SQLite User Forum

Segmentation fault in sqlite3OsFileSize function
Login

Segmentation fault in sqlite3OsFileSize function

(1) By Song Liu (songliu) on 2023-04-19 15:47:28 [source]

I found a segment fault while SQLite (latest, 982b35563da685df) executes the following queries.

PRAGMA page_size=65536;
CREATE TABLE t(E);
.res    0;

Here is the result of bisecting:

 18 BAD     2010-08-12 02:41:12 45362437d491fbe0 CURRENT
 17 GOOD    2010-08-11 18:56:46 2fa05d01b6b11788

Here is the ASAN report:

AddressSanitizer:DEADLYSIGNAL
=================================================================
==3546003==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000030 (pc 0x5555556c8d28 bp 0x7fffffff8f40 sp 0x7fffffff8f30 T0)
==3546003==The signal is caused by a READ memory access.
==3546003==Hint: address points to the zero page.
    #0 0x5555556c8d27 in sqlite3OsFileSize /data/song/projects/testbug/sqlite_asan/sqlite3.c:25044
    #1 0x55555579739e in backupTruncateFile /data/song/projects/testbug/sqlite_asan/sqlite3.c:80239
    #2 0x555555798a04 in sqlite3_backup_step /data/song/projects/testbug/sqlite_asan/sqlite3.c:80467
    #3 0x5555556afc9d in do_meta_command /data/song/projects/testbug/sqlite_asan/shell.c:24941
    #4 0x5555556b9dd2 in process_input /data/song/projects/testbug/sqlite_asan/shell.c:26639
    #5 0x5555556bdda9 in main /data/song/projects/testbug/sqlite_asan/shell.c:27607
    #6 0x7ffff7166082 in __libc_start_main ../csu/libc-start.c:308
    #7 0x55555563230d in _start (/data/song/projects/testbug/sqlite3-asan+0xde30d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /data/song/projects/testbug/sqlite_asan/sqlite3.c:25044 in sqlite3OsFileSize
==3546003==ABORTING

My compilation flags:

export CFLAGS="-g -DSQLITE_DEBUG"

Any explanations are appreciated!

(2) By Dan Kennedy (dan) on 2023-04-19 17:10:21 in reply to 1 [link] [source]

Thanks for this. Now fixed here:

https://sqlite.org/src/info/020968f8

Dan.

(3) By Song Liu (songliu) on 2023-04-19 17:19:05 in reply to 2 [link] [source]

Thanks for your work!