Bug #778917 “Valgrind warnings in maria-5.3-mwl34” : Bugs : MariaDB

Revision history for this message

Philip Stoev (pstoev-askmonty) wrote on 2011-05-07:

#1

bug778917.valgrind.warnings Edit (103.6 KiB, text/plain)

valgrind warnings

Changed in maria:
milestone:	none → 5.3
assignee:	nobody → Michael Widenius (monty)

Michael Widenius (monty) on 2011-05-10

Changed in maria:
status:	New → In Progress

Revision history for this message

Michael Widenius (monty) wrote on 2011-05-10:

#2

I looked at the valgrind result, but unfortunately without the test cases that caused the failures there is not much I can do.
So please provide the RQG and MTR grammar so that I can test this myself.

I think that I manged to fix a couple of the valgrind errors as part of other bug fixes, but looking at the log there are some left that would be nice to get rid off.

Changed in maria:
importance:	Undecided → Medium
status:	In Progress → Incomplete

Revision history for this message

Philip Stoev (pstoev-askmonty) wrote on 2011-05-11:

#3

bug778917.test Edit (2.0 MiB, text/plain)

Download full text (5.0 KiB)

Unsimplified test case. When run without valgrind, causes the following crash as well:

# 2011-05-11T13:15:59 Error: Memory allocated at string.c:39 was overrun, discovered at 'string.c:84'
# 2011-05-11T13:15:59 Error: Memory allocated at string.c:39 was overrun, discovered at 'string.c:84'
# 2011-05-11T13:15:59 Error: Memory allocated at string.c:39 was overrun, discovered at 'string.c:84'

# 2011-05-11T13:15:59 #0 0x00857424 in __kernel_vsyscall ()
# 2011-05-11T13:15:59 #0 0x00857424 in __kernel_vsyscall ()
# 2011-05-11T13:15:59 #1 0x008263c3 in pthread_kill () from /lib/libpthread.so.0
# 2011-05-11T13:15:59 #2 0x0878175c in my_write_core (sig=11) at stacktrace.c:426
# 2011-05-11T13:15:59 #3 0x0828ebf4 in handle_segfault (sig=11) at mysqld.cc:2776
# 2011-05-11T13:15:59 #4 <signal handler called>
# 2011-05-11T13:15:59 #5 0x006cfc91 in vfprintf () from /lib/libc.so.6
# 2011-05-11T13:15:59 #6 0x006d1572 in buffered_vfprintf () from /lib/libc.so.6
# 2011-05-11T13:15:59 #7 0x006cc5a3 in vfprintf () from /lib/libc.so.6
# 2011-05-11T13:15:59 #8 0x006d6b9f in fprintf () from /lib/libc.so.6
# 2011-05-11T13:15:59 #9 0x087658b7 in _checkchunk (irem=0xae585be8, filename=0x89746ff "string.c", lineno=84) at safemalloc.c:492
# 2011-05-11T13:15:59 #10 0x08765aa2 in _sanity (filename=0x89746ff "string.c", lineno=84) at safemalloc.c:535
# 2011-05-11T13:15:59 #11 0x087650b9 in _myfree (ptr=0xae5859b0, filename=0x89746ff "string.c", lineno=84, myflags=0) at safemalloc.c:280
# 2011-05-11T13:15:59 #12 0x08764fc8 in _myrealloc (ptr=0xae5859b0, size=353, filename=0x89746ff "string.c", lineno=84, MyFlags=16) at safemalloc.c:258
# 2011-05-11T13:15:59 #13 0x0877326f in dynstr_realloc (str=0xae89ec98, additional_size=10) at string.c:84
# 2011-05-11T13:15:59 #14 0x0875b9ee in dynamic_column_var_uint_store (str=0xae89ec98, val=8) at ma_dyncol.c:132
# 2011-05-11T13:15:59 #15 0x0875bfb5 in dynamic_column_string_store (str=0xae89ec98, string=0xae5079d4, charset=0x8ab5360) at ma_dyncol.c:409
# 2011-05-11T13:15:59 #16 0x0875ca3a in data_store (str=0xae89ec98, value=0xae5079d0) at ma_dyncol.c:816
# 2011-05-11T13:15:59 #17 0x0875ebc8 in dynamic_column_update_many (str=0xae89ed84, add_column_count=1, column_numbers=0xae507a10, values=0xae5079d0) at ma_dyncol.c:2010
# 2011-05-11T13:15:59 #18 0x082211b4 in Item_func_dyncol_add::val_str (this=0xae5075c8, str=0xae89ef30) at item_strfunc.cc:3745
# 2011-05-11T13:15:59 #19 0x082213d2 in Item_dyncol_get::get_dyn_value (this=0xae5076d8, val=0xae89eec4, tmp=0xae89ef30) at item_strfunc.cc:3808
# 2011-05-11T13:15:59 #20 0x082217fc in Item_dyncol_get::val_int (this=0xae5076d8) at item_strfunc.cc:3915
# 2011-05-11T13:15:59 #21 0x081eed11 in Item_func_signed::val_int (this=0xae507758) at item_func.cc:996
# 2011-05-11T13:15:59 #22 0x081daeb6 in Item::update_null_value (this=0xae507758) at item.h:909
# 2011-05-11T13:15:59 #23 0x081ff268 in Item_func::is_null (this=0xae507758) at item_func.h:159
# 2011-05-11T13:15:59 #24 0x0820f35c in Item_func_isnull::val_int (this=0xae5077d8) at item_cmpfunc.cc:4748
# 2011-05-11T13:15:59 #25 0x0832f44a in evaluate_join_record (join=0xae547d98, join_tab=0xae507d60, error=0) at sql_select.cc:14061
# 2...

