Re: [sqlite] Out of bounds memory reads triggered by sqlite tests (testfixture/fuzzcheck)
It seems the mailing list strips out the attachments. Pasting the content of the ASAN errors in here: --- ==9547==ERROR: AddressSanitizer: global-buffer-overflow on address 0x007fe73e at pc 0x4ecfea bp 0x7ffc7f568090 sp 0x7ffc7f568080 READ of size 2 at 0x007fe73e thread T0 #0 0x4ecfe9 in sqlite3Fts5UnicodeCategory /var/tmp/portage/dev-db/sqlite-3.25.3/work/sqlite-src-3250300-abi_x86_64.amd64/sqlite3.c:217750 #1 0x5724d6 in sqlite3Fts5UnicodeCategory /var/tmp/portage/dev-db/sqlite-3.25.3/work/sqlite-src-3250300-abi_x86_64.amd64/sqlite3.c:204505 #2 0x5724d6 in fts5ExprIsAlnum /var/tmp/portage/dev-db/sqlite-3.25.3/work/sqlite-src-3250300-abi_x86_64.amd64/sqlite3.c:204505 #3 0x6d8eac in sqlite3VdbeExec /var/tmp/portage/dev-db/sqlite-3.25.3/work/sqlite-src-3250300-abi_x86_64.amd64/sqlite3.c:89966 #4 0x6f2c49 in sqlite3Step /var/tmp/portage/dev-db/sqlite-3.25.3/work/sqlite-src-3250300-abi_x86_64.amd64/sqlite3.c:81043 #5 0x6f2c49 in sqlite3_step /var/tmp/portage/dev-db/sqlite-3.25.3/work/sqlite-src-3250300-abi_x86_64.amd64/sqlite3.c:81106 #6 0x4c1694 in dbEvalStep /var/tmp/portage/dev-db/sqlite-3.25.3/work/sqlite-src-3250300-abi_x86_64.amd64/src/tclsqlite.c:1598 #7 0x4c5b5f in DbObjCmd /var/tmp/portage/dev-db/sqlite-3.25.3/work/sqlite-src-3250300-abi_x86_64.amd64/src/tclsqlite.c:2573 #8 0x7fcca39c95db in TclNRRunCallbacks (/usr/lib64/libtcl8.6.so+0xd35db) #9 0x7fcca3bfc5a5 (/usr/lib64/libtcl8.6.so+0x3065a5) #10 0x7fcca3c02177 (/usr/lib64/libtcl8.6.so+0x30c177) #11 0x7fcca39c95db in TclNRRunCallbacks (/usr/lib64/libtcl8.6.so+0xd35db) #12 0x7fcca3a1533c (/usr/lib64/libtcl8.6.so+0x11f33c) #13 0x7fcca39c95db in TclNRRunCallbacks (/usr/lib64/libtcl8.6.so+0xd35db) #14 0x7fcca39cfc92 (/usr/lib64/libtcl8.6.so+0xd9c92) #15 0x7fcca39d08e2 in Tcl_EvalEx (/usr/lib64/libtcl8.6.so+0xda8e2) #16 0x7fcca39d0904 in Tcl_Eval (/usr/lib64/libtcl8.6.so+0xda904) #17 0x7fcca39d1db7 in Tcl_GlobalEval (/usr/lib64/libtcl8.6.so+0xdbdb7) #18 0x408d93 in main /var/tmp/portage/dev-db/sqlite-3.25.3/work/sqlite-src-3250300-abi_x86_64.amd64/src/tclsqlite.c:3780 #19 0x7fcca33824ca in __libc_start_main (/lib64/libc.so.6+0x234ca) #20 0x408fa9 in _start (/var/tmp/portage/dev-db/sqlite-3.25.3/work/sqlite-src-3250300-abi_x86_64.amd64/testfixture+0x408fa9) 0x007fe73e is located 2 bytes to the left of global variable 'aFts5UnicodeBlock' from 'sqlite3.c' (0x7fe740) of size 34 0x007fe73e is located 52 bytes to the right of global variable 'aFts5UnicodeMap' from 'sqlite3.c' (0x7fd940) of size 3530 SUMMARY: AddressSanitizer: global-buffer-overflow /var/tmp/portage/dev-db/sqlite-3.25.3/work/sqlite-src-3250300-abi_x86_64.amd64/sqlite3.c:217750 sqlite3Fts5UnicodeCategory Shadow bytes around the buggy address: 0x800f7c90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x800f7ca0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x800f7cb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x800f7cc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x800f7cd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x800f7ce0: 00 02 f9 f9 f9 f9 f9[f9]00 00 00 00 02 f9 f9 f9 0x800f7cf0: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00 0x800f7d00: 00 00 00 00 00 00 00 00 f9 f9 f9 f9 00 00 00 00 0x800f7d10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x800f7d20: 00 00 00 00 f9 f9 f9 f9 00 00 00 00 00 00 00 f9 0x800f7d30: f9 f9 f9 f9 00 00 00 00 03 f9 f9 f9 f9 f9 f9 f9 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user:f7 Contiguous container OOB:fc ASan internal: fe ==9547==ABORTING --- = ==9454==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6180005277a2 at pc 0x565790 bp 0x7ffc663f6500 sp 0x7ffc663f64f0 READ of size 4 at 0x6180005277a2 thread T0 #0 0x56578f in sqlite3Get4byte /var/tmp/portage/dev-db/sqlite-3.25.3/work/sqlite-src-3250300-abi_x86_64.amd64/sqlite3.c:31007 #1 0x56578f in ptrmapPutOvflPtr /var/tmp/portage/dev-db/sqlite-3.25.3/work/sqlite-src-3250300-abi_x86_64.amd64/sqlite3.c:64015 #2 0x5659f9 in ptrmapPutOvflPtr /var/tmp/portage/dev-db/sqlite-3.25.3/work/sqlite-src-3250300-abi_x86_64.amd64/sqlite3.c:64011 #3 0x5659f9 in setChildPtrmaps /var/tmp/portage/dev-db/sqlite-3.25.3/work/sqlite-src-3250300-abi_x86_64.amd64/sqlite3.c:66136 #4 0x566087
