SQLite Forum

Segmentation fault in decodeIntArray function (2)
Login
Chronological

Segmentation fault in decodeIntArray function (2)

(1) By Song Liu (songliu) on 2023-05-03 00:30:10 [source]

I found a segment fault while SQLite (latest, 92ade220dcf5c1b7) executes the following queries.

Here is the link to file malform used for reproducing the crash: malform

CREATE VIRTUAL TABLE t USING rtree(a,b,c);
.c malform/

Here is the ASAN report:

==3411470==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000001 (pc 0x0000007d29c6 bp 0x7ffffffede50 sp 0x7ffffffedd00 T0)
==3411470==The signal is caused by a WRITE memory access.
==3411470==Hint: address points to the zero page.
    #0 0x7d29c6 in decodeIntArray /data/song/projects/testbug/sqlite_bisect/sqlite3.c:116719:24
    #1 0x7d54eb in loadStatTbl /data/song/projects/testbug/sqlite_bisect/sqlite3.c:117035:5
    #2 0x7d280b in loadStat4 /data/song/projects/testbug/sqlite_bisect/sqlite3.c:117071:10
    #3 0x76f365 in sqlite3AnalysisLoad /data/song/projects/testbug/sqlite_bisect/sqlite3.c:117154:10
    #4 0x76ccbc in sqlite3InitOne /data/song/projects/testbug/sqlite_bisect/sqlite3.c:138195:7
    #5 0x622eb2 in sqlite3Init /data/song/projects/testbug/sqlite_bisect/sqlite3.c:138261:10
    #6 0x7ed756 in sqlite3ReadSchema /data/song/projects/testbug/sqlite_bisect/sqlite3.c:138287:10
    #7 0x81a6dd in sqlite3StartTable /data/song/projects/testbug/sqlite_bisect/sqlite3.c:119350:20
    #8 0x875fea in sqlite3VtabBeginParse /data/song/projects/testbug/sqlite_bisect/sqlite3.c:151362:3
    #9 0x812e6f in yy_reduce /data/song/projects/testbug/sqlite_bisect/sqlite3.c:172388:5
    #10 0x7fc7d3 in sqlite3Parser /data/song/projects/testbug/sqlite_bisect/sqlite3.c:172836:15
    #11 0x6101cd in sqlite3RunParser /data/song/projects/testbug/sqlite_bisect/sqlite3.c:174136:5
    #12 0x7ceba8 in sqlite3Prepare /data/song/projects/testbug/sqlite_bisect/sqlite3.c:138589:5
    #13 0x60a844 in sqlite3LockAndPrepare /data/song/projects/testbug/sqlite_bisect/sqlite3.c:138664:10
    #14 0x5d7385 in sqlite3_prepare_v2 /data/song/projects/testbug/sqlite_bisect/sqlite3.c:138750:8
    #15 0x607df9 in sqlite3_exec /data/song/projects/testbug/sqlite_bisect/sqlite3.c:132522:10
    #16 0x5997b5 in tryToCloneSchema /data/song/projects/testbug/sqlite_bisect/shell.c:21370:7
    #17 0x58e5f9 in tryToClone /data/song/projects/testbug/sqlite_bisect/shell.c:21437:5
    #18 0x511346 in do_meta_command /data/song/projects/testbug/sqlite_bisect/shell.c:23422:7
    #19 0x53349c in process_input /data/song/projects/testbug/sqlite_bisect/shell.c:26829:14
    #20 0x50bc22 in main /data/song/projects/testbug/sqlite_bisect/shell.c:27802:12
    #21 0x7ffff7b72082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
    #22 0x41d69d in _start (/data/song/projects/testbug/sqlite3-asan+0x41d69d)

We have discussed a similar problem before (forum post: 6c118daad0), here is the patch f097ca70b5b967d1

My compilation flags:

export CFLAGS="-g -DSQLITE_DEBUG
            -DSQLITE_ENABLE_TREETRACE
            -DSQLITE_ENABLE_WHERETRACE
            -DSQLITE_ENABLE_CURSOR_HINTS
            -DSQLITE_COUNTOFVIEW_OPTIMIZATION
            -DSQLITE_ENABLE_STAT4"
./configure --enable-all --enable-debug --disable-shared && make