MySQL patches by Codership

invalid memory access within wsrep_apply_cb() for non-ROW events

Bug #1231294 reported by Teemu Ollakka on 2013-09-26

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
MySQL patches by Codership	New	Undecided	Unassigned
5.5	New	Undecided	Unassigned
Percona XtraDB Cluster moved to https://jira.percona.com/projects/PXC	New	Undecided	Unassigned	Percona XtraDB Cluster moved to https://jira.percona.com/projects/PXC future-5.5
5.5	Confirmed	Critical	Unassigned	Percona XtraDB Cluster moved to https://jira.percona.com/projects/PXC future-5.5

Bug Description

Valgrind complains about use of uninitialized values and invalid memory access within wsrep_apply_cb():

==3596== Thread 24:
==3596== Conditional jump or move depends on uninitialised value(s)
==3596== at 0x7694B6: Intvar_log_event::do_apply_event(Relay_log_info const*) (log_event.cc:5519)
==3596== by 0x59FECC: wsrep_apply_cb(void*, void const*, unsigned long, long) (log_event.h:1164)
==3596== by 0x83B2F95: apply_wscoll(void*, wsrep_status (*)(void*, void const*, unsigned long, long), galera::TrxHandle const&) (replicator_smm.cpp:40)
==3596== by 0x83B329A: apply_trx_ws(void*, wsrep_status (*)(void*, void const*, unsigned long, long), wsrep_status (*)(void*, long, bool), galera::TrxHandle const&) (replicator_smm.cpp:81)
==3596== by 0x83B7ADD: galera::ReplicatorSMM::apply_trx(void*, galera::TrxHandle*) (replicator_smm.cpp:475)
==3596== by 0x83B7EBF: galera::ReplicatorSMM::process_trx(void*, galera::TrxHandle*) (replicator_smm.cpp:1061)
==3596== by 0x83A13D2: galera::GcsActionSource::dispatch(void*, gcs_action const&) (gcs_action_source.cpp:110)
==3596== by 0x83A15D1: galera::GcsActionSource::process(void*) (gcs_action_source.cpp:168)
==3596== by 0x83B8EFC: galera::ReplicatorSMM::async_recv(void*) (replicator_smm.cpp:372)
==3596== by 0x83C4BEE: galera_recv (wsrep_provider.cpp:202)
==3596== by 0x5A0D44: wsrep_replication_process(THD*) (sql_parse.cc:8176)
==3596== by 0x51BB64: start_wsrep_THD (mysqld.cc:4435)
==3596==
==3596== Invalid read of size 1
==3596== at 0x5A00A1: wsrep_apply_cb(void*, void const*, unsigned long, long) (sql_parse.cc:7965)
==3596== by 0x83B2F95: apply_wscoll(void*, wsrep_status (*)(void*, void const*, unsigned long, long), galera::TrxHandle const&) (replicator_smm.cpp:40)
==3596== by 0x83B329A: apply_trx_ws(void*, wsrep_status (*)(void*, void const*, unsigned long, long), wsrep_status (*)(void*, long, bool), galera::TrxHandle const&) (replicator_smm.cpp:81)
==3596== by 0x83B7ADD: galera::ReplicatorSMM::apply_trx(void*, galera::TrxHandle*) (replicator_smm.cpp:475)
==3596== by 0x83B7EBF: galera::ReplicatorSMM::process_trx(void*, galera::TrxHandle*) (replicator_smm.cpp:1061)
==3596== by 0x83A13D2: galera::GcsActionSource::dispatch(void*, gcs_action const&) (gcs_action_source.cpp:110)
==3596== by 0x83A15D1: galera::GcsActionSource::process(void*) (gcs_action_source.cpp:168)
==3596== by 0x83B8EFC: galera::ReplicatorSMM::async_recv(void*) (replicator_smm.cpp:372)
==3596== by 0x83C4BEE: galera_recv (wsrep_provider.cpp:202)
==3596== by 0x5A0D44: wsrep_replication_process(THD*) (sql_parse.cc:8176)
==3596== by 0x51BB64: start_wsrep_THD (mysqld.cc:4435)
==3596== by 0x5897E99: start_thread (pthread_create.c:308)
==3596== Address 0x1da72eb8 is not stack'd, malloc'd or (recently) free'd
==3596==
==3596== Conditional jump or move depends on uninitialised value(s)
==3596== at 0x7693F4: Rand_log_event::do_apply_event(Relay_log_info const*) (log_event.cc:5627)
==3596== by 0x59FECC: wsrep_apply_cb(void*, void const*, unsigned long, long) (log_event.h:1164)
==3596== by 0x83B2F95: apply_wscoll(void*, wsrep_status (*)(void*, void const*, unsigned long, long), galera::TrxHandle const&) (replicator_smm.cpp:40)
==3596== by 0x83B329A: apply_trx_ws(void*, wsrep_status (*)(void*, void const*, unsigned long, long), wsrep_status (*)(void*, long, bool), galera::TrxHandle const&) (replicator_smm.cpp:81)
==3596== by 0x83B7ADD: galera::ReplicatorSMM::apply_trx(void*, galera::TrxHandle*) (replicator_smm.cpp:475)
==3596== by 0x83B7EBF: galera::ReplicatorSMM::process_trx(void*, galera::TrxHandle*) (replicator_smm.cpp:1061)
==3596== by 0x83A13D2: galera::GcsActionSource::dispatch(void*, gcs_action const&) (gcs_action_source.cpp:110)
==3596== by 0x83A15D1: galera::GcsActionSource::process(void*) (gcs_action_source.cpp:168)
==3596== by 0x83B8EFC: galera::ReplicatorSMM::async_recv(void*) (replicator_smm.cpp:372)
==3596== by 0x83C4BEE: galera_recv (wsrep_provider.cpp:202)
==3596== by 0x5A0D44: wsrep_replication_process(THD*) (sql_parse.cc:8176)
==3596== by 0x51BB64: start_wsrep_THD (mysqld.cc:4435)
==3596==

Tags:

Teemu Ollakka (teemu-ollakka) on 2013-09-26

summary:

- invalid memory access in wsrep_apply_cb()
+ invalid memory access within wsrep_apply_cb()

Alex Yurchenko (ayurchen) on 2013-09-26

summary:	- invalid memory access within wsrep_apply_cb() + invalid memory access within wsrep_apply_cb() for non-ROW events
tags:	added: statement

Revision history for this message

Shahriyar Rzayev (rzayev-sehriyar) wrote on 2018-01-18:

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PXC-1452

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.