Report bugs against SQLite.
(1) By zgy (740931) on 2023-06-02 12:25:34 [link] [source]
sqlite3 SEGV on unknown address 0x000000000000
When running sqlite3 like the command below:
./sqlite3 -nonce
the program will cause SEGV on unknown address 0x000000000000 error.
shell.c:26109-26111
}else if( cli_strcmp(z,"-nonce")==0 ){
free(data.zNonce);
data.zNonce = strdup(argv[++i]);
Test Environment
Ubuntu 20.04, 64 bit sqlite3 (version: 3.40.1)
How to trigger
- Compile the program with AddressSanitizer
- Run command
$ ./sqlite3 -nonce
Details
ASAN report
$ ./sqlite3 -nonce
```
==935238==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7ffff7d196e5 bp 0x7fffffffc9d0 sp 0x7fffffffc188 T0) ==935238==The signal is caused by a READ memory access. ==935238==Hint: address points to the zero page. #0 0x7ffff7d196e5 /build/glibc-SzIz7B/glibc-2.31/string/../sysdeps/x86_64/multiarch/strlen-avx2.S:65 #1 0x486902 in strdup (/home/ned158/sp/Dataset/Sqlite3/sqlite3_aflpp/install/bin/sqlite3+0x486902) #2 0x4e70db in main /home/ned158/sp/Dataset/Sqlite3/sqlite3_aflpp/shell.c:26111:21 #3 0x7ffff7bb5082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16 #4 0x41e6bd in _start (/home/ned158/sp/Dataset/Sqlite3/sqlite3_aflpp/install/bin/sqlite3+0x41e6bd)
AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /build/glibc-SzIz7B/glibc-2.31/string/../sysdeps/x86_64/multiarch/strlen-avx2.S:65 ==935238==ABORTING ```
(2) By Larry Brasfield (larrybr) on 2023-06-02 12:59:46 in reply to 1 [link] [source]
Thanks for reporting this bug. Fixed here.
BTW, posts may take a few minutes or hours to appear when subject to moderation.
(3) By zgy (740931) on 2023-06-03 13:57:43 in reply to 2 [source]
Thanks, I will remember it.
(4) By Richard Hipp (drh) on 2023-07-24 13:13:33 in reply to 1 [link] [source]
Not A Vulnerability
CVE-2023-36191 was written against this bug, 20 days after the bug was fixed. This post is to refute that CVE.
The error is a bug. It has been fixed. But it is not a vulnerability. You may safely ignore the CVE. Key points:
The problem is in the "sqlite3" command-line tool, not in the SQLite library.
Because "sqlite3" is a command-line tool, shell access is required to trigger the bug.
The bug was an error in command-line argument parsing. If the user messes up the command-line that launches the "sqlite3" tool, then during argument processing a NULL-pointer dereference might occur and the "sqlite3" tool will fail to start up. That is completely harmless. The behavior is the same as if the operator had pressed Ctrl-C.
The behavior is the same after the bug fix as it was before - the program issues an error message and stops. The "fix" just makes the error message a little nicer. Instead of printing "Segmentation Fault", it prints "Error: missing argument to --nonce" and then calls exit(1).