Assertion failure in accessPayload function

(1) By Song Liu (songliu) on 2023-03-24 20:22:38 [source]

I found an assertion failure while SQLite (latest, 221fdcec964f8317) executes the following queries.

CREATE TABLE v0 ( c1 TEXT, UNIQUE ( c1, c1, c1 ) ); 
INSERT INTO v0 VALUES ( hex(zeroblob(241)) ) , ( 1 ), ( 2 ), ( 3 ); 
ANALYZE; 
SELECT max ( c1 ) FROM v0 WHERE c1 IN v0;

Here are the outputs:

sqlite3: sqlite3.c:73570: int accessPayload(BtCursor *, u32, u32, unsigned char *, int): Assertion `offset+amt <= pCur->info.nPayload' failed.
[1]    2316979 abort      ./sqlite3 < poc

Here is the result of bisecting:

 12 BAD     2020-09-30 18:06:51 4a43430fd23f8835
 14 GOOD    2020-09-30 17:32:22 7395e96b8cc370c8 CURRENT

The assertion failure may be caused by the optimizations. SQLite crashes by default with all optimizations enabled. If I disable the SQLITE_SeekScan optimization, SQLite works well.

CREATE TABLE v0 ( c1 TEXT, UNIQUE ( c1, c1, c1 ) ); 
INSERT INTO v0 VALUES ( hex(zeroblob(241)) ), ( 1 ), ( 2 ), ( 3 ); 
ANALYZE; 

.testctrl optimizations 0x00020000;
.print '-- disable optimization of SQLITE_SeekScan'
SELECT max ( c1 ) FROM v0 WHERE c1 IN v0;

My compilation flags:

    export CFLAGS="-g -O0 -DSQLITE_DEBUG 
                -DSQLITE_ENABLE_TREETRACE 
                -DSQLITE_ENABLE_WHERETRACE
                -DSQLITE_ENABLE_CURSOR_HINTS 
                -DSQLITE_COUNTOFVIEW_OPTIMIZATION 
                -DSQLITE_ENABLE_STAT4"

(2) By Song Liu (songliu) on 2023-03-24 22:30:18 in reply to 1 [link] [source]

It seems the bug is fixed at commit b95e69330eca0f45. Thanks for your work!