SQLite Forum

Three testcases causing different Assertion Failed
Login
Chronological Hierarchical 
Hi Richard. I find some testcases causing Assertion Failed today, here are the PoCs, and I will show their backtrace in the replies of this thread.

- command: sqlite3 < crash.sql
- version: version: 3.37.1
- compile params: Clang-12 with debug enabled

# PoC No.1 (crash.sql):

```sql
PRAGMA writable_schema = 1;
CREATE TABLE c1(x);
CREATE TABLE sqlite_sequence (name PRIMARY KEY) WITHOUT ROWID;
ALTER TABLE c1 RENAME TO a;
```

# PoC No.2 (crash.sql)

```sql
ATTACH ':memory:' AS aux;
CREATE TABLE aux.t20_2(y);
CREATE TEMP TRIGGER q AFTER INSERT ON t20_2 BEGIN UPDATE t20_3 SET z=z+1; END;
CREATE TEMP TABLE IF NOT EXISTS f2(f3);
DETACH aux;
SAVEPOINT two;
PRAGMA schema_version = 10;
CREATE VIRTUAL TABLE temp.'ia1' USING 'ia';
CREATE TEMP TABLE IF NOT EXISTS f2(f3);
CREATE VIRTUAL TABLE temp.'ia1' USING 'ia';
```

# PoC No.3 (crash.sql)

```sql
SAVEPOINT abc;
SAVEPOINT abc;
PRAGMA secure_delete=true;
ATTACH ':memory:' as aux;
PRAGMA page_size = 1024;
PRAGMA writable_schema=ON;
PRAGMA auto_vacuum = incremental;
CREATE TABLE sqlite_stat1(tbl, idx);
INSERT INTO sqlite_stat1 VALUES(2, zeroblob(248*1020 + 100));
SAVEPOINT abc;
PRAGMA auto_vacuum = incremental;
CREATE TABLE stat(sqlsim4, sqlsim5);
SAVEPOINT abc;
INSERT INTO sqlite_stat1 VALUES(2, zeroblob(248*1020 + 100));
ANALYZE;
SAVEPOINT abc;
PRAGMA auto_vacuum = incremental;
CREATE VIRTUAL TABLE v2 USING echo ;
INSERT INTO stat VALUES(2, zeroblob(248*1020 + 100));;ANALYZE;ROLLBACK TO abc;;ANALYZE;;ATTACH '' AS vacuum_db;
ANALYZE;
ANALYZE;
```

And, emm, I want to say more here. Sqlite3 is really a safety database engine, I think. The same as you have mentioned in DOCUMENT cves.html, these three testcases also seems to be harmless.

I believe that you have noticed I am doing some research on DBMS fuzzing. Among DBMS software I am testing including MySQL, PostgreSQL, MariaDB and SQLite, the SQLite engine does best in defending against arcane SQL statements. 

You know, other DBMS software has much stricter limitations on SQL syntax and semantics, such as column types checking. However, there are still MUCH MORE bugs I found in them recent days than in SQLite. I think it is amazing that we can use SQLite with much less limitations and much more safety at the same time. 

Thank you very much, Richard. SQLite is really great.