Second valgrind warning around hp_extract_record in mysql-55-eb-blobs

Bug #788722 reported by Philip Stoev on 2011-05-26
14
This bug affects 1 person
Affects Status Importance Assigned to Milestone
percona-projects-qa
Undecided
Alexey Kopytov

Bug Description

Even after the fix for 788544, the attached MTR test case reports the following valgrind errors:

==4201== Thread 13:
==4201== Invalid write of size 1
==4201== at 0x400764E: memcpy (mc_replace_strmem.c:497)
==4201== by 0x8601DE5: hp_extract_record (hp_record.c:476)
==4201== by 0x860223D: heap_scan (hp_scan.c:86)
==4201== by 0x85FB573: ha_heap::rnd_next(unsigned char*) (ha_heap.cc:387)
==4201== by 0x8437785: rr_sequential(READ_RECORD*) (records.cc:455)
==4201== by 0x8248192: join_init_read_record(st_join_table*) (sql_select.cc:12450)
==4201== by 0x824669E: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:11696)
==4201== by 0x8246287: do_select(JOIN*, List<Item>*, TABLE*, Procedure*) (sql_select.cc:11462)
==4201== by 0x822F621: JOIN::exec() (sql_select.cc:1975)
==4201== by 0x823146C: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2575)
==4201== by 0x822A2D2: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:297)
==4201== by 0x8203596: mysql_execute_command(THD*) (sql_parse.cc:2844)
==4201== by 0x820A979: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5503)
==4201== by 0x81FF049: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1034)
==4201== by 0x81FE537: do_command(THD*) (sql_parse.cc:771)
==4201== by 0x82CCF24: do_handle_one_connection(THD*) (sql_connect.cc:776)
==4201== Address 0x6c5f270 is 0 bytes after a block of size 696 alloc'd
==4201== at 0x4005CD2: realloc (vg_replace_malloc.c:476)
==4201== by 0x84A550E: my_realloc (my_malloc.c:101)
==4201== by 0x8601CA4: hp_extract_record (hp_record.c:432)
==4201== by 0x860223D: heap_scan (hp_scan.c:86)
==4201== by 0x85FB573: ha_heap::rnd_next(unsigned char*) (ha_heap.cc:387)
==4201== by 0x8437785: rr_sequential(READ_RECORD*) (records.cc:455)
==4201== by 0x8248192: join_init_read_record(st_join_table*) (sql_select.cc:12450)
==4201== by 0x824669E: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:11696)
==4201== by 0x8246287: do_select(JOIN*, List<Item>*, TABLE*, Procedure*) (sql_select.cc:11462)
==4201== by 0x822F621: JOIN::exec() (sql_select.cc:1975)
==4201== by 0x823146C: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2575)
==4201== by 0x822A2D2: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:297)
==4201== by 0x8203596: mysql_execute_command(THD*) (sql_parse.cc:2844)
==4201== by 0x820A979: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5503)
==4201== by 0x81FF049: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1034)
==4201== by 0x81FE537: do_command(THD*) (sql_parse.cc:771)
==4201==
==4201== Invalid read of size 1
==4201== at 0x4007568: memcpy (mc_replace_strmem.c:497)
==4201== by 0x8628D23: _mi_rec_pack (mi_dynrec.c:997)
==4201== by 0x86261A9: _mi_write_blob_record (mi_dynrec.c:289)
==4201== by 0x8648438: mi_write (mi_write.c:141)
==4201== by 0x8608C70: ha_myisam::write_row(unsigned char*) (ha_myisam.cc:788)
==4201== by 0x8355AB8: handler::ha_write_row(unsigned char*) (handler.cc:4782)
==4201== by 0x82492DB: end_write(JOIN*, st_join_table*, bool) (sql_select.cc:12823)
==4201== by 0x8246A3E: evaluate_join_record(JOIN*, st_join_table*, int) (sql_select.cc:11844)
==4201== by 0x82466BA: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:11697)
==4201== by 0x8246287: do_select(JOIN*, List<Item>*, TABLE*, Procedure*) (sql_select.cc:11462)
==4201== by 0x822F621: JOIN::exec() (sql_select.cc:1975)
==4201== by 0x823146C: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2575)
==4201== by 0x822A2D2: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:297)
==4201== by 0x8203596: mysql_execute_command(THD*) (sql_parse.cc:2844)
==4201== by 0x820A979: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5503)
==4201== by 0x81FF049: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1034)
==4201== Address 0x6c5f270 is 0 bytes after a block of size 696 alloc'd
==4201== at 0x4005CD2: realloc (vg_replace_malloc.c:476)
==4201== by 0x84A550E: my_realloc (my_malloc.c:101)
==4201== by 0x8601CA4: hp_extract_record (hp_record.c:432)
==4201== by 0x860223D: heap_scan (hp_scan.c:86)
==4201== by 0x85FB573: ha_heap::rnd_next(unsigned char*) (ha_heap.cc:387)
==4201== by 0x8437785: rr_sequential(READ_RECORD*) (records.cc:455)
==4201== by 0x8248192: join_init_read_record(st_join_table*) (sql_select.cc:12450)
==4201== by 0x824669E: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:11696)
==4201== by 0x8246287: do_select(JOIN*, List<Item>*, TABLE*, Procedure*) (sql_select.cc:11462)
==4201== by 0x822F621: JOIN::exec() (sql_select.cc:1975)
==4201== by 0x823146C: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2575)
==4201== by 0x822A2D2: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:297)
==4201== by 0x8203596: mysql_execute_command(THD*) (sql_parse.cc:2844)
==4201== by 0x820A979: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5503)
==4201== by 0x81FF049: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1034)
==4201== by 0x81FE537: do_command(THD*) (sql_parse.cc:771)

