[sqlite] Assertion `memIsValid(pRec)' failed
Hi, We found an assertion failed in sqlite. And this assertion seems not to be fixed completely. Here’s the POC: — CREATE TABLE v0 ( v1 ) ; INSERT INTO v0 ( v1 ) VALUES ( 10 ) ,( 10 ) ; UPDATE v0 SET v1 = ( SELECT coalesce ( quote ( NULL ) , quote ( v1 ) , ( SELECT 1 FROM v0 AS v WHERE ( SELECT v1 FROM v0 WHERE v1 > v1 ) ) , 10 ) FROM v0 ORDER BY zeroblob ( v1 ) ) ; —- This exists in the latest development code built with debug flag. Yongheng & Rui ___ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
[sqlite] Assertion `(mFlags_Str)==0 || (pMem->n==pX->n && pMem->z==pX->z)' failed.
Hi, We found an assertion failed in sqlite. Here’s the POC: — CREATE TABLE v0 ( v1 VARCHAR(15) ) ; INSERT INTO v0 ( v1 ) VALUES ( 10 ) ,( 10 ) ; UPDATE v0 SET v1 = ( SELECT coalesce ( quote ( NULL ) , quote ( v1 ) , quote ( v1 ) , 0 ) FROM v0 ORDER BY substr ( v1 , v1 , 10 ) ) ; —- This exists in release version and the latest development code built with debug flag. Yongheng & Rui ___ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Re: [sqlite] Causal profiling
Also spaghetti inheritance is a thing. On Wed, Jan 1, 2020, 19:19 D Burgess wrote: > > I’ve spent too much time lately trying to figure out or debug hellacious > C spaghetti code > > And I’ve spent too much time lately trying to figure out or debug > hellacious C++ spaghetti code > > Someone who writes bad C, will write even worse C++ > ___ > sqlite-users mailing list > sqlite-users@mailinglists.sqlite.org > http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users > ___ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Re: [sqlite] Causal profiling
> I’ve spent too much time lately trying to figure out or debug hellacious C > spaghetti code And I’ve spent too much time lately trying to figure out or debug hellacious C++ spaghetti code Someone who writes bad C, will write even worse C++ ___ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
[sqlite] Assertion `memIsValid(pRec)' failed
Hi, We found an assertion failed in sqlite. Here’s the POC: — CREATE TABLE v0 ( v1 CHAR(25) ) ; CREATE TRIGGER myname AFTER INSERT ON v0 BEGIN INSERT INTO v0 SELECT ( SELECT ifnull ( count ( DISTINCT ( SELECT v1 FROM v0 ) ) , 10 ) ) FROM v0 AS d WHERE v1 = v1 AND v1 <= v1 GROUP BY v1 , v1 ORDER BY v1 , v1 ; END ; INSERT INTO v0 ( v1 ) VALUES ( 10 ) ,( 0 ) ; —- This exists in the latest development code built with debug flag. Yongheng & Rui ___ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Re: [sqlite] New SQL functions available for testing only.
On 1/1/20, Manuel Rigger wrote: > Thanks for adding these functions! My test generator/fuzzer is written in > Java and uses the JDBC interface. In order to call the C function, I would > probably need to modify the driver code or use JNI, which would both be a > bit hacky. Is there a compile-time option that can be set to provide > internal functions by default? -DSQLITE_ENABLE_INTERNAL_FUNCTIONS NB: Do NOT enable this on a production build. The -DSQLITE_ENABLE_INTERNAL_FUNCTIONS compile-time option is for testing purposes only. -- D. Richard Hipp d...@sqlite.org ___ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Re: [sqlite] New SQL functions available for testing only.
