search

openlink / virtuoso-opensource

Virtuoso is a high-performance and scalable Multi-Model RDBMS, Data Integration Middleware, Linked Data Deployment, and HTTP Application Server Platform
http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/
Other
848 stars 214 forks source link

Fuzzer: Virtuoso 7.2.11 crashed at `sqlg_parallel_ts_seq` #1212

Closed fuboat closed 7 months ago

fuboat commented 7 months ago

The PoC is generated by my DBMS fuzzer. It can also be reproduced in the beta docker image.

CREATE TABLE v0 ( v1 VARCHAR ( 500 ) ) ; 
 CREATE VIEW v2 AS SELECT TOP 5 ( CASE WHEN v0 . v1 = 10 THEN 'High' ELSE 'Mary' END ) AS x , v1 FROM v0 ORDER BY v1 DESC ; 
 DELETE FROM v2 WHERE NOT ( ( 1 ) IN ( SELECT REPEAT ( NULL , 10 ) FROM v0 AS AutoVacuum LEFT JOIN v0 ON v1 GROUP BY v1 ) ) ;

backtrace:

#0 0x7336ba (sqlg_parallel_ts_seq+0x18a)
#1 0x72d109 (sqlg_dfe_code+0x4f9)
#2 0x7321ec (sqlg_pred_1+0x17c)
#3 0x7324f9 (sqlg_pred_1+0x489)
#4 0x736c81 (sqlg_pred_body_1+0x231)
#5 0x7308f7 (sqlg_make_np_ts+0xc77)
#6 0x749750 (sqlg_dt_query_1+0x1230)
#7 0x74a9e7 (sqlg_top_1+0x107)
#8 0x7101c1 (sqlo_query_spec+0x1b1)
#9 0x7dd735 (sqlc_delete_searched+0x535)
#10 0x81afb8 (sqlc_delete_view+0x308)
#11 0x6b9b19 (sql_stmt_comp+0x869)
#12 0x6bc9d2 (sql_compile_1+0x1a62)
#13 0x7cba60 (stmt_set_query+0x340)
#14 0x7cd952 (sf_sql_execute+0x922)
#15 0x7cecde (sf_sql_execute_w+0x17e)
#16 0x7d799d (sf_sql_execute_wrapper+0x3d)
#17 0xe214bc (future_wrapper+0x3fc)
#18 0xe28dbe (_thread_boot+0x11e)
#19 0x7f417024d609 (start_thread+0xd9)
#20 0x7f417001d133 (clone+0x43)

ways to reproduce (write poc to the file /tmp/test.sql first):

# remove the old one
docker container rm virtdb_test -f
# start virtuoso through docker
docker run --name virtdb_test -itd --env DBA_PASSWORD=dba  pkleef/virtuoso-opensource-7
# wait the server starting
sleep 10
# check whether the simple query works
echo "SELECT 1;" | docker exec -i virtdb_test isql 1111 dba
# run the poc
cat /tmp/test.sql | docker exec -i virtdb_test isql 1111 dba
pkleef commented 7 months ago

I prepared another beta docker for you to continue your testing:

$ docker pull pkleef/virtuoso-opensource-7

$ $ docker run -i -t pkleef/virtuoso-opensource-7 version

[pkleef/virtuoso-opensource-7:7.2.12-r17.1-g466615d-ubuntu]

This Docker image is using the following version of Virtuoso:

Virtuoso Open Source Edition (Column Store) (multi threaded)
Version 7.2.12-dev.3238-pthreads as of Dec 15 2023 (e49c0644f)
Compiled for Linux (aarch64-ubuntu_bionic-linux-gnu)
Copyright (C) 1998-2023 OpenLink Software