[MDEV-26353] MariaDB server crash in Arg_comparator::compare_real_fixed - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Duplicate
Affects Version/s: 10.6.2, 10.5.13, 10.2(EOL), 10.3(EOL), 10.4(EOL), 10.5, 10.6
Fix Version/s: N/A
Component/s: Data types
Labels:
None
Environment:
Linux x64

Description

Reported by:

Yaoguang Chen of Ant Security Light-Year Lab

Steps to reproduce:

CREATE TEMPORARY TABLE v0 ( v4 SMALLINT , v3 TINYINT , v2 NCHAR BINARY GENERATED ALWAYS AS ( NULL NOT IN ( 'x' SOUNDS LIKE UTC_TIME ( ) IS NULL IS NULL IS FALSE ) IS NOT FALSE ) , v1 INT ) ;

 SELECT CONVERT ( CHAR ( 'x' IS FALSE ) * DEFAULT ( v2 ) * 'x' * 62721821.000000 , DATETIME ) REGEXP v1 'x' FROM v0 ;

 INSERT IGNORE INTO v0 VALUES ( 78470821.000000 , 'x' , -32768 , v1 IN ( 'x' , FALSE NOT REGEXP v3 IS FALSE ) ) ;

backtrace:

Core was generated by `/home/supersix/fuzz/security/MariaDB/install_debug/bin/mysqld --defaults-file=/'.

Program terminated with signal SIGABRT, Aborted.

#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=0x6)

    at ../sysdeps/unix/sysv/linux/pthread_kill.c:56

56	../sysdeps/unix/sysv/linux/pthread_kill.c: No such file or directory.

[Current thread is 1 (Thread 0x7f8010296700 (LWP 1431325))]

gdb-peda$ bt

#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=0x6)

    at ../sysdeps/unix/sysv/linux/pthread_kill.c:56

#1  0x000055ceeec1e94f in my_write_core (sig=sig@entry=0x6)

    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/mysys/stacktrace.c:424

#2  0x000055ceee729d60 in handle_fatal_signal (sig=0x6)

    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/signal_handler.cc:344

#3  <signal handler called>

#4  __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:50

#5  0x00007f8010d68859 in __GI_abort () at abort.c:79

#6  0x00007f801113f951 in ?? () from /lib/x86_64-linux-gnu/libstdc++.so.6

#7  0x00007f801114b47c in ?? () from /lib/x86_64-linux-gnu/libstdc++.so.6

#8  0x00007f801114b4e7 in std::terminate() () from /lib/x86_64-linux-gnu/libstdc++.so.6

#9  0x00007f801114c245 in __cxa_pure_virtual () from /lib/x86_64-linux-gnu/libstdc++.so.6

#10 0x000055ceee75d6ef in Arg_comparator::compare_real_fixed (this=0x7f7f88115bf0)

    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/item_cmpfunc.cc:897

#11 0x000055ceee76b464 in Arg_comparator::compare (this=0x7f7f88115bf0)

    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/item_cmpfunc.h:103

#12 Item_func_ne::val_int (this=0x7f7f88115b40)

    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/item_cmpfunc.cc:1788

#13 0x000055ceee67b604 in Type_handler_int_result::Item_val_bool (this=<optimized out>,

    item=<optimized out>) at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_type.cc:5085

#14 0x000055ceee75de10 in Item_func_truth::val_bool (this=0x7f7f88115dc0)

    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/item_cmpfunc.cc:1165

#15 0x000055ceee75de81 in Item_func_truth::val_int (this=<optimized out>)

    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/item_cmpfunc.cc:1188

#16 0x000055ceee74f443 in Item::save_int_in_field (this=0x7f7f88115dc0, field=0x7f7f8801ac90,

    no_conversions=<optimized out>)

    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/item.cc:6700

#17 0x000055ceee7412a7 in Item::save_in_field (this=0x7f7f88115dc0, field=0x7f7f8801ac90,

    no_conversions=<optimized out>)

    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/item.cc:6710

#18 0x000055ceee5f87a0 in TABLE::update_virtual_fields (this=this@entry=0x7f7f8801a698,

    h=<optimized out>, update_mode=update_mode@entry=VCOL_UPDATE_FOR_WRITE)

