nobody → Igor Babaev (igorb-seattle)

Igor Babaev (igorb-seattle) on 2010-12-04

Changed in maria:
status:	New → Confirmed
importance:	Undecided → High

Igor Babaev (igorb-seattle) on 2010-12-04

Changed in maria:
status:	Confirmed → In Progress

Igor Babaev (igorb-seattle) on 2010-12-05

Changed in maria:
status:	In Progress → Fix Committed

Daniel Bartholomew (dbart) on 2011-12-13

Changed in maria:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.