A crash bug in sqlite

classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|

A crash bug in sqlite

Yongheng Chen
Hi,

We found a crash bug in sqlite of master branch. Here’s the POC

CREATE TABLE v0 ( v2 DOUBLE CHECK( ( v2 IN ( v2 , v1) ) ) , v1 UNIQUE AS( v2 > v2 ) ) ;
INSERT INTO v0 VALUES ( 10 );
SELECT v0 . v1 , v0 . v1 FROM v0 JOIN v0 USING ( v1 , v1) ;

The bug exists in "SQLite version 3.31.0 2019-12-08 00:06:39” and "SQLite version 3.31.0 2019-12-09 08:13:43”. We haven’t tested other versions yet. Thanks

Yongheng & Rui
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: A crash bug in sqlite

Jose Isaias Cabrera-4

Yongheng Chen, on Monday, December 9, 2019 10:16 AM, wrote...

>
> Hi,
>
> We found a crash bug in sqlite of master branch. Here’s the POC
> —
> CREATE TABLE v0 ( v2 DOUBLE CHECK( ( v2 IN ( v2 , v1) ) ) , v1 UNIQUE AS( v2 > v2 ) ) ;
> INSERT INTO v0 VALUES ( 10 );
> SELECT v0 . v1 , v0 . v1 FROM v0 JOIN v0 USING ( v1 , v1) ;
> —
> The bug exists in "SQLite version 3.31.0 2019-12-08 00:06:39” and "SQLite version 3.31.0
> 2019-12-09 08:13:43”. We haven’t tested other versions yet. Thanks

I get "Error: near "AS": syntax error" after the first line:

sqlite> CREATE TABLE v0 ( v2 DOUBLE CHECK( ( v2 IN ( v2 , v1) ) ) , v1 UNIQUE AS( v2 > v2 ) ) ;
Error: near "AS": syntax error

So, I can't replicate your problem.  thanks.

josé
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: A crash bug in sqlite

Richard Hipp-3
On 12/9/19, Jose Isaias Cabrera <[hidden email]> wrote:
> Error: near "AS": syntax error
>
> So, I can't replicate your problem.  thanks.

You have to run off of the latest trunk version, as they are fuzzing
for features that are unreleased.
--
D. Richard Hipp
[hidden email]
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: A crash bug in sqlite

Jose Isaias Cabrera-4

Since no one explains... ;-)

Richard Hipp, on Monday, December 9, 2019 10:53 AM, wrote...
>
> On 12/9/19, Jose Isaias Cabrera, on
> > Error: near "AS": syntax error
> >
> > So, I can't replicate your problem.  thanks.
>
> You have to run off of the latest trunk version, as they are fuzzing
> for features that are unreleased.

_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: A crash bug in sqlite

Yongheng Chen
So should we just report the bugs after another release version? We think the sooner the bugs get fixed, the better in terms of security, as this approach can minimize the number of bugs in future release.

> On Dec 9, 2019, at 10:56 AM, Jose Isaias Cabrera <[hidden email]> wrote:
>
>
> Since no one explains... ;-)
>
> Richard Hipp, on Monday, December 9, 2019 10:53 AM, wrote...
>>
>> On 12/9/19, Jose Isaias Cabrera, on
>>> Error: near "AS": syntax error
>>>
>>> So, I can't replicate your problem.  thanks.
>>
>> You have to run off of the latest trunk version, as they are fuzzing
>> for features that are unreleased.
>
> _______________________________________________
> sqlite-users mailing list
> [hidden email]
> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: A crash bug in sqlite

Richard Hipp-3
On 12/9/19, Yongheng Chen <[hidden email]> wrote:
> So should we just report the bugs after another release version?

No.  You should report problems as soon as you see them.  That is why
we have open-source.  That is why all of our changes are out there in
the open where anybody can see them - so that people kind find and
report problems before they are released.  That is what makes
open-source so much better the closed-source.

I was merely responding to Jose, who was wondering why he could not
reproduce the problem.


--
D. Richard Hipp
[hidden email]
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: A crash bug in sqlite

Yongheng Chen
I see. I totally agree with you. A better sqlite is what we all want.

Best.
Yongheng & Rui

> On Dec 9, 2019, at 11:23 AM, Richard Hipp <[hidden email]> wrote:
>
> On 12/9/19, Yongheng Chen <[hidden email]> wrote:
>> So should we just report the bugs after another release version?
>
> No.  You should report problems as soon as you see them.  That is why
> we have open-source.  That is why all of our changes are out there in
> the open where anybody can see them - so that people kind find and
> report problems before they are released.  That is what makes
> open-source so much better the closed-source.
>
> I was merely responding to Jose, who was wondering why he could not
> reproduce the problem.
>
>
> --
> D. Richard Hipp
> [hidden email]
> _______________________________________________
> sqlite-users mailing list
> [hidden email]
> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: A crash bug in sqlite

Jose Isaias Cabrera-4
In reply to this post by Yongheng Chen

Yongheng Chen, on Monday, December 9, 2019 11:14 AM, wrote...
>
> So should we just report the bugs after another release version? We think the sooner
> the bugs get fixed, the better in terms of security, as this approach can minimize
> the number of bugs in future release.

