Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
10.10.1, 10.6, 10.7(EOL), 10.8(EOL), 10.9(EOL), 10.10(EOL)
-
Ubuntu 20.04
Description
Dear MariaDB developers,
I am Zu-Ming Jiang, a PhD student at ETH Zurich. I used my new fuzzer to fuzz MariaDB and found a bug that can directly crashes MariaDB 10.10.1 server. The bug information is following:
The installation process of MariaDB (debug mode, enable ASAN)
cd mariadb-10.10.1
mkdir build; cd build
cmake .. -DCMAKE_BUILD_TYPE=Debug -DWITH_ASAN=ON
make -j12 && sudo make install
Reproduce process
– step 1: set up MariaDB server and create a database named "testdb"
/usr/local/mysql/bin/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data --plugin-dir=/usr/local/mysql/lib/plugin --user=mysql&
/usr/local/mysql/bin/mysql -uroot
mysql> create database testdb;
– step2: trigger the bug
/usr/local/mysql/bin/mysql --force -uroot -Dtestdb < mysql_bk.sql
/usr/local/mysql/bin/mysql --force -uroot -Dtestdb < bug_trigger_stmt.sql
Bug Information
The bug-triggering files "mysql_bk.sql" and "bug_trigger_stmt.sql" is in the attached.
The error report of MariaDB is in the attached file "bug_report.txt"
Attachments
Activity
Field | Original Value | New Value |
---|---|---|
Affects Version/s | 10.6 [ 24028 ] | |
Affects Version/s | 10.7 [ 24805 ] | |
Affects Version/s | 10.8 [ 26121 ] | |
Affects Version/s | 10.9 [ 26905 ] | |
Affects Version/s | 10.10 [ 27530 ] |
Fix Version/s | 10.6 [ 24028 ] | |
Fix Version/s | 10.7 [ 24805 ] | |
Fix Version/s | 10.8 [ 26121 ] | |
Fix Version/s | 10.9 [ 26905 ] |
Summary | Assertion `0' failed at sql/item.cc:10699 | Assertion `0' failed in Item_type_holder::val_int |
Assignee | Sergei Petrunia [ psergey ] |
Status | Open [ 1 ] | Confirmed [ 10101 ] |
Security | Developers [ 10400 ] |
Fix Version/s | 10.7 [ 24805 ] |
Fix Version/s | 10.8 [ 26121 ] |
Assignee | Sergei Petrunia [ psergey ] | Oleg Smirnov [ JIRAUSER50405 ] |
Fix Version/s | 10.9 [ 26905 ] |
Fix Version/s | 10.6.17 [ 29518 ] | |
Fix Version/s | 10.6 [ 24028 ] | |
Resolution | Fixed [ 1 ] | |
Status | Confirmed [ 10101 ] | Closed [ 6 ] |
Fix Version/s | 10.11.7 [ 29519 ] | |
Fix Version/s | 11.0.5 [ 29520 ] | |
Fix Version/s | 11.1.4 [ 29024 ] | |
Fix Version/s | 11.2.3 [ 29521 ] |
Security | Developers [ 10400 ] |