Thanks for adding these functions! My test generator/fuzzer is written in Java and uses the JDBC interface. In order to call the C function, I would probably need to modify the driver code or use JNI, which would both be a bit hacky. Is there a compile-time option that can be set to provide internal functions by default? Best, Manuel On Wed, Jan 1, 2020 at 7:26 PM Jens Alfke wrote: > > > On Jan 1, 2020, at 8:03 AM, Richard Hipp wrote: > > > > expr_implies_expr(A,B) > > > > Return non-zero if expression A implies expression B. See > > https://www.sqlite.org/src/artifact/971e442fd5?ln=5277-5299 for > > details. This routine is used to determine if a partial index is > > usable. > > Thanks! This is also likely useful for programs that create their own > synthetic indexes out of secondary tables. (I do this, partly because I > need to index multiple values per row, e.g. indexing the elements of a JSON > array.) If such an ‘index’ is partial, I need to figure out when it’s > applicable to a query. > > —Jens > ___ > sqlite-users mailing list > sqlite-users@mailinglists.sqlite.org > http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users > ___ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Re: [sqlite] New SQL functions available for testing only.
> On Jan 1, 2020, at 8:03 AM, Richard Hipp wrote: > > expr_implies_expr(A,B) > > Return non-zero if expression A implies expression B. See > https://www.sqlite.org/src/artifact/971e442fd5?ln=5277-5299 for > details. This routine is used to determine if a partial index is > usable. Thanks! This is also likely useful for programs that create their own synthetic indexes out of secondary tables. (I do this, partly because I need to index multiple values per row, e.g. indexing the elements of a JSON array.) If such an ‘index’ is partial, I need to figure out when it’s applicable to a query. —Jens ___ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
[sqlite] New SQL functions available for testing only.
Fuzzers and testers: I've created some new built-in SQL functions for SQLite that provide direct access to some of the internal code-generator routines that have historically given trouble: expr_compare(A,B) This function returns non-zero if expressions A and B are different. See https://www.sqlite.org/src/artifact/971e442fd5?ln=5049-5075 for details. expr_implies_expr(A,B) Return non-zero if expression A implies expression B. See https://www.sqlite.org/src/artifact/971e442fd5?ln=5277-5299 for details. This routine is used to determine if a partial index is usable. implies_nonnull_row(E,C) C must be the name of a column in one of the tables of the SELECT statement. E is an arbitrary expression. Return non-zero if expression E can only be true if the row of which C is a member has some non-NULL column. This routine is used to help determine if a LEFT JOIN can be simplified into an ordinary JOIN. These new SQL functions are only accessible if you activate "internal functions" using C code like this: sqlite3_test_control(SQLITE_TESTCTRL_INTERNAL_FUNCTIONS, db); Or in the CLI like this: .testctrl internal_functions In other words, these SQL functions are not available to ordinary applications. An application would need to take special steps to activate these routines. And those special steps include making calls to C-code, which means that an attacker who is submitting SQL text and/or database files is unable to exploit any weaknesses that may turn up in these SQL functions. Fuzzer authors: I recommend that you enable these functions in your fuzzers. Doing so might help your fuzzersto find bugs that would otherwise be difficult to reach. Happy hunting. -- D. Richard Hipp d...@sqlite.org ___ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
[sqlite] Assertion `memIsValid([p1+idx])' failed.
Hi, We found an assertion failed in sqlite. Here’s the POC: — CREATE TABLE v0 ( v1 DOUBLE PRIMARY KEY ) ; INSERT INTO v0 VALUES ( 10 ) ; SELECT * FROM v0 NATURAL JOIN v0 NATURAL JOIN v0 WHERE v1 = 9223372036854775807 OR ( ( v1 = ( SELECT 10 + sum ( v1 LIKE 'LG PACK' ) OVER( ORDER BY v1 ) ) AND 16 ) OR v1 = 10 ) AND v1 <= 10 + 10 AND v1 BETWEEN 10 AND 10 ; —- This exists in the latest development code built with debug flag. Yongheng & Rui ___ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
[sqlite] Assertion `pRes->iTable==pSrc->a[0].iCursor'
Hi, We found an assertion failed in sqlite. Here’s the POC: — CREATE TABLE v0 ( v2 INTEGER PRIMARY KEY , v1 AS( 10.10 ) UNIQUE ) ; SELECT * FROM v0 WHERE v1 + 10 IN ( SELECT v2 FROM v0 NATURAL JOIN v0 WHERE v2 IN ( SELECT v1 FROM v0 ORDER BY v1 ) ) ; —- This exists in the latest development code built with debug flag. Yongheng & Rui ___ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users