Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crash bug: ClickHouse Server 23.7.1.1659 crashed through SELECT statement calling the 'match' function #52403

Closed
fuboat opened this issue Jul 21, 2023 · 4 comments · Fixed by #52451
Closed

Crash bug: ClickHouse Server 23.7.1.1659 crashed through SELECT statement calling the 'match' function #52403

fuboat opened this issue Jul 21, 2023 · 4 comments · Fixed by #52451
Assignees
@alexey-milovidov
Labels
bug Confirmed user-visible misbehaviour in official release crash Crash / segfault / abort fuzz Problem found by one of the fuzzers major

Comments

@fuboat
Copy link

fuboat commented Jul 21, 2023

Describe the bug
ClickHouse Server 23.7.1.1659 crashed through SELECT statement calling the 'match' function.
It seems like a stack overflow.

How to reproduce
The SQL statement to reproduce:

SELECT match ( 'xyz' , repeat ( '!(1, ' , 320000 ) ) AS token ;

It can be reproduced on the official docker image. (clickhouse/clickhouse-server:head and clickhouse/clickhouse-server:latest).

The log traced by ClickHouse Server:

SELECT match('xyz', repeat('!(1, ', 320000)) AS token

Query id: 85eed452-d879-47c2-a98f-cc29f2065689

[b03b83a5d0a6] 2023.07.21 09:46:35.664661 [ 364 ] <Fatal> BaseDaemon: ########################################
[b03b83a5d0a6] 2023.07.21 09:46:35.664709 [ 364 ] <Fatal> BaseDaemon: (version 23.7.1.1659 (official build), build id: 2A82CED3B49248890AFC97BDD6FE0D5C0590676F, git hash: 234b5047b5cd093b8950bb8de3725eacffe02dc0) (from thread 48) (query_id: 85eed452-d879-47c2-a98f-cc29f2065689) (query: SELECT match ( 'xyz' , repeat ( '!(1, ' , 320000 ) ) AS token ;) Received signal Segmentation fault (11)
[b03b83a5d0a6] 2023.07.21 09:46:35.664744 [ 364 ] <Fatal> BaseDaemon: Address: 0x7f2347244f48. Access: write. Attempted access has violated the permissions assigned to the memory area.
[b03b83a5d0a6] 2023.07.21 09:46:35.664767 [ 364 ] <Fatal> BaseDaemon: Stack trace: 0x0000000008646431 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815 0x0000000008646815
[b03b83a5d0a6] 2023.07.21 09:46:35.664828 [ 364 ] <Fatal> BaseDaemon: 2. ? @ 0x0000000008646431 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.664855 [ 364 ] <Fatal> BaseDaemon: 3. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.664882 [ 364 ] <Fatal> BaseDaemon: 4. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.664908 [ 364 ] <Fatal> BaseDaemon: 5. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.664948 [ 364 ] <Fatal> BaseDaemon: 6. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.664971 [ 364 ] <Fatal> BaseDaemon: 7. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.665001 [ 364 ] <Fatal> BaseDaemon: 8. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.665029 [ 364 ] <Fatal> BaseDaemon: 9. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.665054 [ 364 ] <Fatal> BaseDaemon: 10. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.665087 [ 364 ] <Fatal> BaseDaemon: 11. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.665112 [ 364 ] <Fatal> BaseDaemon: 12. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.665327 [ 364 ] <Fatal> BaseDaemon: 13. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.665349 [ 364 ] <Fatal> BaseDaemon: 14. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.665390 [ 364 ] <Fatal> BaseDaemon: 15. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.665419 [ 364 ] <Fatal> BaseDaemon: 16. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.665446 [ 364 ] <Fatal> BaseDaemon: 17. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.665494 [ 364 ] <Fatal> BaseDaemon: 18. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.665528 [ 364 ] <Fatal> BaseDaemon: 19. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.665558 [ 364 ] <Fatal> BaseDaemon: 20. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.665585 [ 364 ] <Fatal> BaseDaemon: 21. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.665622 [ 364 ] <Fatal> BaseDaemon: 22. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.665655 [ 364 ] <Fatal> BaseDaemon: 23. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.665677 [ 364 ] <Fatal> BaseDaemon: 24. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.665706 [ 364 ] <Fatal> BaseDaemon: 25. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.665735 [ 364 ] <Fatal> BaseDaemon: 26. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.665770 [ 364 ] <Fatal> BaseDaemon: 27. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.665798 [ 364 ] <Fatal> BaseDaemon: 28. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.665830 [ 364 ] <Fatal> BaseDaemon: 29. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.665884 [ 364 ] <Fatal> BaseDaemon: 30. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.665923 [ 364 ] <Fatal> BaseDaemon: 31. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.665959 [ 364 ] <Fatal> BaseDaemon: 32. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.665991 [ 364 ] <Fatal> BaseDaemon: 33. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.666013 [ 364 ] <Fatal> BaseDaemon: 34. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.666049 [ 364 ] <Fatal> BaseDaemon: 35. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.666109 [ 364 ] <Fatal> BaseDaemon: 36. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.666146 [ 364 ] <Fatal> BaseDaemon: 37. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.666186 [ 364 ] <Fatal> BaseDaemon: 38. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.666205 [ 364 ] <Fatal> BaseDaemon: 39. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.666263 [ 364 ] <Fatal> BaseDaemon: 40. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.666312 [ 364 ] <Fatal> BaseDaemon: 41. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.666491 [ 364 ] <Fatal> BaseDaemon: 42. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.666519 [ 364 ] <Fatal> BaseDaemon: 43. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.666550 [ 364 ] <Fatal> BaseDaemon: 44. ? @ 0x0000000008646815 in /usr/bin/clickhouse
[b03b83a5d0a6] 2023.07.21 09:46:35.947920 [ 364 ] <Fatal> BaseDaemon: Integrity check of the executable successfully passed (checksum: 7D28AF63E0E09B75DF5876280E0C8DBB)
[b03b83a5d0a6] 2023.07.21 09:46:35.949086 [ 364 ] <Fatal> BaseDaemon: Report this error to https://github.com/ClickHouse/ClickHouse/issues
[b03b83a5d0a6] 2023.07.21 09:46:35.949270 [ 364 ] <Fatal> BaseDaemon: No settings were changed
Error on processing query: Code: 32. DB::Exception: Attempt to read after eof: while receiving packet from localhost:9000. (ATTEMPT_TO_READ_AFTER_EOF) (version 23.7.1.1659 (official build))
@fuboat fuboat added the fuzz Problem found by one of the fuzzers label Jul 21, 2023
@fuboat fuboat mentioned this issue Jul 21, 2023
Closed
@tavplubix tavplubix added bug Confirmed user-visible misbehaviour in official release crash Crash / segfault / abort major labels Jul 21, 2023
@canhld94
Copy link
Contributor

Stack overflow in OptimizedRegularExpression.cpp::analyzeImpl.

@alexey-milovidov alexey-milovidov self-assigned this Jul 22, 2023
@alexey-milovidov
Copy link
Member

Minimal example: SELECT match('', repeat('(', 100000))

@alexey-milovidov alexey-milovidov mentioned this issue Jul 22, 2023
Merged
@SuperEdison
Copy link

have this error resolved done?

@SuperEdison
Copy link

i saw the merge about just check depth

This was referenced Aug 29, 2023
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alexey-milovidov alexey-milovidov

Labels
bug Confirmed user-visible misbehaviour in official release crash Crash / segfault / abort fuzz Problem found by one of the fuzzers major
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Check recursion depth in OptimizedRegularExpression ClickHouse/ClickHouse
5 participants
@tavplubix @fuboat @alexey-milovidov @canhld94 @SuperEdison