Unsimplified test case. When run without valgrind, causes the following crash as well:

# 2011-05-11T13:15:59 Error: Memory allocated at string.c:39 was overrun, discovered at 'string.c:84'
# 2011-05-11T13:15:59 Error: Memory allocated at string.c:39 was overrun, discovered at 'string.c:84'
# 2011-05-11T13:15:59 Error: Memory allocated at string.c:39 was overrun, discovered at 'string.c:84'

# 2011-05-11T13:15:59 #0  0x00857424 in __kernel_vsyscall ()
# 2011-05-11T13:15:59 #0  0x00857424 in __kernel_vsyscall ()
# 2011-05-11T13:15:59 #1  0x008263c3 in pthread_kill () from /lib/libpthread.so.0
# 2011-05-11T13:15:59 #2  0x0878175c in my_write_core (sig=11) at stacktrace.c:426
# 2011-05-11T13:15:59 #3  0x0828ebf4 in handle_segfault (sig=11) at mysqld.cc:2776
# 2011-05-11T13:15:59 #4  <signal handler called>
# 2011-05-11T13:15:59 #5  0x006cfc91 in vfprintf () from /lib/libc.so.6
# 2011-05-11T13:15:59 #6  0x006d1572 in buffered_vfprintf () from /lib/libc.so.6
# 2011-05-11T13:15:59 #7  0x006cc5a3 in vfprintf () from /lib/libc.so.6
# 2011-05-11T13:15:59 #8  0x006d6b9f in fprintf () from /lib/libc.so.6
# 2011-05-11T13:15:59 #9  0x087658b7 in _checkchunk (irem=0xae585be8, filename=0x89746ff "string.c", lineno=84) at safemalloc.c:492
# 2011-05-11T13:15:59 #10 0x08765aa2 in _sanity (filename=0x89746ff "string.c", lineno=84) at safemalloc.c:535
# 2011-05-11T13:15:59 #11 0x087650b9 in _myfree (ptr=0xae5859b0, filename=0x89746ff "string.c", lineno=84, myflags=0) at safemalloc.c:280
# 2011-05-11T13:15:59 #12 0x08764fc8 in _myrealloc (ptr=0xae5859b0, size=353, filename=0x89746ff "string.c", lineno=84, MyFlags=16) at safemalloc.c:258
# 2011-05-11T13:15:59 #13 0x0877326f in dynstr_realloc (str=0xae89ec98, additional_size=10) at string.c:84
# 2011-05-11T13:15:59 #14 0x0875b9ee in dynamic_column_var_uint_store (str=0xae89ec98, val=8) at ma_dyncol.c:132
# 2011-05-11T13:15:59 #15 0x0875bfb5 in dynamic_column_string_store (str=0xae89ec98, string=0xae5079d4, charset=0x8ab5360) at ma_dyncol.c:409
# 2011-05-11T13:15:59 #16 0x0875ca3a in data_store (str=0xae89ec98, value=0xae5079d0) at ma_dyncol.c:816
# 2011-05-11T13:15:59 #17 0x0875ebc8 in dynamic_column_update_many (str=0xae89ed84, add_column_count=1, column_numbers=0xae507a10, values=0xae5079d0) at ma_dyncol.c:2010
# 2011-05-11T13:15:59 #18 0x082211b4 in Item_func_dyncol_add::val_str (this=0xae5075c8, str=0xae89ef30) at item_strfunc.cc:3745
# 2011-05-11T13:15:59 #19 0x082213d2 in Item_dyncol_get::get_dyn_value (this=0xae5076d8, val=0xae89eec4, tmp=0xae89ef30) at item_strfunc.cc:3808
# 2011-05-11T13:15:59 #20 0x082217fc in Item_dyncol_get::val_int (this=0xae5076d8) at item_strfunc.cc:3915
# 2011-05-11T13:15:59 #21 0x081eed11 in Item_func_signed::val_int (this=0xae507758) at item_func.cc:996
# 2011-05-11T13:15:59 #22 0x081daeb6 in Item::update_null_value (this=0xae507758) at item.h:909
# 2011-05-11T13:15:59 #23 0x081ff268 in Item_func::is_null (this=0xae507758) at item_func.h:159
# 2011-05-11T13:15:59 #24 0x0820f35c in Item_func_isnull::val_int (this=0xae5077d8) at item_cmpfunc.cc:4748
# 2011-05-11T13:15:59 #25 0x0832f44a in evaluate_join_record (join=0xae547d98, join_tab=0xae507d60, error=0) at sql_select.cc:14061
# 2011-05-11T13:15:59 #26 0x0832f1fd in sub_select (join=0xae547d98, join_tab=0xae507d60, end_of_records=false) at sql_select.cc:14006
# 2011-05-11T13:15:59 #27 0x0832e487 in do_select (join=0xae547d98, fields=0x9da1a38, table=0x0, procedure=0x0) at sql_select.cc:13501
# 2011-05-11T13:15:59 #28 0x08314cf2 in JOIN::exec (this=0xae547d98) at sql_select.cc:2482
# 2011-05-11T13:15:59 #29 0x0831550e in mysql_select (thd=0x9da0008, rref_pointer_array=0x9da1aa8, tables=0xae507158, wild_num=0, fields=..., conds=0xae5077d8, og_num=0,
# 2011-05-11T13:15:59     order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147764736, result=0xae5078d0, unit=0x9da1708, select_lex=0x9da19a4)
# 2011-05-11T13:15:59     at sql_select.cc:2701
# 2011-05-11T13:15:59 #30 0x0830dd6b in handle_select (thd=0x9da0008, lex=0x9da16ac, result=0xae5078d0, setup_tables_done_option=0) at sql_select.cc:282
# 2011-05-11T13:15:59 #31 0x082aa718 in execute_sqlcom_select (thd=0x9da0008, all_tables=0xae507158) at sql_parse.cc:5094
# 2011-05-11T13:15:59 #32 0x082a1562 in mysql_execute_command (thd=0x9da0008) at sql_parse.cc:2239
# 2011-05-11T13:15:59 #33 0x082accbb in mysql_parse (thd=0x9da0008,
# 2011-05-11T13:15:59     rawbuf=0xae506ba0 "SELECT COLUMN_DELETE( `col_blob_not_null_key` , 188 ) FROM `table10_aria_int_autoinc` WHERE COLUMN_GET( COLUMN_ADD( `col_tinyblob_key` , 9 , 'tqwsylzafh' ) , 0 AS INTEGER ) IS  NULL", length=181, found_semicolon=0xae8a0228) at sql_parse.cc:6094
# 2011-05-11T13:15:59 #34 0x0829f1eb in dispatch_command (command=COM_QUERY, thd=0x9da0008, packet=0x9dfa8e9 "", packet_length=181) at sql_parse.cc:1215
# 2011-05-11T13:15:59 #35 0x0829e649 in do_command (thd=0x9da0008) at sql_parse.cc:904
# 2011-05-11T13:15:59 #36 0x0829b6fc in handle_one_connection (arg=0x9da0008) at sql_connect.cc:1154
# 2011-05-11T13:15:59 #37 0x00821919 in start_thread () from /lib/libpthread.so.0
# 2011-05-11T13:15:59 #38 0x0076acce in clone () from /lib/libc.so.6

Changed in maria:
status:	Incomplete → Confirmed
importance:	Medium → Critical

Revision history for this message

Michael Widenius (monty) wrote on 2011-05-11:

#4

The problem was using a wrong (too short) strong to column_add().
I have now added a check to detect this + a test case.

Michael Widenius (monty) on 2011-05-11

Changed in maria:
status:	Confirmed → Fix Released

MariaDB

Valgrind warnings in maria-5.3-mwl34

Bug Description

Other bug subscribers

Bug attachments

Remote bug watches