What happens?

This is the follow-up to #4152. I will keep updating this issue with new issues from fuzzers I find.

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12
• 13
• 14
• 15
• 16
• 17
• 18
• 19
• 20
• 21
• 22
• 23
• 24
• 25
• 26
• 27
• 28
• 29
• 30
• 31
• 32
• 33
• 34
• 35
• 36
• 37
• 38
• 39
• 40
• 41
• 42
• 43
• 44
• 45
• 46
• 47
• 48
• 49
• 50
• 51
• 52
• 53
• 54

1. C/C++ API missing backslash interpretation

DuckDB db(nullptr);
Connection con(db);
con.EnableQueryVerification();
con.SendQuery("SELECT BLOB '\x27';");

It will give the error: Parser Error: unterminated quoted string at or near "'''::BLOB". If I do this on the shell or without query verification, the statement is successful. I think there's something in the C/C++ API.

Here's another query with the same issue, but different syntax:

SELECT 1 FROM ((SELECT 2) t0(c0) JOIN (SELECT 3) t1(c0) ON TRUE), ((SELECT 4) t2(c0) JOIN ((SELECT 5) t3(c0) CROSS JOIN (SELECT 6) t4(c0)) ON TRUE);

And one more :)

SELECT CAST('1' COLLATE "as" AS INT);

More :)

UPDATE t0 SET c0 = (~1);

More :)

SELECT CAST((((1!) << CASE WHEN 1 THEN 1 WHEN 1 THEN 1 END) IS NULL) AS USMALLINT);

From the C++ API

#include <duckdb.hpp>

int main(void) {
	duckdb::DuckDB db(nullptr);
	duckdb::Connection con(db);

	con.SendQuery("PRAGMA VERIFY_EXTERNAL;");
	con.SendQuery("SELECT lead(1) OVER (PARTITION BY (1!) ROWS CURRENT ROW);");
	return 0;
}

2. Rename column assertion error (now fixed)

CREATE TABLE t1 (c1 INT, c2 INT);
CREATE INDEX i0 ON t1 (c2);
START TRANSACTION;
ALTER TABLE t1 ALTER c2 DROP NOT NULL; --Catalog Error: Cannot alter entry "t1" because there are entries that depend on it
ALTER TABLE t1 RENAME c1 TO c3;
ROLLBACK;

The rename statement will trigger: src/catalog/dependency_manager.cpp:74: void duckdb::DependencyManager::AlterObject(duckdb::ClientContext &, duckdb::CatalogEntry *, duckdb::CatalogEntry *): Assertion `dependents_map.find(old_obj) != dependents_map.end()' failed The first alter statement failed, so the transaction becomes dirty and the second statement should not execute?

3. C/C++ API issue with vector size 2 (now fixed)

While fuzzing with vector size 2 I found this:

DuckDB db(nullptr);
Connection con(db);
con.SendQuery("PRAGMA VERIFY_PARALLELISM;");
con.SendQuery("CREATE TABLE t0 AS VALUES (1), (2), (3);");
con.SendQuery("SELECT 1 FROM range(1) t2, t0;");

The select query throws an internal error: BatchedDataCollection::Merge error - batch index 0 is present in both collections. This occurs when batch indexes are not uniquely distributed over a thread. I am not sure if this is a real issue, so please close it if it is invalid.

4. Cardinality estimator assertion error (now fixed)

SELECT 1 FROM (SELECT 2), (SELECT 3) WHERE INTERVAL '1' USING SAMPLE (1);

or

PREPARE p0 AS SELECT 1 FROM (SELECT 2), range(1) WHERE $0 USING SAMPLE 1;

src/optimizer/cardinality_estimator.cpp:35: bool duckdb::CardinalityEstimator::SingleColumnFilter(duckdb::FilterInfo *): Assertion `filter_info->set->count >= 1' failed

SELECT (SELECT 1 WHERE INTERVAL '1' DAY HAVING EXISTS (SELECT 1));

src/optimizer/pushdown/pushdown_cross_product.cpp:10: unique_ptrduckdb::LogicalOperator duckdb::FilterPushdown::PushdownCrossProduct(unique_ptrduckdb::LogicalOperator): Assertion `op->type == LogicalOperatorType::LOGICAL_CROSS_PRODUCT' failed

5. Concurrent set number of threads issue (now fixed)

#include <duckdb.hpp>
#include <thread>
#include <vector>

int main(void) {
	duckdb::DuckDB db(nullptr);
	std::vector<std::thread> workers;

	for (int i = 0 ; i < 4; i++) {
		workers.push_back(std::thread(([&](void) {
			duckdb::Connection con(db);
			for (int j = 0 ; j < 10; j++) {
				con.Query("PRAGMA THREADS=2;");
			}
		})));
	}
	for (auto& thread : workers) {
		thread.join();
	}
	return 0;
}

Sometimes it will deadlock while setting the number of threads, other times the undefined behavior sanitizer complains:
src/parallel/task_scheduler.cpp:227:16: runtime error: member access within null pointer of type 'duckdb::SchedulerThread'

6. Like empty list assertion error (now fixed)

SELECT '1' LIKE [];
SELECT [] LIKE '1';
SELECT [] LIKE [];

or

SELECT 1 FROM (SELECT 2) t1(c0) NATURAL RIGHT JOIN (SELECT 2) t0(c0) WHERE (0, t1.c0) NOT LIKE '0';

src/include/duckdb/common/types/vector.hpp:290: static duckdb::ValidityMask &duckdb::FlatVector::Validity(duckdb::Vector &): Assertion `vector.GetVectorType() == VectorType::FLAT_VECTOR' failed

7. Client restart issue with database cleanup (now fixed)

#include <duckdb.h>
#include <thread>
#include <iostream>

int main(void) {
	duckdb_database db;
	char *error = nullptr;

	if (duckdb_open_ext(nullptr, &db, nullptr, &error) == DuckDBError) {
		std::cerr << error << std::endl;
		duckdb_free(error);
		return 1;
	}

	for (int i = 0 ; i < 3; i++) {
		std::thread worker1(([&](void) {
			duckdb_connection dc;
			if (duckdb_connect(db, &dc) == DuckDBError) {
				std::cerr << "Error while opening connection" << std::endl;
				return;
			}
			(void) duckdb_query(dc, "CREATE TABLE t2 AS (SELECT 1);", nullptr);
			(void) duckdb_query(dc, "DROP TABLE t2;", nullptr);
			duckdb_disconnect(&dc);
		}));

		std::thread worker2(([&](void) {
			duckdb_connection dc;
			if (duckdb_connect(db, &dc) == DuckDBError) {
				std::cerr << "Error while opening connection" << std::endl;
				return;
			}
			(void) duckdb_query(dc, "CREATE TABLE t2 AS (SELECT 1 + '1');", nullptr); /* Error '+' between and int and char not defined */
			(void) duckdb_query(dc, "CREATE TEMP SEQUENCE t1;", nullptr);
			(void) duckdb_query(dc, "DROP TEMP SEQUENCE t1;", nullptr);
			duckdb_disconnect(&dc);
		}));

		worker1.join();
		worker2.join();
	}
	duckdb_close(&db);
	return 0;
}

This program will complain with the address sanitizer: src/transaction/cleanup_state.cpp:26:3: runtime error: member access within address 0x60b0000661c0 which does not point to an object of type 'duckdb::CatalogEntry'

8. Returning clause with rowid internal error (now fixed)

CREATE TABLE t0 (c0 INT);
INSERT INTO t0 VALUES (1) RETURNING rowid;

Gives an internal error: Failed to bind column reference "c2" [9.1] (bindings: [9.0])

9. Aggregates assertion errors (now fixed)

SELECT reservoir_quantile(1, 1 ORDER BY 1);

src/include/duckdb/function/aggregate_function.hpp:233: static void duckdb::AggregateFunction::UnaryUpdate(duckdb::Vector *, duckdb::AggregateInputData &, duckdb::idx_t, duckdb::data_ptr_t, duckdb::idx_t) [STATE = duckdb::ReservoirQuantileState, INPUT_TYPE = int, OP = duckdb::ReservoirQuantileScalarOperation]: Assertion `input_count == 1' failed

CREATE TABLE t1 (c0 INT);
SELECT entropy(1 ORDER BY 1) FROM t1;

or

CREATE TABLE t1 (c0 INT);
SELECT approx_count_distinct(1 ORDER BY 1) FROM t1;

or

SELECT count(c0 ORDER BY 0) FROM (SELECT 2 EXCEPT SELECT 2) c0;

src/execution/operator/aggregate/physical_ungrouped_aggregate.cpp:566: void duckdb::VerifyNullHandling(duckdb::DataChunk &, duckdb::AggregateState &, const vector<unique_ptrduckdb::Expression> &): Assertion `!vdata.validity.RowIsValid(vdata.sel->get_index(0))' failed

SELECT mode((c0, 0)) FROM (SELECT 1 c0), (SELECT 2);

src/include/duckdb/common/types/vector.hpp:291: static duckdb::ValidityMask &duckdb::FlatVector::Validity(duckdb::Vector &): Assertion `vector.GetVectorType() == VectorType::FLAT_VECTOR' failed

10. Foreign key issues (now fixed)

CREATE TABLE t0 (c2 INT CONSTRAINT k0 UNIQUE, c0 DECIMAL, CONSTRAINT k0 FOREIGN KEY (c0) REFERENCES t0 (c2));
INSERT INTO t0 VALUES (1, 1);

src/common/types/vector.cpp:98: void duckdb::Vector::Reference(duckdb::Vector &): Assertion `other.GetType() == GetType()' failed

The reason must come from the different SQL types between the sides of the foreign key. I also see two constraints with the same name in the table definition. Is this allowed? If I change c0 type to INT, I get the error: "Constraint Error: violates foreign key constraint because key "c2: 1" does not exist in referenced table" This is a self-reference and the insert should be allowed.

11. Empty segment tree issue (now fixed)

DuckDB db(nullptr);
Connection con(db);
con.SendQuery("START TRANSACTION;");
con.SendQuery("CREATE TABLE t1 AS (SELECT 1);");
con.SendQuery("DELETE FROM t1 RETURNING 1;");

src/storage/table/segment_tree.cpp:20: duckdb::idx_t duckdb::SegmentTree::GetSegmentIndex(duckdb::idx_t): Assertion `!nodes.empty()' failed

12. Heap-use-after-free at duckdb::CleanupState::CleanupDelete (now fixed)

#include <duckdb.hpp>
#include <thread>

int main(void) {
	for (int i = 0 ; i < 10; i++) {
		duckdb::DuckDB db(nullptr);
		std::thread worker1, worker2;

		worker1 = std::thread(([&](void) {
			duckdb::Connection con(db);

			con.Query("CREATE TABLE t2 AS (SELECT 1 FROM t0);"); /* Error t0 doesn't exist */
			con.Query("SUMMARIZE SELECT 1;");
		}));
		worker2 = std::thread(([&](void) {
			duckdb::Connection con(db);

			con.Query("CREATE TEMP TABLE t2 AS (SELECT 1);");
			con.Query("DELETE FROM t0;"); /* Error t0 doesn't exist */
			con.Query("DELETE FROM t2;");
			con.Query("ANALYZE;");
		}));

		worker1.join();
		worker2.join();
	}
	return 0;
}

Compiling, linking, and running this program reports a heap use after free by the address sanitizer.

13. Group query verification error (now fixed)

DuckDB db(nullptr);
Connection con(db);
con.EnableQueryVerification();
con.SendQuery("SELECT DISTINCT 1 c0 GROUP BY CUBE (1), c0;");

It will report a row count mismatch between the parsed statement and the original result.

14. Date diff overflows (now fixed)

SELECT datesub('week',TIMESTAMP '-214169-1-18 21:29:6',TIMESTAMP '93495-11-19 13:3:22');

src/function/scalar/date/date_sub.cpp:110:53: runtime error: signed integer overflow: 2888277915802000000 - -6820686527454000000 cannot be represented in type 'long'

SELECT datesub('dayofyear',TIMESTAMP '-109502-12-4 20:26:13',TIMESTAMP '252823-4-6 9:56:28');

src/function/scalar/date/date_sub.cpp:102:53: runtime error: signed integer overflow: 7916164336588000000 - -3517687280027000000 cannot be represented in type 'long'

SELECT datesub('epoch',TIMESTAMP '153520-4-1 20:33:43',TIMESTAMP '-269898-3-29 12:9:14');

src/function/scalar/date/date_sub.cpp:133:53: runtime error: signed integer overflow: -8579317866646000000 - 4782463936423000000 cannot be represented in type 'long'

15. Index segment tree assertion error (now fixed)

CREATE TABLE t1 (c1 INT);
CREATE INDEX i1 ON t1 (c1, "decode"('\x00'::BLOB));
INSERT INTO t1 VALUES (1);
CREATE INDEX i1 ON t1 (c1);

src/storage/table/segment_tree.cpp:22: duckdb::idx_t duckdb::SegmentTree::GetSegmentIndex(duckdb::idx_t): Assertion `row_number < nodes.back().row_start + nodes.back().node->count' failed

This one is weird. The second CREATE INDEX should fail with "Index with name "i1" already exists!". The second expression in the first index always results in error, so maybe the issue comes from there.

16. Binder assertion error (now fixed)

SELECT (SELECT 2) c0 WHERE (SELECT c0);

src/planner/binder/expression/bind_subquery_expression.cpp:39: duckdb::BindResult duckdb::ExpressionBinder::BindExpression(duckdb::SubqueryExpression &, duckdb::idx_t): Assertion `depth == 0' failed.

17. Datetrunc assertion error (now fixed)

SELECT datetrunc('milliseconds', DATE '-2005205-7-28');

src/common/types/value.cpp:1128: duckdb::timestamp_t duckdb::Value::GetValueUnsafe() const: Assertion `type_.InternalType() == PhysicalType::INT64' failed.

18. Values subquery assertion error (now fixed)

VALUES((0, 0) = ALL(SELECT 2));

src/execution/operator/join/physical_blockwise_nl_join.cpp:20: duckdb::PhysicalBlockwiseNLJoin::PhysicalBlockwiseNLJoin(duckdb::LogicalOperator &, unique_ptrduckdb::PhysicalOperator, unique_ptrduckdb::PhysicalOperator, unique_ptrduckdb::Expression, duckdb::JoinType, duckdb::idx_t): Assertion `join_type != JoinType::MARK' failed

Error missing. The number of columns don't match between the sides.

19. Calling GetValueInternal on a value that is NULL (now fixed)

SELECT percentile_disc(strftime(DATE '1-11-25',NULL)) WITHIN GROUP (ORDER BY 1 DESC);

or

SELECT percentile_cont(CASE 1 WHEN 2 THEN 3 END) WITHIN GROUP (ORDER BY 1 DESC);

ABORT THROWN BY INTERNAL EXCEPTION: Calling GetValueInternal on a value that is NULL

20. Generated column and natural join (now fixed)

CREATE TABLE t1(c1 AS(8), c0 INT);
SELECT 1 FROM t1 NATURAL JOIN t1 t2 GROUP BY c1;

src/planner/table_binding.cpp:139: virtual duckdb::BindResult duckdb::TableBinding::Bind(duckdb::ColumnRefExpression &, duckdb::idx_t): Assertion `table_entry->columns[column_index].Category() == TableColumnType::STANDARD' failed

21. Heap-use-after-free at duckdb::TransactionContext::ActiveTransaction() (now fixed)

#include <duckdb.h>
#include <iostream>

int main(void) {
	duckdb_database db;
	duckdb_connection dc;
	char *error = nullptr;

	if (duckdb_open_ext(nullptr, &db, nullptr, &error) == DuckDBError) {
		std::cerr << error << std::endl;
		duckdb_free(error);
		return 1;
	}

	if (duckdb_connect(db, &dc) == DuckDBError) {
		duckdb_close(&db);
		std::cerr << "Error while opening connection" << std::endl;
		return 1;
	}

	(void) duckdb_query(dc, "CREATE TABLE t0 (c1 INT, CHECK (CURRENT_TIME));", nullptr);
	duckdb_disconnect(&dc);
	if (duckdb_connect(db, &dc) == DuckDBError) {
		duckdb_close(&db);
		std::cerr << "Error while opening connection" << std::endl;
		return 1;
	}
	(void) duckdb_query(dc, "INSERT INTO t0(c1) VALUES (0);", nullptr);
	(void) duckdb_query(dc, "DROP TABLE t0;", nullptr);

	duckdb_disconnect(&dc);
	duckdb_close(&db);
	return 0;
}

Compiling, linking, and running this program reports a heap use after free by the address sanitizer.

or

CREATE SEQUENCE t0;
CREATE TABLE t1(c1 INT, CHECK(currval('t0')));
/*connection restart*/
INSERT INTO t1(c1) VALUES(1);

22. Active transaction assertion error (now fixed)

Related to the previous one?

CREATE TABLE t1(c0 INT, c1 VARCHAR);
INSERT INTO t1(c1) VALUES(1);
CREATE INDEX i1 ON t1((get_current_timestamp()), c1);
DELETE FROM t1;

src/include/duckdb/transaction/transaction_context.hpp:30: duckdb::Transaction &duckdb::TransactionContext::ActiveTransaction(): Assertion `current_transaction' failed

23. Index not updated assertion error (now fixed)

CREATE TABLE t2 AS SELECT 1 c1, 1 c2;
CREATE INDEX i0 ON t2 (c1);
UPDATE t2 SET c2 = 2 RETURNING *;

src/storage/data_table.cpp:851: auto duckdb::DataTable::VerifyUpdateConstraints(duckdb::TableCatalogEntry &, duckdb::DataChunk &, const vectorduckdb::column_t &)::(anonymous class)::operator()(duckdb::Index &) const: Assertion `!index.IndexIsUpdated(column_ids)' failed.

24. ExecuteExpression assertion error (now fixed)

CREATE TABLE t1 (c0 VARCHAR(10) AS ('1') VIRTUAL, c1 INT);
INSERT INTO t1(c1) VALUES (0);
UPDATE t1 SET c1 = DEFAULT;

src/execution/expression_executor.cpp:76: void duckdb::ExpressionExecutor::ExecuteExpression(duckdb::idx_t, duckdb::Vector &): Assertion `result.GetType().id() == expressions[expr_idx]->return_type.id()' failed.

25. Temp sequence durability issue (now fixed)

On a persisted database do:

PRAGMA DISABLE_CHECKPOINT_ON_SHUTDOWN;
CREATE TEMP SEQUENCE s0;
SELECT nextval('s0');

Then restart, the WAL playback will throw:
Exception in WAL playback: Catalog Error: Sequence with name s0 does not exist!

26. Table disappears from the catalog (now fixed)

On a persisted database do:

CREATE TABLE t1 (c0 INT);
ALTER TABLE t1 RENAME TO t0;
PRAGMA DISABLE_CHECKPOINT_ON_SHUTDOWN;

Then restart and do:

CREATE INDEX i0 ON t0(c0);

Then restart again and the WAL playback will throw:
Error: unable to open database "duck.db": Catalog Error: Table with name t1 does not exist!

27. Table replaced by view WAL issue (now fixed)

On a persisted database do:

CREATE TABLE t0 (c0 INT);
ALTER TABLE t0 RENAME TO t1;
CREATE INDEX i0 ON t1 (c0);
CREATE OR REPLACE VIEW t0 AS (SELECT 1);

Then on restart the UBSAN will throw: src/storage/checkpoint_manager.cpp:347:6: runtime error: downcast of address ... which does not point to an object of type 'duckdb::TableCatalogEntry'
...: note: object is of type 'duckdb::ViewCatalogEntry'
The CREATE OR REPLACE VIEW statement should have failed?

28. Stack overflow by the address sanitizer (now fixed)

CREATE TABLE t0 (c2 AS (c0) VIRTUAL, c0 INT);
SELECT 1 FROM t0 t2(c0) WHERE c0 = 0;

The address sanitizer reports a stack overflow on this. The issue seems to come from the alias in the query.

29. Alter table type SEGV (now fixed)

CREATE TABLE t1(c2 AS (1) VIRTUAL, c1 TIME WITH TIME ZONE);
ALTER TABLE t1 ALTER c1 TYPE TIME USING(c2);

SEGV reported by the address sanitizer.

30. Filter pushdown assertion error (now fixed)

CREATE TABLE t2 (c2 INT);
CREATE SEQUENCE t0;
SELECT 1 FROM t2 WHERE currval('t0') BETWEEN TRY_CAST(0 AS TIMESTAMP WITH TIME ZONE) AND 1;

src/optimizer/filter_pushdown.cpp:70: void duckdb::FilterPushdown::PushFilters(): Assertion `result == FilterResult::SUCCESS' failed

Changing the query a little

CREATE TABLE t2 (c2 INT);
CREATE SEQUENCE t0;
SELECT 1 FROM t2 WHERE currval('t0') BETWEEN TRY_CAST(0 AS TIMESTAMP WITH TIME ZONE) AND -156587962151166338620429995158284936977;

ABORT THROWN BY INTERNAL EXCEPTION: Comparison on NULL values

31. Flat vector assertion error (now fixed)

CREATE TABLE t2(c0 INT, c1 INT);
INSERT INTO t2(c1) VALUES(0), (0), (0);
ALTER TABLE t2 ALTER c0 TYPE DECIMAL;

src/execution/expression_executor.cpp:149: void duckdb::ExpressionExecutor::Execute(const duckdb::Expression &, duckdb::ExpressionState *, const duckdb::SelectionVector *, duckdb::idx_t, duckdb::Vector &): Assertion `FlatVector::Validity(result).CheckAllValid(count)' failed.

32. Statistics propagation error (now fixed)

SELECT 1 FROM (SELECT 1) t0(c0) WHERE ((VALUES(1), (c0) LIMIT 1) INTERSECT (SELECT 1));

src/optimizer/statistics/operator/propagate_set_operation.cpp:36: unique_ptrduckdb::NodeStatistics duckdb::StatisticsPropagator::PropagateStatistics(duckdb::LogicalSetOperation &, unique_ptrduckdb::LogicalOperator *): Assertion `left_bindings.size() == right_bindings.size()' failed

33. Insert into ART index leaf assertion error (now fixed)

CREATE TABLE t2 (c1 INT, PRIMARY KEY (c1));
INSERT INTO t2 SELECT 2 UNION ALL SELECT 2;

src/execution/index/art/art.cpp:443: bool duckdb::ART::InsertToLeaf(duckdb::Leaf &, duckdb::row_t): Assertion `leaf.GetRowId(k) != row_id' failed

The insert should fail.

34. Random engine heap-use-after-free (now fixed)

On a persisted database do:

CREATE TABLE t2(c2 INT CHECK(uuid()));

Then restart and insert:

INSERT INTO t2 VALUES(0);

or

CREATE TABLE t1 (c0 INT CHECK (current_schema()));

Then restart and insert:

INSERT INTO t1 VALUES (FALSE);

A heap-use-after-free by the address sanitizer is reported. Is this related to a previous one?

35. Cast overflow (now fixed)

SELECT CAST(strftime(TIMESTAMP '1-1-1 0:00:00',340282346638528859811704183484516925440.0) AS DECIMAL(10,2));

UBSAN: src/common/operator/cast_operators.cpp:1551:32: runtime error: signed integer overflow: 3402823466385288600 * 10 cannot be represented in type 'long'

36. Unable to find function after restart (duplicate of issue #4578)

On a persisted database do:

CREATE TABLE t2 (c0 INT);
CREATE INDEX i0 ON t2 (c0, (datetrunc('century',CURRENT_TIMESTAMP)));

Then restart and an error is thrown:
Error: unable to open database "duck.db": Binder Error: No function matches the given name and argument types 'datetrunc(VARCHAR, TIMESTAMP WITH TIME ZONE)'. You might need to add explicit type casts.
Candidate functions:
datetrunc(VARCHAR, TIMESTAMP) -> TIMESTAMP
datetrunc(VARCHAR, DATE) -> TIMESTAMP
datetrunc(VARCHAR, INTERVAL) -> INTERVAL

Should functions be loaded before indexes?

37. Qualify clause binder error (now fixed)

SELECT * FROM (SELECT 1) t0(c0) GROUP BY ALL QUALIFY count(c0) OVER ();

or

SELECT 1 FROM (SELECT 2) t0(c0) QUALIFY (c0, dense_rank() OVER(), mode(0));

ABORT THROWN BY INTERNAL EXCEPTION: Failed to bind column reference "c0" [7.0] (bindings: [1.0])

38. Sorted aggregate missing serialize implementation (now fixed)

Not a real bug, but I leave it here.

create table t1(c0 int);
insert into t1 values (1),(2),(3);
SELECT approx_count_distinct(c0 ORDER BY (c0, 1)) FROM t1;

---Error: Not implemented Error: Type for comparison

39. Limit on subquery (now fixed)

SELECT 1 FROM (SELECT 1) t0(c0) WHERE (SELECT (SELECT 1 LIMIT c0));

src/planner/subquery/has_correlated_expressions.cpp:25: virtual unique_ptrduckdb::Expression duckdb::HasCorrelatedExpressions::VisitReplace(duckdb::BoundColumnRefExpression &, unique_ptrduckdb::Expression *): Assertion `expr.depth == 1' failed

40. Flat vector error (now fixed)

SELECT argmax((1, (SELECT 2)), 1) OVER ();

src/include/duckdb/common/types/vector.hpp:291: static duckdb::ValidityMask &duckdb::FlatVector::Validity(duckdb::Vector &): Assertion `vector.GetVectorType() == VectorType::FLAT_VECTOR' failed.

41. Datediff overflow (now fixed)

SELECT datediff('microseconds',TIMESTAMP '276858-10-21 9:36:33',TIMESTAMP '-222154-6-30 5:19:49');

src/function/scalar/date/date_diff.cpp:198:50: runtime error: signed integer overflow: -7072654732811000000 - 8674652828193000000 cannot be represented in type 'long'

42. Join order bindings (now fixed)

CREATE TABLE t0(c0 INT);
DELETE FROM t0 USING ((SELECT 1) t1 INNER JOIN (SELECT 2) t2 ON t0.c0);

src/planner/joinside.cpp:76: static duckdb::JoinSide duckdb::JoinSide::GetJoinSide(duckdb::idx_t, unordered_setduckdb::idx_t &, unordered_setduckdb::idx_t &): Assertion `right_bindings.find(table_binding) != right_bindings.end()' failed

43. Not found mark reference (now fixed)

SELECT 1 WHERE '23:' > ALL(SELECT '0') BETWEEN '0' AND '0:';

src/optimizer/pushdown/pushdown_mark_join.cpp:35: unique_ptrduckdb::LogicalOperator duckdb::FilterPushdown::PushdownMarkJoin(unique_ptrduckdb::LogicalOperator, unordered_setduckdb::idx_t &, unordered_setduckdb::idx_t &): Assertion `!found_mark_reference' failed

44. Inexistent collation missing error (now fixed)

SELECT 'hello' LIKE 'hê?llo' COLLATE idontexist;

The query runs fine, while it should have thrown an error.

45. Substring integer overflow 1 (now fixed)

SELECT substring('a', -1);

src/function/scalar/string/substring.cpp:245:93: runtime error: signed integer overflow: 9223372036854775807 - -1 cannot be represented in type 'long'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/function/scalar/string/substring.cpp:245:93 in

46. Substring integer overflow 2 (now fixed)

SELECT list_element('1', 9223372036854775807);

or

SELECT list_extract('1', 9223372036854775807);

src/function/scalar/string/substring.cpp:133:17: runtime error: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'long'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/function/scalar/string/substring.cpp:133:17 in

47. Substring integer overflow 3 (now fixed)

SELECT array_extract(0, -9223372036854775808);

src/function/scalar/string/substring.cpp:90:9: runtime error: signed integer overflow: -9223372036854775808 - 1 cannot be represented in type 'int64_t' (aka 'long')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/function/scalar/string/substring.cpp:90:9 in

48. Another binder error (now fixed)

I think this one is unrelated to the previous ones:

SELECT avg(0) c0, (SELECT 0 OFFSET c0);

ABORT THROWN BY INTERNAL EXCEPTION: Failed to bind column reference "c0" [2.0] (bindings: [8.0])

49. Base statistics assertion error (now fixed)

CREATE TABLE t1 (c0 INT, c2 BIGINT, PRIMARY KEY (c0));
PREPARE p2 AS UPDATE t1 SET c0 = (SELECT 2) FROM ((SELECT 1) UNION ALL (SELECT 2)) t2(c1);

src/storage/statistics/base_statistics.cpp:64: virtual void duckdb::BaseStatistics::Merge(const duckdb::BaseStatistics &): Assertion `type == other.type' failed.

50. Logical operator error (now fixed)

SELECT -0E4, jaccard(FALSE, '351609-10-19');

src/planner/logical_operator.cpp:118: virtual void duckdb::LogicalOperator::Verify(duckdb::ClientContext &): Assertion `!expr_equal' failed

Related to floating-points in optimization?

51. Islamic calendar overflow (now fixed)

SET CALENDAR='islamic-umalqura';
SELECT strftime(TIMESTAMPTZ '-260722-3-4 0:3:52',TIMESTAMP '-285441-5-3 8:3:4');

src/extension/icu/third_party/icu/i18n/islamcal.cpp:648:66: runtime error: signed integer overflow: 30 * -95454072 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/extension/icu/third_party/icu/i18n/islamcal.cpp:648:66

ICU issue?

52. Indian calendar overflow (now fixed)

SET CALENDAR='indian';
SELECT TIMESTAMPTZ '-276069-9-30 0:0:00 America/Whitehorse';

Reports global-buffer-overflow by the address sanitizer.

ICU issue?

53. Date diff overflow 2

SELECT date_diff('isoyear',TIMESTAMPTZ '-191639-5-3 0:6:50 America/Antigua',TIMESTAMPTZ '-118403-6-4 3:8:51 Asia/Novosibirsk');

src/extension/icu/third_party/icu/i18n/gregoimp.h:294:18: runtime error: signed integer overflow: -2146712927 - 2440588 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/extension/icu/third_party/icu/i18n/gregoimp.h:294:18

54. Negative shift (now fixed)

PRAGMA CALENDAR='japanese';
SELECT strftime(TIMESTAMPTZ '-23831-1-15 2:5:17 America/La_Paz',TIMETZ '0:8:29 America/Cayman');

src/extension/icu/third_party/icu/i18n/erarules.cpp:57:17: runtime error: left shift of negative value -23831
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/extension/icu/third_party/icu/i18n/erarules.cpp:57:17

To Reproduce

Just run the statements.

OS:

Linux

DuckDB Version:

latest from sources

DuckDB Client:

Shell and C/C++ API

Full Name:

Pedro Ferreira

Affiliation:

Huawei

Have you tried this on the latest master branch?

• I agree

Have you tried the steps to reproduce? Do they include all relevant data and configuration? Does the issue you report still appear there?

• I agree