[MDEV-26347] Assertion Failure in sql/item_create.cc:0 Created: 2021-08-13  Updated: 2021-08-13  Resolved: 2021-08-13

Status: Closed
Project: MariaDB Server
Component/s: Optimizer - CTE
Affects Version/s: 10.5.9
Fix Version/s: N/A

Type: Bug Priority: Critical
Reporter: Zuming Jiang Assignee: Daniel Black
Resolution: Cannot Reproduce Votes: 0
Labels: crash
Environment:

Ubuntu 18.04
MariaDB 10.5.9

Attachments: File fuzz.sql     Text File report.txt    

 Description   

I used my fuzzing tool to test Mariadb , and found a bug that can result in an abortion.

Mariadb installation:
1) cd mariadb-10.5.9
2) mkdir build; cd build
3) cmake -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DCMAKE_BUILD_TYPE=Debug ../
4) make -j8 && sudo make install

How to Repeat:
export ASAN_OPTIONS=detect_leaks=0
/usr/local/mysql/bin/mysqld_safe &
/usr/local/mysql/bin/mysql -uroot -p123456(your password)
MariaDB> drop database if exists test_db;
MariaDB> create database test_db;
MariaDB> use test_db;
MariaDB> source fuzz.sql;

I have simplified the content of fuzz.sql, and I hope fuzz.sql can help you reproduce the bug and fix it. In addition, I attach the failure report (which has its stack trace).

 Comments   
Comment by Daniel Black [ 2021-08-13 ]

failed to reproduce on

10.5-0268b871228

 
CMakeCache.txt:WITH_ASAN:BOOL=ON
 
CMakeCache.txt:WITH_ASAN_SCOPE:BOOL=ON
 
CMAKE_CXX_COMPILER:STRING=/usr/lib64/ccache/clang++
 
CMAKE_C_COMPILER:STRING=/usr/lib64/ccache/clang
 
CMAKE_BUILD_TYPE:STRING=RelWithDebInfo
 
 
 
$ /usr/lib64/ccache/clang++ --version
 
clang version 12.0.0 (Fedora 12.0.0-2.fc34)
 
Target: x86_64-unknown-linux-gnu
 
Thread model: posix
 
InstalledDir: /usr/bin

Comment by Daniel Black [ 2021-08-13 ]

Failed to reproduce on debug version too:

MariaDB [test_db]> use test_db;
 
Database changed
 
MariaDB [test_db]> source ~/Downloads/fuzz-MDEV-26347.sql
 
Query OK, 0 rows affected (0.009 sec)
 
 
 
+---+
 
| 1 |
 
+---+
 
| 1 |
 
+---+
 
1 row in set (0.004 sec)
 
 
 
MariaDB [test_db]> select version();
 
+-----------------------+
 
| version()             |
 
+-----------------------+
 
| 10.5.13-MariaDB-debug |
 
+-----------------------+
 
1 row in set (0.001 sec)

Comment by Daniel Black [ 2021-08-13 ]

also checked 10.2.41, 10.3.32, 10.4.42 latest as of today and couldn't reproduce Assertion on non-debug versions.

Generated at Thu Feb 08 09:44:37 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.