Ubuntu 18.04
MariaDB 10.5.9

Zuming Jiang, I'm really appreciating seeing these bug reports. Does your fuzzing tool fit into the framework of what https://github.com/google/oss-fuzz can do in an automated way?

On this report, I'm unable to reproduce it in the current 10.5 build tree at commit 288b8016961e390ca71dd4657efdfcec388f1494. I am however using clang++ --version
clang version 12.0.0 (Fedora 12.0.0-0.3.rc1.fc34) and I'm uncertian if that is causing the difference or if this bug has been already fixed.

Since you are mostly on a build yourself, allow me to show you how I've tested the latest 10.5 version. The 10.X major versions of the MariaDB source tree should always be very stable.

git clone --branch 10.5 https://github.com/MariaDB/server.git mariadb-server-10.5

mkdir build-mariabd-server-10.5

cd build-mariabd-server-10.5

cmake -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_DEBUG=ON ../mariadb-server-10.5

cmake --build .

To test without installing starting in the build directory:

export ASAN_OPTIONS=detect_leaks=0

mkdir -p /tmp/mdb-10.5-datadir

scripts/mysql_install_db --no-defaults --srcdir=../mariadb-server-10.5 --builddir=$PWD --datadir=/tmp/mdb-10.5-datadir --verbose

sql/mysqld --no-defaults --skip-networking --datadir=/tmp/mdb-10.5-datadir --socket=/tmp/mysql.sock

To test from build dir:

client/mysql -S /tmp/mysql.sock test < fuzz.sql

To get a more complete stack once you have your fuzz:

export ASAN_OPTIONS=detect_leaks=0

gdb --args sql/mysqld --no-defaults --skip-networking --datadir=/tmp/mdb-10.5-datadir --socket=/tmp/mysql.sock

(gdb) run

The run the fuzz (client test). When the gdb run of the server halts at the assertion use the gdb command "bt full" to get a complete backtrace with the function arguments.

Other gdb techniques are documented in https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mysqld/#getting-backtraces-with-gdb-on-linux

Are you using the default ubuntu-18.04 gcc compiler to produce this? Does it produce on the latest 10.5 branch for you?

Thank you so much for these bug reports. I hope to one day soon finish reading your research paper(s).

-DWTH_DEBUG=ON does not have any effect on MariaDB
the standard CMake option (for single-configuration generators, like different makefiles or ninja), which is also useful with MySQL, in case this was meant to be portable, is

-DCMAKE_BUILD_TYPE=Debug

Hi danblack and wlad,

I am really so happy that my work can contribute to the development of MariaDB and get your appreciation. Actually, my fuzzing tool is not open-source yet, but I hope it can be used publicly in the future after I finish my research project about testing DBMSs. However, if any new bug is found by my fuzzing tools, I will report it.

Thanks for your suggestion about testing and configuration. However, my fuzzing tool is still running and keeps finding new bugs, so I think it is not suitable to stop my fuzzing tool. As a result, I cannot reconfigure my build of MariaDB.

Actually I can reliably reproduce this bug in MariaDB 10.5.9. Maybe this bug is fixed by the difference between 10.5 and 10.5.9.

I only point out that WITH_DEBUG=ON does not work for MariaDB.
it does not produce debug builds, if that was the intention.

I'm happy to see fuzzing continue on non-debug builds. After all they are more production like. So sure, keep burning the cpu cycles on 10.5.9. A quick sanity check against the non-installed latest-10.5 could save some reporting time.

Zuming Jiang, I could not reproduce it on 10.5.9, could you please recheck if some options were used or smth

Hi alice, it seems strange because I can reproduce this bug reliably. Maybe there are some problems in my environment. I will try to use another computer to reproduce this bug.