[MDEV-26351] segfault - (MARIA_HA *) 0x0 in ha_maria::extra - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Blocker
Resolution: Fixed
Affects Version/s: 10.5.9, 10.2.41, 10.3.32, 10.4.22, 10.5.13
Fix Version/s: 10.2.43, 10.3.34, 10.4.24, 10.5.15, 10.6.7, 10.7.3
Component/s: Data Definition - Create Table, Optimizer, Storage Engine - Aria
Labels:
- crash
Environment:
Ubuntu 18.04
MariaDB 10.5.9

Description

I used my fuzzing tool to test Mariadb , and found a bug that can result in an abortion.

Mariadb installation：
1) cd mariadb-10.5.9
2) mkdir build; cd build
3) cmake -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DCMAKE_BUILD_TYPE=Debug ../
4) make -j8 && sudo make install

How to Repeat:
export ASAN_OPTIONS=detect_leaks=0
/usr/local/mysql/bin/mysqld_safe &
/usr/local/mysql/bin/mysql -uroot -p123456(your password)
MariaDB> drop database if exists test_db;
MariaDB> create database test_db;
MariaDB> use test_db;
MariaDB> source fuzz.sql;

I have simplified the content of fuzz.sql, and I hope fuzz.sql can help you reproduce the bug and fix it. In addition, I attach the failure report (which has its stack trace).

This bug looks similar to ~~MDEV-25787~~, but their stack trace are totally different in my report. I hope you can judge whether they are different bugs.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

fuzz.sql
2021-08-13 05:02
91 kB
Zuming Jiang
report.txt
2021-08-13 05:02
72 kB
Zuming Jiang

Issue Links

duplicates

MDEV-25787 Bug report: crash on SELECT DISTINCT thousands_blob_fields

Closed

links to

CVE-2021-46663

Activity

People

Assignee:: Sergei Golubchik

Reporter:: Zuming Jiang

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2021-08-13 05:02

Updated:: 2022-02-10 14:52

Resolved:: 2022-02-10 14:52

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.