maria-developers team mailing list archive
-
maria-developers team
-
Mailing list archive
-
Message #08754
Re: GSoc2015
On Wed, Jun 24, 2015 at 07:00:48PM +0530, Diwas Joshi wrote:
> hii, please find a patch for MDEV-8343
> <https://mariadb.atlassian.net/browse/MDEV-8343> attached to this mail. I
> have also included a test case in the patch.
So the crash that happens on my machine is:
Program received signal SIGSEGV, Segmentation fault.
(gdb) wher
#0 0x0000555555c30d64 in Create_field::Create_field (this=0x7fffdc0bb260) at /home/psergey/dev-git/10.1-gsoc/sql/field.h:2907
#1 0x0000555555c2bb43 in Create_field::clone (this=0x8f8f8f8f8f8f8f8f, mem_root=0x7fffdc0ba468) at /home/psergey/dev-git/10.1-gsoc/sql/field.cc:10116
#2 0x0000555555d85654 in sp_head::fill_resultset_definition (this=0x7fffdc0ba448, thd=0x5555577ddfc0, create_list=0x5555577e2fb8) at /home/psergey/dev-git/10.1-gsoc/sql/sp_head.cc:2370
#3 0x0000555555bd7a96 in MYSQLparse (thd=0x5555577ddfc0) at /home/psergey/dev-git/10.1-gsoc/sql/sql_yacc.yy:6657
#4 0x0000555555a26e0e in parse_sql (thd=0x5555577ddfc0, parser_state=0x7ffff02810c0, creation_ctx=0x0, do_pfs_digest=true) at /home/psergey/dev-git/10.1-gsoc/sql/sql_parse.cc:9103
#5 0x0000555555a22e51 in mysql_parse (thd=0x5555577ddfc0, rawbuf=0x7fffdc013ad8 "CREATE FUNCTION f1(a INT, b VARCHAR(11))\nRETURNS TABLE t1(id INT, name VARCHAR(11))\nBEGIN\nINSERT INTO t1 SELECT id, name FROM t2 WHERE id = a;\nEND", length=146, parser_state=0x7ffff02810c0) at /home/psergey/dev-git/10.1-gsoc/sql/sql_parse.cc:7116
#6 0x0000555555a1200d in dispatch_command (command=COM_QUERY, thd=0x5555577ddfc0, packet=0x5555577e56e1 "CREATE FUNCTION f1(a INT, b VARCHAR(11))\nRETURNS TABLE t1(id INT, name VARCHAR(11))\nBEGIN\nINSERT INTO t1 SELECT id, name FROM t2 WHERE id = a;\nEND", packet_length=146) at /home/psergey/dev-git/10.1-gsoc/sql/sql_parse.cc:1462
#7 0x0000555555a10dd7 in do_command (thd=0x5555577ddfc0) at /home/psergey/dev-git/10.1-gsoc/sql/sql_parse.cc:1090
#8 0x0000555555b3dcb0 in do_handle_one_connection (thd_arg=0x5555577ddfc0) at /home/psergey/dev-git/10.1-gsoc/sql/sql_connect.cc:1347
#9 0x0000555555b3d9f5 in handle_one_connection (arg=0x5555577ddfc0) at /home/psergey/dev-git/10.1-gsoc/sql/sql_connect.cc:1258
#10 0x0000555555ed9f14 in pfs_spawn_thread (arg=0x5555577ea9c0) at /home/psergey/dev-git/10.1-gsoc/storage/perfschema/pfs.cc:1860
#11 0x00007ffff691de9a in start_thread (arg=0x7ffff0282700) at pthread_create.c:308
#12 0x00
007ffff604e3fd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
### Note Create_field::clone(this=0x8f8f8f8f8f8f8f8f ... above. This means it's reading unitialized data.
(gdb) up
#1 0x0000555555c2bb43 in Create_field::clone (this=0x8f8f8f8f8f8f8f8f, mem_root=0x7fffdc0ba468) at /home/psergey/dev-git/10.1-gsoc/sql/field.cc:10116
(gdb) up
#2 0x0000555555d85654 in sp_head::fill_resultset_definition (this=0x7fffdc0ba448, thd=0x5555577ddfc0, create_list=0x5555577e2fb8) at /home/psergey/dev-git/10.1-gsoc/sql/sp_head.cc:2370
(gdb)
(gdb) p *create_list
$33 = {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7fffdc014280, last = 0x7fffdc0bb250, elements = 4}, <No data fields>}
### Why 4 elements in the list? The example shows it should have two
elements...
(gdb) p create_list->first->info
$36 = (void *) 0x8f8f8f8f8f8f8f8f
## The first element is invalid already.
Looking at where the list come from:
if(Lex->sphead->fill_resultset_definition(thd, &Lex->alter_info.create_list))
Lex->alter_info.create_list... MySQL codebase has a nasty habit of not initializing the
data if it is not needed.
I search for alter_info in the sql_yacc.yy file. I find many lines like this:
Lex->alter_info.reset();
If I add this line at the start of the $5 in 'sf_tail' production, the crash
goes away.
BR
Sergei
--
Sergei Petrunia, Software Developer
MariaDB Corporation | Skype: sergefp | Blog: http://s.petrunia.net/blog
References