    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/table.cc:8718

#19 0x000055ceee4ba3a5 in fill_record (thd=thd@entry=0x7f7f88000c58,

    table=table@entry=0x7f7f8801a698, ptr=0x7f7f8801aaf0, ptr@entry=0x7f7f8801aac8, values=...,

    ignore_errors=ignore_errors@entry=0x0, use_value=use_value@entry=0x0)

    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_base.cc:8845

#20 0x000055ceee4ba444 in fill_record_n_invoke_before_triggers (thd=thd@entry=0x7f7f88000c58,

    table=table@entry=0x7f7f8801a698, ptr=0x7f7f8801aac8, values=...,

    ignore_errors=ignore_errors@entry=0x0, event=event@entry=TRG_EVENT_INSERT)

    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_base.cc:8888

#21 0x000055ceee4e6af6 in mysql_insert (thd=thd@entry=0x7f7f88000c58, table_list=<optimized out>,

    fields=..., values_list=..., update_fields=..., update_values=..., duplic=<optimized out>,

    ignore=<optimized out>, result=<optimized out>)

    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_insert.cc:1047

#22 0x000055ceee5204e7 in mysql_execute_command (thd=0x7f7f88000c58,

    is_called_from_prepared_stmt=<optimized out>)

    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_parse.cc:4568

#23 0x000055ceee510287 in mysql_parse (thd=0x7f7f88000c58, rawbuf=<optimized out>,

    length=<optimized out>, parser_state=<optimized out>)

    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_parse.cc:8028

#24 0x000055ceee51c285 in dispatch_command (command=COM_QUERY, thd=0x7f7f88000c58,

    packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>)

    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_class.h:1340

#25 0x000055ceee51e1a8 in do_command (thd=0x7f7f88000c58, blocking=blocking@entry=0x1)

    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_parse.cc:1406

#26 0x000055ceee624317 in do_handle_one_connection (connect=<optimized out>, put_in_cache=0x1)

    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_connect.cc:1410

#27 0x000055ceee62467d in handle_one_connection (arg=arg@entry=0x55cef0328838)

    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_connect.cc:1312

#28 0x000055ceee96097d in pfs_spawn_thread (arg=0x55cef06008d8)

    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/storage/perfschema/pfs.cc:2201

#29 0x00007f8011291609 in start_thread (arg=<optimized out>) at pthread_create.c:477

#30 0x00007f8010e65293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Attachments

Issue Links

duplicates

MDEV-26437 Server crashes in Item_args::walk_args

Closed

links to

CVE-2022-27379

Activity

Ascending order - Click to sort in descending order

yaoguang created issue - 2021-08-13 07:10

Daniel Black made changes - 2021-08-13 08:23

Field	Original Value	New Value
Affects Version/s		10.6.2 [ 25800 ]
Affects Version/s		10.5.13 [ 26026 ]
Affects Version/s	10.5 [ 23123 ]
Affects Version/s	10.6 [ 24028 ]

Daniel Black made changes - 2021-08-13 08:24

Component/s

Data types [ 13906 ]

Sergei Golubchik made changes - 2021-08-14 20:24

Description

Reported by:

Yaoguang Chen of Ant Security Light-Year Lab

Steps to reproduce:

{code:sql}
CREATE TEMPORARY TABLE v0 ( v4 SMALLINT , v3 TINYINT , v2 NCHAR BINARY GENERATED ALWAYS AS ( NULL NOT IN ( 'x' SOUNDS LIKE UTC_TIME ( ) IS NULL IS NULL IS FALSE ) IS NOT FALSE ) , v1 INT ) ;
SELECT CONVERT ( CHAR ( 'x' IS FALSE ) * DEFAULT ( v2 ) * 'x' * 62721821.000000 , DATETIME ) REGEXP v1 'x' FROM v0 ;
INSERT IGNORE INTO v0 VALUES ( 78470821.000000 , 'x' , -32768 , v1 IN ( 'x' , FALSE NOT REGEXP v3 IS FALSE ) ) ;
{code}

backtrace:

