[MDEV-36580] a NULL pointer dereference in the function Item_direct_view_ref::derived_field_transformer_for_where, located at sql/item.cc:7831 - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Cannot Reproduce
Affects Version/s: 11.4.0
Fix Version/s: N/A
Component/s: Optimizer
Labels:
None
Environment:
ubuntu20.04,x86

Bug Category:
Not for Release Notes

Description

This MariaDB vulnerability is a NULL pointer dereference in the function Item_direct_view_ref::derived_field_transformer_for_where, located at sql/item.cc:7831. During a condition pushdown transformation for derived tables, the function calls find_producing_item(this, sel) where sel is not properly initialized, resulting in a segmentation fault. This can be triggered by crafted SQL queries involving views and complex WHERE clause transformations, leading to a crash and denial-of-service (DoS).

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

bug853.sql
0.4 kB
2025-05-25 13:00
gdbcheck_bug853.log
8 kB
2025-04-13 09:06

Activity

People

Assignee:: Unassigned

Reporter:: yx

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2025-04-13 09:06

Updated:: 2025-06-17 18:07

Resolved:: 2025-06-17 18:07

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.