[sqlite] Out of bounds memory reads triggered by sqlite tests (testfixture/fuzzcheck)
Hi, When compiling sqlite with address sanitizer (-fsanitize=address in CFLAGS/LDFLAGS) and running the tests I get two memory safety violations. I've attached the ASAN error messages / stack traces. Both are out of bounds memory reads, in testfixture and fuzzcheck. I strongly recommend that the test should be run routinely with address sanitizer enabled. Particularly Fuzz-testing becomes much more effective with it. -- Hanno Böck https://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 ___ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Re: [sqlite] Broken Foreign key
parent keys MUST have unique indexes. Add the missing indexes. child keys SHOULD be indexed: UNIQUE indexes for 1:1 relationships, non-unique indexes for 1:N relationships put unique indexes on your parents and all will work just fine. --- The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume. >-Original Message- >From: sqlite-users [mailto:sqlite-users- >boun...@mailinglists.sqlite.org] On Behalf Of J Decker >Sent: Sunday, 11 November, 2018 20:25 >To: General Discussion of SQLite Database >Subject: [sqlite] Broken Foreign key > >https://d3x0r.org:444/temporary/broken_fk.tgz (30k) > >this has a .option.db in it and a test.sh. >It turns on foreign_keys, selects from the name_id that it says is a >forieng key violation, and inserts into option4_map. > >option4_map has option_id(PK),parent_id(FK option_id),name_id(FK) >option4_name has name_id(PK), name >option4_values has option_id(FK),string > >the insert says the name isn't there; in the real scenario the ID of >the >name was JUST selected; as it is here... so it sort of had to be >there; >although technically the insert happens on a new connection (after >pragma >foreign_keys=on init runs) > > >sqlite3 --echo .option.db << EOF >pragma foreign_keys=on; >select * from option4_name where >name_id='5e49af20-e621-11e8-9a4c-0cc47a7f9351'; >.print Insert into option4_map(option_id,parent_option_id,name_id) >values >('366a676a-e626-11e8-a7de-0cc47a7f9351','b2b9feae-315d-11e7-b998- >0cc47a7f9350','5e49af20-e621-11e8-9a4c-0cc47a7f9351'); >Insert into option4_map(option_id,parent_option_id,name_id) values >('366a676a-e626-11e8-a7de-0cc47a7f9351','b2b9feae-315d-11e7-b998- >0cc47a7f9350','5e49af20-e621-11e8-9a4c-0cc47a7f9351'); >EOF > > >I tested with sqlite3 3.25.2(different linux system) >3.24.2(actual >code)3.7.17(actual linux system) >___ >sqlite-users mailing list >sqlite-users@mailinglists.sqlite.org >http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users ___ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
[sqlite] Broken Foreign key
https://d3x0r.org:444/temporary/broken_fk.tgz (30k) this has a .option.db in it and a test.sh. It turns on foreign_keys, selects from the name_id that it says is a forieng key violation, and inserts into option4_map. option4_map has option_id(PK),parent_id(FK option_id),name_id(FK) option4_name has name_id(PK), name option4_values has option_id(FK),string the insert says the name isn't there; in the real scenario the ID of the name was JUST selected; as it is here... so it sort of had to be there; although technically the insert happens on a new connection (after pragma foreign_keys=on init runs) sqlite3 --echo .option.db << EOF pragma foreign_keys=on; select * from option4_name where name_id='5e49af20-e621-11e8-9a4c-0cc47a7f9351'; .print Insert into option4_map(option_id,parent_option_id,name_id) values ('366a676a-e626-11e8-a7de-0cc47a7f9351','b2b9feae-315d-11e7-b998-0cc47a7f9350','5e49af20-e621-11e8-9a4c-0cc47a7f9351'); Insert into option4_map(option_id,parent_option_id,name_id) values ('366a676a-e626-11e8-a7de-0cc47a7f9351','b2b9feae-315d-11e7-b998-0cc47a7f9350','5e49af20-e621-11e8-9a4c-0cc47a7f9351'); EOF I tested with sqlite3 3.25.2(different linux system) 3.24.2(actual code)3.7.17(actual linux system) ___ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Re: [sqlite] HELP!