Philip Stoev (pstoev-askmonty) wrote :

Test case. Unfortunately, no further automatic simplification is possible at this time. Please note the following:

* The test uses LOAD_FILE(), so it has to run with --secure-file-priv
* the LOAD_FILE() use absolute file paths which have to point to a lp:randgen/data directory
* --max-heap-table-size=1Gb should also be specified

Changed in percona-projects-qa:
assignee: nobody → Alexey Kopytov (akopytov)
Changed in percona-projects-qa:
milestone: none → 5.5.13-eb
Changed in percona-projects-qa:
assignee: Alexey Kopytov (akopytov) → nobody
Changed in percona-projects-qa:
assignee: nobody → Laurynas Biveinis (laurynas-biveinis)
Changed in percona-projects-qa:
status: New → In Progress

Fully reduced testcase, does not need RQG or additional server parameters:

CREATE TABLE IF NOT EXISTS local_1_1 ( f1 VARCHAR ( 32 ) NOT NULL , f2 VARCHAR ( 128 ) NOT NULL , f3 BLOB NOT NULL , f4 TEXT, f5 BLOB ( 1024 ) , PRIMARY KEY ( f1 ) , KEY ( f1 , f2 ) ) ENGINE=HEAP ROW_FORMAT=DYNAMIC KEY_BLOCK_SIZE = 2048;
INSERT IGNORE INTO local_1_1 VALUES ( REPEAT( 'egqeqfxwaejpqixuvvtentruyqadxiybjdfqjspfbyjdjczrrwjnagkzsoagatqookhsgtrvvbxacppljfzaseidqggxvuirm' , 5 ) , NULL , NULL , NULL , REPEAT( 'hegqeqfxwaejpqixuvvtentruyqadxiy' , 1 ) ) , ( 'you' , NULL , 0 , REPEAT("X", 2048) , 0 );
INSERT IGNORE INTO local_1_1 SELECT * FROM local_1_1;

Changed in percona-projects-qa:
assignee: Laurynas Biveinis (laurynas-biveinis) → Alexey Kopytov (akopytov)
Changed in percona-projects-qa:
status: In Progress → Fix Committed
Changed in percona-projects-qa:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Bug attachments