-
Notifications
You must be signed in to change notification settings - Fork 5.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Malicious SQL statement which directly crashes TiDB server by triggering stack overflow #30326
Comments
Verified as described against master: $ mysql testdb
..
tidb> WITH
-> cte_0 AS (select
-> 1 as c1,
-> (FIRST_VALUE(1) over (partition by subq_0.c0) < 1) as c3,
-> (select c4 from t_cpsvpb) as c7,
-> 1 as c11
-> from
-> (select
-> ref_0.c_13sfid as c0
-> from
-> t_x7zqmd as ref_0
-> where 0 <> 0) as subq_0)
-> select 1
-> from
-> ((t_037irb as ref_6 cross join cte_0 as ref_7)
-> inner join (t_037irb as ref_8 inner join cte_0 as ref_9 on (ref_8.c_nrh3o = ref_9.c11 ))
-> on (ref_7.c1 = ref_8.c_j9alg ));
ERROR 2013 (HY000): Lost connection to MySQL server during query
No connection. Trying to reconnect...
ERROR 2003 (HY000): Can't connect to MySQL server on '127.0.0.1:4000' (111)
ERROR:
Can't connect to the server Stack trace shows:
|
PTAL @wjhuang2016 |
/cc @guo-shaoge |
Related to memory.reArrangeFallback: #30353 |
mysql> select (FIRST_VALUE(1) over (partition by subq_0.c0) < 1) as c3, (select c4 from t_cpsvpb) as c7, 1 as c11 from (select ref_0.c_13sfid as c0 from t_x7zqmd as ref_0 where 0 <> 0) as subq_0;
ERROR 1105 (HY000): runtime error: invalid memory address or nil pointer dereference It has nothing to do with CTE, it seems that related to window function. |
The issue have four problems. I think we should track them through four issues |
Please check whether the issue should be labeled with 'affects-x.y' or 'fixes-x.y.z', and then remove 'needs-more-info' label. |
Bug Report
Please answer these questions before submitting your issue. Thanks!
1. Minimal reproduce step (Required)
Setup the environment:
mysql_bk.sql: mysql_bk.sql.txt
Testcase
2. What did you expect to see? (Required)
Testcase does not crash the TiDB server.
3. What did you see instead (Required)
Testcase crashed the TiDB server. The log shows that it may trigger a stack overflow bug.
The log of the TiDB server: log.txt
4. What is your TiDB version? (Required)
The text was updated successfully, but these errors were encountered: