SQLite Forum

SEGV in online backup API
Login
The following test case crashes with a SEGV (read) when compiling with ASAN:

Sqlite3 version: 3.36.0
(using the amalgamation sqlite3.c)

```c
#include "sqlite3.h"

int main() {
    sqlite3 *d1;
    sqlite3 *d2;
    sqlite3 *d3;
    
    sqlite3_open(":memory:", &d1);
    sqlite3_open(":memory:", &d2);
    sqlite3_open(":memory:", &d3);

    sqlite3_backup *b1 = sqlite3_backup_init(d3, "main", d2, "main");
    sqlite3_backup *b2 = sqlite3_backup_init(d1, "main", d3, "main");
    sqlite3_backup *b3 = sqlite3_backup_init(d1, "main", d2, "main");

    sqlite3_backup_step(b1, 8388608);
    sqlite3_backup_finish(b1);

    sqlite3_backup_step(b2, 0);
    sqlite3_backup_finish(b3);
    sqlite3_backup_step(b2, 8421376); // SEGV on read
    sqlite3_backup_finish(b2);

    sqlite3_close(d1);
    sqlite3_close(d2);
    sqlite3_close(d3);
}
```

This is not a security vulnerability because it an impractical situation. However, this usage of the API seems to be allowed by the documentation.

Specifically, the API doesn't mention what should happen if there are multiple simultaneous backups happening. Since there is some amount of error handling safeguards in place when performing backups, perhaps this situation should throw an error instead of segfaulting?