SQLite Forum

Crash found in SQLite version 3.38.1
Login
Chronological

Crash found in SQLite version 3.38.1

(1) By salmonx on 2022-03-19 10:30:55 [source]

POC:

SELECT zipfile('test.zip'), mtime, data, method FROM zipfile(zeroblob('test.zip'));

AddressSanitizer

toor@ubuntu:~/work/fuzz/sqlite_3.38.1/bld$ ./sqlite3 
SQLite version 3.38.1 2022-03-12 13:37:29
Enter ".help" for usage hints.
Connected to a transient in-memory database.
Use ".open FILENAME" to reopen on a persistent database.
sqlite> SELECT zipfile('test.zip'), mtime, data, method FROM zipfile(zeroblob('test.zip'));
ASAN:DEADLYSIGNAL
=================================================================
==89544==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7efeae983d31 bp 0x7ffc1294ca60 sp 0x7ffc1294ca10 T0)
==89544==The signal is caused by a READ memory access.
==89544==Hint: address points to the zero page.
    #0 0x7efeae983d30 in fseek (/lib/x86_64-linux-gnu/libc.so.6+0x87d30)
    #1 0x5646ed8e50fe in zipfileReadEOCD /home/toor/work/fuzz/sqlite_3.38.1/bld/shell.c:7852
    #2 0x5646ed8fb329 in zipfileLoadDirectory /home/toor/work/fuzz/sqlite_3.38.1/bld/shell.c:7930
    #3 0x5646ed8fcfb3 in zipfileFilter /home/toor/work/fuzz/sqlite_3.38.1/bld/shell.c:7970
    #4 0x5646edad0877 in sqlite3VdbeExec /home/toor/work/fuzz/sqlite_3.38.1/bld/sqlite3.c:95210
    #5 0x5646edaed92b in sqlite3Step /home/toor/work/fuzz/sqlite_3.38.1/bld/sqlite3.c:85759
    #6 0x5646edaed92b in sqlite3_step /home/toor/work/fuzz/sqlite_3.38.1/bld/sqlite3.c:85816
    #7 0x5646ed8f788b in exec_prepared_stmt /home/toor/work/fuzz/sqlite_3.38.1/bld/shell.c:14644
    #8 0x5646ed905314 in shell_exec /home/toor/work/fuzz/sqlite_3.38.1/bld/shell.c:14965
    #9 0x5646ed908fc1 in runOneSqlLine /home/toor/work/fuzz/sqlite_3.38.1/bld/shell.c:22498
    #10 0x5646ed9258cb in process_input /home/toor/work/fuzz/sqlite_3.38.1/bld/shell.c:22626
    #11 0x5646ed8c400d in main /home/toor/work/fuzz/sqlite_3.38.1/bld/shell.c:23452
    #12 0x7efeae91dbf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)
    #13 0x5646ed8c62b9 in _start (/home/toor/work/fuzz/sqlite_3.38.1/bld/sqlite3+0x5d2b9)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x87d30) in fseek
==89544==ABORTING

(2) By Larry Brasfield (larrybr) on 2022-03-19 12:58:48 in reply to 1 [link] [source]

Thanks for reporting this. Fixed here.