The PoC is generated by my DBMS fuzzer.

CREATE VIEW t1(a) AS SELECT 1; SELECT a, a, a FROM t1 WHERE a IN (1,5) AND a IN (9,8,3025,1000,3969) ORDER BY a, a DESC;

backtrace:

#0 0x6f6462 (sqlo_preds_contradiction+0x442) #1 0x6fec43 (sqlo_place_table+0xe23) #2 0x706bab (sqlo_try+0xdb) #3 0x70818c (sqlo_layout_1+0x94c) #4 0x6e84fb (sqlo_layout+0x5fb) #5 0x70c075 (sqlo_top_2+0x335) #6 0x70b9d5 (sqlo_top_1+0x135) #7 0x70d4c6 (sqlo_top_select+0x156) #8 0x6b72bf (sql_stmt_comp+0x8bf) #9 0x6ba122 (sql_compile_1+0x1a62) #10 0x7c8cd0 (stmt_set_query+0x340) #11 0x7cabc2 (sf_sql_execute+0x922) #12 0x7cbf4e (sf_sql_execute_w+0x17e) #13 0x7d4c0d (sf_sql_execute_wrapper+0x3d) #14 0xe1f01c (future_wrapper+0x3fc) #15 0xe2691e (_thread_boot+0x11e) #16 0x7f8d7a6e8609 (start_thread+0xd9) #17 0x7f8d7a4b8133 (clone+0x43)

ways to reproduce (write poc to the file ‘/tmp/test.sql’ first):

remove the old one

docker container rm virtdb_test -f

start virtuoso through docker

docker run --name virtdb_test -itd --env DBA_PASSWORD=dba openlink/virtuoso-opensource-7:7.2.9

wait the server starting

sleep 10

check whether the simple query works

echo “SELECT 1;” | docker exec -i virtdb_test isql 1111 dba

run the poc

docker exec -i virtdb_test isql 1111 dba < “/tmp/test.sql”