TiDB is an open-source, cloud-native, distributed, MySQL-Compatible database for elastic scale and real-time analytics. Try AI-powered Chat2Query free at : https://www.pingcap.com/tidb-serverless/
Please answer these questions before submitting your issue. Thanks!
1. Minimal reproduce step (Required)
create table t_ot8lohr (
c_tausij int ,
c_q7_e5485m tinyint ,
c_gk06ao9l text ,
c_hymp tinyint ,
c_dbby9f_xj int unique ,
c_b1wzx9ayt3 int ,
primary key(c_b1wzx9ayt3, c_dbby9f_xj) CLUSTERED) pre_split_regions=5;
alter table t_ot8lohr add column c_fw text;
alter table t_ot8lohr add column c_s1_2 tinyint;
create table t_ldpj7bp (
c_w_jr14qm2 int ,
c_t3nd927 int ,
c_ts int ,
c_s text ,
c_qchmg double ,
c_r int ,
c_olb3fsg6 text ,
c_zkbe tinyint ,
primary key(c_w_jr14qm2) NONCLUSTERED) shard_row_id_bits=8 pre_split_regions=5;
create table t_d3zi (
c_kh2bh int unique ,
c_fug9i5u6s text not null ,
c_ar5p4u double unique ,
primary key(c_kh2bh) CLUSTERED) pre_split_regions=2;
WITH
cte_6 AS (
SELECT
cast(nullif(
ref_12.c_fw,
ref_12.c_gk06ao9l
) as char) as c0,
ref_12.c_gk06ao9l as c1,
cast(nullif(
ref_12.c_s1_2,
(ref_12.c_gk06ao9l like 'zbq_0gfhg')
) as unsigned) as c2,
ref_12.c_tausij as c3,
ref_12.c_q7_e5485m as c4,
ref_12.c_dbby9f_xj as c5,
ref_12.c_fw as c6,
case when (ref_12.c_fw like 'm0%0v_yy5') then 1627816122 else ref_12.c_b1wzx9ayt3 end
as c7,
ref_12.c_hymp as c8,
(select c_kh2bh from t_d3zi order by c_kh2bh limit 1 offset 4)
as c9,
case when (ref_12.c_tausij between ref_12.c_dbby9f_xj and ref_12.c_b1wzx9ayt3) then ref_12.c_hymp else (ref_12.c_q7_e5485m in (
select
0<>0 as c0
from
t_d3zi as ref_13
where 0<>0
union
(
select
0<>0 as c0
from
t_ot8lohr as ref_14
where 1=1
))) end
as c10,
case when (((NOT NOT(cast( (cast(cast(null as char) as char) <> cast(cast(null as char) as char)) as unsigned))))
or (((NOT NOT(cast( (cast(null as signed) = 0<>0) as unsigned))))
and (1=1)))
or (1=1) then ref_12.c_b1wzx9ayt3 else case when (ref_12.c_tausij not in (
select
510416017 as c0
from
t_d3zi as ref_15
where 0<>0
union
(
select distinct
-1672700381 as c0
from
t_d3zi as ref_16
where 0<>0
))) then ref_12.c_tausij else ref_12.c_b1wzx9ayt3 end
end
as c11
FROM
t_ot8lohr as ref_12
WHERE
0<>0
ORDER BY
c0, c1, c2, c3, c4, c5, c6, c7, c8, c9, c10, c11 ASC
LIMIT 106
),
cte_11 AS (
SELECT
ref_32.c_fw as c10
FROM
t_ot8lohr as ref_32
WHERE
((NOT NOT(cast( (cast(ref_32.c_s1_2 as signed) <> cast(8543206161972668374 as signed)) as unsigned))))
or (((ref_32.c_dbby9f_xj in (
select
-1355902245 as c0
from
t_ldpj7bp as ref_33
where (1=1)
or (0<>0)
union
(
select
1726075521 as c0
from
t_ldpj7bp as ref_34
where (1=1)
and (1=1)
))))
and ((cast( (cast(0<>0 as unsigned) ^ cast(2959261798443851486 as signed)) as signed) >= (
select
-4601281837643267233 as c0
from
t_ldpj7bp as ref_35
where (ref_32.c_fw like '%r_nn2zs')
order by c0 desc
limit 1))))
)
SELECT
cume_dist() over win_vus2fher4 as c0
FROM
cte_6 as ref_69
WHERE
1=1
window win_vus2fher4 as ( partition by ref_69.c5, (select c10 from cte_11 order by c10 limit 1 offset 5)
order by ref_69.c0, ref_69.c1, ref_69.c2, ref_69.c3, ref_69.c4, ref_69.c5, ref_69.c6, ref_69.c7, ref_69.c8, ref_69.c9, ref_69.c10, ref_69.c11 asc)
ORDER BY
c0 DESC
LIMIT 91;
Release Version: v8.1.0
Edition: Community
Git Commit Hash: 945d07c5d5c7a1ae212f6013adfb187f2de24b23
Git Branch: HEAD
UTC Build Time: 2024-05-21 03:51:57
GoVersion: go1.21.10
Race Enabled: false
Check Table Before Drop: false
Store: tikv
We are the BASS team from the School of Cyber Science and Technology at Beihang University. Our main focus is on system software security, operating systems, and program analysis research, as well as the development of automated program testing frameworks for detecting software defects. Using our self-developed database vulnerability testing tool, we have identified the above-mentioned vulnerabilities in TiDB that may lead to database crashes.
Bug Report
Please answer these questions before submitting your issue. Thanks!
1. Minimal reproduce step (Required)
2. What did you expect to see? (Required)
Expect no crashes
3. What did you see instead (Required)
4. What is your TiDB version? (Required)
We are the BASS team from the School of Cyber Science and Technology at Beihang University. Our main focus is on system software security, operating systems, and program analysis research, as well as the development of automated program testing frameworks for detecting software defects. Using our self-developed database vulnerability testing tool, we have identified the above-mentioned vulnerabilities in TiDB that may lead to database crashes.