search

openlink / virtuoso-opensource

Virtuoso is a high-performance and scalable Multi-Model RDBMS, Data Integration Middleware, Linked Data Deployment, and HTTP Application Server Platform
https://vos.openlinksw.com
Other
867 stars 210 forks source link

Virtuoso 7.2.12 crashes with the `XMLATTRIBUTES` function #1292

Closed fuboat closed 6 months ago

fuboat commented 6 months ago

Virtuoso 7.2.12 crashes with the XMLATTRIBUTES function.

Environment: Ubuntu 20.04, docker image openlink/virtuoso-opensource-7:7.2.12.

PoC:

SELECT XMLATTRIBUTES(*);

Backtrace:

#0 0x7f262cf71915 (__nss_database_lookup+0x25295)
#1 0xe12f5e (mp_box_string+0x4e)
#2 0x7a82da (sqlp_patch_call_if_special_or_optimizable+0xc8a)
#3 0xce16cb (scn3yyparse+0xc35b)
#4 0x6c1d2b (sql_compile_1+0x129b)
#5 0x7d66e0 (stmt_set_query+0x340)
#6 0x7d75e0 (sf_stmt_prepare+0x2e0)
#7 0x7d7892 (sf_stmt_prepare_w+0x142)
#8 0x7e25d1 (sf_stmt_prepare_wrapper+0x31)
#9 0xe29cec (future_wrapper+0x3fc)
#10 0xe315ee (_thread_boot+0x11e)
#11 0x7f262d138609 (start_thread+0xd9)
#12 0x7f262cf08353 (clone+0x43)
fuboat commented 6 months ago

Another PoC to trigger the crash:

SELECT XMLELEMENT(*);
fuboat commented 6 months ago

Another PoC to trigger the crash:

SELECT XMLFOREST(*);