Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-29494

Assertion `0' failed in Item_type_holder::val_int

Details

    Description

      Dear MariaDB developers,
      I am Zu-Ming Jiang, a PhD student at ETH Zurich. I used my new fuzzer to fuzz MariaDB and found a bug that can directly crashes MariaDB 10.10.1 server. The bug information is following:

      The installation process of MariaDB (debug mode, enable ASAN)

      cd mariadb-10.10.1
      mkdir build; cd build
      cmake .. -DCMAKE_BUILD_TYPE=Debug -DWITH_ASAN=ON
      make -j12 && sudo make install

      Reproduce process

      – step 1: set up MariaDB server and create a database named "testdb"
      /usr/local/mysql/bin/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data --plugin-dir=/usr/local/mysql/lib/plugin --user=mysql&
      /usr/local/mysql/bin/mysql -uroot
      mysql> create database testdb;

      – step2: trigger the bug
      /usr/local/mysql/bin/mysql --force -uroot -Dtestdb < mysql_bk.sql
      /usr/local/mysql/bin/mysql --force -uroot -Dtestdb < bug_trigger_stmt.sql

      Bug Information

      The bug-triggering files "mysql_bk.sql" and "bug_trigger_stmt.sql" is in the attached.
      The error report of MariaDB is in the attached file "bug_report.txt"

      Attachments

        1. bug_report.txt
          7 kB
        2. bug_trigger_stmt.sql
          0.6 kB
        3. mysql_bk.sql
          5 kB

        Activity

          Ascending order - Click to sort in descending order
          Zuming Jiang Zuming Jiang created issue -
          alice Alice Sherepa made changes -
          Field Original Value New Value
          Affects Version/s 10.6 [ 24028 ]
          Affects Version/s 10.7 [ 24805 ]
          Affects Version/s 10.8 [ 26121 ]
          Affects Version/s 10.9 [ 26905 ]
          Affects Version/s 10.10 [ 27530 ]
          alice Alice Sherepa made changes -
          Fix Version/s 10.6 [ 24028 ]
          Fix Version/s 10.7 [ 24805 ]
          Fix Version/s 10.8 [ 26121 ]
          Fix Version/s 10.9 [ 26905 ]
          alice Alice Sherepa made changes -
          Summary Assertion `0' failed at sql/item.cc:10699 Assertion `0' failed in Item_type_holder::val_int
          alice Alice Sherepa made changes -
          Assignee Sergei Petrunia [ psergey ]
          alice Alice Sherepa made changes -
          Status Open [ 1 ] Confirmed [ 10101 ]
          serg Sergei Golubchik made changes -
          Security Developers [ 10400 ]
          julien.fritsch Julien Fritsch made changes -
          Fix Version/s 10.7 [ 24805 ]
          julien.fritsch Julien Fritsch made changes -
          Fix Version/s 10.8 [ 26121 ]
          psergei Sergei Petrunia made changes -
          Assignee Sergei Petrunia [ psergey ] Oleg Smirnov [ JIRAUSER50405 ]
          julien.fritsch Julien Fritsch made changes -
          Fix Version/s 10.9 [ 26905 ]
          oleg.smirnov Oleg Smirnov made changes -
          Fix Version/s 10.6.17 [ 29518 ]
          Fix Version/s 10.6 [ 24028 ]
          Resolution Fixed [ 1 ]
          Status Confirmed [ 10101 ] Closed [ 6 ]
          JIraAutomate JiraAutomate made changes -
          Fix Version/s 10.11.7 [ 29519 ]
          Fix Version/s 11.0.5 [ 29520 ]
          Fix Version/s 11.1.4 [ 29024 ]
          Fix Version/s 11.2.3 [ 29521 ]
          serg Sergei Golubchik made changes -
          Security Developers [ 10400 ]

          People

            oleg.smirnov Oleg Smirnov
            Zuming Jiang Zuming Jiang
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.