Re: [sqlite] sqlite bug report

2014-11-13 Thread Richard Hipp 
On Thu, Nov 13, 2014 at 4:41 PM, Hinrichsen, John 
wrote:

> In this example, bad data is returned.  There is no assert.  valgrind does
> not complain either.
>

It asserts if you recompile with -DSQLITE_DEBUG



>
> Is there an ETA on when 3.8.7.2 will be released?
>

Next week sometime.  Why not just pull the latest code from the source tree?


>
>
> On Thu, Nov 13, 2014 at 1:12 PM, Richard Hipp  wrote:
>
> > This is https://www.sqlite.org/src/info/094d39a4c95ee4 which has been
> > fixed
> > in trunk and will be fixed in 3.8.7.2.
> >
> > On Thu, Nov 13, 2014 at 1:05 PM, Hinrichsen, John 
> > wrote:
> >
> > > The following SQL produces an incorrect result with sqlite-3.8.7.1:
> > >
> > > CREATE TABLE A(
> > >   symbol TEXT,
> > >   type TEXT
> > > );
> > > INSERT INTO A VALUES('ABCDEFG','chars');
> > > INSERT INTO A VALUES('1234567890','num');
> > > CREATE TABLE B(
> > >   chars TEXT,
> > >   num TEXT
> > > );
> > >
> > > CREATE TABLE IF NOT EXISTS C AS
> > > SELECT A.symbol AS symbol,A.type,
> > > CASE A.type
> > > WHEN 'chars' THEN A.symbol
> > > WHEN 'num' THEN B.chars
> > > ELSE NULL
> > > END AS chars
> > > FROM A LEFT OUTER JOIN B ON A.type='num'  AND B.num=A.symbol;
> > >
> > > SELECT * FROM C;
> > >
> > > with 3.8.7.1:
> > >
> > > sqlite> SELECT * FROM C;
> > > ABCDEFG|chars|ABCDEFG
> > > 1234567890|num|1234567
> > >
> > > with 3.8.6:
> > >
> > > sqlite> SELECT * FROM C;
> > > ABCDEFG|chars|ABCDEFG
> > > 1234567890|num|
> > >
> > > --
> > >
> > > This message contains confidential information and is intended only for
> > the
> > > individual named. If you are not the named addressee, you should not
> > > disseminate, distribute, alter or copy this e-mail. Please notify the
> > > sender immediately by e-mail if you have received this e-mail by
> mistake
> > > and delete this e-mail from your system. E-mail transmissions cannot be
> > > guaranteed to be secure or without error as information could be
> > > intercepted, corrupted, lost, destroyed, or arrive late or incomplete.
> > The
> > > sender, therefore, does not accept liability for any errors or
> omissions
> > in
> > > the contents of this message which arise during or as a result of
> e-mail
> > > transmission. If verification is required, please request a hard-copy
> > > version. This message is provided for information purposes and should
> not
> > > be construed as a solicitation or offer to buy or sell any securities
> or
> > > related financial instruments in any jurisdiction.
> > > ___
> > > sqlite-users mailing list
> > > sqlite-users@sqlite.org
> > > http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
> > >
> >
> >
> >
> > --
> > D. Richard Hipp
> > d...@sqlite.org
> > ___
> > sqlite-users mailing list
> > sqlite-users@sqlite.org
> > http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
> >
>
> --
>
> This message contains confidential information and is intended only for the
> individual named. If you are not the named addressee, you should not
> disseminate, distribute, alter or copy this e-mail. Please notify the
> sender immediately by e-mail if you have received this e-mail by mistake
> and delete this e-mail from your system. E-mail transmissions cannot be
> guaranteed to be secure or without error as information could be
> intercepted, corrupted, lost, destroyed, or arrive late or incomplete. The
> sender, therefore, does not accept liability for any errors or omissions in
> the contents of this message which arise during or as a result of e-mail
> transmission. If verification is required, please request a hard-copy
> version. This message is provided for information purposes and should not
> be construed as a solicitation or offer to buy or sell any securities or
> related financial instruments in any jurisdiction.
> ___
> sqlite-users mailing list
> sqlite-users@sqlite.org
> http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
>



-- 
D. Richard Hipp
d...@sqlite.org
___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] sqlite bug report

2014-11-13 Thread Hinrichsen, John 
In this example, bad data is returned.  There is no assert.  valgrind does
not complain either.

Is there an ETA on when 3.8.7.2 will be released?


On Thu, Nov 13, 2014 at 1:12 PM, Richard Hipp  wrote:

> This is https://www.sqlite.org/src/info/094d39a4c95ee4 which has been
> fixed
> in trunk and will be fixed in 3.8.7.2.
>
> On Thu, Nov 13, 2014 at 1:05 PM, Hinrichsen, John 
> wrote:
>
> > The following SQL produces an incorrect result with sqlite-3.8.7.1:
> >
> > CREATE TABLE A(
> >   symbol TEXT,
> >   type TEXT
> > );
> > INSERT INTO A VALUES('ABCDEFG','chars');
> > INSERT INTO A VALUES('1234567890','num');
> > CREATE TABLE B(
> >   chars TEXT,
> >   num TEXT
> > );
> >
> > CREATE TABLE IF NOT EXISTS C AS
> > SELECT A.symbol AS symbol,A.type,
> > CASE A.type
> > WHEN 'chars' THEN A.symbol
> > WHEN 'num' THEN B.chars
> > ELSE NULL
> > END AS chars
> > FROM A LEFT OUTER JOIN B ON A.type='num'  AND B.num=A.symbol;
> >
> > SELECT * FROM C;
> >
> > with 3.8.7.1:
> >
> > sqlite> SELECT * FROM C;
> > ABCDEFG|chars|ABCDEFG
> > 1234567890|num|1234567
> >
> > with 3.8.6:
> >
> > sqlite> SELECT * FROM C;
> > ABCDEFG|chars|ABCDEFG
> > 1234567890|num|
> >
> > --
> >
> > This message contains confidential information and is intended only for
> the
> > individual named. If you are not the named addressee, you should not
> > disseminate, distribute, alter or copy this e-mail. Please notify the
> > sender immediately by e-mail if you have received this e-mail by mistake
> > and delete this e-mail from your system. E-mail transmissions cannot be
> > guaranteed to be secure or without error as information could be
> > intercepted, corrupted, lost, destroyed, or arrive late or incomplete.
> The
> > sender, therefore, does not accept liability for any errors or omissions
> in
> > the contents of this message which arise during or as a result of e-mail
> > transmission. If verification is required, please request a hard-copy
> > version. This message is provided for information purposes and should not
> > be construed as a solicitation or offer to buy or sell any securities or
> > related financial instruments in any jurisdiction.
> > ___
> > sqlite-users mailing list
> > sqlite-users@sqlite.org
> > http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
> >
>
>
>
> --
> D. Richard Hipp
> d...@sqlite.org
> ___
> sqlite-users mailing list
> sqlite-users@sqlite.org
> http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
>

-- 

This message contains confidential information and is intended only for the 
individual named. If you are not the named addressee, you should not 
disseminate, distribute, alter or copy this e-mail. Please notify the 
sender immediately by e-mail if you have received this e-mail by mistake 
and delete this e-mail from your system. E-mail transmissions cannot be 
guaranteed to be secure or without error as information could be 
intercepted, corrupted, lost, destroyed, or arrive late or incomplete. The 
sender, therefore, does not accept liability for any errors or omissions in 
the contents of this message which arise during or as a result of e-mail 
transmission. If verification is required, please request a hard-copy 
version. This message is provided for information purposes and should not 
be construed as a solicitation or offer to buy or sell any securities or 
related financial instruments in any jurisdiction.
___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] sqlite bug report

2014-11-13 Thread Richard Hipp 
This is https://www.sqlite.org/src/info/094d39a4c95ee4 which has been fixed
in trunk and will be fixed in 3.8.7.2.

On Thu, Nov 13, 2014 at 1:05 PM, Hinrichsen, John 
wrote:

> The following SQL produces an incorrect result with sqlite-3.8.7.1:
>
> CREATE TABLE A(
>   symbol TEXT,
>   type TEXT
> );
> INSERT INTO A VALUES('ABCDEFG','chars');
> INSERT INTO A VALUES('1234567890','num');
> CREATE TABLE B(
>   chars TEXT,
>   num TEXT
> );
>
> CREATE TABLE IF NOT EXISTS C AS
> SELECT A.symbol AS symbol,A.type,
> CASE A.type
> WHEN 'chars' THEN A.symbol
> WHEN 'num' THEN B.chars
> ELSE NULL
> END AS chars
> FROM A LEFT OUTER JOIN B ON A.type='num'  AND B.num=A.symbol;
>
> SELECT * FROM C;
>
> with 3.8.7.1:
>
> sqlite> SELECT * FROM C;
> ABCDEFG|chars|ABCDEFG
> 1234567890|num|1234567
>
> with 3.8.6:
>
> sqlite> SELECT * FROM C;
> ABCDEFG|chars|ABCDEFG
> 1234567890|num|
>
> --
>
> This message contains confidential information and is intended only for the
> individual named. If you are not the named addressee, you should not
> disseminate, distribute, alter or copy this e-mail. Please notify the
> sender immediately by e-mail if you have received this e-mail by mistake
> and delete this e-mail from your system. E-mail transmissions cannot be
> guaranteed to be secure or without error as information could be
> intercepted, corrupted, lost, destroyed, or arrive late or incomplete. The
> sender, therefore, does not accept liability for any errors or omissions in
> the contents of this message which arise during or as a result of e-mail
> transmission. If verification is required, please request a hard-copy
> version. This message is provided for information purposes and should not
> be construed as a solicitation or offer to buy or sell any securities or
> related financial instruments in any jurisdiction.
> ___
> sqlite-users mailing list
> sqlite-users@sqlite.org
> http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
>



-- 
D. Richard Hipp
d...@sqlite.org
___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] SQLite bug report: type mismatch security issue in sqlite3.c version 3.7.13

2014-07-25 Thread Richard Hipp 
On Fri, Jul 25, 2014 at 9:50 AM, Yunjiao Xue  wrote:

> To whom it may concern,
>
> We are using SQLite 3.7.13 with an amalgamation version of sqlite3.c. We
> discovered a type mismatch security issue with a recent Fortify scan. The
> problem is on lines 22407, 51807, 63005, 93150 of sqlite3.c.
>

Thank you for reporting compiler warnings.  All of the warnings above are
completely benign and harmless.


>
> For example, the function strHash() in sqlite3.c is declared to return an
> unsigned value on line 22400, but on line 22407 it returns a signed value.
> This would cause a type mismatch security issue (
> http://www.hpenterprisesecurity.com/vulncat/en/vulncat/cpp/type_mismatch_signed_to_unsigned.html
> ).
>

Hype and bluster.  Please see also:


http://www.sqlite.org/mark/testing.html?Static+analysis+has*static+analysis.#staticanalysis
 http://www.sqlite.org/faq.html#q17


>
> We are not sure if the problem still exists in the latest version but most
> probably it's still there. It would be much appreciated if you could fix it.
>
> Thanks,
>
> Jay Xue
>
> ___
> sqlite-users mailing list
> sqlite-users@sqlite.org
> http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
>



-- 
D. Richard Hipp
d...@sqlite.org
___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] Sqlite Bug Report!

2012-03-02 Thread Roger Binns 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

> When I compile sqlite3 in VC++6.0, it does not work, but in VS2010 it
> can work.

http://www.beiww.com/doc/oss/smart-questions.html

Roger
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk9Q/kIACgkQmOOfHg372QTAsQCgz126gE6l6fJPFolDA7CROFhi
EhQAnidLD7eg4Zgh9Iyfo9iFJnKGJY4W
=IICY
-END PGP SIGNATURE-
___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] SQLite bug report - large databases only - 'database or disk is full'

2009-12-12 Thread pirx 

Apologies for not answering earlier, I* was away.
I've never used Process Monitor - the whole setup you describing is new to me - 
but I will try to do something about it in the coming week. It has to be a 
background project for me - I do not use SQLite in production. 




-Original Message-
From: Filip Navara <filip.nav...@gmail.com>
To: General Discussion of SQLite Database <sqlite-users@sqlite.org>
Sent: Thu, Dec 10, 2009 1:35 am
Subject: Re: [sqlite] SQLite bug report - large databases only - 'database or 
disk is full'


On Mon, Dec 7, 2009 at 10:21 PM,  <p...@mail.com> wrote:

 SQLite bug report

 Summary:
 --

 error message:

   Error: near line 2: database or disk is full

 It happens with plenty of disk space available and with 'unlimited' database 
ize.
 It does not happen on all systems. It does not happen on small databases.

I run your scripts with SQLite 3.6.21 on Windows 7 64-bit on NTFS
rive and unfortunately I run out of disk space before the problem
anifested. Would it be possible for you to setup Process Monitor with
ilter on the database path (just the path, so both journal and the
ain database file are in the log) and history depth set to 1 million
the lowest value) and then capture the file accesses during the run
f the reproduction scripts? It is possible to save and export the
ata then for further analysis and hopefully it will give a clue on
hy it happens.
Best regards,
ilip Navara
__
qlite-users mailing list
qlite-us...@sqlite.org
ttp://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] SQLite bug report - large databases only - 'database or disk is full'

2009-12-10 Thread Filip Navara 
On Mon, Dec 7, 2009 at 10:21 PM,   wrote:
>
> SQLite bug report
>
> Summary:
> --
>
> error message:
>
>       Error: near line 2: database or disk is full
>
> It happens with plenty of disk space available and with 'unlimited' database 
> size.
> It does not happen on all systems. It does not happen on small databases.
>

I run your scripts with SQLite 3.6.21 on Windows 7 64-bit on NTFS
drive and unfortunately I run out of disk space before the problem
manifested. Would it be possible for you to setup Process Monitor with
filter on the database path (just the path, so both journal and the
main database file are in the log) and history depth set to 1 million
(the lowest value) and then capture the file accesses during the run
of the reproduction scripts? It is possible to save and export the
data then for further analysis and hopefully it will give a clue on
why it happens.

Best regards,
Filip Navara
___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] SQLite bug report - large databases only - 'database or disk is full'

2009-12-08 Thread Filip Navara 
On Mon, Dec 7, 2009 at 10:21 PM,   wrote:
>
> SQLite bug report
>
> Summary:
> --
>
> error message:
>
>       Error: near line 2: database or disk is full
>
> It happens with plenty of disk space available and with 'unlimited' database 
> size.
> It does not happen on all systems. It does not happen on small databases.
>
>
> Details:
> --
>
>
> The error occurs on
> - windows server 2003 SP2 64bit, windows server 2009 64bit
> - windows vista, windows 7 rc1, windows 7 - all 64-bit
>
> The error does _not_ occur on
> - windows server 2003 SP2 32bit, windows xp sp3 32 bit

Just a short note, we experience very similar problem with our program
and the symptoms match exactly. So far we were unable to reproduce it
reliably on our systems, but we have plenty of bug reports from
production systems. I will post more details soon.

Our database files have page size 4Kb and all of the affected systems
are running Windows. We use incremental vacuum mode and the file sizes
are commonly over 1 Gb large, file system is NTFS (afaik).

Best regards,
Filip Navara
___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users