SQLite Forum

SEGV in online backup API

SEGV in online backup API

(1) By hgarrereyn on 2021-09-02 04:04:55 [link] [source]

The following test case crashes with a SEGV (read) when compiling with ASAN:

Sqlite3 version: 3.36.0 (using the amalgamation sqlite3.c)

#include "sqlite3.h"

int main() {
    sqlite3 *d1;
    sqlite3 *d2;
    sqlite3 *d3;
    sqlite3_open(":memory:", &d1);
    sqlite3_open(":memory:", &d2);
    sqlite3_open(":memory:", &d3);

    sqlite3_backup *b1 = sqlite3_backup_init(d3, "main", d2, "main");
    sqlite3_backup *b2 = sqlite3_backup_init(d1, "main", d3, "main");
    sqlite3_backup *b3 = sqlite3_backup_init(d1, "main", d2, "main");

    sqlite3_backup_step(b1, 8388608);

    sqlite3_backup_step(b2, 0);
    sqlite3_backup_step(b2, 8421376); // SEGV on read


This is not a security vulnerability because it an impractical situation. However, this usage of the API seems to be allowed by the documentation.

Specifically, the API doesn't mention what should happen if there are multiple simultaneous backups happening. Since there is some amount of error handling safeguards in place when performing backups, perhaps this situation should throw an error instead of segfaulting?

(2) By Dan Kennedy (dan) on 2021-09-02 06:32:44 in reply to 1 [source]

Thanks for reporting this. An assert() fails in debug mode too.

I think this test case is expected to malfunction. See the second paragraph under "Concurrent Usage of Database Handles" here:


As you say, we should be able to avoid the segfault though.


(3) By J.M. Aranda (JMAranda) on 2021-09-02 11:14:30 in reply to 2 [link] [source]

What is that thread safe? Sometimes you have to impose good practices. Or limit the bad ones.