Bug#575276: marked as done (sqlite3: segmentation fault on specific SQL statement (INSERT DEFAULT VALUES with triggers))

Debian Bug Tracking System Wed, 05 May 2010 15:39:28 -0700

Your message dated Wed, 05 May 2010 22:36:01 +0000
with message-id <[email protected]>
and subject line Bug#575276: fixed in sqlite3 3.6.23.1-2
has caused the Debian Bug report #575276,
regarding sqlite3: segmentation fault on specific SQL statement (INSERT DEFAULT 
VALUES with triggers)
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
575276: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575276
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: sqlite3
Version: 3.6.22-1
Severity: normal

A bug resulting in a crash (segmentation fault) of sqlite3 has been
detected. Please find attached the script causing problems and a debug
session log.

Tested to be vulnerable:
linux 3.6.23
linux 3.6.22
linux 3.6.4
solaris 3.5.1

Tested to be invulnerable:
linux 2.8.17

Attachments: SQL script, gdb session log.

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-3-686 (SMP w/2 CPU cores)
Shell: /bin/sh linked to /bin/dash

BEGIN TRANSACTION;
CREATE TABLE tab_s (src varchar, dst varchar, price decimal(10,2), PRIMARY KEY 
(src,dst));
INSERT INTO "tab_s" VALUES('POZNAN','ITALIA',10);
CREATE TABLE current (src varchar, dst varchar, price decimal(10,2) NOT NULL, 
timestamp TEXT DEFAULT (DATETIME('NOW')));
CREATE TRIGGER update_tab_s after insert on current when (new.price < (select 
price from tab_s where src=new.src AND dst=new.dst))  begin update tab_s set 
price=new.price where src=new.src AND dst=new.dst; end;
CREATE TRIGGER entry_in_tab_s before insert on current begin insert or ignore 
into tab_s values (new.src, new.dst, 99999); end;
COMMIT;

INSERT INTO current DEFAULT VALUES ('a', 'b', 30);

/tmp/sqlite-3.6.23> CFLAGS="-O0 -ggdb" ./configure 
/tmp/sqlite-3.6.23> make
/tmp/sqlite-3.6.23> export LD_PRELOAD=.libs/libsqlite3.so
/tmp/sqlite-3.6.23> gdb .libs/sqlite3
Reading symbols from /tmp/sqlite-3.6.23/.libs/sqlite3...done.
(gdb) r -init script.sql
[Thread debugging using libthread_db enabled]
-- Loading resources from script.sql

_______________________________________________________________________________
     eax:00000000 ebx:B7FDDA10  ecx:00000008  edx:00000007     eflags:00010246
     esi:0804FE90 edi:080496E0  esp:BFFFD8F0  ebp:BFFFDA28     eip:B7F9D0A7
     cs:0073  ds:007B  es:007B  fs:0000  gs:0033  ss:007B    o d I t s Z a P c 
[007B:BFFFD8F0]---------------------------------------------------------[stack]
BFFFD920 : B8 35 05 08  00 00 00 00 - FC 03 00 00  D8 4C 06 08 .5...........L..
BFFFD910 : 00 00 00 00  10 DA FD B7 - 48 D9 FF BF  AD A3 F6 B7 ........H.......
BFFFD900 : 00 00 00 00  B8 35 05 08 - F8 35 05 08  00 00 00 00 .....5...5......
BFFFD8F0 : C8 45 06 08  07 00 00 00 - FF FF FF FF  07 00 00 00 .E..............
[007B:0804FE90]---------------------------------------------------------[ data]
0804FE90 : 55 89 E5 57  56 53 E8 4F - 00 00 00 81  C3 75 22 00 U..WVS.O.....u".
0804FEA0 : 00 83 EC 0C  E8 1B 93 FF - FF 8D BB F0  FE FF FF 8D ................
[0073:B7F9D0A7]---------------------------------------------------------[ code]
0xb7f9d0a7 <sqlite3Insert+3613>:        mov    0xc(%eax),%esi
0xb7f9d0aa <sqlite3Insert+3616>:        mov    -0xac(%ebp),%edx
0xb7f9d0b0 <sqlite3Insert+3622>:        mov    %edx,%eax
0xb7f9d0b2 <sqlite3Insert+3624>:        shl    $0x2,%eax
0xb7f9d0b5 <sqlite3Insert+3627>:        add    %edx,%eax
0xb7f9d0b7 <sqlite3Insert+3629>:        shl    $0x2,%eax
------------------------------------------------------------------------------
0xb7f9d0a7 in sqlite3Insert (pParse=0x8064cd8, pTabList=0x8060358, pList=0x0, 
pSelect=0x0, pColumn=0x0, onError=0x63) at sqlite3.c:75798
75798           sqlite3ExprCodeAndCache(pParse, pList->a[j].pExpr, regCols+i+1);
(gdb) bt
#0  0xb7f9d0a7 in sqlite3Insert (pParse=0x8064cd8, pTabList=0x8060358, 
pList=0x0, pSelect=0x0, pColumn=0x0, onError=0x63) at sqlite3.c:75798
#1  0xb7fba1a2 in yy_reduce (yypParser=0x8065090, yyruleno=0xaf) at 
sqlite3.c:94450
#2  0xb7fbbef8 in sqlite3Parser (yyp=0x8065090, yymajor=0x16, yyminor=..., 
pParse=0x8064cd8) at sqlite3.c:95184
#3  0xb7fbcaad in sqlite3RunParser (pParse=0x8064cd8, zSql=0x8061598 "INSERT 
INTO current DEFAULT VALUES ('a', 'b', 30);", pzErrMsg=0xbfffdc30) at 
sqlite3.c:96010
#4  0xb7fa45c8 in sqlite3Prepare (db=0x80531d0, zSql=0x8061598 "INSERT INTO 
current DEFAULT VALUES ('a', 'b', 30);", nBytes=0xffffffff, saveSqlFlag=0x1, 
pReprepare=0x0, ppStmt=0xbfffdd1c, pzTail=0xbfffdd18) at sqlite3.c:79988
#5  0xb7fa4909 in sqlite3LockAndPrepare (db=0x80531d0, zSql=0x8061598 "INSERT 
INTO current DEFAULT VALUES ('a', 'b', 30);", nBytes=0xffffffff, 
saveSqlFlag=0x1, pOld=0x0, ppStmt=0xbfffdd1c, pzTail=0xbfffdd18) at 
sqlite3.c:80083
#6  0xb7fa4ac1 in sqlite3_prepare_v2 (db=0x80531d0, zSql=0x8061598 "INSERT INTO 
current DEFAULT VALUES ('a', 'b', 30);", nBytes=0xffffffff, ppStmt=0xbfffdd1c, 
pzTail=0xbfffdd18) at sqlite3.c:80158
#7  0x0804b452 in shell_exec (db=0x80531d0, zSql=0x8061598 "INSERT INTO current 
DEFAULT VALUES ('a', 'b', 30);", xCallback=0x804a361 <shell_callback>, 
pArg=0xbfffde78, pzErrMsg=0xbfffddd4) at shell.c:990
#8  0x0804ef31 in process_input (p=0xbfffde78, in=0x8053008) at shell.c:2236
#9  0x0804f28b in process_sqliterc (p=0xbfffde78, sqliterc_override=0xbffff5f4 
"script.sql") at shell.c:2370
#10 0x0804f6af in main (argc=0x3, argv=0xbffff454) at shell.c:2508

--- End Message ---

--- Begin Message ---

Source: sqlite3
Source-Version: 3.6.23.1-2

We believe that the bug you reported is fixed in the latest version of
sqlite3, which is due to be installed in the Debian FTP archive:

lemon_3.6.23.1-2_amd64.deb
  to main/s/sqlite3/lemon_3.6.23.1-2_amd64.deb
libsqlite3-0-dbg_3.6.23.1-2_amd64.deb
  to main/s/sqlite3/libsqlite3-0-dbg_3.6.23.1-2_amd64.deb
libsqlite3-0_3.6.23.1-2_amd64.deb
  to main/s/sqlite3/libsqlite3-0_3.6.23.1-2_amd64.deb
libsqlite3-dev_3.6.23.1-2_amd64.deb
  to main/s/sqlite3/libsqlite3-dev_3.6.23.1-2_amd64.deb
libsqlite3-tcl_3.6.23.1-2_amd64.deb
  to main/s/sqlite3/libsqlite3-tcl_3.6.23.1-2_amd64.deb
sqlite3-doc_3.6.23.1-2_all.deb
  to main/s/sqlite3/sqlite3-doc_3.6.23.1-2_all.deb
sqlite3_3.6.23.1-2.debian.tar.gz
  to main/s/sqlite3/sqlite3_3.6.23.1-2.debian.tar.gz
sqlite3_3.6.23.1-2.dsc
  to main/s/sqlite3/sqlite3_3.6.23.1-2.dsc
sqlite3_3.6.23.1-2_amd64.deb
  to main/s/sqlite3/sqlite3_3.6.23.1-2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <[email protected]> (supplier of updated sqlite3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 05 May 2010 18:58:47 +0000
Source: sqlite3
Binary: lemon sqlite3 sqlite3-doc libsqlite3-0-dbg libsqlite3-0 libsqlite3-dev 
libsqlite3-tcl
Architecture: source all amd64
Version: 3.6.23.1-2
Distribution: unstable
Urgency: low
Maintainer: Laszlo Boszormenyi (GCS) <[email protected]>
Changed-By: Laszlo Boszormenyi (GCS) <[email protected]>
Description: 
 lemon      - The Lemon Parser Generator
 libsqlite3-0 - SQLite 3 shared library
 libsqlite3-0-dbg - SQLite 3 debugging symbols
 libsqlite3-dev - SQLite 3 development files
 libsqlite3-tcl - SQLite 3 Tcl bindings
 sqlite3    - A command line interface for SQLite 3
 sqlite3-doc - SQLite 3 documentation
Closes: 575276 579266
Changes: 
 sqlite3 (3.6.23.1-2) unstable; urgency=low
 .
   * Enable unlock notify API (closes: #579266).
   * Backport fix of 'INSERT INTO tbl DEFAULT VALUES' (closes: #575276).
Checksums-Sha1: 
 20afa31776796597133b9decfe60f16e3c1b34da 1515 sqlite3_3.6.23.1-2.dsc
 ae9b84f8643f74c61fca909885e026322bae3e28 11796 sqlite3_3.6.23.1-2.debian.tar.gz
 2bb93273170169015792e9d5328feb3db6fb3260 2158882 sqlite3-doc_3.6.23.1-2_all.deb
 44b39bdb16cd09aa03df4262990f0fe701cfe7c1 115930 lemon_3.6.23.1-2_amd64.deb
 7f69a2d1b92fcf0e5bed635efe75737865cda0a9 96070 sqlite3_3.6.23.1-2_amd64.deb
 fef2165a96997d53c86e595ac113ea491a08b039 378942 
libsqlite3-0_3.6.23.1-2_amd64.deb
 4c1e2c8f7d8cbb8a77b79708f4f03c45cbb25693 648848 
libsqlite3-0-dbg_3.6.23.1-2_amd64.deb
 f88d8b0f0dc5339d3a26800b845689e1fd1e0e17 473296 
libsqlite3-dev_3.6.23.1-2_amd64.deb
 38e89407bbd8e7551c68115759ee226cb4d5e19f 92486 
libsqlite3-tcl_3.6.23.1-2_amd64.deb
Checksums-Sha256: 
 2e6c1b24d70419a87f47ffa297846d640389b93d51ac8568a9ae7e1298136cd6 1515 
sqlite3_3.6.23.1-2.dsc
 d7fe60b4572d58a041b551b4663ddcb68d1b8bb86cd63913cb091a48ee365753 11796 
sqlite3_3.6.23.1-2.debian.tar.gz
 fd952ab75bbb1d02d1c5ff57ad81469ea45878a105398197ca84550623e2cac0 2158882 
sqlite3-doc_3.6.23.1-2_all.deb
 50639d1da6f2dd301c1d2a41a039807058e39b21c8a4c825bea280d75a6e52eb 115930 
lemon_3.6.23.1-2_amd64.deb
 b0df9b624e44d2f852489db10db1b70834af2198b2aca72ce4f7e0e25bff1a03 96070 
sqlite3_3.6.23.1-2_amd64.deb
 68dae8b9d1d751888c22ea646cd40bd6bae615b4a93343cd8a197fba857c9359 378942 
libsqlite3-0_3.6.23.1-2_amd64.deb
 2a29bb503f41c41c78c0a291b3c290b3f70fed4c8ce1477d7679b118b6c5f50e 648848 
libsqlite3-0-dbg_3.6.23.1-2_amd64.deb
 98c95b69a701e3054ee50c2e22ef1544bc4ceb467798c5990f538d8628c2d1fc 473296 
libsqlite3-dev_3.6.23.1-2_amd64.deb
 eea9ccc992478703bdab433c0f3b9c4c5d065d069449eeae19a77c84a0d4622e 92486 
libsqlite3-tcl_3.6.23.1-2_amd64.deb
Files: 
 65c5d783ef7fddee9377f881760304f9 1515 devel optional sqlite3_3.6.23.1-2.dsc
 6816f5cce85de616fef157c0aac59015 11796 devel optional 
sqlite3_3.6.23.1-2.debian.tar.gz
 df8432f02523bf9c4075fe78dc9701f1 2158882 doc optional 
sqlite3-doc_3.6.23.1-2_all.deb
 041dc3511f66fc3a06805be6bf975c22 115930 devel optional 
lemon_3.6.23.1-2_amd64.deb
 db577c0295cd25d8359a0205b41adee5 96070 database optional 
sqlite3_3.6.23.1-2_amd64.deb
 f1ca1de4973c2e9a0d47f3931a666b12 378942 libs standard 
libsqlite3-0_3.6.23.1-2_amd64.deb
 5553947f6338eb3ee03796b07fc9b5e1 648848 debug extra 
libsqlite3-0-dbg_3.6.23.1-2_amd64.deb
 19525d9af29b13d8ea7e1e3c0abb6890 473296 libdevel optional 
libsqlite3-dev_3.6.23.1-2_amd64.deb
 3a73e0fcf7602f4541b87727800be2ae 92486 interpreters optional 
libsqlite3-tcl_3.6.23.1-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkvh65gACgkQMDatjqUaT92AagCdHIvLJXWyIIf7Vw7vgVVcF3cL
7K4AoJ6CGkUcfzubpL8k+Hmn0iNWn1UA
=rhPW
-----END PGP SIGNATURE-----

--- End Message ---

Bug#575276: marked as done (sqlite3: segmentation fault on specific SQL statement (INSERT DEFAULT VALUES with triggers))

Reply via email to