Yongheng, ignore my comments.  I was trying to be funny.  Continue on as Dr. Hipp, or whomever has instructed.

Solomon, a proverbist once said, "In the multitude of words there wants not sin: but he that refrains his lips is wise." It should probably say, "he that refrains his typing, is wise."

> > On Dec 9, 2019, at 10:56 AM, Jose Isaias Cabrera, on
> >
> >
> > Since no one explains... ;-)
> >
> > Richard Hipp, on Monday, December 9, 2019 10:53 AM, wrote...
> >>
> >> On 12/9/19, Jose Isaias Cabrera, on
> >>> Error: near "AS": syntax error
> >>>
> >>> So, I can't replicate your problem.  thanks.
> >>
> >> You have to run off of the latest trunk version, as they are fuzzing
> >> for features that are unreleased.

_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: A crash bug in sqlite

Richard Hipp-3
In reply to this post by Yongheng Chen
On 12/9/19, Yongheng Chen <[hidden email]> wrote:
> Hi,
>
> We found a crash bug in sqlite of master branch.

Should now be fixed on trunk.
--
D. Richard Hipp
[hidden email]
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: A crash bug in sqlite

Rui Zhong
Hi,
We found this bug can be triggered again after fix.
PoC and sqlite version info had been attached as follow.
------------------

SQLite version 3.31.0 2019-12-09 17:14:48
Enter ".help" for usage hints.
Connected to a transient in-memory database.
Use ".open FILENAME" to reopen on a persistent database.
sqlite> CREATE TABLE v0 ( v1 DOUBLE CHECK( ( v1 IN ( NULL   )  )  ) , v2
UNIQUE AS( v1 > v1  )  ) ;
sqlite> INSERT INTO v0 VALUES ( 10  ) ON CONFLICT DO NOTHING ;
sqlite> SELECT 10.100000 , 10 FROM v0 CROSS JOIN v0 USING ( v1 ) ;
[1]    141687 segmentation fault (core dumped)

---------------



Thanks,

Yongheng & Rui

Richard Hipp <[hidden email]> 于2019年12月9日周一 下午12:15写道:

> On 12/9/19, Yongheng Chen <[hidden email]> wrote:
> > Hi,
> >
> > We found a crash bug in sqlite of master branch.
>
> Should now be fixed on trunk.
> --
> D. Richard Hipp
> [hidden email]
> _______________________________________________
> sqlite-users mailing list
> [hidden email]
> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
>
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: A crash bug in sqlite

Richard Hipp-3
On 12/9/19, Rui Zhong <[hidden email]> wrote:
> Hi,
> We found this bug can be triggered again after fix.

Yes.  I discovered the same thing independently.  The previous fix was
subtly wrong.  Please try the latest trunk version.

--
D. Richard Hipp
[hidden email]
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: A crash bug in sqlite

Rui Zhong
I tried in latest trunk version which check in
commit 926f796e8feec15f3836aa0a060ed906f8ae04d3 and it crashed.
I did not see any more recent commit in GITHUB. Could you please
double check it?




Richard Hipp <[hidden email]> 于2019年12月9日周一 下午1:23写道:

> On 12/9/19, Rui Zhong <[hidden email]> wrote:
> > Hi,
> > We found this bug can be triggered again after fix.
>
> Yes.  I discovered the same thing independently.  The previous fix was
> subtly wrong.  Please try the latest trunk version.
>
> --
> D. Richard Hipp
> [hidden email]
> _______________________________________________
> sqlite-users mailing list
> [hidden email]
> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
>
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: A crash bug in sqlite

Richard Hipp-3
On 12/9/19, Rui Zhong <[hidden email]> wrote:
> I tried in latest trunk version which check in
> commit 926f796e8feec15f3836aa0a060ed906f8ae04d3 and it crashed.
> I did not see any more recent commit in GITHUB. Could you please
> double check it?

GitHub is a mirror.  The mirror is updated about once per hour.

You and Yongheng Chen should both be using Fossil, which is the
canonical version control.  There are instructions in the README.md
file and at https://www.sqlite.org/getthecode.html#clone



--
D. Richard Hipp
[hidden email]
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: A crash bug in sqlite

Chris Brody
In reply to this post by Richard Hipp-3
> Yes.  I discovered the same thing independently.  The previous fix was
> subtly wrong.  Please try the latest trunk version.

Will there be a patch release, or should we just wait for the next minor?
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: A crash bug in sqlite

Richard Hipp-3
The bug does not exist in any released version of SQLite.  It only
appears in unreleased development versions.

On 12/15/19, Chris Brody <[hidden email]> wrote:
>> Yes.  I discovered the same thing independently.  The previous fix was
>> subtly wrong.  Please try the latest trunk version.
>
> Will there be a patch release, or should we just wait for the next minor?
> _______________________________________________
> sqlite-users mailing list
> [hidden email]
> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
>


--
D. Richard Hipp
[hidden email]
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users