Uninitialized flush_counters_t::unzip_LRU_evicted use
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Percona Server moved to https://jira.percona.com/projects/PS |
Fix Released
|
Medium
|
Laurynas Biveinis | ||
5.1 |
Invalid
|
Undecided
|
Unassigned | ||
5.5 |
Invalid
|
Undecided
|
Unassigned | ||
5.6 |
Fix Released
|
Medium
|
Laurynas Biveinis |
Bug Description
==5873== Thread 23:
==5873== Conditional jump or move depends on uninitialised value(s)
==5873== at 0xA15646: buf_do_
==5873== by 0xA15A71: buf_flush_
==5873== by 0xA15F04: buf_flush_
==5873== by 0xA1618C: buf_flush_
==5873== by 0xA16469: buf_flush_
==5873== by 0x506A9D0: start_thread (in /lib64/
==5873== by 0x634CB6C: clone (in /lib64/
==5873== Uninitialised value was created by a stack allocation
==5873== at 0xA15F44: buf_flush_
==5873==
The cause is
if (max > n->unzip_
in buf_do_LRU_batch propagated from
n->unzip_
+= buf_free_
in the same function, called from buf_flush_LRU, called from buf_flush_LRU_tail, which has a stack-allocated uninitialised flush_counters_t variable propagated down. Regression introduced by bug 1295268 fix.
Related branches
- Laurynas Biveinis (community): Approve
-
Diff: 19 lines (+2/-1)1 file modifiedstorage/innobase/buf/buf0flu.cc (+2/-1)
Reproducible by valgrinding any of innodb_ zip.innodb_ bug36172 innodb_ zip.innodb- create- options innodb_ zip.innodb_ cmp_per_ index innodb_ zip.innodb- wl5522- zip innodb_ zip.innodb_ index_large_ prefix innodb_ zip.innodb- zip MTR tests.