Re: [sqlite] Segfault in sqlite3DbMallocRaw

2014-06-13 Thread Richard Hipp 
On Fri, Jun 13, 2014 at 6:08 PM, Maxim Khitrov  wrote:

> Hi all,
>
> I don't think this is a problem with sqlite, but I'm also not sure
> what external behavior could trigger this, so I'm looking for help
> from someone more familiar with the sqlite internals.
>
> One of the users of my SQLite binding for Go is reporting a
> non-deterministic segfault in the 3.8.5 amalgamation on line 20086,
> which is "db->lookaside.pFree = pBuf->pNext;" in sqlite3DbMallocRaw:
>
> https://github.com/mxk/go-sqlite/issues/6
>
> The segfault always seems to happen at the same place, but it happens
> infrequently, and the actual call sequence may be different. There
> don't seem to be any concurrent calls to any sqlite functions, yet
> building the package with either SQLITE_THREADSAFE=1 (instead of 2) or
> SQLITE_OMIT_LOOKASIDE resolves, or maybe just hides the issue.
>
> This feels like a concurrency problem, but I can't reproduce it or
> figure out the source. Is it possible to corrupt the lookaside
> allocator in some other way?
>

I recommend compiling with -DSQLITE_OMIT_LOOKASIDE and then running your
test in valgrind (or the equivalent).  That will very likely find the
problem.

I'm guessing this is a use-after-free issue.


-- 
D. Richard Hipp
d...@sqlite.org
___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

[sqlite] Segfault in sqlite3DbMallocRaw

2014-06-13 Thread Maxim Khitrov 
Hi all,

I don't think this is a problem with sqlite, but I'm also not sure
what external behavior could trigger this, so I'm looking for help
from someone more familiar with the sqlite internals.

One of the users of my SQLite binding for Go is reporting a
non-deterministic segfault in the 3.8.5 amalgamation on line 20086,
which is "db->lookaside.pFree = pBuf->pNext;" in sqlite3DbMallocRaw:

https://github.com/mxk/go-sqlite/issues/6

The segfault always seems to happen at the same place, but it happens
infrequently, and the actual call sequence may be different. There
don't seem to be any concurrent calls to any sqlite functions, yet
building the package with either SQLITE_THREADSAFE=1 (instead of 2) or
SQLITE_OMIT_LOOKASIDE resolves, or maybe just hides the issue.

This feels like a concurrency problem, but I can't reproduce it or
figure out the source. Is it possible to corrupt the lookaside
allocator in some other way?

- Max
___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users