Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
10.10.0, 10.3(EOL), 10.4(EOL), 10.5, 10.6, 10.7(EOL), 10.8(EOL), 10.9(EOL), 10.10(EOL)
-
None
Description
output:
SUMMARY: AddressSanitizer: stack-overflow /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/sql_union.cc:2837 in st_select_lex_unit::set_unique_exclude()
poc:
CREATE TEMPORARY TABLE x ( x TEXT ( 1 ) CHECK ( FALSE NOT LIKE x * 1 = 1 + 1 ^ 1 ) ) ; |
INSERT INTO x ( x ) VALUES ( 1 ) ; |
UPDATE x SET x = 1 ; |
INSERT INTO x ( x ) VALUES ( 1 ) , ( 1 ) ; |
WITH x AS ( SELECT x FROM x ORDER BY 1.000000 ) SELECT EXISTS ( WITH RECURSIVE x ( x ) AS ( WITH x AS ( SELECT x FROM ( SELECT x FROM ( SELECT 1 AS x , 1 FROM x WHERE x = CASE WHEN x * ( SELECT 1 FROM x AS x WHERE x BETWEEN 1.000000 AND 1 WINDOW x AS ( ORDER BY x - x , ( 1 < x AND x = 1 ) ) ) ^ x THEN 1.000000 ELSE x END / 1 GROUP BY x ) AS x ) AS x WHERE ( x = 1 OR x = 1 ) NOT LIKE 'x' AND x * 1 ) SELECT NOT ( ( 1.000000 ^ 1.000000 AND 1.000000 = ( SELECT x FROM x ) * 1 + 1 ^ 1 ) * ( x = 1 OR x = 1 ) NOT LIKE 'x' ) AS x UNION SELECT 1 - x LIMIT 1 ) SELECT DISTINCT ( NOT ( NOT ( NOT ( x = 'x' AND x = 'x' AND x = 'x' ) ) IS NULL ) ) AS x , ( ( TRUE , x ) NOT IN ( SELECT ( x % ( SELECT x FROM x WHERE 1 = x ) <= x ) , ( x = 1 AND x = 1 ) FROM x ) OR x > 'x' ) FROM x ) , 'x' FROM x WINDOW x AS ( PARTITION BY x ORDER BY x DESC ) ORDER BY x , x DESC ; |
Attachments
Issue Links
- duplicates
-
-
- Closed
-
- relates to
-
-
- Closed
-