Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-26350

Assertion failure: select_lex->ref_pointer_array.size() % 5 == 0

Details

    Description

      I used my fuzzing tool to test Mariadb , and found a bug that can result in an abortion.

      Mariadb installation:
      1) cd mariadb-10.5.9
      2) mkdir build; cd build
      3) cmake -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DCMAKE_BUILD_TYPE=Debug ../
      4) make -j8 && sudo make install

      How to Repeat:
      export ASAN_OPTIONS=detect_leaks=0
      /usr/local/mysql/bin/mysqld_safe &
      /usr/local/mysql/bin/mysql -uroot -p123456(your password)
      MariaDB> drop database if exists test_db;
      MariaDB> create database test_db;
      MariaDB> use test_db;
      MariaDB> source fuzz.sql;

      I have simplified the content of fuzz.sql (this one is still very complicate), and I hope fuzz.sql can help you reproduce the bug and fix it. In addition, I attach the failure report (which has its stack trace).

      Attachments

        1. fuzz.sql
          3.90 MB
        2. gdb.txt
          180 kB
        3. report.txt
          70 kB

        Issue Links

          links to

          Web Link CVE-2021-46667

          Activity

            Ascending order - Click to sort in descending order
            Zuming Jiang Zuming Jiang created issue -
            danblack Daniel Black made changes -
            Field Original Value New Value
            Attachment gdb.txt [ 58536 ]
            danblack Daniel Black made changes -
            Fix Version/s 10.5 [ 23123 ]
            Affects Version/s 10.5.13 [ 26026 ]
            Summary Assertion Failure in sql/sql_repl.cc:4319 Assertion failure: select_lex->ref_pointer_array.size() % 5 == 0
            danblack Daniel Black made changes -
            Affects Version/s 10.4.18 [ 25110 ]
            danblack Daniel Black made changes -
            Labels crash crash not-10.2 not-10.3
            danblack Daniel Black made changes -
            Fix Version/s 10.4 [ 22408 ]
            Fix Version/s 10.5 [ 23123 ]
            danblack Daniel Black made changes -
            Priority Blocker [ 1 ] Major [ 3 ]
            danblack Daniel Black made changes -
            Assignee Daniel Black [ danblack ]
            danblack Daniel Black made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            danblack Daniel Black made changes -
            Fix Version/s 10.2 [ 14601 ]
            Fix Version/s 10.4 [ 22408 ]
            danblack Daniel Black made changes -
            Assignee Daniel Black [ danblack ] Sergei Golubchik [ serg ]
            Status In Progress [ 3 ] In Review [ 10002 ]
            danblack Daniel Black made changes -
            Assignee Sergei Golubchik [ serg ] Oleksandr Byelkin [ sanja ]
            sanja Oleksandr Byelkin made changes -
            Assignee Oleksandr Byelkin [ sanja ] Daniel Black [ danblack ]
            Status In Review [ 10002 ] Stalled [ 10000 ]
            danblack Daniel Black made changes -
            Fix Version/s 10.2.41 [ 26032 ]
            Fix Version/s 10.3.32 [ 26029 ]
            Fix Version/s 10.4.22 [ 26031 ]
            Fix Version/s 10.5.13 [ 26026 ]
            Fix Version/s 10.6.5 [ 26034 ]
            Fix Version/s 10.2 [ 14601 ]
            Resolution Fixed [ 1 ]
            Status Stalled [ 10000 ] Closed [ 6 ]
            serg Sergei Golubchik made changes -
            Workflow MariaDB v3 [ 124260 ] MariaDB v4 [ 159574 ]
            serg Sergei Golubchik made changes -

            People

              danblack Daniel Black
              Zuming Jiang Zuming Jiang
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.