Bug#771669: segfaults with trivial usage

Mon, 01 Dec 2014 05:43:02 -0800 

Hi Christian,

May I draw your attention on Debian bug number 771669, which I quote
below and which can be read in full at http://bugs.debian.org/771669 ?

It was reported against 0.992, but I have reproduced it with 0.999
(which I'm shortly going to upload to Debian).

I also attach a backtrace with sqliteodbc and libsqlite3 compiled in
full debug mode. The trigger for this segfault seems to me to be that
a column in the result of the select is an expression, as opposed to a
"straight" column reference from a table, leading to
sqlite3_column_(database|table|origin)_name to return NULL, which is
then passed to sqlite3_table_column_metadata. I'm not 100% sure if
that is to be considered a bug in sqliteodbc or in libsqlite3; even if
a bug in libsqlite3, it would probably be good to work around it in
sqliteodbc, additionally to having it fixed in libsqlite3.


Please keep 771...@bugs.debian.org in CC of your replies, so that they
are filed by our bug tracking system and forwarded to the right
people.

Best Regards and Thanks,

Lionel Mamane

On Mon, Dec 01, 2014 at 02:31:22PM +0200, Enrico Zini wrote:
> Package: libsqliteodbc
> Version: 0.992-2
> Severity: grave
> 
> Hello,
> 
> sqlite3+odbc segfaults with this simple test case, which as far as I
> understand ODBC is just a standard connect and prepare sequence.
> 
> The segfault happens in the current Jessie and in Fedora 20.
> 
> $ cat sqlite-odbc.c
> #include <sql.h>
> #include <sqlext.h>
> #include <assert.h>
> #include <stdlib.h>
> 
> int main()
> {
>     // Allocate ODBC environment handle and register version
>     SQLHENV od_env;
>     assert(SQLAllocHandle(SQL_HANDLE_ENV, SQL_NULL_HANDLE, &od_env) == 
> SQL_SUCCESS);
>     assert(SQLSetEnvAttr(od_env, SQL_ATTR_ODBC_VERSION, (void*)SQL_OV_ODBC3, 
> 0) == SQL_SUCCESS);
> 
>     SQLHDBC od_conn;
>     assert(SQLAllocHandle(SQL_HANDLE_DBC, od_env, &od_conn) == SQL_SUCCESS);
> 
>     // Connect to the DSN
>     char sdcout[1024];
>     SQLSMALLINT outlen;
>     assert(SQLDriverConnect(od_conn, NULL,
>                     (SQLCHAR*)"Driver=SQLite3;Database=test.sqlite;", SQL_NTS,
>                     (SQLCHAR*)sdcout, 1024, &outlen,
>                     SQL_DRIVER_NOPROMPT) == SQL_SUCCESS);
> 
>     // Create a statement
>     SQLHSTMT stm;
>     assert(SQLAllocHandle(SQL_HANDLE_STMT, od_conn, &stm) == SQL_SUCCESS);
> 
> 
>     // Prepare a query
>     assert(SQLPrepare(stm, (SQLCHAR*)"SELECT COUNT(*) FROM sqlite_master 
> WHERE type='table' AND name=?", SQL_NTS) == SQL_SUCCESS);
> 
> 
>     // All good, deallocate things
>     SQLFreeHandle(SQL_HANDLE_STMT, stm);
>     SQLFreeHandle(SQL_HANDLE_DBC, od_conn);
>     SQLFreeHandle(SQL_HANDLE_ENV, od_env);
> }
> $ gcc -g sqlite-odbc.c -o sqlite-odbc -lodbc
> $ rm -f test.sqlite  # Not needed, but it keeps the tests stateless
> $ ./sqlite-odbc
> Segmentation fault
> $ rm -f test.sqlite  # Not needed, but it keeps the tests stateless
> $ gdb ./sqlite-odbc
> GNU gdb (Debian 7.7.1+dfsg-5) 7.7.1
> [...]
> (gdb) run
> Starting program: /home/enrico/lavori/arpa/dballe/sqlite-odbc
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
> 
> Program received signal SIGSEGV, Segmentation fault.
> 0x00007ffff6abc537 in sqlite3_stricmp () from 
> /usr/lib/x86_64-linux-gnu/libsqlite3.so.0
> (gdb) where
> #0  0x00007ffff6abc537 in sqlite3_stricmp () from 
> /usr/lib/x86_64-linux-gnu/libsqlite3.so.0
> #1  0x00007ffff6abd485 in ?? () from /usr/lib/x86_64-linux-gnu/libsqlite3.so.0
> #2  0x00007ffff6abecf6 in ?? () from /usr/lib/x86_64-linux-gnu/libsqlite3.so.0
> #3  0x00007ffff6b29188 in sqlite3_table_column_metadata () from 
> /usr/lib/x86_64-linux-gnu/libsqlite3.so.0
> #4  0x00007ffff6d8180d in ?? () from 
> /usr/lib/x86_64-linux-gnu/odbc/libsqlite3odbc.so
> #5  0x00007ffff6d882d0 in ?? () from 
> /usr/lib/x86_64-linux-gnu/odbc/libsqlite3odbc.so
> #6  0x00007ffff6d88965 in ?? () from 
> /usr/lib/x86_64-linux-gnu/odbc/libsqlite3odbc.so
> #7  0x00007ffff7b94481 in SQLPrepare () from 
> /usr/lib/x86_64-linux-gnu/libodbc.so.2
> #8  0x0000000000400957 in main () at sqlite-odbc.c:30
> (gdb)
> 
> 
> Regards,
> 
> Enrico
> 
> -- System Information:
> Debian Release: jessie/sid
>   APT prefers testing
>   APT policy: (500, 'testing')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
> 
> Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
> Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> 
> Versions of packages libsqliteodbc depends on:
> ii  libc6              2.19-13
> ii  libsqlite0         2.8.17-12
> ii  libsqlite3-0       3.8.7.1-1
> ii  multiarch-support  2.19-13
> 
> libsqliteodbc recommends no packages.
> 
> Versions of packages libsqliteodbc suggests:
> ii  unixodbc-bin  2.3.0-4
> 
> -- no debconf information
> 
> 

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6aaa487 in sqlite3_stricmp (zLeft=0x62b758 "sqlite_temp_master", 
zRight=zRight@entry=0x0) at sqlite3.c:23042
23042                while( *a!=0 && UpperToLower[*a]==UpperToLower[*b]){ a++; 
b++; }
(gdb) bt
#0  0x00007ffff6aaa487 in sqlite3_stricmp (zLeft=0x62b758 "sqlite_temp_master", 
zRight=zRight@entry=0x0)
    at sqlite3.c:23042
#1  0x00007ffff6aab3d5 in findElementWithHash (pH=<optimized out>, 
pKey=pKey@entry=0x0, 
    pHash=pHash@entry=0x7fffffffd864) at sqlite3.c:24317
#2  0x00007ffff6aacc46 in sqlite3HashFind (pKey=0x0, pH=<optimized out>) at 
sqlite3.c:24369
#3  sqlite3FindTable (db=db@entry=0x618088, zName=zName@entry=0x0, 
zDatabase=zDatabase@entry=0x0) at sqlite3.c:23296
#4  0x00007ffff6b17128 in sqlite3_table_column_metadata (db=0x618088, 
zDbName=0x0, zTableName=0x0, zColumnName=0x0, 
    pzDataType=0x7fffffffd9c0, pzCollSeq=0x7fffffffd9c8, 
pNotNull=0x7fffffffd99c, pPrimaryKey=0x7fffffffd9a0, 
    pAutoinc=0x7fffffffd9a4) at sqlite3.c:127864
#5  0x00007ffff6d71cdd in s3stmt_addmeta (s3stmt=0x62e568, col=0, d=0x6176e8, 
ci=0x62f108) at sqlite3odbc.c:4252
#6  0x00007ffff6d8e2fe in setupdyncols (s=0x62a418, s3stmt=0x62e568, 
ncolsp=0x7fffffffdac4) at sqlite3odbc.c:18266
#7  0x00007ffff6d8e74c in drvprepare (stmt=0x62a418, 
    query=0x400bb8 "SELECT COUNT(*) AS foo FROM sqlite_master WHERE 
type='table' AND name=?", queryLen=-3)
    at sqlite3odbc.c:18377
#8  0x00007ffff6d8f349 in SQLPrepare (stmt=0x62a418, 
    query=0x400bb8 "SELECT COUNT(*) AS foo FROM sqlite_master WHERE 
type='table' AND name=?", queryLen=-3)
    at sqlite3odbc.c:18655
#9  0x00007ffff7b94481 in SQLPrepare () from 
/usr/lib/x86_64-linux-gnu/libodbc.so.2
#10 0x0000000000400964 in main (argc=1, argv=0x7fffffffe198) at sqlite-odbc.c:30
(gdb) bt full
#0  0x00007ffff6aaa487 in sqlite3_stricmp (zLeft=0x62b758 "sqlite_temp_master", 
zRight=zRight@entry=0x0)
    at sqlite3.c:23042
        a = 0x62b758 "sqlite_temp_master"
        b = 0x0
#1  0x00007ffff6aab3d5 in findElementWithHash (pH=<optimized out>, 
pKey=pKey@entry=0x0, 
    pHash=pHash@entry=0x7fffffffd864) at sqlite3.c:24317
        elem = 0x62b788
        count = 0
        h = <optimized out>
#2  0x00007ffff6aacc46 in sqlite3HashFind (pKey=0x0, pH=<optimized out>) at 
sqlite3.c:24369
        elem = <optimized out>
        h = 0
#3  sqlite3FindTable (db=db@entry=0x618088, zName=zName@entry=0x0, 
zDatabase=zDatabase@entry=0x0) at sqlite3.c:23296
        j = 1
        p = 0x0
        i = 0
#4  0x00007ffff6b17128 in sqlite3_table_column_metadata (db=0x618088, 
zDbName=0x0, zTableName=0x0, zColumnName=0x0, 
    pzDataType=0x7fffffffd9c0, pzCollSeq=0x7fffffffd9c8, 
pNotNull=0x7fffffffd99c, pPrimaryKey=0x7fffffffd9a0, 
    pAutoinc=0x7fffffffd9a4) at sqlite3.c:127864
        rc = 0
        zErrMsg = 0x0
        pTab = 0x0
        pCol = 0x0
        iCol = <optimized out>
        zDataType = 0x0
        zCollSeq = 0x0
        notnull = 0
        primarykey = 0
        autoinc = 0
#5  0x00007ffff6d71cdd in s3stmt_addmeta (s3stmt=0x62e568, col=0, d=0x6176e8, 
ci=0x62f108) at sqlite3odbc.c:4252
        nn = 0
        pk = 0
        ai = 0
        dn = 0x0
        tn = 0x0
        cn = 0x0
        dummy = {0x0, 0x0, 0x629d80 "[K", 0x7fffffffda90 ""}
#6  0x00007ffff6d8e2fe in setupdyncols (s=0x62a418, s3stmt=0x62e568, 
ncolsp=0x7fffffffdac4) at sqlite3odbc.c:18266
        q = 0x0
        i = 0
        colname = 0x62f0d8 "foo"
        tblname = 0x62f165 ""
        size = 14
        p = 0x62f160 ""
        dyncols = 0x62f108
        d = 0x6176e8
        typename = 0x7ffff6d904cc "varchar"
        ncols = 1
        guessed_types = 1
        ret = 0
#7  0x00007ffff6d8e74c in drvprepare (stmt=0x62a418, 
    query=0x400bb8 "SELECT COUNT(*) AS foo FROM sqlite_master WHERE 
type='table' AND name=?", queryLen=-3)
    at sqlite3odbc.c:18377
        ret = 0
        ncols = 1
        nretry = 0
        rest = 0x62b90f ""
        s3stmt = 0x62e568
        s = 0x62a418
        d = 0x6176e8
        errp = 0x0
        sret = 0
#8  0x00007ffff6d8f349 in SQLPrepare (stmt=0x62a418, 
    query=0x400bb8 "SELECT COUNT(*) AS foo FROM sqlite_master WHERE 
type='table' AND name=?", queryLen=-3)
    at sqlite3odbc.c:18655
        ret = 0
#9  0x00007ffff7b94481 in SQLPrepare () from 
/usr/lib/x86_64-linux-gnu/libodbc.so.2
No symbol table info available.
#10 0x0000000000400964 in main (argc=1, argv=0x7fffffffe198) at sqlite-odbc.c:30
        od_env = 0x602100
        __PRETTY_FUNCTION__ = "main"
        od_conn = 0x6027e0
        sdcout = 
"DSN=;Database=test.sqlite;StepAPI=;Timeout=;SyncPragma=;NoTXN=;ShortNames=;LongNames=;NoCreat=;NoWCHAR=;FKSupport=;Tracefile=;JournalMode=;LoadExt=;BigInt=;JDConv=;PWD=\000W\336\367\377\177\000\000\000\000\000\000\000\000\000\000\310\067\375\367\377\177\000\000\001\000\000\000\377\177\000\000\000\000\000\000\000\000\000\000"...
        outlen = 168
        stm = 0x629d80

Reply via email to