Package: libsqlite3-dev
Version: 3.8.7.1-1+deb8u1
Followup-For: Bug #638974
FYI:
1) I was able to reproduce this bug in jessie's 3.8.7.1 (gdb and
valgrind report attached);
2) I was *NOT* able to reproduce it in (self-backported) sid's
3.8.10.2-1 (and running under valgrind does not show any problem).
[fwiw, test.db created sid {totally expectdly} kills jessie's on attempt
to open it].
However, I have not found respective entry in changelogs (or upstream
commit), so this could be false positive.
-- System Information:
Debian Release: 8.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (x86_64)
Foreign Architectures: amd64
Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages libsqlite3-dev depends on:
ii libc6-dev 2.19-18
ii libsqlite3-0 3.8.7.1-1+deb8u1
libsqlite3-dev recommends no packages.
Versions of packages libsqlite3-dev suggests:
ii sqlite3-doc 3.8.7.1-1+deb8u1
-- no debconf information
$ valgrind sqlite3 test.db "CREATE TABLE t ( x UNIQUE PRIMARY KEY ) WITHOUT ROWID;"
==7586== Memcheck, a memory error detector
==7586== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==7586== Using Valgrind-3.10.0 and LibVEX; rerun with -h for copyright info
==7586== Command: sqlite3 test.db CREATE\ TABLE\ t\ (\ x\ UNIQUE\ PRIMARY\ KEY\ )\ WITHOUT\ ROWID;
==7586==
==7586== Invalid read of size 1
==7586== at 0x48E8AF9: sqlite3EndTable (in /usr/lib/i386-linux-gnu/libsqlite3.so.0.8.6)
==7586== by 0x48CAAF7: sqlite3Parser (in /usr/lib/i386-linux-gnu/libsqlite3.so.0.8.6)
==7586== by 0x48CE7BB: sqlite3RunParser (in /usr/lib/i386-linux-gnu/libsqlite3.so.0.8.6)
==7586== by 0x48CEE64: sqlite3Prepare (in /usr/lib/i386-linux-gnu/libsqlite3.so.0.8.6)
==7586== by 0x48CF224: sqlite3LockAndPrepare (in /usr/lib/i386-linux-gnu/libsqlite3.so.0.8.6)
==7586== by 0x10E603: shell_exec.constprop.10 (in /usr/bin/sqlite3)
==7586== by 0x10A78E: main (in /usr/bin/sqlite3)
==7586== Address 0x37 is not stack'd, malloc'd or (recently) free'd
==7586==
==7586==
==7586== Process terminating with default action of signal 11 (SIGSEGV)
==7586== Access not within mapped region at address 0x37
==7586== at 0x48E8AF9: sqlite3EndTable (in /usr/lib/i386-linux-gnu/libsqlite3.so.0.8.6)
==7586== by 0x48CAAF7: sqlite3Parser (in /usr/lib/i386-linux-gnu/libsqlite3.so.0.8.6)
==7586== by 0x48CE7BB: sqlite3RunParser (in /usr/lib/i386-linux-gnu/libsqlite3.so.0.8.6)
==7586== by 0x48CEE64: sqlite3Prepare (in /usr/lib/i386-linux-gnu/libsqlite3.so.0.8.6)
==7586== by 0x48CF224: sqlite3LockAndPrepare (in /usr/lib/i386-linux-gnu/libsqlite3.so.0.8.6)
==7586== by 0x10E603: shell_exec.constprop.10 (in /usr/bin/sqlite3)
==7586== by 0x10A78E: main (in /usr/bin/sqlite3)
==7586== If you believe this happened as a result of a stack
==7586== overflow in your program's main thread (unlikely but
==7586== possible), you can try to increase the size of the
==7586== main thread stack using the --main-stacksize= flag.
==7586== The main thread stack size used in this run was 8388608.
==7586==
==7586== HEAP SUMMARY:
==7586== in use at exit: 75,860 bytes in 101 blocks
==7586== total heap usage: 262 allocs, 161 frees, 101,111 bytes allocated
==7586==
==7586== LEAK SUMMARY:
==7586== definitely lost: 0 bytes in 0 blocks
==7586== indirectly lost: 0 bytes in 0 blocks
==7586== possibly lost: 75,848 bytes in 100 blocks
==7586== still reachable: 12 bytes in 1 blocks
==7586== suppressed: 0 bytes in 0 blocks
==7586== Rerun with --leak-check=full to see details of leaked memory
==7586==
==7586== For counts of detected and suppressed errors, rerun with: -v
==7586== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault (core dumped)
(gdb) run
Starting program: /usr/bin/sqlite3 test.db CREATE\ TABLE\ t\ \(\ x\ UNIQUE\ PRIMARY\ KEY\ \)\ WITHOUT\ ROWID\;
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/i686/cmov/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
convertToWithoutRowidTable (pTab=0x5657b7c0, pParse=0x5657aa78)
at sqlite3.c:90230
90230 sqlite3.c: No such file or directory.
