New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DuckDB SIGSEGV when doing ill-formed date type casting #10140
Comments
After fixing the issue, the error I get is: Binder Error: No function matches the given name and argument types '/(FLOAT)'. You might need to add explicit type casts.
Candidate functions:
/(FLOAT, FLOAT) -> FLOAT
/(DOUBLE, DOUBLE) -> DOUBLE
/(INTERVAL, BIGINT) -> INTERVAL
LINE 1: SELECT DISTINCT OPERATOR ( / ) + ARRAY [ ] :: INTERVAL ... so you might want to check what you are doing here (this looks like generated SQL?) |
Don't copy the data for a NULL constant list as it may not exist. fixes: duckdb#10140 fixes: duckdblabs/duckdb-internal#1006
Thank you for the super quick fixing. The query does look ill-formed and doesn't make sense in the real-world usage. However, these kinds of PoCs/crashes can still be utilized by malicious application attackers if they successfully obtain the SQL interface, assuming DuckDB is embedded into many critical applications. Therefore, we decided to report this bug here after we detected it. |
Thanks - we appreciate it! I wasn't complaining, just letting you know what might be happening on your end. |
What happens?
In the latest
main
version of DuckDB (version 6b4f65a) and the released versionv0.9.2
(3c695d7), the applications crash when executing the following query sequence:Here is a crash stack trace from version 6b4f65a:
To Reproduce
v0.9.2
.OS:
Ubuntu 20.04 LTS
DuckDB Version:
v0.9.2
DuckDB Client:
DuckDB official command line host
Full Name:
Yu Liang
Affiliation:
The Pennsylvania State University
Have you tried this on the latest
main
branch?I have tested with a main build
Have you tried the steps to reproduce? Do they include all relevant data and configuration? Does the issue you report still appear there?
The text was updated successfully, but these errors were encountered: