Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible buffer overflow in max(varchar) #3583

Closed
monetdb-team opened this issue Nov 30, 2020 · 0 comments
Closed

Possible buffer overflow in max(varchar) #3583

monetdb-team opened this issue Nov 30, 2020 · 0 comments
Labels
bug Something isn't working normal SQL
Milestone
Ancient Release

Comments

@monetdb-team
Copy link

Date: 2014-09-20 19:37:48 +0200
From: @skinkie
To: SQL devs <>
Version: -- development
CC: @njnes

Last updated: 2014-10-31 14:14:22 +0100

Comment 20175

Date: 2014-09-20 19:37:48 +0200
From: @skinkie

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.68 Safari/537.36
Build Identifier:

select vehicle, max(lineplanningnumber) as lineplanningnumber, max(journeynumber) as journeynumber from (select (epoch(vehicle) / 120) * 120 as vehicle, lineplanningnumber, journeynumber, vehiclenumber from "sys"."kv6") as x group by vehicle, vehiclenumber limit 10;

Results for me into:

+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+
| vehicle | lineplanningnumber | journe |
: : : ynumbe :
: : : r :
+============+===================================================================================================================================================================================================================================+========+
| 1410715200 | ��������..... some other colums

Reproducible: Couldn't Reproduce

Steps to Reproduce:

I have tried to reproduce it on the following small example which does not trigger it.

CREATE TABLE "sys"."test" (
"vehicle" TIMESTAMP,
"lineplanningnumber" VARCHAR(10),
"journeynumber" INTEGER,
"vehiclenumber" INTEGER
);

INSERT INTO test VALUES ('2014-01-01 00:00:01', '1', 1, 1);
INSERT INTO test VALUES ('2014-01-01 00:00:02', '1', 2, 1);
INSERT INTO test VALUES ('2014-01-01 00:00:03', '1', 2, 2);
INSERT INTO test VALUES ('2014-01-01 00:01:02', '1', 2, 2);
INSERT INTO test VALUES ('2014-01-01 00:01:02', null, null, 2);
INSERT INTO test VALUES ('2014-01-01 00:01:02', '2', 2, 3);

select vehicle, max(lineplanningnumber) as lineplanningnumber, max(journeynumber) as journeynumber from (select (epoch(vehicle) / 120) * 120 as vehicle, lineplanningnumber, journeynumber, vehiclenumber from "sys"."test") as x group by vehicle, vehiclenumber limit 10;

Thus I created the entire dataset:

create table test2 as select (epoch(vehicle) / 120) * 120 as vehicle, lineplanningnumber, journeynumber, vehiclenumber from "sys"."kv6" with data;

and executed:

select vehicle, max(lineplanningnumber) as lineplanningnumber, max(journeynumber) as journeynumber from test2 group by vehicle, vehiclenumber limit 10;

Which does trigger it. I have exported the table and e-mailed Niels the URI.

MonetDB 5 server v11.19.0 (64-bit, 64-bit oids)
This is an unreleased version
Copyright (c) 1993-July 2008 CWI
Copyright (c) August 2008-2014 MonetDB B.V., all rights reserved
Visit http://www.monetdb.org/ for further information
Found 31.4GiB available memory, 8 available cpu cores
Libraries:
libpcre: 8.33 2013-05-28 (compiled with 8.33)
openssl: OpenSSL 1.0.1h 5 Jun 2014 (compiled with OpenSSL 1.0.1h 5 Jun 2014)
libxml2: 2.9.1 (compiled with 2.9.1)
Compiled by: skinkie@bigdata.openebs.nl (x86_64-unknown-linux-gnu)
Compilation: gcc -g -Werror -Wall -Wextra -W -Werror-implicit-function-declaration -Wpointer-arith -Wdeclaration-after-statement -Wundef -Wformat=2 -Wno-format-nonliteral -Winit-self -Winvalid-pch -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wold-style-definition -Wpacked -Wunknown-pragmas -Wvariadic-macros -fstack-protector-all -Wstack-protector -Wpacked-bitfield-compat -Wsync-nand -Wjump-misses-init -Wmissing-include-dirs -Wlogical-op -Wunreachable-code
Linking : /usr/x86_64-pc-linux-gnu/bin/ld -m elf_x86_64

Comment 20176

Date: 2014-09-21 16:11:08 +0200
From: MonetDB Mercurial Repository <>

Changeset 39ea2e9fe4a8 made by Niels Nes niels@cwi.nl in the MonetDB repo, refers to this bug.

For complete details, see http//devmonetdborg/hg/MonetDB?cmd=changeset;node=39ea2e9fe4a8

Changeset description:

make sure we only apply the stringtrick in BATproject
when there are no nil's oids (in l).
Fixes bug #3583

Comment 20367

Date: 2014-10-31 14:14:22 +0100
From: @sjoerdmullender

Oct2014 has been released.
@monetdb-team monetdb-team added bug Something isn't working normal SQL labels Nov 30, 2020
@sjoerdmullender sjoerdmullender added this to the Ancient Release milestone Feb 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working normal SQL
Projects
None yet
Milestone
Ancient Release
Development

No branches or pull requests
2 participants
@sjoerdmullender @monetdb-team