Crash found in SQLite version 3.38.1
(1) By salmonx on 2022-03-19 10:30:55 [source]
POC:
SELECT zipfile('test.zip'), mtime, data, method FROM zipfile(zeroblob('test.zip'));
AddressSanitizer
toor@ubuntu:~/work/fuzz/sqlite_3.38.1/bld$ ./sqlite3
SQLite version 3.38.1 2022-03-12 13:37:29
Enter ".help" for usage hints.
Connected to a transient in-memory database.
Use ".open FILENAME" to reopen on a persistent database.
sqlite> SELECT zipfile('test.zip'), mtime, data, method FROM zipfile(zeroblob('test.zip'));
ASAN:DEADLYSIGNAL
=================================================================
==89544==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7efeae983d31 bp 0x7ffc1294ca60 sp 0x7ffc1294ca10 T0)
==89544==The signal is caused by a READ memory access.
==89544==Hint: address points to the zero page.
#0 0x7efeae983d30 in fseek (/lib/x86_64-linux-gnu/libc.so.6+0x87d30)
#1 0x5646ed8e50fe in zipfileReadEOCD /home/toor/work/fuzz/sqlite_3.38.1/bld/shell.c:7852
#2 0x5646ed8fb329 in zipfileLoadDirectory /home/toor/work/fuzz/sqlite_3.38.1/bld/shell.c:7930
#3 0x5646ed8fcfb3 in zipfileFilter /home/toor/work/fuzz/sqlite_3.38.1/bld/shell.c:7970
#4 0x5646edad0877 in sqlite3VdbeExec /home/toor/work/fuzz/sqlite_3.38.1/bld/sqlite3.c:95210
#5 0x5646edaed92b in sqlite3Step /home/toor/work/fuzz/sqlite_3.38.1/bld/sqlite3.c:85759
#6 0x5646edaed92b in sqlite3_step /home/toor/work/fuzz/sqlite_3.38.1/bld/sqlite3.c:85816
#7 0x5646ed8f788b in exec_prepared_stmt /home/toor/work/fuzz/sqlite_3.38.1/bld/shell.c:14644
#8 0x5646ed905314 in shell_exec /home/toor/work/fuzz/sqlite_3.38.1/bld/shell.c:14965
#9 0x5646ed908fc1 in runOneSqlLine /home/toor/work/fuzz/sqlite_3.38.1/bld/shell.c:22498
#10 0x5646ed9258cb in process_input /home/toor/work/fuzz/sqlite_3.38.1/bld/shell.c:22626
#11 0x5646ed8c400d in main /home/toor/work/fuzz/sqlite_3.38.1/bld/shell.c:23452
#12 0x7efeae91dbf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)
#13 0x5646ed8c62b9 in _start (/home/toor/work/fuzz/sqlite_3.38.1/bld/sqlite3+0x5d2b9)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x87d30) in fseek
==89544==ABORTING
(2) By Larry Brasfield (larrybr) on 2022-03-19 12:58:48 in reply to 1 [link] [source]
Thanks for reporting this. Fixed here.