Details
Critical Description
mysqld: /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_subselect.cc:1497: virtual longlong Item_singlerow_subselect::val_int(): Assertion `fixed()' failed.
poc:
CREATE TABLE v768 ( v769 BOOLEAN NOT NULL ) ; |
( ( SELECT v769 FROM v768 ORDER BY v769 + v769 , v769 + ( v769 % ( SELECT v769 FROM v768 WHERE 16 = v769 ) <= v769 ) ) ) ; |
UPDATE v768 SET v769 = 99 WHERE v769 = -2147483648 ; |
INSERT INTO v768 ( v769 ) VALUES ( 15 ) , ( -1 ) ; |
SELECT v769 FROM v768 WHERE v769 IN ( v769 , 'x' NOT LIKE -1 ) GROUP BY v769 HAVING ( v769 IN ( ( ( SELECT ( SELECT v769 FROM v768 WHERE ( FALSE <= 127 BETWEEN 0 AND -2147483648 , v769 ) NOT IN ( SELECT ( v769 NOT IN ( v769 ) AND v769 NOT IN ( 63309275.000000 ^ v769 ) ) , v769 + v769 FROM v768 GROUP BY v769 HAVING ( v769 != 127 AND v769 = v769 AND ( NOT ( 'x' = 'x' AND FALSE = 90 ) ) AND v769 LIKE 'x' ) ) ) * -1 AS v770 FROM v768 WHERE NULL = v769 ) IN ( SELECT v769 FROM v768 ) ) < 'x' ) ) ; |
Attachments
Issue Links
- is duplicated by
-
MDEV-32314 Server crashes at Item_singlerow_subselect::store
-
- Closed
-
-
-
- Closed
-