This is an issue with the CLI, not with the SQLite core. It is fixed here: https://www.sqlite.org/src/info/d7f55c62c3fa053b
On 1/4/19, Xingwei Lin <[email protected]> wrote: > Hi, > > I found a null pointer access problem in *sqlite3Init *function in version > 3.26.0. > > The poc is simple: > >> .open . > > .selftest > > > The GDB debug traces are: > >> #0 0x000055d76316ae12 in sqlite3Init (db=0x55d76509de18, >> pzErrMsg=0x7fffa3d64ac0) at sqlite3.c:123082 > > #1 0x000055d7631a22d7 in sqlite3_table_column_metadata (db=0x55d76509de18, >> zDbName=0x55d7631fa22e "main", zTableName=0x55d763200574 "selftest", >> zColumnName=0x0, pzDataType=0x0, pzCollSeq=0x0, pNotNull=0x0, >> pPrimaryKey=0x0, pAutoinc=0x0) at sqlite3.c:156312 > > #2 0x000055d7630e73f3 in do_meta_command (zLine=0x55d765090970 >> ".selftest", p=0x7fffa3d68090) at shell.c:14816 > > #3 0x000055d7630ea430 in process_input (p=0x7fffa3d68090, >> in=0x55d76506f6d0) at shell.c:15712 > > #4 0x000055d7630e669c in do_meta_command (zLine=0x55d7650909f0 ".read", >> p=0x7fffa3d68090) at shell.c:14369 > > #5 0x000055d7630ea430 in process_input (p=0x7fffa3d68090, in=0x0) at >> shell.c:15712 > > #6 0x000055d7630ec173 in main (argc=1, argv=0x7fffa3d69668) at >> shell.c:16479 > > > When we invoke "*.open .*", sqlite3 will fail to open "." database. > However, sqlite3 will still create db("struct sqlite3") object without full > initialization and not destroy it in "*shell.c:11306*". > > Then when we invoke "*.selftest"*, when the routine go to *sqlite3Init* > function, it will call "*ENC(db) = SCHEMA_ENC(db)*;", > which is a macro: "*#define SCHEMA_ENC(db) ((db)->aDb[0].pSchema->enc)*". > > "SCHEMA_ENC(db)" will access "pSchema" field, which has not been > initialized yet for the failure create "." database. > > Attach is the poc sql file. > I used the following command: > > ./sqlite3 > > sqlite >.read crash.sql > > > -- > Best regards, > Xingwei Lin > _______________________________________________ > sqlite-users mailing list > [email protected] > http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users > -- D. Richard Hipp [email protected] _______________________________________________ sqlite-users mailing list [email protected] http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
