Details
-
Bug
-
Status: Confirmed (View Workflow)
-
Critical
-
Resolution: Unresolved
-
10.10.0, 10.3, 10.4, 10.5, 10.6, 10.7, 10.8, 10.9, 10.10
-
None
Description
SUMMARY: AddressSanitizer: SEGV /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item.cc:7846 in Item_direct_view_ref::grouping_field_transformer_for_where(THD*, unsigned char*)
poc:
CREATE TABLE v881 ( v882 BIGINT NOT NULL ) ; |
INSERT INTO v881 ( v882 ) VALUES ( 68 ) ; |
UPDATE v881 SET v882 = 89 WHERE v882 = -128 ; |
INSERT INTO v881 ( v882 ) VALUES ( -128 ) , ( -32768 ) ; |
WITH v884 ( v885 ) AS ( SELECT v882 FROM ( SELECT v882 FROM v881 GROUP BY v882 ) AS v883 ) SELECT ( SELECT v882 FROM v881 WHERE ( v882 , ( v882 LIKE 'x' < 'x' ) ) NOT IN ( SELECT ( v882 % v882 <= v882 ) , 39 FROM v881 ) ) * 97 AS v886 FROM ( SELECT v882 FROM v881 WHERE ( v882 IN ( 127 , 69 , 56 , 87 , 'x' / 96 = 30687358.000000 + CASE v882 WHEN TRUE THEN -128 ELSE 23 END OR v882 = v882 OR v882 = v882 ) ) ORDER BY NOT ( 53078313.000000 AND v882 = 127 ) , v882 + v882 ) AS v887 NATURAL JOIN v884 AS v888 NATURAL JOIN ( SELECT DISTINCT v882 , ( v882 = -1 OR v882 > 'x' ) FROM v881 ) AS v889 NATURAL JOIN v884 AS v890 WHERE v885 BETWEEN FALSE AND ( ( ( NOT ( NOT ( NOT ( v885 = 'x' AND v882 = 'x' AND v882 = 'x' ) ) IS NULL ) ) ) ) ; |
Attachments
Issue Links
- relates to
-
MDEV-26940 Assertion `0' failed in get_field_item_for_having
- Confirmed