Public bug reported:
Ubuntu version: 18.04
sqlite version:3.22
Hello,I found some potential bugs in package sqlite3,and the .docx file
in the attachment I uploaded shows the occurrence process of the bug in
a graphical way.Would you help me check whether the bugs mentioned below
are true? Thank you very much for your patience.
In file sqlite3/build/sqlite3.c(build is a folder contain files generated by
configure)
In function sqlite3VtabCallDestroy
In line 128391.There is a statement load return value of function
vtabDisconnectedAll to pointer p and return value can be null.
In line 128392.There is a statment derefer p without check.
The entire graphic description is shown in figure 1 in .docx file.
In sqlite3-3.22.0/src/tclsqlite.c
In function dbReleaseStmt
In line 1421:
pointer pPrev is initilized to null,and in a certain path,the value of pPrev
not be changed and derefered without check.
The entire graphic description is shown in figure 2 in .docx file.
In file sqlite3/build/sqlite3.c(build is a folder contain files generated by
configure)
In function vdbeSorterFlushPMA
In line 89710,pointer pTask is derefered without check and its value can be
null.
The entire graphic description is shown in figure 3 in .docx file.
In file sqlite3/build/sqlite3.c(build is a folder contain files generated by
configure)
In function sqlite3CodeRowTriggerDirect
In line 126110:
pointer v load return value of function sqliteGetVdbe and its value can be null.
In line 126120:
pointer v act as the 1st parameter of function sqlite3VdbeAddOp4 and in this
function,v will derefer without check.
The entire graphic description is shown in figure 4 in .docx file.
In file sqlite3/build/sqlite3.c(build is a folder contain files generated by
configure)
In function sqlite3_randomness
In line 27774:return value of sqlite3_vfs_find which can be null act as the 1st
parameter of function sqlite3OsRandomness,in this function,return value of
sqlite3_vfs_find is derefered without check.
The entire graphic description is shown in figure 5 in .docx file.
In file sqlite3/build/shell.c(build is a folder contain files generated by
configure)
In function process_input
In line 14653:
zSql is initialized to null and in certain path,the value of zSql not be
changed and derefered without check.
The entire graphic description is shown in figure 6 in .docx file.
In file sqlite3/build/shell.c(build is a folder contain files generated by
configure)
In function sqlite3_appendvfs_init
In line 3949:
return value of function sqlite3_vfs_fund which can be null is loaded to pOrig
In line 3950:
pOrig is derefered without check
The entire graphic description is shown in figure 7 in .docx file.
In file sqlite3/build/sqlite3.c(build is a folder contain files generated by
configure)
In function fts3IncrmergeChomp
In line 163794:
pSeg is initialized to null.
In line 163803:
pSeg is derefered without check
The entire graphic description is shown in figure 8 in .docx file.
** Affects: sqlite3 (Ubuntu)
Importance: Undecided
Status: New
** Attachment added: "null_pointer_dereference.docx"
https://bugs.launchpad.net/bugs/1940353/+attachment/5518656/+files/null_pointer_dereference.docx
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to sqlite3 in Ubuntu.
https://bugs.launchpad.net/bugs/1940353
Title:
Several potential bugs of null pointer dereference
Status in sqlite3 package in Ubuntu:
New
Bug description:
Ubuntu version: 18.04
sqlite version:3.22
Hello,I found some potential bugs in package sqlite3,and the .docx
file in the attachment I uploaded shows the occurrence process of the
bug in a graphical way.Would you help me check whether the bugs
mentioned below are true? Thank you very much for your patience.
In file sqlite3/build/sqlite3.c(build is a folder contain files generated by
configure)
In function sqlite3VtabCallDestroy
In line 128391.There is a statement load return value of function
vtabDisconnectedAll to pointer p and return value can be null.
In line 128392.There is a statment derefer p without check.
The entire graphic description is shown in figure 1 in .docx file.
In sqlite3-3.22.0/src/tclsqlite.c
In function dbReleaseStmt
In line 1421:
pointer pPrev is initilized to null,and in a certain path,the value of pPrev
not be changed and derefered without check.
The entire graphic description is shown in figure 2 in .docx file.
In file sqlite3/build/sqlite3.c(build is a folder contain files generated by
configure)
In function vdbeSorterFlushPMA
In line 89710,pointer pTask is derefered without check and its value can be
null.
The entire graphic description is shown in figure 3 in .docx file.
In file sqlite3/build/sqlite3.c(build is a folder contain files generated by
configure)
In function sqlite3CodeRowTriggerDirect
In line 126110:
pointer v load return value of function sqliteGetVdbe and its value can be
null.
In line 126120:
pointer v act as the 1st parameter of function sqlite3VdbeAddOp4 and in this
function,v will derefer without check.
The entire graphic description is shown in figure 4 in .docx file.
In file sqlite3/build/sqlite3.c(build is a folder contain files generated by
configure)
In function sqlite3_randomness
In line 27774:return value of sqlite3_vfs_find which can be null act as the
1st parameter of function sqlite3OsRandomness,in this function,return value of
sqlite3_vfs_find is derefered without check.
The entire graphic description is shown in figure 5 in .docx file.
In file sqlite3/build/shell.c(build is a folder contain files generated by
configure)
In function process_input
In line 14653:
zSql is initialized to null and in certain path,the value of zSql not be
changed and derefered without check.
The entire graphic description is shown in figure 6 in .docx file.
In file sqlite3/build/shell.c(build is a folder contain files generated by
configure)
In function sqlite3_appendvfs_init
In line 3949:
return value of function sqlite3_vfs_fund which can be null is loaded to pOrig
In line 3950:
pOrig is derefered without check
The entire graphic description is shown in figure 7 in .docx file.
In file sqlite3/build/sqlite3.c(build is a folder contain files generated by
configure)
In function fts3IncrmergeChomp
In line 163794:
pSeg is initialized to null.
In line 163803:
pSeg is derefered without check
The entire graphic description is shown in figure 8 in .docx file.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1940353/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
