Jingzhou Fu

icon indicating a website link fuboat.github.io icon indicating an email [email protected]

icon location Beijing icon location PhD Student, School of Software, Tsinghua University

Results 24 issues of Jingzhou Fu

Excel extension crashes with a crafted `TEXT` expression

### What happens? DuckDB v0.10.2 (`duckdb_cli-linux-amd64`) crashes with a crafted `TEXT` expression. It can also be reproduced in the nightly build. ### To Reproduce PoC: ```sql SELECT TEXT(1234567.897, '$#,##09999999999999999999999999999999999999999999999999999999999999999999999'); ```...

reproduced

Server crashes by the jsonMergePatch function with crafted arguments

1 comment

**Describe the bug** Server crashes by the jsonMergePatch function with crafted arguments. It was found by an in-development fuzzer of WINGFUZZ. **How to reproduce** The SQL statement to reproduce: ```sql...

crash
fuzz

Bug: Missing privilege checks for the COMMENT ON PARAMETER command on functions in packages

## Summary The privilege checks for the COMMENT ON PARAMETER command on functions in packages are missing. Reproduced on `firebirdsql/firebird:latest` (LI-V5.0.3.1683): a low-privilege user `u1` can comment on package functions'...

Bug: Privilege checks for `DROP FILTER` commands can be bypassed

## Summary `DROP FILTER` privilege checks can be bypassed when the DROP follows a failing `ALTER FUNCTION` inside the same `SET TERM` block. Reproduced on `firebirdsql/firebird:latest` (LI-V5.0.3.1683): a low-privilege user...