SQLite

View Ticket
Login
Ticket Hash: dc9b1c91db15ae9d76e98ee7a6d8125613307085
Title: One trigger may use auxdata belonging to another.
Status: Closed Type: Code_Defect
Severity: Critical Priority: Immediate
Subsystem: Unknown Resolution: Fixed
Last Modified: 2016-02-19 18:55:55
Version Found In:
User Comments:
dan added on 2016-02-19 17:22:13:

Assuming the REGEXP operator implementation uses sqlite3_set_auxdata() to store a compiled version of its regular expression (as the bundled extension does), test 1.1 of the following tcl test script fails:

do_execsql_test 1.0 {
  CREATE TABLE t1(a, b, c);
  CREATE TABLE x1(x, y, z);
  CREATE TABLE x2(x, y, z);

  CREATE TRIGGER tr1 AFTER INSERT ON t1 BEGIN
    INSERT INTO x1 VALUES(
        new.a REGEXP 'abc',
        new.b REGEXP 'abc',
        new.c REGEXP 'abc'
    );
  END;

  CREATE TRIGGER tr2 AFTER INSERT ON t1 BEGIN
    INSERT INTO x2 VALUES(
        new.a REGEXP 'def',
        new.b REGEXP 'def',
        new.c REGEXP 'def'
    );
  END;

  INSERT INTO t1 VALUES('abc', 'def', 'abc');
  SELECT * FROM t1;
} {abc def abc}

do_execsql_test 1.1 { SELECT * FROM x1 } {1 0 1}
do_execsql_test 1.2 { SELECT * FROM x2 } {0 1 0}

The trouble is that the REGEXP operators in trigger "tr1" are incorrectly using the compiled regular expressions for trigger "tr2" - causing the operators in "tr1" to populate table x1 with the same values as table x2.

If the two triggers were using different operators or user-functions that both used sqlite3_set_auxdata() a crash or other error might have occurred instead.

Reported on mailing list here: http://osdir.com/ml/general/2016-02/msg26665.html


dan added on 2016-02-19 18:55:28:

Fixed by [c4295725].