Core was generated by `/home/supersix/fuzz/security/MariaDB/install_debug/bin/mysqld --defaults-file=/'.
Program terminated with signal SIGABRT, Aborted.
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=0x6)
    at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
56 ../sysdeps/unix/sysv/linux/pthread_kill.c: No such file or directory.
[Current thread is 1 (Thread 0x7f8010296700 (LWP 1431325))]
gdb-peda$ bt
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=0x6)
    at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
#1 0x000055ceeec1e94f in my_write_core (sig=sig@entry=0x6)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/mysys/stacktrace.c:424
#2 0x000055ceee729d60 in handle_fatal_signal (sig=0x6)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/signal_handler.cc:344
#3 <signal handler called>
#4 __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:50
#5 0x00007f8010d68859 in __GI_abort () at abort.c:79
#6 0x00007f801113f951 in ?? () from /lib/x86_64-linux-gnu/libstdc++.so.6
#7 0x00007f801114b47c in ?? () from /lib/x86_64-linux-gnu/libstdc++.so.6
#8 0x00007f801114b4e7 in std::terminate() () from /lib/x86_64-linux-gnu/libstdc++.so.6
#9 0x00007f801114c245 in __cxa_pure_virtual () from /lib/x86_64-linux-gnu/libstdc++.so.6
#10 0x000055ceee75d6ef in Arg_comparator::compare_real_fixed (this=0x7f7f88115bf0)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/item_cmpfunc.cc:897
#11 0x000055ceee76b464 in Arg_comparator::compare (this=0x7f7f88115bf0)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/item_cmpfunc.h:103
#12 Item_func_ne::val_int (this=0x7f7f88115b40)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/item_cmpfunc.cc:1788
#13 0x000055ceee67b604 in Type_handler_int_result::Item_val_bool (this=<optimized out>,
    item=<optimized out>) at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_type.cc:5085
#14 0x000055ceee75de10 in Item_func_truth::val_bool (this=0x7f7f88115dc0)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/item_cmpfunc.cc:1165
#15 0x000055ceee75de81 in Item_func_truth::val_int (this=<optimized out>)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/item_cmpfunc.cc:1188
#16 0x000055ceee74f443 in Item::save_int_in_field (this=0x7f7f88115dc0, field=0x7f7f8801ac90,
    no_conversions=<optimized out>)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/item.cc:6700
#17 0x000055ceee7412a7 in Item::save_in_field (this=0x7f7f88115dc0, field=0x7f7f8801ac90,
    no_conversions=<optimized out>)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/item.cc:6710
#18 0x000055ceee5f87a0 in TABLE::update_virtual_fields (this=this@entry=0x7f7f8801a698,
    h=<optimized out>, update_mode=update_mode@entry=VCOL_UPDATE_FOR_WRITE)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/table.cc:8718
#19 0x000055ceee4ba3a5 in fill_record (thd=thd@entry=0x7f7f88000c58,
    table=table@entry=0x7f7f8801a698, ptr=0x7f7f8801aaf0, ptr@entry=0x7f7f8801aac8, values=...,
    ignore_errors=ignore_errors@entry=0x0, use_value=use_value@entry=0x0)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_base.cc:8845
#20 0x000055ceee4ba444 in fill_record_n_invoke_before_triggers (thd=thd@entry=0x7f7f88000c58,
    table=table@entry=0x7f7f8801a698, ptr=0x7f7f8801aac8, values=...,
    ignore_errors=ignore_errors@entry=0x0, event=event@entry=TRG_EVENT_INSERT)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_base.cc:8888
#21 0x000055ceee4e6af6 in mysql_insert (thd=thd@entry=0x7f7f88000c58, table_list=<optimized out>,
    fields=..., values_list=..., update_fields=..., update_values=..., duplic=<optimized out>,
    ignore=<optimized out>, result=<optimized out>)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_insert.cc:1047
#22 0x000055ceee5204e7 in mysql_execute_command (thd=0x7f7f88000c58,
    is_called_from_prepared_stmt=<optimized out>)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_parse.cc:4568
#23 0x000055ceee510287 in mysql_parse (thd=0x7f7f88000c58, rawbuf=<optimized out>,
    length=<optimized out>, parser_state=<optimized out>)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_parse.cc:8028
#24 0x000055ceee51c285 in dispatch_command (command=COM_QUERY, thd=0x7f7f88000c58,
    packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_class.h:1340
#25 0x000055ceee51e1a8 in do_command (thd=0x7f7f88000c58, blocking=blocking@entry=0x1)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_parse.cc:1406
#26 0x000055ceee624317 in do_handle_one_connection (connect=<optimized out>, put_in_cache=0x1)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_connect.cc:1410
#27 0x000055ceee62467d in handle_one_connection (arg=arg@entry=0x55cef0328838)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_connect.cc:1312
#28 0x000055ceee96097d in pfs_spawn_thread (arg=0x55cef06008d8)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/storage/perfschema/pfs.cc:2201
#29 0x00007f8011291609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#30 0x00007f8010e65293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Reported by:

Yaoguang Chen of Ant Security Light-Year Lab

Steps to reproduce:

{code:sql}
CREATE TEMPORARY TABLE v0 ( v4 SMALLINT , v3 TINYINT , v2 NCHAR BINARY GENERATED ALWAYS AS ( NULL NOT IN ( 'x' SOUNDS LIKE UTC_TIME ( ) IS NULL IS NULL IS FALSE ) IS NOT FALSE ) , v1 INT ) ;
SELECT CONVERT ( CHAR ( 'x' IS FALSE ) * DEFAULT ( v2 ) * 'x' * 62721821.000000 , DATETIME ) REGEXP v1 'x' FROM v0 ;
INSERT IGNORE INTO v0 VALUES ( 78470821.000000 , 'x' , -32768 , v1 IN ( 'x' , FALSE NOT REGEXP v3 IS FALSE ) ) ;
{code}

backtrace:
{noformat}
Core was generated by `/home/supersix/fuzz/security/MariaDB/install_debug/bin/mysqld --defaults-file=/'.
Program terminated with signal SIGABRT, Aborted.
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=0x6)
    at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
56 ../sysdeps/unix/sysv/linux/pthread_kill.c: No such file or directory.
[Current thread is 1 (Thread 0x7f8010296700 (LWP 1431325))]
gdb-peda$ bt
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=0x6)
    at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
#1 0x000055ceeec1e94f in my_write_core (sig=sig@entry=0x6)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/mysys/stacktrace.c:424
#2 0x000055ceee729d60 in handle_fatal_signal (sig=0x6)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/signal_handler.cc:344
#3 <signal handler called>
#4 __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:50
#5 0x00007f8010d68859 in __GI_abort () at abort.c:79
#6 0x00007f801113f951 in ?? () from /lib/x86_64-linux-gnu/libstdc++.so.6
#7 0x00007f801114b47c in ?? () from /lib/x86_64-linux-gnu/libstdc++.so.6
#8 0x00007f801114b4e7 in std::terminate() () from /lib/x86_64-linux-gnu/libstdc++.so.6
#9 0x00007f801114c245 in __cxa_pure_virtual () from /lib/x86_64-linux-gnu/libstdc++.so.6
#10 0x000055ceee75d6ef in Arg_comparator::compare_real_fixed (this=0x7f7f88115bf0)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/item_cmpfunc.cc:897
#11 0x000055ceee76b464 in Arg_comparator::compare (this=0x7f7f88115bf0)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/item_cmpfunc.h:103
#12 Item_func_ne::val_int (this=0x7f7f88115b40)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/item_cmpfunc.cc:1788
#13 0x000055ceee67b604 in Type_handler_int_result::Item_val_bool (this=<optimized out>,
    item=<optimized out>) at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_type.cc:5085
#14 0x000055ceee75de10 in Item_func_truth::val_bool (this=0x7f7f88115dc0)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/item_cmpfunc.cc:1165
#15 0x000055ceee75de81 in Item_func_truth::val_int (this=<optimized out>)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/item_cmpfunc.cc:1188
#16 0x000055ceee74f443 in Item::save_int_in_field (this=0x7f7f88115dc0, field=0x7f7f8801ac90,
    no_conversions=<optimized out>)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/item.cc:6700
#17 0x000055ceee7412a7 in Item::save_in_field (this=0x7f7f88115dc0, field=0x7f7f8801ac90,
    no_conversions=<optimized out>)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/item.cc:6710
#18 0x000055ceee5f87a0 in TABLE::update_virtual_fields (this=this@entry=0x7f7f8801a698,
    h=<optimized out>, update_mode=update_mode@entry=VCOL_UPDATE_FOR_WRITE)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/table.cc:8718
#19 0x000055ceee4ba3a5 in fill_record (thd=thd@entry=0x7f7f88000c58,
    table=table@entry=0x7f7f8801a698, ptr=0x7f7f8801aaf0, ptr@entry=0x7f7f8801aac8, values=...,
    ignore_errors=ignore_errors@entry=0x0, use_value=use_value@entry=0x0)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_base.cc:8845
#20 0x000055ceee4ba444 in fill_record_n_invoke_before_triggers (thd=thd@entry=0x7f7f88000c58,
    table=table@entry=0x7f7f8801a698, ptr=0x7f7f8801aac8, values=...,
    ignore_errors=ignore_errors@entry=0x0, event=event@entry=TRG_EVENT_INSERT)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_base.cc:8888
#21 0x000055ceee4e6af6 in mysql_insert (thd=thd@entry=0x7f7f88000c58, table_list=<optimized out>,
    fields=..., values_list=..., update_fields=..., update_values=..., duplic=<optimized out>,
    ignore=<optimized out>, result=<optimized out>)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_insert.cc:1047
#22 0x000055ceee5204e7 in mysql_execute_command (thd=0x7f7f88000c58,
    is_called_from_prepared_stmt=<optimized out>)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_parse.cc:4568
#23 0x000055ceee510287 in mysql_parse (thd=0x7f7f88000c58, rawbuf=<optimized out>,
    length=<optimized out>, parser_state=<optimized out>)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_parse.cc:8028
#24 0x000055ceee51c285 in dispatch_command (command=COM_QUERY, thd=0x7f7f88000c58,
    packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_class.h:1340
#25 0x000055ceee51e1a8 in do_command (thd=0x7f7f88000c58, blocking=blocking@entry=0x1)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_parse.cc:1406
#26 0x000055ceee624317 in do_handle_one_connection (connect=<optimized out>, put_in_cache=0x1)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_connect.cc:1410
#27 0x000055ceee62467d in handle_one_connection (arg=arg@entry=0x55cef0328838)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/sql/sql_connect.cc:1312
#28 0x000055ceee96097d in pfs_spawn_thread (arg=0x55cef06008d8)
    at /home/supersix/fuzz/security/MariaDB/mariadb-10.6.2/storage/perfschema/pfs.cc:2201
#29 0x00007f8011291609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#30 0x00007f8010e65293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
{noformat}

