Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-29644

a potential bug of null pointer dereference in spider_db_mbase::print_warnings()

Details

    Description

      Hi, I found a potential null pointer dereference bug in the project source code, and I have shown the execution sequence of the program that may generate the bug on the graph below. The red text illustrates the steps that generate the bug, the red arrows represent the control flow,the file path can be seen in the blue framed section.

      Although the code shown is for version 10.3 but is still exist in current version

      would you can help to check if this bug is true?thank you for your effort and patience!

      Attachments

        Issue Links

          links to

          Web Link CVE-2022-47015

          Activity

            Ascending order - Click to sort in descending order
            View 4 older comments
            holyfoot Alexey Botchkov added a comment -

            ok to push.

            holyfoot Alexey Botchkov added a comment - ok to push.
            ycp Yuchen Pei added a comment - - edited

            I've taken a look at nayuta's patch be0a46b3d52b58956fd0d47d040b9f4514406954 and would like to push it. holyfoot I assume you are still ok for it to be pushed?
            hold on. I'm getting test failure for 10.4, patch applied to 603836e281a.

            CURRENT_TEST: spider/bugfix.mdev_29644
            		 
            mysqltest: At line 36: query 'INSERT INTO tbl_a VALUES ("this will be truncated")' failed: 1406: Data too long for column 'a' at row 1

            ycp Yuchen Pei added a comment - - edited I've taken a look at nayuta's patch be0a46b3d52b58956fd0d47d040b9f4514406954 and would like to push it. holyfoot I assume you are still ok for it to be pushed? hold on. I'm getting test failure for 10.4, patch applied to 603836e281a. CURRENT_TEST: spider/bugfix.mdev_29644 mysqltest: At line 36: query 'INSERT INTO tbl_a VALUES ("this will be truncated")' failed: 1406: Data too long for column 'a' at row 1
            ycp Yuchen Pei added a comment -

            I made some minor changes to the test case so that it passes 10.4. Can you take a look holyfoot? Thank you. https://github.com/MariaDB/server/commit/d346bd3ab03

            ycp Yuchen Pei added a comment - I made some minor changes to the test case so that it passes 10.4. Can you take a look holyfoot ? Thank you. https://github.com/MariaDB/server/commit/d346bd3ab03
            holyfoot Alexey Botchkov added a comment -

            see comment at the patch.
            with that fixed ok to push.

            holyfoot Alexey Botchkov added a comment - see comment at the patch. with that fixed ok to push.
            ycp Yuchen Pei added a comment - - edited

            Thanks for the comments and review, holyfoot. The comments were incorporated and patch pushed to 10.3.

            Some merge conflicts needed to be handled, and below are patches for all versions:

            • 10.3-4: 9b32e4b1923
            • 10.5-8: b98375f9df0
            • 10.9-11.0: 5075f4e0dae
            ycp Yuchen Pei added a comment - - edited Thanks for the comments and review, holyfoot . The comments were incorporated and patch pushed to 10.3. Some merge conflicts needed to be handled, and below are patches for all versions: 10.3-4: 9b32e4b1923 10.5-8: b98375f9df0 10.9-11.0: 5075f4e0dae

            People

              ycp Yuchen Pei
              ash1852 jaskldj
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.