(gdb) bt full
#0 convertToWithoutRowidTable (pTab=0x5657b7c0, pParse=0x5657aa78)
at sqlite3.c:90230
pPk = 0x0
nPk = <optimized out>
i = <optimized out>
db = 0x56568010
pIdx = <optimized out>
j = <optimized out>
v = <optimized out>
#1 sqlite3EndTable (pParse=0x5657aa78, pCons=0x5657ad00, pEnd=0x5657ad10,
tabOpts=32 ' ', pSelect=0x0) at sqlite3.c:24813
p = 0x5657b7c0
db = 0x56568010
pIdx = <optimized out>
#2 0xf7f46af8 in yy_reduce (yyruleno=<optimized out>,
yypParser=<optimized out>) at sqlite3.c:122341
yygotominor = {yyinit = 0, yy0 = {z = 0x0, n = 0}, yy3 = 0x0,
yy14 = 0x0, yy59 = 0x0, yy65 = 0x0, yy96 = {eOperator = {z = 0x0,
n = 0}, bNot = 0}, yy132 = 0x0, yy186 = 0 '\000', yy328 = 0,
yy346 = {pExpr = 0x0, zStart = 0x0, zEnd = 0x0}, yy378 = {a = 0,
b = 0x0}, yy381 = 0, yy408 = 0x0, yy429 = {value = 0, mask = 0},
yy473 = 0x0, yy476 = {pLimit = 0x0, pOffset = 0x0}}
yysize = 1448585848
---Type <return> to continue, or q <return> to quit---
#3 sqlite3Parser (yyp=0x5657aca0, yymajor=0, yyminor=..., pParse=0x56568010)
at sqlite3.c:58109
yyminorunion = {yyinit = -11463, yy0 = {z = 0xffffd339 ";", n = 1},
yy3 = 0xffffd339, yy14 = 0xffffd339, yy59 = 0xffffd339,
yy65 = 0xffffd339, yy96 = {eOperator = {z = 0xffffd339 ";", n = 1},
bNot = -134541096}, yy132 = 0xffffd339, yy186 = 57 '9',
yy328 = -11463, yy346 = {pExpr = 0xffffd339,
zStart = 0x1 <error: Cannot access memory at address 0x1>,
zEnd = 0xf7fb10d8 <staticMutexes.9661+24> ""}, yy378 = {
a = -11463, b = 0x1}, yy381 = 54073, yy408 = 0xffffd339, yy429 = {
value = -11463, mask = 1}, yy473 = 0xffffd339, yy476 = {
pLimit = 0xffffd339, pOffset = 0x1}}
yyact = 0
#4 0xf7f4a7bc in sqlite3RunParser (pParse=pParse@entry=0x5657aa78,
zSql=zSql@entry=0xffffd304 "CREATE TABLE t ( x UNIQUE PRIMARY KEY ) WITHOUT ROWID;", pzErrMsg=0xffffb974) at sqlite3.c:124470
nErr = 0
i = 54
pEngine = 0x5657aa78
tokenType = 1
lastTokenParsed = 27
enableLookaside = 1 '\001'
db = 0x56568010
---Type <return> to continue, or q <return> to quit---
mxSqlLen = 1000000000
#5 0xf7f4ae65 in sqlite3Prepare (db=db@entry=0x56568010,
zSql=zSql@entry=0xffffd304 "CREATE TABLE t ( x UNIQUE PRIMARY KEY ) WITHOUT ROWID;", nBytes=-1, saveSqlFlag=1, pReprepare=0x0, ppStmt=0xffffba4c,
pzTail=0xffffba50) at sqlite3.c:103764
pParse = 0x5657aa78
zErrMsg = 0x0
rc = <optimized out>
i = <optimized out>
#6 0xf7f4b225 in sqlite3LockAndPrepare (db=0x56568010,
zSql=0xffffd304 "CREATE TABLE t ( x UNIQUE PRIMARY KEY ) WITHOUT ROWID;",
nBytes=-1, saveSqlFlag=1, pOld=0x0, ppStmt=0xffffba4c, pzTail=0xffffba50)
at sqlite3.c:103856
rc = <optimized out>
pzTail = 0xffffba50
ppStmt = 0xffffba4c
saveSqlFlag = 1
zSql = 0xffffd304 "CREATE TABLE t ( x UNIQUE PRIMARY KEY ) WITHOUT ROWID;"
db = 0x56568010
pOld = 0x0
nBytes = -1
#7 0x5655b604 in shell_exec (db=0x0, zSql=0x0, pArg=0xffffbb0c,
---Type <return> to continue, or q <return> to quit---
pzErrMsg=0xffffbb08, xCallback=<optimized out>) at ./src/shell.c:1314
pStmt = 0x0
zLeftover = 0x5657aa98 ""
#8 0x5655778f in main (argc=3, argv=0xffffd124) at ./src/shell.c:4206
zErrMsg = 0x0
data = {db = 0x56568010, echoOn = 0, autoEQP = 0, statsOn = 0,
outCount = 0, cnt = 0, out = 0xf7e6bac0 <_IO_2_1_stdout_>,
traceOut = 0x0, nErr = 0, mode = 2, writableSchema = 0,
showHeader = 0, shellFlgs = 4, zDestTable = 0x0,
separator = "|", '\000' <repeats 18 times>,
newline = "\r\n", '\000' <repeats 17 times>, colWidth = {
0 <repeats 100 times>}, actualWidth = {0 <repeats 100 times>},
nullvalue = '\000' <repeats 19 times>, normalMode = {valid = 0,
mode = 0, showHeader = 0, colWidth = {0 <repeats 100 times>}},
outfile = '\000' <repeats 4095 times>,
zDbFilename = 0xffffd2fc "test.db", zFreeOnClose = 0x0, zVfs = 0x0,
pStmt = 0x0, pLog = 0x0, aiIndent = 0x0, nIndent = 0, iIndent = 0}
zInitFile = <optimized out>
zFirstCmd = <optimized out>
i = <optimized out>
rc = <optimized out>
warnInmemoryDb = <optimized out>
