SQLancer crash on complex query #6887

monetdb-team · 2020-11-30T16:57:21Z

Date: 2020-06-11 09:43:34 +0200
From: @PedroTadim
To: SQL devs <>
Version: 11.37.7 (Jun2020)

Last updated: 2020-07-27 09:30:11 +0200

Comment 27820

Date: 2020-06-11 09:43:34 +0200
From: @PedroTadim

User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36
Build Identifier:

Run the query below for a double free error

Reproducible: Always

SELECT "sys"."replace"(cast(cast(0.8009925043335998 as clob) as clob(169)),cast("sys"."replace"('!','','wtkg춑5,I}楘') as clob),"sys"."concat"("sys"."concat"('?dMHr펔2!FU4Rᔎ%',-1194732688),0.7566860950241294));

A double-free error.

Something besides a double-free error.

Date: 2020-06-11 10:28:54 +0200
From: MonetDB Mercurial Repository <>

Changeset 1dcaa2b1e5cb made by Pedro Ferreira pedro.ferreira@monetdbsolutions.com in the MonetDB repo, refers to this bug.

Changeset description:

Fix for bug #6887, handle NULL and empty strings properly at replace(string) function

The text was updated successfully, but these errors were encountered:

monetdb-team added bug Something isn't working minor SQL labels Nov 30, 2020

monetdb-team closed this as completed Nov 30, 2020

sjoerdmullender added this to the Ancient Release milestone Feb 7, 2022