SQLite Forum

sqlite version:3.22

Hello,I found some potential bugs of null pointer dereference in sqlite3.Would you help me check whether the bugs mentioned below are true? Thank you very much for your patience.

In file sqlite3/build/sqlite3.c(build is a folder contain files generated by configure)
In function sqlite3VtabCallDestroy
In line 128391.There is a statement load return value of function vtabDisconnectedAll to pointer p and return value can be null.
In line 128392.There is a statment derefer p without check.
![image](https://user-images.githubusercontent.com/87304478/131200799-b8340903-5d08-4f46-a65a-d4ed4b1f8c38.png)



In sqlite3-3.22.0/src/tclsqlite.c
In function dbReleaseStmt
In line 1421:
pointer pPrev is initilized to null,and in a certain path,the value of pPrev not be changed and derefered without check.
![image](https://user-images.githubusercontent.com/87304478/131200819-e385dd14-511c-48d8-aa34-1e13894271bf.png)



In file sqlite3/build/sqlite3.c(build is a folder contain files generated by configure)
In function vdbeSorterFlushPMA
In line 89710,pointer pTask is derefered without check and its value can be null.
![image](https://user-images.githubusercontent.com/87304478/131200832-24b0d30a-dd7a-4f6c-8e95-2216faecc491.png)



In file sqlite3/build/sqlite3.c(build is a folder contain files generated by configure)
In function sqlite3CodeRowTriggerDirect
In line 126110:
pointer v load return value of function sqliteGetVdbe and its value can be null.
In line 126120:
pointer v act as the 1st parameter of function sqlite3VdbeAddOp4 and in this function,v will derefer without check.
![image](https://user-images.githubusercontent.com/87304478/131200847-56f89c71-c500-4878-8b71-4df738ce2d10.png)
![image](https://user-images.githubusercontent.com/87304478/131200862-f96fe6dc-325b-407a-b811-319b78dcf6ae.png)
![image](https://user-images.githubusercontent.com/87304478/131200867-007875c9-4084-4b4f-85ae-47800a728f37.png)
![image](https://user-images.githubusercontent.com/87304478/131200870-c84faead-b3d7-4118-9f80-955e0585e69d.png)
![image](https://user-images.githubusercontent.com/87304478/131200872-d51e6e85-05e9-4316-a5d2-730e7297f8bf.png)



In file sqlite3/build/sqlite3.c(build is a folder contain files generated by configure)
In function sqlite3_randomness
In line 27774:return value of sqlite3_vfs_find which can be null act as the 1st parameter of function sqlite3OsRandomness,in this function,return value of sqlite3_vfs_find is derefered without check.
![image](https://user-images.githubusercontent.com/87304478/131200895-39a7f99f-e153-4399-ab7f-c8e775e20de7.png)


In file sqlite3/build/shell.c(build is a folder contain files generated by configure)
In function process_input
In line 14653:
zSql is initialized to null and in certain path,the value of zSql not be changed and derefered without check.
![image](https://user-images.githubusercontent.com/87304478/131200905-6c1f47d2-1072-4208-882c-4583c1b74591.png)

In file sqlite3/build/shell.c(build is a folder contain files generated by configure)
In function sqlite3_appendvfs_init
In line 3949:
return value of function sqlite3_vfs_fund which can be null is loaded to pOrig
In line 3950:
pOrig is derefered without check
![image](https://user-images.githubusercontent.com/87304478/131200911-c6bb47f4-0ce6-41e0-a21e-6cdc0c6e2370.png)
![image](https://user-images.githubusercontent.com/87304478/131200915-3b0ae70d-0cb1-4f73-9a08-d7cf6890a506.png)


In file sqlite3/build/sqlite3.c(build is a folder contain files generated by configure)
In function fts3IncrmergeChomp
In line 163794:
pSeg is initialized to null.
In line 163803:
pSeg is derefered without check
![image](https://user-images.githubusercontent.com/87304478/131200925-daee0407-a58c-446e-a58e-e938299fb123.png)
![image](https://user-images.githubusercontent.com/87304478/131200930-846bac9d-2f96-4665-9531-9044168bbdbe.png)
![image](https://user-images.githubusercontent.com/87304478/131200946-0304b59f-abc2-4b06-b6d3-2c6befa6469e.png)