Valgrind warning/crash in heap_scan in mysql-55-eb-blobs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
percona-projects-qa |
Fix Released
|
Undecided
|
Alexey Kopytov |
Bug Description
The attached test case produces (among others), the following 2 warnings:
==15968== Invalid read of size 1
==15968== at 0x8602215: heap_scan (hp_scan.c:78)
==15968== by 0x85FB587: ha_heap:
==15968== by 0x8437799: rr_sequential(
==15968== by 0x8291C04: mysql_update(THD*, TABLE_LIST*, List<Item>&, List<Item>&, Item*, unsigned int, st_order*, unsigned long long, enum_duplicates, bool, unsigned long long*, unsigned long long*) (sql_update.cc:644)
==15968== by 0x8202CC4: mysql_execute_
==15968== by 0x820A979: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5503)
==15968== by 0x81FF049: dispatch_
==15968== by 0x81FE537: do_command(THD*) (sql_parse.cc:771)
==15968== by 0x82CCF38: do_handle_
==15968== by 0x82CCBFB: handle_
==15968== by 0x84D9D33: pfs_spawn_thread (pfs.cc:1015)
==15968== by 0x821918: start_thread (in /lib/libpthread
==15968== by 0x76ACCD: clone (in /lib/libc-
==15968== Address 0xeb9760c is 4 bytes after a block of size 129,992 alloc'd
==15968== at 0x4005BDC: malloc (vg_replace_
==15968== by 0x84A52F8: my_malloc (my_malloc.c:38)
==15968== by 0x86033F3: hp_get_new_block (hp_block.c:79)
==15968== by 0x8601475: hp_allocate_
==15968== by 0x8601197: hp_allocate_
==15968== by 0x86012CC: hp_allocate_
==15968== by 0x8602985: heap_write (hp_write.c:56)
==15968== by 0x85FAE3B: ha_heap:
==15968== by 0x8355ACC: handler:
==15968== by 0x81ED5FB: write_record(THD*, TABLE*, st_copy_info*) (sql_insert.
==15968== by 0x81EB83D: mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool) (sql_insert.cc:928)
==15968== by 0x82031C7: mysql_execute_
==15968== by 0x820A979: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5503)
==15968== by 0x81FF049: dispatch_
==15968== by 0x81FE537: do_command(THD*) (sql_parse.cc:771)
==15968== by 0x82CCF38: do_handle_
==15968== Conditional jump or move depends on uninitialised value(s)
==15968== at 0x860221A: heap_scan (hp_scan.c:78)
==15968== by 0x85FB587: ha_heap:
==15968== by 0x8437799: rr_sequential(
==15968== by 0x8291C04: mysql_update(THD*, TABLE_LIST*, List<Item>&, List<Item>&, Item*, unsigned int, st_order*, unsigned long long, enum_duplicates, bool, unsigned long long*, unsigned long long*) (sql_update.cc:644)
==15968== by 0x8202CC4: mysql_execute_
==15968== by 0x820A979: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:5503)
==15968== by 0x81FF049: dispatch_
==15968== by 0x81FE537: do_command(THD*) (sql_parse.cc:771)
==15968== by 0x82CCF38: do_handle_
==15968== by 0x82CCBFB: handle_
==15968== by 0x84D9D33: pfs_spawn_thread (pfs.cc:1015)
==15968== by 0x821918: start_thread (in /lib/libpthread
==15968== by 0x76ACCD: clone (in /lib/libc-
Unfortunately a 6-hour effort to simplify only reduced the test case to 675 lines (out if initial 30K).
summary: |
- Valgrind warning in heap_scan in mysql-55-eb-blobs + Valgrind warning/crash in heap_scan in mysql-55-eb-blobs |
Changed in percona-projects-qa: | |
milestone: | none → 5.5.13-eb |
Changed in percona-projects-qa: | |
assignee: | nobody → Alexey Kopytov (akopytov) |
status: | New → In Progress |
Changed in percona-projects-qa: | |
status: | In Progress → Fix Committed |
Changed in percona-projects-qa: | |
status: | Fix Committed → Fix Released |
Partially simplifed test case. Needs to be run with --max_heap_ table_size= 1G , --valgrind and --secure-file-priv set to a directory containing the lp:randgen repository.