[MDEV-36582] a NULL function pointer dereference vulnerability occurring within the Item_func_or_sum::walk method defined in sql/item.h:5452. - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Cannot Reproduce
Affects Version/s: 11.4.0
Fix Version/s: N/A
Component/s: Optimizer
Labels:
None
Environment:
ubuntu20.04,x86

Bug Category:
Not for Release Notes

Description

This is a NULL function pointer dereference vulnerability in MariaDB, occurring within the Item_func_or_sum::walk method defined in sql/item.h:5452. The crash is triggered when the processor function pointer passed to walk() is invalid (specifically, set to nullptr), yet it is invoked without validation. The call stack ends abruptly at 0x0, confirming a direct dereference of a null or corrupted function pointer.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

gdbcheck_bug1224.log
0.8 kB
2025-04-13 09:47
bug1224.sql
0.2 kB
2025-05-25 13:13

Activity

People

Assignee:: Unassigned

Reporter:: yx

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2025-04-13 09:47

Updated:: 2025-06-17 17:56

Resolved:: 2025-06-17 17:56

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.