Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-36573

a segmentation fault in the Item_func_not::fix_fields function located in item_cmpfunc.cc at line 6634.

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Critical
    • Resolution: Duplicate
    • 11.4.0
    • N/A
    • Optimizer
    • None
    • ubuntu20.04,x86
    • Not for Release Notes

    Description

      MariaDB crashes with a segmentation fault in the Item_func_not::fix_fields function located in item_cmpfunc.cc at line 6634. This vulnerability is caused by a null pointer dereference when the function attempts to assign and call fix_fields() on a nullptr reference (ref = 0x0). The crash occurs during the query optimization phase, specifically when pushing down HAVING conditions into the WHERE clause via st_select_lex::pushdown_from_having_into_where.

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. MDEV-19520 Extend condition normalization to include 'NOT a'

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              Unassigned Unassigned
              yx yx
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: