Uninitialised memory write in XTDatabaseLog::xlog_append
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MariaDB |
Fix Released
|
Medium
|
Hakan Küçükyılmaz | ||
PBXT |
Fix Committed
|
Undecided
|
Vladimir Kolesnikov | ||
maria (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
valgrind catch uninitialised memory write in pbxt.alias (for example, the error mentioned in many other cases), stack is following:
==9024== Thread 4:
==9024== Syscall param pwrite64(buf) points to uninitialised byte(s)
==9024== at 0x504F3A8: (within /lib64/
==9024== by 0xA0E46C: xt_pwrite_
==9024== by 0x9F140C: XTDatabaseLog:
==9024== by 0x9F21D4: xt_xlog_
==9024== by 0x9EA751: xt_xn_log_
==9024== by 0x9DBF12: xt_create_
==9024== by 0x9AB32A: ha_pbxt:
==9024== by 0x7A4B26: handler:
==9024== by 0x7A7C19: ha_create_
==9024== by 0x75875B: rea_create_
==9024== by 0x7C61BE: mysql_create_
==9024== by 0x7C658F: mysql_create_
==9024== by 0x67C4AA: mysql_execute_
==9024== by 0x683ECE: mysql_parse(THD*, char const*, unsigned int, char const**) (sql_parse.cc:5979)
==9024== by 0x684CD8: dispatch_
==9024== by 0x68602C: do_command(THD*) (sql_parse.cc:862)
==9024== Address 0xf096292 is 50 bytes inside a block of size 1,049,088 alloc'd
==9024== at 0x4C24CFE: malloc (in /usr/lib64/
==9024== by 0x9B9A51: xt_malloc(
==9024== by 0x9F4055: XTDatabaseLog:
==9024== by 0x9EB76C: xt_xn_init_
==9024== by 0x9FD727: xt_get_
==9024== by 0x9FD96A: xt_open_
==9024== by 0x9C362A: xn_xres_
==9024== by 0x9E32A0: thr_main (thread_xt.cc:1022)
==9024== by 0x5048016: start_thread (in /lib64/
==9024== by 0x602248C: clone (in /lib64/libc-2.9.so)
==9024==
==9024== Syscall param pwrite64(buf) points to uninitialised byte(s)
==9024== at 0x504F3A8: (within /lib64/
==9024== by 0xA0E46C: xt_pwrite_
==9024== by 0x9F140C: XTDatabaseLog:
==9024== by 0x9F223E: XTDatabaseLog:
==9024== by 0x9D5002: xt_sync_
==9024== by 0x9FC4C7: db_lock_
==9024== by 0x9FC8E1: xt_db_lock_
==9024== by 0x9D62F8: tab_lock_
==9024== by 0x9D7E73: xt_drop_
==9024== by 0x9AE8A7: ha_pbxt:
==9024== by 0x7A4B92: handler:
==9024== by 0x7AA132: ha_delete_
==9024== by 0x7CA94A: mysql_rm_
==9024== by 0x7CAE68: mysql_rm_
==9024== by 0x67E890: mysql_execute_
==9024== by 0x683ECE: mysql_parse(THD*, char const*, unsigned int, char const**) (sql_parse.cc:5979)
==9024== Address 0xf096414 is 436 bytes inside a block of size 1,049,088 alloc'd
==9024== at 0x4C24CFE: malloc (in /usr/lib64/
==9024== by 0x9B9A51: xt_malloc(
==9024== by 0x9F4055: XTDatabaseLog:
==9024== by 0x9EB76C: xt_xn_init_
==9024== by 0x9FD727: xt_get_
==9024== by 0x9FD96A: xt_open_
==9024== by 0x9C362A: xn_xres_
==9024== by 0x9E32A0: thr_main (thread_xt.cc:1022)
==9024== by 0x5048016: start_thread (in /lib64/
==9024== by 0x602248C: clone (in /lib64/libc-2.9.so)
Many other cases can be found in:
http://
http://
http://
http://
Can be repeated if run pbxt test suite under valgrind (valgrind build (one of BUILD/compile*
Related branches
Changed in maria (Ubuntu): | |
status: | New → Invalid |
Changed in pbxt: | |
status: | New → In Progress |
assignee: | nobody → Vladimir Kolesnikov (vkolesnikov) |
Changed in pbxt: | |
status: | In Progress → Fix Committed |
Changed in maria: | |
importance: | Undecided → Medium |
affects: | maria (Ubuntu) → ubuntu |
affects: | ubuntu → maria (Ubuntu) |
Changed in maria: | |
status: | Fix Committed → Fix Released |
Hi Sanja,
I have seen this case before and my analysis showed that the uninitialized bytes are at the tail of 512-byte blocks. This is not a bug. This happens because we write data block-by-block and the last block is likely to be only partially filled with data. If you have evidence of any real probem with this please let me know, otherwise I will close the bug.
BR,
Vladimir