SQLite Forum

a SQL plain text discoverd by fuzzer causes Assertion Failed
Login

a SQL plain text discoverd by fuzzer causes Assertion Failed

(1) By Jingzhou Fu (fuboat) on 2021-12-31 13:50:32 [source]

  • command: sqlite3 < crash.sql
  • version: version: 3.37.1
  • compile params: Clang-12 with debug enabled

PoC (crash.sql):

PRAGMA writable_schema=ON;
PRAGMA foreign_keys = ON;
CREATE TABLE sqlite_stat1 (tbl INTEGER PRIMARY KEY DESC, idx UNIQUE DEFAULT NULL) WITHOUT ROWID;
CREATE TABLE sqlsim4(stat PRIMARY KEY);;
CREATE TABLE t1(sqlsim7 REFERENCES sqlite_stat1 ON DELETE CASCADE);
DROP table "sqlsim4";

gdb backtrace:

sqlite3: sqlite3.c:167969: sqlite3LeaveMutexAndCloseZombie: Assertion `sqlite3LookasideUsed(db,0)==0' failed.

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50      ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007fddd9ec3859 in __GI_abort () at abort.c:79
#2  0x00007fddd9ec3729 in __assert_fail_base (fmt=0x7fddda059588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x564d47a69932 "sqlite3LookasideUsed(db,0)==0", 
    file=0x564d47a400ba "sqlite3.c", line=167969, function=<optimized out>) at assert.c:92
#3  0x00007fddd9ed4f36 in __GI___assert_fail (assertion=0x564d47a69932 "sqlite3LookasideUsed(db,0)==0", file=0x564d47a400ba "sqlite3.c", line=167969, 
    function=0x564d47a780c0 <__PRETTY_FUNCTION__.42684> "sqlite3LeaveMutexAndCloseZombie") at assert.c:101
#4  0x0000564d479f571a in sqlite3LeaveMutexAndCloseZombie (db=0x564d47cba150) at sqlite3.c:167969
#5  0x0000564d479f51dd in sqlite3Close (db=0x564d47cba150, forceZombie=0) at sqlite3.c:167805
#6  0x0000564d479f52de in sqlite3_close (db=0x564d47cba150) at sqlite3.c:167848
#7  0x0000564d478c70f0 in close_db (db=0x564d47cba150) at shell.c:15853
#8  0x0000564d478d960d in main (argc=1, argv=0x7ffc81b76b98) at shell.c:22844

The failed assertion will occur when the sqlite3 process exits after finishing these statements. However, nothing will happen if sqlite3 is compiled with debug disabled.

(2) By Richard Hipp (drh) on 2021-12-31 14:35:10 in reply to 1 [link] [source]

Thanks for the bug report. We are working the problem now.

Just to be clear: This is a memory leak. It is not a problem that would cause a production application to crash or malfunction. When you compile SQLite with -DSQLITE_DEBUG, it raises an assert() if a memory leak is detected, and that is exactly the assert() that you are seeing here.

(3) By Richard Hipp (drh) on 2021-12-31 16:39:12 in reply to 1 [link] [source]

Now fixed by check-in 562805cf488a455c. Addition defensive changes might appear in subsequent check-ins.