Skip to content

virtuoso 7.2.9 crashed at stricmp (maybe the same as #1118) #1141

Closed
@fuboat

Description

@fuboat

The PoC is generated by my DBMS fuzzer.

CREATE TABLE t1 (
  x VARCHAR,
  k VARCHAR
);
CREATE VIEW t1 AS SELECT x, k FROM t1;
INSERT INTO t1 VALUES ('x', 'y');

backtrace:

#0 0xeff7b6 (stricmp+0x6)
#1 0x607569 (strihashcmp+0x29)
#2 0xdec7af (id_hash_get+0x5f)
#3 0x607e58 (sch_name_to_object_sc+0x58)
#4 0x6081b5 (sch_name_to_object+0xf5)
#5 0x7d8f70 (sqlc_insert+0x50)
#6 0x81721d (sqlc_insert_view+0x7fd)
#7 0x81721d (sqlc_insert_view+0x7fd)
#8 0x81721d (sqlc_insert_view+0x7fd)
#9 0x81721d (sqlc_insert_view+0x7fd)
#10 0x81721d (sqlc_insert_view+0x7fd)
...
#5737 0x81721d (sqlc_insert_view+0x7fd)
#5738 0x81721d (sqlc_insert_view+0x7fd)
#5739 0x6b7387 (sql_stmt_comp+0x987)
#5740 0x6ba122 (sql_compile_1+0x1a62)
#5741 0x7c8cd0 (stmt_set_query+0x340)
#5742 0x7cabc2 (sf_sql_execute+0x922)
#5743 0x7cbf4e (sf_sql_execute_w+0x17e)
#5744 0x7d4c0d (sf_sql_execute_wrapper+0x3d)
#5745 0xe1f01c (future_wrapper+0x3fc)
#5746 0xe2691e (_thread_boot+0x11e)
#5747 0x7fa64e4f4609 (start_thread+0xd9)
#5748 0x7fa64e2c4133 (clone+0x43)

ways to reproduce (write poc to the file '/tmp/test.sql' first):

# remove the old one
docker container rm virtdb_test -f
# start virtuoso through docker
docker run --name virtdb_test -itd --env DBA_PASSWORD=dba openlink/virtuoso-opensource-7:7.2.9
# wait the server starting
sleep 10
# check whether the simple query works
echo "SELECT 1;" | docker exec -i virtdb_test isql 1111 dba
# run the poc
docker exec -i virtdb_test isql 1111 dba < "/tmp/test.sql"

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions