Some bugs in ORACLE HINT

author:kj0231320
Team:i.s.t.o

The following is the discovery of Oracle HINT Fuzz.

Select/*+ no_push_pred (* dual-) * * from dual


With a few more hint. This syntax error may cause the current connection session to be interrupted
Study for a long time did not find any details of the reason, tracking can not go on. Put on for half a year to throw out, later can go less detours
By the way, give the fuzz code.
package cn.isto.fuzz.oracle; import java.sql.*; import java.util.list; public class sqlhintfuzzer {    private object[] fuzzdata=new  Object[38];     private String[] hints = new String[182];          private Connection conn;     Statement stmt = null;     private String url;     private String user;     private String pass;     private String sql1;          private string loopcreatestring (STRING&NBSP;INITSTR, Int count) {        stringbuilder tempsb = new  stringbuilder ();         for (int i=0;i<count;i++) { &nbsP;          tempsb.append (INITSTR);         }         return  Tempsb.tostring (); &NBSP;&NBSP;&NBSP;&NBSP}     public sqlhintfuzzer () {         fuzzData[0]=-1;         fuzzData[1]=-2;         fuzzData[2]=0;         fuzzData[3]=1;         fuzzData[4]=2;         fuzzData[5]=2147483647;         fuzzData[6]=-2147483647;         fuzzData[7]=2147483648l;         fuzzData[8]=-2147483648;         fuzzData[9]=Long.MAX_VALUE;         fuzzdata[10]=long.min_value;         fuzzdata[11]=loopcreatestring ("')", 1);         fuzzdata[12]=loopcreatestring ("/" ", 1);         fuzzdata[13]=loopcreatestring ("--", 1);         fuzzdata[14]=loopcreatestring ("/*", 1);         fuzzdata[15]=loopcreatestring ("%s%s%s%s%s%s%s", 1);         fuzzdata[16]=loopcreatestring ("%x%x%x%x%x%x", 1);         fuzzdata[17]=loopcreatestring ("%d%d%d%d%d%d", 1);         fuzzdata[18]=loopcreatestring ("A", 30);         fuzzdata[19]=loopcreatestring ("A", 100);         fuzzdata[20]=loopcreatestring ("A", 128);       &nbsP; fuzzdata[21]=loopcreatestring ("A", 256);         fuzzdata[22]=loopcreatestring ("A", 512);         fuzzdata[23]=loopcreatestring ("A", 1024);         fuzzdata[24]=loopcreatestring ("A", 2048);         fuzzdata[25]=loopcreatestring ("A", 3000);         fuzzdata[26]=loopcreatestring ("A", 4000);         fuzzdata[27]=loopcreatestring ("A", 5000);         fuzzdata[28]=loopcreatestring ("A", 6000);         fuzzdata[29]=loopcreatestring ("A", 8000);         fuzzdata[30]=loopcreatestring ("A", 10000);         fuzzdata[31]=loopcreatestring ("A", 15000);         fuzzdata[32]=Loopcreatestring ("A", 20000);         fuzzdata[33]=loopcreatestring ("A", 25000);         fuzzdata[34]=loopcreatestring ("A", 30000);         fuzzdata[35]=loopcreatestring ("A", 32767);         fuzzdata[36]=loopcreatestring ("SYS", 1);         fuzzdata[37]=loopcreatestring ("ROWID", 1);                  hints[0]= "All_ ROWS ";         hints[1]= "And_equal";         hints[2]= "Antijoin";         hints[3]= "APPEND";         hints[4]= "BITMAP";         hints[5]= "BUFFER";         hints[6]= "Bypass_Recursive_check ";         hints[7]= "BYPASS_UJVC";         hints[8]= "CACHE";         hints[9]= "CACHE_CB";         hints[10]= "Cache_temp_table";         hints[11]= "Cardinality";         hints[12]= "CHOOSE";         hints[13]= "CIV_GB";         hints[14]= "Collections_get_refs";         hints[15]= "Cpu_costing";         hints[16]= "CUBE_GB";         hints[17]= "Cursor_sharing_exact";         hints[18]= "Deref_no_rewrite";         hints[19]= "Dml_update";      &nBsp;  hints[20]= "Domain_index_no_sort";         hints[21]= "Domain_index_sort";         hints[22]= "Driving_site";         hints[23]= "Dynamic_sampling";         hints[24]= "DYNAMIC_SAMPLING_EST_CDN";         hints[25]= "Expand_gset_to_union";         hints[26]= "FACT";         hints[27]= "First_rows";         hints[28]= "Force_sample_block";         hints[29]= "full";         hints[30]= "Gby_conc_rollup";         hints[31]= "Global_table_hints";         hints[32]= "HASH";        &nBsp;hints[33]= "Hash_aj";         hints[34]= "HASH_SJ";         hints[35]= "hwm_brokered";         hints[36]= "Ignore_on_clause";         hints[37]= "Ignore_where_clause";         hints[38]= "INDEX_ASC";         hints[39]= "Index_combine";         hints[40]= "Index_desc";         hints[41]= "Index_ffs";         hints[42]= "Index_join";         hints[43]= "Index_rrs";         hints[44]= "INDEX_SS";         hints[45]= "INDEX_SS_ASC";         hints[46]= "Index_ss_desc";    &nbsP;    hints[47]= "INLINE";         hints[48]= "leading";         hints[49]= "Like_expand";         hints[50]= "Local_indexes";         hints[51]= "materialize";         hints[52]= "MERGE";         hints[53]= "Merge_aj";         hints[54]= "MERGE_SJ";         hints[55]= "Mv_merge";         hints[56]= "Nested_table_get_refs";         hints[57]= "Nested_table_set_refs";         hints[58]= "Nested_table_set_setid";         hints[59]= "Nl_aj";         hints[60]= "NL_SJ"; &nbSp;       hints[61]= "No_access";         hints[62]= "No_buffer";         hints[63]= "No_expand";         hints[64]= "No_expand_gset_to_union";         hints[65]= "No_fact";         hints[66]= "No_filtering";         hints[67]= "No_index";         hints[68]= "No_merge";         hints[69]= "No_monitoring";         hints[70]= "No_order_rollups";         hints[71]= "No_prune_gsets";         hints[72]= "no_push_pred";         hints[73]= "NO_PUSH_SUBQ";        &nbSp;hints[74]= "No_qkn_buff";         hints[75]= "No_semijoin";         hints[76]= "No_stats_gsets";         hints[77]= "No_unnest";         hints[78]= "Noappend";         hints[79]= "NoCache";         hints[80]= "Nocpu_costing";         hints[81]= "Noparallel";         hints[82]= "Noparallel_index";         hints[83]= "Norewrite";         hints[84]= "Or_expand";         hints[85]= "ORDERED";         hints[86]= "Ordered_predicates";         hints[87]= "Overflow_nomove";    &nBsp;    hints[88]= "PARALLEL";         hints[89]= "Parallel_index";         hints[90]= "PIV_GB";         hints[91]= "PIV_SSF";         hints[92]= "Pq_distribute";         hints[93]= "Pq_map";         hints[94]= "Pq_nomap";         hints[95]= "push_pred";         hints[96]= "PUSH_SUBQ";         hints[97]= "remote_mapped";