Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dereference null pointer (sqlsmith) #6423

Closed
monetdb-team opened this issue Nov 30, 2020 · 0 comments
Closed

Dereference null pointer (sqlsmith) #6423

monetdb-team opened this issue Nov 30, 2020 · 0 comments
Labels
bug Something isn't working major SQL
Milestone
Ancient Release

Comments

@monetdb-team
Copy link

Date: 2017-10-15 11:38:43 +0200
From: @mlkersten
To: SQL devs <>
Version: 11.27.5 (Jul2017-SP1)
CC: @njnes

Last updated: 2017-10-26 14:01:30 +0200

Comment 25721

Date: 2017-10-15 11:38:43 +0200
From: @mlkersten

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:55.0) Gecko/20100101 Firefox/55.0
Build Identifier:

Using the mergedb example

(gdb) print *e
Cannot access memory at address 0x0

0x00007f0ec40a3ae2 in rel_find_exp_ (rel=0x7f0e909dba40, e=0x0) at /export/scratch1/home/mk/default//package/sql/server/rel_exp.c:1191
1191 switch(e->type) {
(gdb) where
0 0x00007f0ec40a3ae2 in rel_find_exp_ (rel=0x7f0e909dba40, e=0x0) at /export/scratch1/home/mk/default//package/sql/server/rel_exp.c:1191
1 0x00007f0ec40a3cb7 in rel_find_exp (rel=0x7f0e909dba40, e=0x0) at /export/scratch1/home/mk/default//package/sql/server/rel_exp.c:1229
2 0x00007f0ec40a35f5 in rel_has_exp (rel=0x7f0e909dba40, e=0x0) at /export/scratch1/home/mk/default//package/sql/server/rel_exp.c:1093
3 0x00007f0ec40bd248 in rel_push_semijoin_down (changes=0x7f0ea0db8594, sql=0x7f0e90126430, rel=0x7f0e909dbd30)
at /export/scratch1/home/mk/default//package/sql/server/rel_optimizer.c:4302
4 0x00007f0ec40d13e1 in rewrite (sql=0x7f0e90126430, rel=0x7f0e909dbd30, rewriter=0x7f0ec40bd115 <rel_push_semijoin_down>,
has_changes=0x7f0ea0db8818) at /export/scratch1/home/mk/default//package/sql/server/rel_optimizer.c:8803
5 0x00007f0ec40d12be in rewrite (sql=0x7f0e90126430, rel=0x7f0e909dc640, rewriter=0x7f0ec40bd115 <rel_push_semijoin_down>,
has_changes=0x7f0ea0db8818) at /export/scratch1/home/mk/default//package/sql/server/rel_optimizer.c:8787
6 0x00007f0ec40d126b in rewrite (sql=0x7f0e90126430, rel=0x7f0e909e8220, rewriter=0x7f0ec40bd115 <rel_push_semijoin_down>,
has_changes=0x7f0ea0db8818) at /export/scratch1/home/mk/default//package/sql/server/rel_optimizer.c:8779
7 0x00007f0ec40d12be in rewrite (sql=0x7f0e90126430, rel=0x7f0e909ef4d0, rewriter=0x7f0ec40bd115 <rel_push_semijoin_down>,
has_changes=0x7f0ea0db8818) at /export/scratch1/home/mk/default//package/sql/server/rel_optimizer.c:8787
8 0x00007f0ec40d1292 in rewrite (sql=0x7f0e90126430, rel=0x7f0e909f0f30, rewriter=0x7f0ec40bd115 <rel_push_semijoin_down>,
has_changes=0x7f0ea0db8818) at /export/scratch1/home/mk/default//package/sql/server/rel_optimizer.c:8780
9 0x00007f0ec40d12be in rewrite (sql=0x7f0e90126430, rel=0x7f0e90a5f150, rewriter=0x7f0ec40bd115 <rel_push_semijoin_down>,
has_changes=0x7f0ea0db8818) at /export/scratch1/home/mk/default//package/sql/server/rel_optimizer.c:8787
10 0x00007f0ec40d1292 in rewrite (sql=0x7f0e90126430, rel=0x7f0e90a0b480, rewriter=0x7f0ec40bd115 <rel_push_semijoin_down>,
has_changes=0x7f0ea0db8818) at /export/scratch1/home/mk/default//package/sql/server/rel_optimizer.c:8780
11 0x00007f0ec40d12be in rewrite (sql=0x7f0e90126430, rel=0x7f0e90a0b9e0, rewriter=0x7f0ec40bd115 <rel_push_semijoin_down>,
has_changes=0x7f0ea0db8818) at /export/scratch1/home/mk/default//package/sql/server/rel_optimizer.c:8787
12 0x00007f0ec40d12be in rewrite (sql=0x7f0e90126430, rel=0x7f0e909c4150, rewriter=0x7f0ec40bd115 <rel_push_semijoin_down>,
has_changes=0x7f0ea0db8818) at /export/scratch1/home/mk/default//package/sql/server/

Reproducible: Always

Steps to Reproduce:

select
cast(nullif(sample_4.id,
ref_5.name) as clob) as c0,
ref_7.type as c1,
sample_4.ds as c2,
65 as c3
from
tmp.objects as sample_0
inner join sys.environment as ref_5
left join sys.tables as ref_6
on ((76 is not NULL)
or ((true)
and ((ref_6.name is NULL)
or (ref_6.access is NULL))))
inner join sys.storagemodel as ref_7
left join bam.rg as sample_4
right join sys.key_types as ref_8
on (true)
on (true)
on (ref_6.commit_action = ref_8.key_type_id )
on (sample_4.lb is not NULL)
where ref_7.columnsize is not NULL
limit 85;

Comment 25722

Date: 2017-10-15 13:47:08 +0200
From: @njnes

make sure we only look at compare expressions

Comment 25723

Date: 2017-10-15 13:48:18 +0200
From: MonetDB Mercurial Repository <>

Changeset 7f0d859e9317 made by Niels Nes niels@cwi.nl in the MonetDB repo, refers to this bug.

For complete details, see https//devmonetdborg/hg/MonetDB?cmd=changeset;node=7f0d859e9317

Changeset description:

fixed bug #6423
@monetdb-team monetdb-team added bug Something isn't working major SQL labels Nov 30, 2020
@sjoerdmullender sjoerdmullender added this to the Ancient Release milestone Feb 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working major SQL
Projects
None yet
Milestone
Ancient Release
Development

No branches or pull requests
2 participants
@sjoerdmullender @monetdb-team