Details
-
Bug
-
Status: In Progress (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.11, 11.4, 11.8, 12.3, 12.3.2
Description
SELECT LOWER ( |
(WITH RECURSIVE x (x) AS |
(SELECT 1 |
UNION SELECT 1 - x |
FROM |
(SELECT x |
FROM x |
GROUP BY 1.000000) AS x) SELECT x |
FROM |
(SELECT x |
FROM |
(SELECT * |
FROM |
(SELECT 1 AS x |
UNION SELECT 1286608618 |
UNION SELECT 3 |
UNION SELECT 4 INTERSECT SELECT 5) AS x) AS x |
EXCEPT SELECT x |
FROM |
(SELECT * |
FROM |
(SELECT 1 AS x |
UNION SELECT 2 |
UNION SELECT 3) AS x) AS x) AS x |
WHERE x IN |
(WITH RECURSIVE x (x) AS |
(SELECT ST_LINEFROMTEXT ('LINESTRING(0 5,194 10,10 15)', 32000000) |
EXCEPT SELECT 'S5' AS x |
FROM x) SELECT ROW_NUMBER () OVER ( |
ORDER BY AVG (DISTINCT x)) |
FROM |
(WITH RECURSIVE x (x) AS |
(SELECT SEC_TO_TIME (TIME_TO_SEC (TIME_FORMAT (CONVERT_TZ ('2011-03-26 23:00:00', '+00:00', '+00:00'), '%i:%s.%f')))) SELECT * |
FROM x |
WHERE x = '0000000000200000') AS x |
WHERE x) |
ORDER BY x |
LIMIT 1)) ;
|
Expected result
The server should either execute the query or return a normal SQL error without crashing.
Actual result
The fuzzing run observed a server crash. The deduplicated stack signature is:
stack:_Z33execute_degenerate_jtbm_semi_joinP3THDP10TABLE_LISTP17Item_in_subselectR4ListI4ItemE|_Z21setup_jtbm_semi_joinsP4JOINP4ListI10TABLE_LISTERS1_I4ItemE|_ZN4JOIN14optimize_innerEv|_ZN4JOIN8optimizeEv|_ZN13st_select_lex31optimize_unflattened_subqueriesEb|_ZN13st_select_lex28optimize_constant_subqueriesEv|_Z12mysql_selectP3THDP10TABLE_LISTR4ListI4ItemEPS4_jP8st_orderS9_S7_S9_yP13select_resultP18st_select_lex_unitP13st_select_lex|_Z13handle_selectP3THDP3LEXP13select_resulty
Attachments
Issue Links
- is duplicated by
-
-
- Closed
-
-
-
- Closed
-
- relates to
-
-
- Stalled
-