search

pingcap / tidb

TiDB is an open-source, cloud-native, distributed, MySQL-Compatible database for elastic scale and real-time analytics. Try AI-powered Chat2Query free at : https://tidbcloud.com/free-trial
https://pingcap.com
Apache License 2.0
36.27k stars 5.72k forks source link

index out of range [-1] in `(*LogicalProjection).TryToGetChildProp` #52982

Open GaranR opened 2 weeks ago

GaranR commented 2 weeks ago

Bug Report

Please answer these questions before submitting your issue. Thanks!

1. Minimal reproduce step (Required)

First execute the following valid.sql valid.txt

Then a crash occurs when executing the error.sql below error.txt

2. What did you expect to see? (Required)

Expect no crashes

3. What did you see instead (Required)

runtime error: index out of range [-1]

tidb.log:

[2024/04/17 11:57:28.273 +00:00] [ERROR] [conn.go:990] ["connection running loop panic"] [conn=408946086] [session_alias=] [lastSQL="(check error.sql above)"] [err="runtime error: index out of range [-1]"] [stack="github.com/pingcap/tidb/pkg/server.(*clientConn).Run.func1
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/server/conn.go:993
runtime.gopanic
    /usr/local/go/src/runtime/panic.go:914
github.com/pingcap/tidb/pkg/executor.(*Compiler).Compile.func1
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/executor/compiler.go:54
runtime.gopanic
    /usr/local/go/src/runtime/panic.go:914
runtime.goPanicIndex
    /usr/local/go/src/runtime/panic.go:114
github.com/pingcap/tidb/pkg/planner/core.(*LogicalProjection).TryToGetChildProp
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/planner/core/exhaust_physical_plans.go:2599
github.com/pingcap/tidb/pkg/planner/core.(*LogicalProjection).exhaustPhysicalPlans
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/planner/core/exhaust_physical_plans.go:2644
github.com/pingcap/tidb/pkg/planner/core.(*baseLogicalPlan).findBestTask
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/planner/core/find_best_task.go:557
github.com/pingcap/tidb/pkg/planner/core.(*baseLogicalPlan).enumeratePhysicalPlans4Task.func1
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/planner/core/find_best_task.go:233
github.com/pingcap/tidb/pkg/planner/core.(*baseLogicalPlan).enumeratePhysicalPlans4Task
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/planner/core/find_best_task.go:260
github.com/pingcap/tidb/pkg/planner/core.(*baseLogicalPlan).findBestTask
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/planner/core/find_best_task.go:597
github.com/pingcap/tidb/pkg/planner/core.(*baseLogicalPlan).enumeratePhysicalPlans4Task.func1
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/planner/core/find_best_task.go:233
github.com/pingcap/tidb/pkg/planner/core.(*baseLogicalPlan).enumeratePhysicalPlans4Task
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/planner/core/find_best_task.go:260
github.com/pingcap/tidb/pkg/planner/core.(*baseLogicalPlan).findBestTask
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/planner/core/find_best_task.go:597
github.com/pingcap/tidb/pkg/planner/core.(*baseLogicalPlan).enumeratePhysicalPlans4Task.func1
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/planner/core/find_best_task.go:233
github.com/pingcap/tidb/pkg/planner/core.(*baseLogicalPlan).enumeratePhysicalPlans4Task
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/planner/core/find_best_task.go:260
github.com/pingcap/tidb/pkg/planner/core.(*baseLogicalPlan).findBestTask
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/planner/core/find_best_task.go:597
github.com/pingcap/tidb/pkg/planner/core.(*baseLogicalPlan).enumeratePhysicalPlans4Task.func1
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/planner/core/find_best_task.go:233
github.com/pingcap/tidb/pkg/planner/core.(*baseLogicalPlan).enumeratePhysicalPlans4Task
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/planner/core/find_best_task.go:260
github.com/pingcap/tidb/pkg/planner/core.(*baseLogicalPlan).findBestTask
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/planner/core/find_best_task.go:597
github.com/pingcap/tidb/pkg/planner/core.physicalOptimize
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/planner/core/optimizer.go:1221
github.com/pingcap/tidb/pkg/planner/core.DoOptimizeAndLogicAsRet
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/planner/core/optimizer.go:334
github.com/pingcap/tidb/pkg/planner/core.DoOptimize
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/planner/core/optimizer.go:359
github.com/pingcap/tidb/pkg/planner.optimize
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/planner/optimize.go:531
github.com/pingcap/tidb/pkg/planner.Optimize
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/planner/optimize.go:352
github.com/pingcap/tidb/pkg/executor.(*Compiler).Compile
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/executor/compiler.go:98
github.com/pingcap/tidb/pkg/session.(*session).ExecuteStmt
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/session/session.go:2221
github.com/pingcap/tidb/pkg/server.(*TiDBContext).ExecuteStmt
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/server/driver_tidb.go:292
github.com/pingcap/tidb/pkg/server.(*clientConn).handleStmt
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/server/conn.go:2064
github.com/pingcap/tidb/pkg/server.(*clientConn).handleQuery
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/server/conn.go:1831
github.com/pingcap/tidb/pkg/server.(*clientConn).dispatch
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/server/conn.go:1318
github.com/pingcap/tidb/pkg/server.(*clientConn).Run
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/server/conn.go:1091
github.com/pingcap/tidb/pkg/server.(*Server).onConn
    /home/jenkins/agent/workspace/build-common/go/src/github.com/pingcap/tidb/pkg/server/server.go:715"]

4. What is your TiDB version? (Required)

+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| tidb_version()                                                                                                                                                                                                                                                 |
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Release Version: v7.5.1
Edition: Community
Git Commit Hash: 7d16cc79e81bbf573124df3fd9351c26963f3e70
Git Branch: heads/refs/tags/v7.5.1
UTC Build Time: 2024-02-27 14:28:32
GoVersion: go1.21.6
Race Enabled: false
Check Table Before Drop: false
Store: tikv |
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

We are the BASS team from the School of Cyber Science and Technology at Beihang University. Our main focus is on system software security, operating systems, and program analysis research, as well as the development of automated program testing frameworks for detecting software defects. Using our self-developed database vulnerability testing tool, we have identified the above-mentioned vulnerabilities in TiDB that may lead to database crashes.