invalid memory access within wsrep_apply_cb() for non-ROW events

Bug #1231294 reported by Teemu Ollakka on 2013-09-26
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MySQL patches by Codership
Undecided
Unassigned
5.5
Undecided
Unassigned
Percona XtraDB Cluster moved to https://jira.percona.com/projects/PXC
New
Undecided
Unassigned
5.5
Confirmed
Critical
Unassigned

Bug Description

Valgrind complains about use of uninitialized values and invalid memory access within wsrep_apply_cb():

==3596== Thread 24:
==3596== Conditional jump or move depends on uninitialised value(s)
==3596== at 0x7694B6: Intvar_log_event::do_apply_event(Relay_log_info const*) (log_event.cc:5519)
==3596== by 0x59FECC: wsrep_apply_cb(void*, void const*, unsigned long, long) (log_event.h:1164)
==3596== by 0x83B2F95: apply_wscoll(void*, wsrep_status (*)(void*, void const*, unsigned long, long), galera::TrxHandle const&) (replicator_smm.cpp:40)
==3596== by 0x83B329A: apply_trx_ws(void*, wsrep_status (*)(void*, void const*, unsigned long, long), wsrep_status (*)(void*, long, bool), galera::TrxHandle const&) (replicator_smm.cpp:81)
==3596== by 0x83B7ADD: galera::ReplicatorSMM::apply_trx(void*, galera::TrxHandle*) (replicator_smm.cpp:475)
==3596== by 0x83B7EBF: galera::ReplicatorSMM::process_trx(void*, galera::TrxHandle*) (replicator_smm.cpp:1061)
==3596== by 0x83A13D2: galera::GcsActionSource::dispatch(void*, gcs_action const&) (gcs_action_source.cpp:110)
==3596== by 0x83A15D1: galera::GcsActionSource::process(void*) (gcs_action_source.cpp:168)
==3596== by 0x83B8EFC: galera::ReplicatorSMM::async_recv(void*) (replicator_smm.cpp:372)
==3596== by 0x83C4BEE: galera_recv (wsrep_provider.cpp:202)
==3596== by 0x5A0D44: wsrep_replication_process(THD*) (sql_parse.cc:8176)
==3596== by 0x51BB64: start_wsrep_THD (mysqld.cc:4435)
==3596==
==3596== Invalid read of size 1
==3596== at 0x5A00A1: wsrep_apply_cb(void*, void const*, unsigned long, long) (sql_parse.cc:7965)
==3596== by 0x83B2F95: apply_wscoll(void*, wsrep_status (*)(void*, void const*, unsigned long, long), galera::TrxHandle const&) (replicator_smm.cpp:40)
==3596== by 0x83B329A: apply_trx_ws(void*, wsrep_status (*)(void*, void const*, unsigned long, long), wsrep_status (*)(void*, long, bool), galera::TrxHandle const&) (replicator_smm.cpp:81)
==3596== by 0x83B7ADD: galera::ReplicatorSMM::apply_trx(void*, galera::TrxHandle*) (replicator_smm.cpp:475)
==3596== by 0x83B7EBF: galera::ReplicatorSMM::process_trx(void*, galera::TrxHandle*) (replicator_smm.cpp:1061)
==3596== by 0x83A13D2: galera::GcsActionSource::dispatch(void*, gcs_action const&) (gcs_action_source.cpp:110)
==3596== by 0x83A15D1: galera::GcsActionSource::process(void*) (gcs_action_source.cpp:168)
==3596== by 0x83B8EFC: galera::ReplicatorSMM::async_recv(void*) (replicator_smm.cpp:372)
==3596== by 0x83C4BEE: galera_recv (wsrep_provider.cpp:202)
==3596== by 0x5A0D44: wsrep_replication_process(THD*) (sql_parse.cc:8176)
==3596== by 0x51BB64: start_wsrep_THD (mysqld.cc:4435)
==3596== by 0x5897E99: start_thread (pthread_create.c:308)
==3596== Address 0x1da72eb8 is not stack'd, malloc'd or (recently) free'd
==3596==
==3596== Conditional jump or move depends on uninitialised value(s)
==3596== at 0x7693F4: Rand_log_event::do_apply_event(Relay_log_info const*) (log_event.cc:5627)
==3596== by 0x59FECC: wsrep_apply_cb(void*, void const*, unsigned long, long) (log_event.h:1164)
==3596== by 0x83B2F95: apply_wscoll(void*, wsrep_status (*)(void*, void const*, unsigned long, long), galera::TrxHandle const&) (replicator_smm.cpp:40)
==3596== by 0x83B329A: apply_trx_ws(void*, wsrep_status (*)(void*, void const*, unsigned long, long), wsrep_status (*)(void*, long, bool), galera::TrxHandle const&) (replicator_smm.cpp:81)
==3596== by 0x83B7ADD: galera::ReplicatorSMM::apply_trx(void*, galera::TrxHandle*) (replicator_smm.cpp:475)
==3596== by 0x83B7EBF: galera::ReplicatorSMM::process_trx(void*, galera::TrxHandle*) (replicator_smm.cpp:1061)
==3596== by 0x83A13D2: galera::GcsActionSource::dispatch(void*, gcs_action const&) (gcs_action_source.cpp:110)
==3596== by 0x83A15D1: galera::GcsActionSource::process(void*) (gcs_action_source.cpp:168)
==3596== by 0x83B8EFC: galera::ReplicatorSMM::async_recv(void*) (replicator_smm.cpp:372)
==3596== by 0x83C4BEE: galera_recv (wsrep_provider.cpp:202)
==3596== by 0x5A0D44: wsrep_replication_process(THD*) (sql_parse.cc:8176)
==3596== by 0x51BB64: start_wsrep_THD (mysqld.cc:4435)
==3596==

summary: - invalid memory access in wsrep_apply_cb()
+ invalid memory access within wsrep_apply_cb()
summary: - invalid memory access within wsrep_apply_cb()
+ invalid memory access within wsrep_apply_cb() for non-ROW events
tags: added: statement

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PXC-1452

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers