Bug#768393: sqlite3: segmentation fault in evolution caused by calling NULL xFetch method

[Josh Triplett]

Package: libsqlite3-0
Version: 3.8.7-1
Severity: grave
Tags: patch
Control: affects -1 evolution

I have a massive email folder in Evolution.  Recently, I started
encountering segmentation faults every time I accessed that folder
(opened it, tried to copy mail into it, etc).  Running evolution under
gdb turned up a backtrace leading to the call to xFetch in
sqlite3OsFetch (by way of vdbeSorterExtendFile), with a NULL xFetch
function pointer.

Some searching turned up this upstream patch:
http://www.sqlite.org/src/info/071f7f2decd2f786c0201a4219e9c2cc9d227085

I adapted that patch to apply to 3.8.7-1; adapted version attached.  I
rebuilt sqlite3 with that patch applied, and evolution no longer
segfaults.

- Josh Triplett

--- sqlite3-3.8.7.orig/src/vdbesort.c
+++ sqlite3-3.8.7/src/vdbesort.c
@@ -603,7 +603,7 @@ static int vdbeSorterMapFile(SortSubtask
   int rc = SQLITE_OK;
   if( pFile->iEof<=(i64)(pTask->pSorter->db->nMaxSorterMmap) ){
     sqlite3_file *pFd = pFile->pFd;
-    if( pFd->pMethods->iVersion>=3 ){
+    if( pFd->pMethods->iVersion>=3 && pFd->pMethods->xFetch ){
       rc = sqlite3OsFetch(pFd, 0, (int)pFile->iEof, (void**)pp);
       testcase( rc!=SQLITE_OK );
     }
@@ -1126,7 +1126,7 @@ void sqlite3VdbeSorterClose(sqlite3 *db,
 static void vdbeSorterExtendFile(sqlite3 *db, sqlite3_file *pFd, i64 nByte){
   if( nByte<=(i64)(db->nMaxSorterMmap) && pFd->pMethods->iVersion>=3 ){
     int rc = sqlite3OsTruncate(pFd, nByte);
-    if( rc==SQLITE_OK ){
+    if( rc==SQLITE_OK && pFd->pMethods->xFetch ){
       void *p = 0;
       sqlite3OsFetch(pFd, 0, (int)nByte, &p);
       sqlite3OsUnfetch(pFd, 0, p);