> On Nov 11, 2018, at 1:24 AM, Clemens Ladisch wrote: > > It's not; SQLite is file based. The only way to share this would be to > make a file share in the company-wide network, i.e., to make the file > \\COMPANYSERVER\SomeShare\MyLittleDB.sqlite directly accessible from > everywhere. (This is likely to be inefficient.) Not just inefficient, it is almost guaranteed to corrupt the database file if more than one connection tries to access it at the same time. There isn’t a remote file system out there (in the Windows or Unix world) that correctly implements the locking structures SQLite requires. -j ___ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Re: [sqlite] minor nit pick of "When To Use"
> On Nov 11, 2018, at 7:38 AM, Dennis Clarke wrote: > > On 11/11/18 8:25 AM, J. King wrote: >> On November 11, 2018 8:04:51 AM EST, Dennis Clarke >> wrote: >>> >>> this : https://www.sqlite.org/whentouse.html > >> he.net is Hurricane Electric, an Internet backbone. > > An IX ? HE is not an IX, they’re a transit provider. Their big claim to fame was that they were one of the pioneers of IPv6, making tools, tunnels, and prefixes available to a wide range of organizations, including individuals, long before most of the rest of the internet even cared about IPv6. > Regardless the whole reference to "fopen()" is a bit of a joke. Not really… it is exactly as it says. SQLite is designed to be used in situations were a developer might be tempted to just use CSV or TSV files. The link is only there to clue in non-programmers (or those that have never used C) what they heck the webpage is talking about. They don’t need to understand it, beyond the fact it is an API call. -j ___ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Re: [sqlite] minor nit pick of "When To Use"
On 11/11/18 8:38 AM, Dennis Clarke wrote: On 11/11/18 8:25 AM, J. King wrote: On November 11, 2018 8:04:51 AM EST, Dennis Clarke wrote: this : https://www.sqlite.org/whentouse.html he.net is Hurricane Electric, an Internet backbone. An IX ? https://www.peeringdb.com/asn/6939 in a big way ... cool. dc ___ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Re: [sqlite] minor nit pick of "When To Use"
On 11/11/18 8:25 AM, J. King wrote: On November 11, 2018 8:04:51 AM EST, Dennis Clarke wrote: this : https://www.sqlite.org/whentouse.html he.net is Hurricane Electric, an Internet backbone. An IX ? Ah yes .. those guys ... been around forever. I should just "know that" but forgot. Regardless the whole reference to "fopen()" is a bit of a joke. dc ___ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Re: [sqlite] minor nit pick of "When To Use"
On November 11, 2018 8:04:51 AM EST, Dennis Clarke wrote: > >this : https://www.sqlite.org/whentouse.html > >I know this is really a nit pick but I see that the OpenGroup folks >have >published a new shiney UNIX standard called SUSv4 or Single UNIX >Specification version 4 or even ye "The Open Group Base Specifications >Issue 7, 2018 edition IEEE Std 1003.1-2017 (Revision of IEEE Std >1003.1-2008)" just for fun. This : > > http://pubs.opengroup.org/onlinepubs/9699919799/toc.htm > >Where we see the "standard" fopen is : > > http://pubs.opengroup.org/onlinepubs/9699919799/functions/fopen.html > >Not exactly a manpage to be sure but it is the standard. > >So perhaps a link could be placed on the top of the "When To Use" >beside >the "fopen()" manpage thing to "he.net" whatever that is. Surely the >"competes with fopen()" is a small joke in any case. OKay I will go >back >to picking nits. > >Dennis >___ >sqlite-users mailing list >sqlite-users@mailinglists.sqlite.org >http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users he.net is Hurricane Electric, an Internet backbone. Not exactly the authority on manpages, I'll grant, but given what they do it's not likely to go down, so it's a stable reference for the manual. -- J. King ___ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
[sqlite] minor nit pick of "When To Use"
this : https://www.sqlite.org/whentouse.html I know this is really a nit pick but I see that the OpenGroup folks have published a new shiney UNIX standard called SUSv4 or Single UNIX Specification version 4 or even ye "The Open Group Base Specifications Issue 7, 2018 edition IEEE Std 1003.1-2017 (Revision of IEEE Std 1003.1-2008)" just for fun. This : http://pubs.opengroup.org/onlinepubs/9699919799/toc.htm Where we see the "standard" fopen is : http://pubs.opengroup.org/onlinepubs/9699919799/functions/fopen.html Not exactly a manpage to be sure but it is the standard. So perhaps a link could be placed on the top of the "When To Use" beside the "fopen()" manpage thing to "he.net" whatever that is. Surely the "competes with fopen()" is a small joke in any case. OKay I will go back to picking nits. Dennis ___ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users