Re: [sqlite] Sqlite3 Data Base write failure cases.

2018-12-18 Thread Prajeesh Prakash
Hi Simon Slavin, Thank you for the reply. Yes I am using single thread and single connection. Can you tell me what happen if i try with multiple thread and single connection to write the data (Multiple thread trying to write into DB will it follow the serialization because of the FULLMUTEX and

[sqlite] SQLite Application Question

2018-12-18 Thread Roger Schlueter
I am starting work on a prototype application so this might be an excellent opportunity to use SQLite for my application file format.  Part of this would be the saving and restoring of GUI elements such as window positions and sizes, control states, themes, etc.  I can conceive of a few

Re: [sqlite] Question about floating point

2018-12-18 Thread Dennis Clarke
Apologies ... I should have included a link to Jean-Michel Muller's work on "Elementary Functions" and on preserving monotonicity and always getting correctly rounded results when implementing the elementary functions in floating-point arithmetic.

[sqlite] Linker error

2018-12-18 Thread JuanJo Villegas
When I link the amalgamation with my C Source it giveme the follow error: sqlite3.o: In function `sqlite3MemoryBarrier': /home/Juanjo/Bd/sqlite3.c:26067: undefined reference to `___sync_synchronize' Thank you Bye ___ sqlite-users mailing list

Re: [sqlite] Question about floating point

2018-12-18 Thread Dennis Clarke
On 12/18/18 6:01 AM, R Smith wrote:> On 2018/12/17 11:53 PM, Dennis Clarke wrote: >> >> This thread is getting out of hand. Firstly there is no such binary >> representation ( in this universe ) for a trivial decimal number such as >> one tenth ( 0.10 ) and really folks should refer to the text

Re: [sqlite] Claimed vulnerability in SQLite: Info or Intox?

2018-12-18 Thread Keith Medcalf
On Tuesday, 18 December, 2018 14:50, Nathan Green wrote: >Except the problem isn't just in Chrome. Apparently, any system that >allows SQL injection is vulnerable. Since SQLite can be used as a file >format to transport application data >(https://www.sqlite.org/appfileformat.html), >other

Re: [sqlite] Claimed vulnerability in SQLite: Info or Intox?

2018-12-18 Thread Richard Hipp
On 12/18/18, Dominique Devienne wrote: > https://blade.tencent.com/magellan/index_en.html > > Sounds to me it more related to a "remote callable" program like Chrome, > than SQLite proper, but I'd like an official stance on SQLite itself please. > There was a bug in FTS3 (not in the SQLite core)

Re: [sqlite] Claimed vulnerability in SQLite: Info or Intox?

2018-12-18 Thread Nathan Green
On Tue, Dec 18, 2018 at 4:00 PM Peter da Silva wrote: > On Tue, Dec 18, 2018 at 3:49 PM Nathan Green wrote: > > > Except the problem isn't just in Chrome. Apparently, any system that > allows > > SQL injection is vulnerable. > > > > That's kind of a tautology isn't it? Isn't there some kind of

Re: [sqlite] Claimed vulnerability in SQLite: Info or Intox?

2018-12-18 Thread Peter da Silva
On Tue, Dec 18, 2018 at 3:49 PM Nathan Green wrote: > Except the problem isn't just in Chrome. Apparently, any system that allows > SQL injection is vulnerable. > That's kind of a tautology isn't it? Isn't there some kind of Godwin's Law variant for XKCD 327? I notice that the 12 points on

Re: [sqlite] Claimed vulnerability in SQLite: Info or Intox?

2018-12-18 Thread Nathan Green
On Tue, Dec 18, 2018 at 3:14 PM Simon Slavin wrote: > On 18 Dec 2018, at 9:00pm, Peter da Silva wrote: > > > I have to say I'm pretty boggled that Chrome allows hostile users to > feed code directly into an SQL interpreter that wasn't written from the > ground up to be secure. > > Chrome has

Re: [sqlite] Claimed vulnerability in SQLite: Info or Intox?

2018-12-18 Thread Peter da Silva
Javascript was designed from the start to safely execute malicious code. That doesn't mean it is safe, it just means it might be. There have been all kinds of javascript-based exploits, after all. But an interpreter that was not originally designed to be safe in the face of malicious code? I

Re: [sqlite] Claimed vulnerability in SQLite: Info or Intox?

2018-12-18 Thread Keith Medcalf
Why shocked? Chrome allows direct execution of untrusted and likely malicious code that it gets over the network. It is called JavaScript. That a new method for execution of untrusted remote malicious code has been created is completely unsurprising since the whole point of Chrome is to

Re: [sqlite] Claimed vulnerability in SQLite: Info or Intox?

2018-12-18 Thread Simon Slavin
On 18 Dec 2018, at 9:00pm, Peter da Silva wrote: > I have to say I'm pretty boggled that Chrome allows hostile users to feed > code directly into an SQL interpreter that wasn't written from the ground up > to be secure. Chrome has problems far more serious than that. And one can do all sorts

Re: [sqlite] Claimed vulnerability in SQLite: Info or Intox?

2018-12-18 Thread Peter da Silva
I have to say I'm pretty boggled that Chrome allows hostile users to feed code directly into an SQL interpreter that wasn't written from the ground up to be secure. Secure interpreters are *hard* even when you're designing them from scratch (see also, the whole history of web-based

Re: [sqlite] Claimed vulnerability in SQLite: Info or Intox?

2018-12-18 Thread Clemens Ladisch
Dominique Devienne wrote: > I'd like an official stance on SQLite itself please. Regards, Clemens ___ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org

[sqlite] "make test" fails on Mageia Linux v7 x86-64

2018-12-18 Thread Shlomi Fish
Hi, With the attached bash script on Mageia Linux v7 x86-64 I consistently get the test failures here: https://www.shlomifish.org/Files/files/text/sqlite-mga7-rpm-build.txt.xz this is with sqlite 3.26.0. This affects our rpm %check phase. Can you help? --

Re: [sqlite] Question about floating point

2018-12-18 Thread ajm
Although the problem is well known by the readers, may be someone would like remember the basics (somethin written by me some years ago -in spanish-). http://www.zator.com/Cpp/E2_2_4a.htm If you want "play" whiths the numbers in IEE754 this page bay be the fun (unfortuately, the original is not

Re: [sqlite] Question about floating point

2018-12-18 Thread Scott Robison
On Mon, Dec 17, 2018 at 2:50 PM Thomas Kurz wrote: > Ok, as there seem to be some experts about floating-point numbers here, > there is one aspect that I never understood: > > floats are stored as a fractional part, which is binary encoded, and an > integer-type exponent. The first leads to the

Re: [sqlite] Question about floating point

2018-12-18 Thread Richard Damon
On 12/18/18 6:21 AM, R Smith wrote: > > I'm not even going to touch on silly/stupid programming and > calculations that round along the intermediate steps, those have been > mentioned already, they are evil and it isn't the fault of the storage > medium. Actually, periodically rounding IS a valid

Re: [sqlite] Question about floating point

2018-12-18 Thread R Smith
On 2018/12/18 1:21 AM, James K. Lowden wrote: First, the problem is not storage it's calculation. Second, the thread was started because a floating point calculation in SQLite, exactly as it is run today, led to the following value: 211496.252 which is typical of such problems.

Re: [sqlite] Question about floating point

2018-12-18 Thread R Smith
On 2018/12/17 11:53 PM, Dennis Clarke wrote: This thread is getting out of hand. Firstly there is no such binary representation ( in this universe ) for a trivial decimal number such as one tenth ( 0.10 ) and really folks should refer to the text book recently published ( 2nd Edition actually )

[sqlite] Claimed vulnerability in SQLite: Info or Intox?

2018-12-18 Thread Dominique Devienne
https://blade.tencent.com/magellan/index_en.html Sounds to me it more related to a "remote callable" program like Chrome, than SQLite proper, but I'd like an official stance on SQLite itself please. Thanks, --DD ___ sqlite-users mailing list