Skip to content

virtuoso 7.2.9 crashed at kc_var_col #1130

Closed
@fuboat

Description

@fuboat

The PoC is generated by my DBMS fuzzer.

CREATE TABLE brin_test(a INTEGER NOT NULL);
INSERT INTO brin_test (a) VALUES(5);
INSERT INTO brin_test (a) VALUES(5); 
ALTER TABLE brin_test ADD c1 VARCHAR(20)  NOT NULL ;
UPDATE brin_test SET a = a + 1 WHERE a = 5;

backtrace:

#0 0x5cfed5 (kc_var_col+0x155)
#1 0x5f6cb6 (page_copy_col+0x666)
#2 0x5d6e62 (page_row_bm+0x782)
#3 0x5db6b0 (page_apply_1+0xb90)
#4 0x5dd8d9 (page_apply+0x119)
#5 0x86b517 (upd_refit_row+0x127)
#6 0x86ce54 (update_node_run_1+0xdf4)
#7 0x821736 (update_node_vec_run+0x836)
#8 0x86eaf2 (update_node_input+0x2b2)
#9 0x7ac43e (qn_input+0x3ce)
#10 0x7acb6f (qn_ts_send_output+0x23f)
#11 0x7b247e (table_source_input+0x16ee)
#12 0x7ac43e (qn_input+0x3ce)
#13 0x7ac8a6 (qn_send_output+0x236)
#14 0x81e26d (set_ctr_vec_input+0x94d)
#15 0x7ac43e (qn_input+0x3ce)
#16 0x7bee59 (qr_dml_array_exec+0x839)
#17 0x7cb872 (sf_sql_execute+0x15d2)
#18 0x7cbf4e (sf_sql_execute_w+0x17e)
#19 0x7d4c0d (sf_sql_execute_wrapper+0x3d)
#20 0xe1f01c (future_wrapper+0x3fc)
#21 0xe2691e (_thread_boot+0x11e)
#22 0x7f2e9644f609 (start_thread+0xd9)
#23 0x7f2e9621f133 (clone+0x43)

ways to reproduce (write poc to the file '/tmp/test.sql' first):

# remove the old one
docker container rm virtdb_test -f
# start virtuoso through docker
docker run --name virtdb_test -itd --env DBA_PASSWORD=dba openlink/virtuoso-opensource-7:7.2.9
# wait the server starting
sleep 10
# check whether the simple query works
echo "SELECT 1;" | docker exec -i virtdb_test isql 1111 dba
# run the poc
docker exec -i virtdb_test isql 1111 dba < "/tmp/test.sql"

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions