Re: [sqlite] Bug report: null pointer dereference in SQLite 3.7.14 (SEGFAULT)

[Bart Smissaert]

Now that is a proper bug!
Makes Excel crash OK here.

RBS


On 10/3/12, Klaus Keppler  wrote:
> Hi,
>
> after upgrading from SQLite 3.7.13 to 3.7.14 our application crashed
> with a SEGFAULT located within SQLite.
> I boiled down the SQL statement and the tables used, and was able to
> reproduce this also with the SQLite standalone binary available at
> http://www.sqlite.org/sqlite-shell-linux-x86-3071400.zip
> (Debian 6, AMD64).
>
> I assume that the new optimizations on the query planner are causing
> this problem; with 3.7.13 everything works fine.
>
>
> HOW TO REPRODUCE:
> -- create these tables and fill with data:
> CREATE TABLE GROUPCUSTOMERS (
>  GC_GROUPID INTEGER NOT NULL,
>  GC_CUSTOMERID INTEGER NOT NULL,
>  GC_OBJECTTYPE INTEGER
> );
> INSERT INTO GROUPCUSTOMERS VALUES (1, 1, NULL);
>
> CREATE TABLE GROUPPERMISSIONS (
>  GP_GROUPID INTEGER NOT NULL,
>  GP_MODULEID INTEGER NOT NULL,
>  GP_PERMISSIONID INTEGER NOT NULL
> );
> INSERT INTO GROUPPERMISSIONS VALUES (1, 1, 1);
>
> CREATE TABLE GROUPUSERS (
>  GU_GROUPID INTEGER NOT NULL,
>  GU_USERID INTEGER NOT NULL,
>  GU_OBJECTTYPE INTEGER
> );
>
> -- then run this query:
> SELECT * FROM
>   ( SELECT GP_MODULEID AS CP_MODULEID, GP_PERMISSIONID AS CP_PERMISSIONID
>   FROM GROUPCUSTOMERS, GROUPPERMISSIONS
>   WHERE (GC_GROUPID = GP_GROUPID)
>   ) AS A1
>   LEFT JOIN
>   ( SELECT GP_MODULEID AS UP_MODULEID, GP_PERMISSIONID AS UP_PERMISSIONID
>   FROM GROUPUSERS, GROUPPERMISSIONS
>   WHERE (GU_GROUPID = GP_GROUPID)
>   ) AS A2
>   ON (CP_MODULEID = UP_MODULEID)
>  OR (UP_PERMISSIONID = 0)
>   ;
>
> => SEGFAULT
>
> -- note that it is important to have these two records inserted,
> -- without them the SQL will work.
>
> -- AND: when running "ANALYZE" before running the SQL statement, the
> -- query also succeeds!
>
> In our application, the error occured at the sqlite3VdbeExec function at
>   "case OP_NullRow:" on the line "u.bn.pC->nullRow = 1;"
> u.pn.pC is NULL at this point.
> (tested with GDB and the original (bloated) SQL statement from within
> our application)
> We did NOT use the flag SQLITE_ENABLE_STAT3.
>
> For any questions don't hezitate to contact me.
>
> Best regards
>
> -Klaus Keppler
>
>
>
> --
> __
> Keppler IT GmbH - Die Hostingexperten.
>
> Dipl.-Inf. Klaus KepplerTel. (09131) 691-480
> Geschäftsführer Fax: (09131) 691-489
>
> Am Weichselgarten 7 UStID.-Nr. DE259788698
> 91058 Erlangen  Amtsgericht Fürth, HRB 11477
> www.keppler-it.de   Sitz d. Gesellschaft: Erlangen
> __
> ___
> sqlite-users mailing list
> sqlite-users@sqlite.org
> http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
>
___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] Bug report: null pointer dereference in SQLite 3.7.14 (SEGFAULT)

[Richard Hipp]

Trouble ticket is here:  http://www.sqlite.org/src/info/d02e1406a5

Tnx for the test script.

On Wed, Oct 3, 2012 at 2:57 PM, Klaus Keppler  wrote:

> Hi,
>
> after upgrading from SQLite 3.7.13 to 3.7.14 our application crashed with
> a SEGFAULT located within SQLite.
> I boiled down the SQL statement and the tables used, and was able to
> reproduce this also with the SQLite standalone binary available at
> http://www.sqlite.org/sqlite-**shell-linux-x86-3071400.zip
> (Debian 6, AMD64).
>
> I assume that the new optimizations on the query planner are causing this
> problem; with 3.7.13 everything works fine.
>
>
> HOW TO REPRODUCE:
> -- create these tables and fill with data:
> CREATE TABLE GROUPCUSTOMERS (
> GC_GROUPID INTEGER NOT NULL,
> GC_CUSTOMERID INTEGER NOT NULL,
> GC_OBJECTTYPE INTEGER
> );
> INSERT INTO GROUPCUSTOMERS VALUES (1, 1, NULL);
>
> CREATE TABLE GROUPPERMISSIONS (
> GP_GROUPID INTEGER NOT NULL,
> GP_MODULEID INTEGER NOT NULL,
> GP_PERMISSIONID INTEGER NOT NULL
> );
> INSERT INTO GROUPPERMISSIONS VALUES (1, 1, 1);
>
> CREATE TABLE GROUPUSERS (
> GU_GROUPID INTEGER NOT NULL,
> GU_USERID INTEGER NOT NULL,
> GU_OBJECTTYPE INTEGER
> );
>
> -- then run this query:
> SELECT * FROM
>  ( SELECT GP_MODULEID AS CP_MODULEID, GP_PERMISSIONID AS CP_PERMISSIONID
>  FROM GROUPCUSTOMERS, GROUPPERMISSIONS
>  WHERE (GC_GROUPID = GP_GROUPID)
>  ) AS A1
>  LEFT JOIN
>  ( SELECT GP_MODULEID AS UP_MODULEID, GP_PERMISSIONID AS UP_PERMISSIONID
>  FROM GROUPUSERS, GROUPPERMISSIONS
>  WHERE (GU_GROUPID = GP_GROUPID)
>  ) AS A2
>  ON (CP_MODULEID = UP_MODULEID)
> OR (UP_PERMISSIONID = 0)
>  ;
>
> => SEGFAULT
>
> -- note that it is important to have these two records inserted,
> -- without them the SQL will work.
>
> -- AND: when running "ANALYZE" before running the SQL statement, the
> -- query also succeeds!
>
> In our application, the error occured at the sqlite3VdbeExec function at
>  "case OP_NullRow:" on the line "u.bn.pC->nullRow = 1;"
> u.pn.pC is NULL at this point.
> (tested with GDB and the original (bloated) SQL statement from within our
> application)
> We did NOT use the flag SQLITE_ENABLE_STAT3.
>
> For any questions don't hezitate to contact me.
>
> Best regards
>
>-Klaus Keppler
>
>
>
> --
> __**__**__
> Keppler IT GmbH - Die Hostingexperten.
>
> Dipl.-Inf. Klaus KepplerTel. (09131) 691-480
> Geschäftsführer Fax: (09131) 691-489
>
> Am Weichselgarten 7 UStID.-Nr. DE259788698
> 91058 Erlangen  Amtsgericht Fürth, HRB 11477
> www.keppler-it.de   Sitz d. Gesellschaft: Erlangen
> __**__**__
> __**_
> sqlite-users mailing list
> sqlite-users@sqlite.org
> http://sqlite.org:8080/cgi-**bin/mailman/listinfo/sqlite-**users
>



-- 
D. Richard Hipp
d...@sqlite.org
___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

[sqlite] Bug report: null pointer dereference in SQLite 3.7.14 (SEGFAULT)

[Klaus Keppler]

Hi,

after upgrading from SQLite 3.7.13 to 3.7.14 our application crashed 
with a SEGFAULT located within SQLite.
I boiled down the SQL statement and the tables used, and was able to 
reproduce this also with the SQLite standalone binary available at 
http://www.sqlite.org/sqlite-shell-linux-x86-3071400.zip

(Debian 6, AMD64).

I assume that the new optimizations on the query planner are causing 
this problem; with 3.7.13 everything works fine.



HOW TO REPRODUCE:
-- create these tables and fill with data:
CREATE TABLE GROUPCUSTOMERS (
GC_GROUPID INTEGER NOT NULL,
GC_CUSTOMERID INTEGER NOT NULL,
GC_OBJECTTYPE INTEGER
);
INSERT INTO GROUPCUSTOMERS VALUES (1, 1, NULL);

CREATE TABLE GROUPPERMISSIONS (
GP_GROUPID INTEGER NOT NULL,
GP_MODULEID INTEGER NOT NULL,
GP_PERMISSIONID INTEGER NOT NULL
);
INSERT INTO GROUPPERMISSIONS VALUES (1, 1, 1);

CREATE TABLE GROUPUSERS (
GU_GROUPID INTEGER NOT NULL,
GU_USERID INTEGER NOT NULL,
GU_OBJECTTYPE INTEGER
);

-- then run this query:
SELECT * FROM
 ( SELECT GP_MODULEID AS CP_MODULEID, GP_PERMISSIONID AS CP_PERMISSIONID
 FROM GROUPCUSTOMERS, GROUPPERMISSIONS
 WHERE (GC_GROUPID = GP_GROUPID)
 ) AS A1
 LEFT JOIN
 ( SELECT GP_MODULEID AS UP_MODULEID, GP_PERMISSIONID AS UP_PERMISSIONID
 FROM GROUPUSERS, GROUPPERMISSIONS
 WHERE (GU_GROUPID = GP_GROUPID)
 ) AS A2
 ON (CP_MODULEID = UP_MODULEID)
OR (UP_PERMISSIONID = 0)
 ;

=> SEGFAULT

-- note that it is important to have these two records inserted,
-- without them the SQL will work.

-- AND: when running "ANALYZE" before running the SQL statement, the
-- query also succeeds!

In our application, the error occured at the sqlite3VdbeExec function at 
 "case OP_NullRow:" on the line "u.bn.pC->nullRow = 1;"

u.pn.pC is NULL at this point.
(tested with GDB and the original (bloated) SQL statement from within 
our application)

We did NOT use the flag SQLITE_ENABLE_STAT3.

For any questions don't hezitate to contact me.

Best regards

   -Klaus Keppler



--
__
Keppler IT GmbH - Die Hostingexperten.

Dipl.-Inf. Klaus KepplerTel. (09131) 691-480
Geschäftsführer Fax: (09131) 691-489

Am Weichselgarten 7 UStID.-Nr. DE259788698
91058 Erlangen  Amtsgericht Fürth, HRB 11477
www.keppler-it.de   Sitz d. Gesellschaft: Erlangen
__
___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users