[sqlite] Issue report: sqlite3_set_authorizer triggers error 4/516 (SQLITE_ABORT_ROLLBACK) during statement iteration

Thu, 01 Aug 2019 11:37:19 -0700 

Hello,

This is an issue report.

SQLite from version 3.8.8 to version 3.24.0 exhibits an issue which
prevents the use of sqlite3_set_authorizer during the iteration of a
statement. The issue does not happen with all statements, but only with
some of them.

It basically goes this way:

1. set authorizer
2. compile statement
3. reset authorizer
4. step
5. set authorizer (and do something else)
6. step -> SQLITE_ABORT_ROLLBACK

Please find below a reproducible test case, reduced as much as I could. It
outputs `code = 516`, when it should not.

A piece of information that may help narrowing the trouble: I could only
trigger the error with the provided query, that involve two tables.

Finally, I post this message after investigation for an issue in the GRDB
Swift library: https://github.com/groue/GRDB.swift/issues/583

Thanks for reading,
Gwendal Roué


#include <sqlite3.h>
#include <stdio.h>

int authorize(void* a,int b,const char* c,const char* d,const char* e,const
char* f) {
    return SQLITE_OK;
}

int main() {
    sqlite3 *connection;
    sqlite3_open_v2(":memory:", &connection, SQLITE_OPEN_READWRITE |
SQLITE_OPEN_NOMUTEX, 0);
    sqlite3_extended_result_codes(connection, 1);
    sqlite3_exec(connection, "CREATE TABLE user (username TEXT NOT NULL)",
0, 0, 0);
    sqlite3_exec(connection, "CREATE TABLE flagUser (username TEXT NOT
NULL)", 0, 0, 0);
    sqlite3_exec(connection, "INSERT INTO flagUser (username) VALUES
('User1')", 0, 0, 0);
    sqlite3_exec(connection, "INSERT INTO flagUser (username) VALUES
('User2')", 0, 0, 0);

    sqlite3_stmt *statement;
    sqlite3_set_authorizer(connection, authorize, 0);
    sqlite3_prepare_v3(connection, "SELECT * FROM flagUser WHERE (SELECT
COUNT(*) FROM user WHERE username = flagUser.username) = 0", -1, 0,
&statement, 0);
    sqlite3_set_authorizer(connection, 0, 0);

    int code = sqlite3_step(statement);
    printf("code = %i\n", code);
    sqlite3_set_authorizer(connection, 0, 0);
    code = sqlite3_step(statement);
    printf("code = %i\n", code);
    sqlite3_finalize(statement);
    sqlite3_close_v2(connection);
}
_______________________________________________
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

Reply via email to