Second valgrind warning around hp_extract_record in mysql-55-eb-blobs

Bug #788722 reported by Philip Stoev
14
This bug affects 1 person
Affects Status Importance Assigned to Milestone
percona-projects-qa
Fix Released
Undecided
Alexey Kopytov

Bug Description

Even after the fix for 788544, the attached MTR test case reports the following valgrind errors:

==4201== Thread 13:
==4201== Invalid write of size 1
==4201== at 0x400764E: memcpy (mc_replace_strmem.c:497)
==4201== by 0x8601DE5: hp_extract_record (hp_record.c:476)
==4201== by 0x860223D: heap_scan (hp_scan.c:86)
==4201== by 0x85FB573: ha_heap::rnd_next(unsigned char*) (ha_heap.cc:387)
==4201== by 0x8437785: rr_sequential(READ_RECORD*) (records.cc:455)
==4201== by 0x8248192: join_init_read_record(st_join_table*) (sql_select.cc:12450)
==4201== by 0x824669E: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:11696)
==4201== by 0x8246287: do_select(JOIN*, List<Item>*, TABLE*, Procedure*) (sql_select.cc:11462)
==4201== by 0x822F621: JOIN::exec() (sql_select.cc:1975)
==4201== by 0x823146C: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2575)
==4201== by 0x822A2D2: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:297)
==4201== by 0x8203596: mysql_execute_command(THD*) (sql_parse.cc:2844)
==4201== by 0x820A979: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5503)
==4201== by 0x81FF049: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1034)
==4201== by 0x81FE537: do_command(THD*) (sql_parse.cc:771)
==4201== by 0x82CCF24: do_handle_one_connection(THD*) (sql_connect.cc:776)
==4201== Address 0x6c5f270 is 0 bytes after a block of size 696 alloc'd
==4201== at 0x4005CD2: realloc (vg_replace_malloc.c:476)
==4201== by 0x84A550E: my_realloc (my_malloc.c:101)
==4201== by 0x8601CA4: hp_extract_record (hp_record.c:432)
==4201== by 0x860223D: heap_scan (hp_scan.c:86)
==4201== by 0x85FB573: ha_heap::rnd_next(unsigned char*) (ha_heap.cc:387)
==4201== by 0x8437785: rr_sequential(READ_RECORD*) (records.cc:455)
==4201== by 0x8248192: join_init_read_record(st_join_table*) (sql_select.cc:12450)
==4201== by 0x824669E: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:11696)
==4201== by 0x8246287: do_select(JOIN*, List<Item>*, TABLE*, Procedure*) (sql_select.cc:11462)
==4201== by 0x822F621: JOIN::exec() (sql_select.cc:1975)
==4201== by 0x823146C: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2575)
==4201== by 0x822A2D2: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:297)
==4201== by 0x8203596: mysql_execute_command(THD*) (sql_parse.cc:2844)
==4201== by 0x820A979: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5503)
==4201== by 0x81FF049: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1034)
==4201== by 0x81FE537: do_command(THD*) (sql_parse.cc:771)
==4201==
==4201== Invalid read of size 1
==4201== at 0x4007568: memcpy (mc_replace_strmem.c:497)
==4201== by 0x8628D23: _mi_rec_pack (mi_dynrec.c:997)
==4201== by 0x86261A9: _mi_write_blob_record (mi_dynrec.c:289)
==4201== by 0x8648438: mi_write (mi_write.c:141)
==4201== by 0x8608C70: ha_myisam::write_row(unsigned char*) (ha_myisam.cc:788)
==4201== by 0x8355AB8: handler::ha_write_row(unsigned char*) (handler.cc:4782)
==4201== by 0x82492DB: end_write(JOIN*, st_join_table*, bool) (sql_select.cc:12823)
==4201== by 0x8246A3E: evaluate_join_record(JOIN*, st_join_table*, int) (sql_select.cc:11844)
==4201== by 0x82466BA: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:11697)
==4201== by 0x8246287: do_select(JOIN*, List<Item>*, TABLE*, Procedure*) (sql_select.cc:11462)
==4201== by 0x822F621: JOIN::exec() (sql_select.cc:1975)
==4201== by 0x823146C: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2575)
==4201== by 0x822A2D2: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:297)
==4201== by 0x8203596: mysql_execute_command(THD*) (sql_parse.cc:2844)
==4201== by 0x820A979: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5503)
==4201== by 0x81FF049: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1034)
==4201== Address 0x6c5f270 is 0 bytes after a block of size 696 alloc'd
==4201== at 0x4005CD2: realloc (vg_replace_malloc.c:476)
==4201== by 0x84A550E: my_realloc (my_malloc.c:101)
==4201== by 0x8601CA4: hp_extract_record (hp_record.c:432)
==4201== by 0x860223D: heap_scan (hp_scan.c:86)
==4201== by 0x85FB573: ha_heap::rnd_next(unsigned char*) (ha_heap.cc:387)
==4201== by 0x8437785: rr_sequential(READ_RECORD*) (records.cc:455)
==4201== by 0x8248192: join_init_read_record(st_join_table*) (sql_select.cc:12450)
==4201== by 0x824669E: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:11696)
==4201== by 0x8246287: do_select(JOIN*, List<Item>*, TABLE*, Procedure*) (sql_select.cc:11462)
==4201== by 0x822F621: JOIN::exec() (sql_select.cc:1975)
==4201== by 0x823146C: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2575)
==4201== by 0x822A2D2: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:297)
==4201== by 0x8203596: mysql_execute_command(THD*) (sql_parse.cc:2844)
==4201== by 0x820A979: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5503)
==4201== by 0x81FF049: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1034)
==4201== by 0x81FE537: do_command(THD*) (sql_parse.cc:771)

