SQLite Forum

Crash in sqlite3_open_v2 with SQLITE_HAS_CODEC

Crash in sqlite3_open_v2 with SQLITE_HAS_CODEC

(1.2) By Mike (sentinel101) on 2020-04-16 18:06:58 edited from 1.1 [link] [source]

In our application we define SQLITE_HAS_CODEC and use an own codec for encryption. After updating to 3.31.1 we have encountered crashes in the openDatabase function which is called by sqlite3_open_v2.

Crash happens here in openDatabase:

#if defined(SQLITE_HAS_CODEC)
  if( rc==SQLITE_OK ) sqlite3CodecQueryParameters(db, 0, zOpen);

At the crash site I see this code:

** This only works if the filename passed in was obtained from the Pager.
static const char *databaseName(const char *zName){
  while( zName[-1]!=0 || zName[-2]!=0 || zName[-3]!=0 || zName[-4]!=0 ){
  return zName;

which walks into uninitialized memory and then crashes.

As zName is supposedly not coming from the Pager but through the direct usage of sqlite3_open_v2 this seems to be a bug.

The callstack of the crash is:

> FooBar.exe!databaseName(const char * zName) Line 163312 C
FooBar.exe!sqlite3_uri_parameter(const char * zFilename, const char * zParam) Line 163331 C
FooBar.exe!sqlite3CodecQueryParameters(sqlite3 * db, const char * zDb, const char * zUri) Line 162061 C
FooBar.exe!openDatabase(const char * zFilename, sqlite3 * * ppDb, unsigned int flags, const char * zVfs) Line 162467 C
[Inline Frame] FooBar.exe!sqlite3_open_v2(const char *) Line 162490 C++

(2) By anonymous on 2020-04-19 12:57:02 in reply to 1.2 [source]

Most likely the crash is due to a problem in sqlite3CodecQueryParameters that was introduced in release 3.31.1 (see SQLite timeline), but that was fixed a few days after the release.

So, either you have to patch the SQLite code accordingly, or go back to a prior SQLite release, or wait for the next SQLite release.

(3) By Mike (sentinel101) on 2020-04-20 08:36:13 in reply to 2 [link] [source]

Yes, I saw that there were additional commits in this area after 3.31.1 but not release yet. So for now I switched back to 3.31.0.