[MDEV-25631] Crash executing query with VIEW, aggregate and subquery - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.5.9, 5.5(EOL), 10.0(EOL), 10.1(EOL), 10.2(EOL), 10.3(EOL), 10.4(EOL), 10.5
Fix Version/s: 10.2.42, 10.3.33, 10.4.23, 10.5.14, 10.6.6, 10.7.2
Component/s: Optimizer
Labels:
- crash
- fuzzer
Environment:
Ubuntu 18.04
MariaDB 10.5.9

Description

I used my fuzzing tool to test Mariadb , and found a bug that can result in an abortion.

Mariadb installation：
1) cd mariadb-10.5.9
2) mkdir build; cd build
3) cmake -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_DEBUG=ON ../
4) make -j8 && sudo make install

How to Repeat:
export ASAN_OPTIONS=detect_leaks=0
/usr/local/mysql/bin/mysqld_safe &
/usr/local/mysql/bin/mysql -uroot -p123456(your password)
MariaDB> drop database if exists test_db;
MariaDB> create database test_db;
MariaDB> source fuzz.sql;

I have simplified the content of fuzz.sql, and I hope fuzz.sql can help you reproduce the bug and fix it. In addition, I attach the abortion report (which has its stack trace).

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

abortion_report.txt
6 kB
2021-05-10 08:38
fuzz.sql
0.9 kB
2021-05-10 08:38

Issue Links

causes

MDEV-28206 SIGSEGV in Item_field::fix_fields when using LEAD...OVER

Closed

duplicates

MDEV-24454 Crash at change_item_tree

Closed

relates to

MDEV-20325 Assertion `outer_context || !*from_field || *from_field == not_found_field' failed in Item_field::fix_outer_field | `!derived->is_excluded()' failed in TABLE_LIST::set_check_materialized | SIGEGV in st_select_lex::mark_as_dependent (optimized builds)

Closed

links to

CVE-2021-46659

Activity

People

Assignee:: Igor Babaev

Reporter:: Zuming Jiang

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 2021-05-10 08:39

Updated:: 2022-11-29 03:52

Resolved:: 2022-01-11 07:04

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.