Revision history for this message
Philip Stoev (pstoev-askmonty) wrote :

Test case. Unfortunately, no further automatic simplification is possible at this time. Please note the following:

* The test uses LOAD_FILE(), so it has to run with --secure-file-priv
* the LOAD_FILE() use absolute file paths which have to point to a lp:randgen/data directory
* --max-heap-table-size=1Gb should also be specified

Changed in percona-projects-qa:
assignee: nobody → Alexey Kopytov (akopytov)
Changed in percona-projects-qa:
milestone: none → 5.5.13-eb
Changed in percona-projects-qa:
assignee: Alexey Kopytov (akopytov) → nobody
Changed in percona-projects-qa:
assignee: nobody → Laurynas Biveinis (laurynas-biveinis)
Changed in percona-projects-qa:
status: New → In Progress
Revision history for this message
Laurynas Biveinis (laurynas-biveinis) wrote :

Fully reduced testcase, does not need RQG or additional server parameters:

CREATE TABLE IF NOT EXISTS local_1_1 ( f1 VARCHAR ( 32 ) NOT NULL , f2 VARCHAR ( 128 ) NOT NULL , f3 BLOB NOT NULL , f4 TEXT, f5 BLOB ( 1024 ) , PRIMARY KEY ( f1 ) , KEY ( f1 , f2 ) ) ENGINE=HEAP ROW_FORMAT=DYNAMIC KEY_BLOCK_SIZE = 2048;
INSERT IGNORE INTO local_1_1 VALUES ( REPEAT( 'egqeqfxwaejpqixuvvtentruyqadxiybjdfqjspfbyjdjczrrwjnagkzsoagatqookhsgtrvvbxacppljfzaseidqggxvuirm' , 5 ) , NULL , NULL , NULL , REPEAT( 'hegqeqfxwaejpqixuvvtentruyqadxiy' , 1 ) ) , ( 'you' , NULL , 0 , REPEAT("X", 2048) , 0 );
INSERT IGNORE INTO local_1_1 SELECT * FROM local_1_1;

Changed in percona-projects-qa:
assignee: Laurynas Biveinis (laurynas-biveinis) → Alexey Kopytov (akopytov)
Changed in percona-projects-qa:
status: In Progress → Fix Committed
Changed in percona-projects-qa:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.