New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
substring
in select distinct
may lead to incorrect result
#52991
Labels
affects-5.4
This bug affects 5.4.x versions.
affects-6.1
affects-6.5
affects-7.1
affects-7.5
affects-8.1
component/tiflash
severity/major
sig/execution
SIG execution
type/bug
This issue is a bug.
Comments
ti-chi-bot
bot
added
may-affects-5.4
This bug maybe affects 5.4.x versions.
may-affects-6.1
may-affects-6.5
may-affects-7.1
may-affects-7.5
labels
Apr 30, 2024
It seems to be a tiflash bug: When use disabled tiflash, it output is all the right:
Then I set
|
lcwangchao
added
component/tiflash
sig/execution
SIG execution
and removed
sig/sql-infra
SIG: SQL Infra
labels
Apr 30, 2024
@zanmato1984 PTAL |
A more simple SQL to reproduce it:
|
Seems the However I think this is a pretty minor usage so I'm adjusting the severity to major. |
zanmato1984
added
severity/major
affects-5.4
This bug affects 5.4.x versions.
affects-6.1
affects-6.5
affects-7.1
affects-7.5
and removed
severity/critical
may-affects-5.4
This bug maybe affects 5.4.x versions.
may-affects-6.1
may-affects-6.5
may-affects-7.1
may-affects-7.5
labels
Apr 30, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
affects-5.4
This bug affects 5.4.x versions.
affects-6.1
affects-6.5
affects-7.1
affects-7.5
affects-8.1
component/tiflash
severity/major
sig/execution
SIG execution
type/bug
This issue is a bug.
1. Minimal reproduce step (Required)
Firstly, execute
init.sql
to create the table. Then executingerror.sql
yields unexpected results. Note that reproducing these results might not be entirely stable. Typically, it can be completed within three attempts. You can try executingerror.sql
multiple times or executeinit.sql
again to rebuild the table.init.sql.txt
error.sql.txt
2. What did you expect to see? (Required)
The first column is
substring(repeat(c_bek45hvu8g,9),-10000)
SUBSTRING(str,pos) from MySQL documentation:
when
abs(pos) > length(str)
, an empty string will be returned by TiDB.The maximum length of the string is 90, which is less than 10000.
Therefore, the result set should only contain NULL and empty strings.
3. What did you see instead (Required)
However, it seems that in TiDB, when evaluating
substring
, it may be reading beyond the boundaries of the string, resulting in incorrect output.output_re_main2.log
4. What is your TiDB version? (Required)
topology:
distributed.yaml:
single.yaml
about us
We are the BASS team from the School of Cyber Science and Technology at Beihang University. Our main focus is on system software security, operating systems, and program analysis research, as well as the development of automated program testing frameworks for detecting software defects. Using our self-developed database vulnerability testing tool, we have identified the above-mentioned vulnerabilities in TiDB that may lead to database logic error.
The text was updated successfully, but these errors were encountered: