SQLite Forum

Possible CLI crashing bug

Possible CLI crashing bug

(1.1) By Yu Liang (LY1598773890) on 2022-10-17 17:23:57 edited from 1.0 [source]

The latest version of SQLite3 crashes when executing the following queries:

.limit le 0;

The stack backtrace is shown below:

#0  __strcmp_avx2 () at ../sysdeps/x86_64/multiarch/strcmp-avx2.S:101
#1  0x0000000000439c28 in explain_data_prepare (p=0x7fffffffcc10, pSql=0x6b1f30) at shell.c:14274
#2  0x0000000000418278 in shell_exec (pArg=0x7fffffffcc10, zSql=0x6a6840 "EXPLAIN PRAGMA u", pzErrMsg=0x7fffffffca00) at shell.c:15155
#3  0x000000000043e1af in runOneSqlLine (p=0x7fffffffcc10, zSql=0x6a6840 "EXPLAIN PRAGMA u", in=0x7ffff7d6d980 <_IO_2_1_stdin_>, startline=0x2) at shell.c:22767
#4  0x000000000041903a in process_input (p=0x7fffffffcc10) at shell.c:22950
#5  0x000000000040ac18 in main (argc=0x1, argv=0x7fffffffe238) at shell.c:23786
#6  0x00007ffff7ba5083 in __libc_start_main (main=0x408e40 <main>, argc=0x1, argv=0x7fffffffe238, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>,
    stack_end=0x7fffffffe228) at ../csu/libc-start.c:308
#7  0x000000000040377e in _start ()

When testing with UBSAN, the sanitizer reports the following error:

==1220203==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fac280cfbee bp 0x000000000000 sp 0x7ffc468e6aa8 T1220203)
==1220203==The signal is caused by a READ memory access.
==1220203==Hint: address points to the zero page.
    #0 0x7fac280cfbee  /build/glibc-SzIz7B/glibc-2.31/string/../sysdeps/x86_64/multiarch/strcmp-avx2.S:101
    #1 0x461222 in explain_data_prepare /home/luy70/Desktop/sqlite_source_fossil/sqlite/shell.c:14274:15
    #2 0x4432d5 in shell_exec /home/luy70/Desktop/sqlite_source_fossil/sqlite/shell.c:15155:11
    #3 0x46522f in runOneSqlLine /home/luy70/Desktop/sqlite_source_fossil/sqlite/shell.c:22767:8
    #4 0x4459c5 in process_input /home/luy70/Desktop/sqlite_source_fossil/sqlite/shell.c:22950:15
    #5 0x430b06 in main /home/luy70/Desktop/sqlite_source_fossil/sqlite/shell.c
    #6 0x7fac27f70082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
    #7 0x406acd in _start (/home/luy70/Desktop/sqlite_fuzz_tmp/sqlite3_inst+0x406acd)

On Bisecting, the bug seems to originated from commit: 310a3e102d8eedf9 2022-03-28. Here is the bisecting report:

  1 BAD        2022-03-28 18:34:40 310a3e102d8eedf9
  5 GOOD    2022-03-28 17:34:46 06928e745c7bcb26 CURRENT
  4 GOOD    2022-03-28 14:56:47 daa924af98725334
  3 GOOD    2022-03-25 01:23:37 1a6328f2a5b49730
  2 GOOD    2022-03-21 20:08:13 c7a2047e93df36c1

This bug seems similar to the bug reported in link. However, when we test the bug-triggering query with the latest patch: b6413a6d, this bug is still reproducible.

Thank you.

(2) By Yu Liang (LY1598773890) on 2022-10-19 17:43:36 in reply to 1.1 [link] [source]

Is there any updates on the crashing problem? We just tested the latest version of SQLite3 (fossil: e3648a07f5), and the crashing problem is still reproducible.

Please let us know if you have more questions or need more debug information.

Thank you.

(3) By Richard Hipp (drh) on 2022-10-19 18:05:21 in reply to 1.1 [link] [source]

Thanks for the bug report, and the reminder. (I missed the first report.)

Should now be fixed on trunk.

(4) By Yu Liang (LY1598773890) on 2022-10-19 19:54:50 in reply to 3 [link] [source]

Thanks Richard.

The bug is tested fixed with Fossil commit: 7450a561. Seems just another small CLI problem. Thanks for the reply and quick fix.