Alice Sherepa made changes - 2021-08-26 14:22

Link

This issue relates to ~~MDEV-26437~~ [ ~~MDEV-26437~~ ]

Alice Sherepa made changes - 2021-08-26 14:29

Affects Version/s		10.5 [ 23123 ]
Affects Version/s		10.6 [ 24028 ]

Alice Sherepa made changes - 2021-08-26 14:29

Fix Version/s		10.2 [ 14601 ]
Fix Version/s		10.3 [ 22126 ]
Fix Version/s		10.4 [ 22408 ]
Fix Version/s		10.5 [ 23123 ]
Fix Version/s		10.6 [ 24028 ]

Alice Sherepa made changes - 2021-08-26 14:29

Status

Open [ 1 ]

Confirmed [ 10101 ]

Alice Sherepa made changes - 2021-08-26 14:29

Assignee

Nikita Malyavin [ nikitamalyavin ]

Nikita Malyavin made changes - 2021-10-01 19:19

Fix Version/s		N/A [ 14700 ]
Fix Version/s	10.2 [ 14601 ]
Fix Version/s	10.3 [ 22126 ]
Fix Version/s	10.4 [ 22408 ]
Fix Version/s	10.5 [ 23123 ]
Fix Version/s	10.6 [ 24028 ]
Resolution		Duplicate [ 3 ]
Status	Confirmed [ 10101 ]	Closed [ 6 ]

Sergei Golubchik made changes - 2021-12-06 21:53

Workflow

MariaDB v3 [ 124270 ]

MariaDB v4 [ 159575 ]

Sergei Golubchik made changes - 2022-04-13 12:59

Remote Link

This issue links to "CVE-2022-27379 (Web Link)" [ 33617 ]

Sergei Golubchik made changes - 2022-04-14 11:43

Link

This issue duplicates ~~MDEV-26437~~ [ ~~MDEV-26437~~ ]

Sergei Golubchik made changes - 2022-04-14 11:43

Link

This issue relates to ~~MDEV-26437~~ [ ~~MDEV-26437~~ ]

People

Assignee:: Nikita Malyavin

Reporter:: yaoguang

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2021-08-13 07:10

Updated:: 2022-04-14 11:43

Resolved:: 2021-10-01 19:19

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server

Details

Description

Attachments

Issue Links

Activity

People

Dates

Git Integration