Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-29360

pushdown: Server crashed with SEGV in Item_direct_view_ref::grouping_field_transformer_for_where

    XMLWordPrintable

Details

    • Bug
    • Status: Confirmed (View Workflow)
    • Critical
    • Resolution: Unresolved
    • 10.10.0, 10.3, 10.4, 10.5, 10.6, 10.7, 10.8, 10.9, 10.10
    • 10.4, 10.5, 10.6
    • None

    Description

      SUMMARY: AddressSanitizer: SEGV /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item.cc:7846 in Item_direct_view_ref::grouping_field_transformer_for_where(THD*, unsigned char*)

      poc:

      CREATE TABLE v881 ( v882 BIGINT NOT NULL ) ;
      		 
       INSERT INTO v881 ( v882 ) VALUES ( 68 ) ;
      		 
       UPDATE v881 SET v882 = 89 WHERE v882 = -128 ;
      		 
       INSERT INTO v881 ( v882 ) VALUES ( -128 ) , ( -32768 ) ;
      		 
       WITH v884 ( v885 ) AS ( SELECT v882 FROM ( SELECT v882 FROM v881 GROUP BY v882 ) AS v883 ) SELECT ( SELECT v882 FROM v881 WHERE ( v882 , ( v882 LIKE 'x' < 'x' ) ) NOT IN ( SELECT ( v882 % v882 <= v882 ) , 39 FROM v881 ) ) * 97 AS v886 FROM ( SELECT v882 FROM v881 WHERE ( v882 IN ( 127 , 69 , 56 , 87 , 'x' / 96 = 30687358.000000 + CASE v882 WHEN TRUE THEN -128 ELSE 23 END OR v882 = v882 OR v882 = v882 ) ) ORDER BY NOT ( 53078313.000000 AND v882 = 127 ) , v882 + v882 ) AS v887 NATURAL JOIN v884 AS v888 NATURAL JOIN ( SELECT DISTINCT v882 , ( v882 = -1 OR v882 > 'x' ) FROM v881 ) AS v889 NATURAL JOIN v884 AS v890 WHERE v885 BETWEEN FALSE AND ( ( ( NOT ( NOT ( NOT ( v885 = 'x' AND v882 = 'x' AND v882 = 'x' ) ) IS NULL ) ) ) ) ;

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-26940 Assertion `0' failed in get_field_item_for_having

          • Major - Major loss of function.
          • Confirmed

          Activity

            People

              igor Igor Babaev
              nobody Shihao Wen
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.