Sqlite Crash in sqlite3DbMallocRawNN.

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Sqlite Crash in sqlite3DbMallocRawNN.

Deepak Hegde
Hi All,


We are facing a problem in which sqlite library function sqlite3DbMallocRawNN() is getting crashed inside the sqlite3_prepare_v2() function to prepare the statement.


As per the analysis "n" value input to this seems to have a big value causing the crash. checked the input value to sqlite3_prepare_v2() and this seems fine. input query statement is well within the max size allocated for the buffer.


Sqlite version in use: 3.16.1


Checked the internet for this specific function crash and can see some reported this. but could not find any solution particular to this. Please can I know is this issue is reported before and is there any counter measure any any of the higher version?


Also it will be helpful anyone point out any error in the input causing this issue.

Also this issue is seen only once and not able to see the issue again.


coredump back trace:

(gdb) bt
#0  sqlite3DbMallocRawNN (db=db@entry=0x1dea20, n=176093659143) at /workspace/workspace/Trigger-Build-Host_Job/host/yunos6.0/third_party/sqlite/sqlite3.c:24732
#1  0xa49ad05a in sqlite3DbStrNDup (db=db@entry=0x1dea20,
    z=0x26c981 "SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE FROM VIDEO UNION SELECT ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE FROM IMAGE UNION SELECT ID,SORTID,NAME,OBJECT_FORMAT,8 AS CONTENT_TYPE ,STRFRMT,PPID,3 as is_invalid,0 AS FILESIZE FROM PLAYLIST) AS TEMP WHERE Content_Type &1 AND PPID=2", n=<optimized out>)
    at /workspace/workspace/Trigger-Build-Host_Job/host/yunos6.0/third_party/sqlite/sqlite3.c:24834
#2  0xa49eceba in sqlite3ExprListSetSpan (pParse=<optimized out>, pSpan=<optimized out>, pSpan=<optimized out>, pList=<optimized out>)
    at /workspace/workspace/Trigger-Build-Host_Job/host/yunos6.0/third_party/sqlite/sqlite3.c:91967
#3  yy_reduce (yyruleno=92, yypParser=0xa0de4b00) at /workspace/workspace/Trigger-Build-Host_Job/host/yunos6.0/third_party/sqlite/sqlite3.c:5598
#4  sqlite3Parser (pParse=<optimized out>, yyminor=..., yymajor=7, yymajor@entry=-1596044280, yyp=<optimized out>)
    at /workspace/workspace/Trigger-Build-Host_Job/host/yunos6.0/third_party/sqlite/sqlite3.c:6592
#5  sqlite3RunParser (pParse=pParse@entry=0x9d3fdce4,
    zSql=zSql@entry=0x26c8f8 "SELECT COUNT(TEMP.ID) FROM (SELECT ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE FROM AUDIO UNION SELECT ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE FROM VIDEO UNION SELECT ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE FROM IMAGE UNION SELECT ID,SORTID,NAME,OBJECT_FORMAT,8 AS CONTENT_TYPE ,STRFRMT,PPID,3 as is_invalid,0 AS FILESIZE FROM PLAYLIST) AS TEMP WHERE Content_Type &1 AND PPID=2", pzErrMsg=pzErrMsg@entry=0x9d3fdcdc)
    at /workspace/workspace/Trigger-Build-Host_Job/host/yunos6.0/third_party/sqlite/sqlite3.c:7538
#6  0xa49f08cc in sqlite3Prepare (db=db@entry=0x1dea20,
    zSql=zSql@entry=0x26c8f8 "SELECT COUNT(TEMP.ID) FROM (SELECT ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE FROM AUDIO UNION SELECT ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE FROM VIDEO UNION SELECT ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE FROM IMAGE UNION SELECT ID,SORTID,NAME,OBJECT_FORMAT,8 AS CONTENT_TYPE ,STRFRMT,PPID,3 as is_invalid,0 AS FILESIZE FROM PLAYLIST) AS TEMP WHERE Content_Type &1 AND PPID=2", nBytes=nBytes@entry=-1, saveSqlFlag=saveSqlFlag@entry=1, pReprepare=pReprepare@entry=0x0,
    ppStmt=ppStmt@entry=0x25cf00, pzTail=pzTail@entry=0x0) at /workspace/workspace/Trigger-Build-Host_Job/host/yunos6.0/third_party/sqlite/sqlite3.c:115300
#7  0xa49f0bee in sqlite3LockAndPrepare (db=0x1dea20,
    zSql=0x26c8f8 "SELECT COUNT(TEMP.ID) FROM (SELECT ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE FROM AUDIO UNION SELECT ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE FROM VIDEO UNION SELECT ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE FROM IMAGE UNION SELECT ID,SORTID,NAME,OBJECT_FORMAT,8 AS CONTENT_TYPE ,STRFRMT,PPID,3 as is_invalid,0 AS FILESIZE FROM PLAYLIST) AS TEMP WHERE Content_Type &1 AND PPID=2", nBytes=-1, saveSqlFlag=1, pOld=0x0, ppStmt=0x25cf00, pzTail=0x0)
    at /workspace/workspace/Trigger-Build-Host_Job/host/yunos6.0/third_party/sqlite/sqlite3.c:115391
#8  0xa49f0db4 in sqlite3_prepare_v2 (db=db@entry=0x1dea20,
    zSql=zSql@entry=0x26c8f8 "SELECT COUNT(TEMP.ID) FROM (SELECT ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE FROM AUDIO UNION SELECT ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE FROM VIDEO UNION SELECT ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE FROM IMAGE UNION SELECT ID,SORTID,NAME,OBJECT_FORMAT,8 AS CONTENT_TYPE ,STRFRMT,PPID,3 as is_invalid,0 AS FILESIZE FROM PLAYLIST) AS TEMP WHERE Content_Type &1 AND PPID=2", nBytes=nBytes@entry=-1, ppStmt=ppStmt@entry=0x25cf00, pzTail=pzTail@entry=0x0)
    at /workspace/workspace/Trigger-Build-Host_Job/host/yunos6.0/third_party/sqlite/sqlite3.c:115467
#9  0xa4114462 in dbm_sqlite_get_integer_value (psSqlite=psSqlite@entry=0x25cefc,
    pcQuery=pcQuery@entry=0x26c8f8 "SELECT COUNT(TEMP.ID) FROM (SELECT ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE FROM AUDIO UNION SELECT ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE FROM VIDEO UNION SELECT ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE FROM IMAGE UNION SELECT ID,SORTID,NAME,OBJECT_FORMAT,8 AS CONTENT_TYPE ,STRFRMT,PPID,3 as is_invalid,0 AS FILESIZE FROM PLAYLIST) AS TEMP WHERE Content_Type &1 AND PPID=2", puiReturnCount=puiReturnCount@entry=0x26e100) at src/race_dbm_common.c:5044
#10 0xa42364fa in race_dbm_query_get_num_entries (uiDBMHandle=2477816, uiQueryHandle=2539768, puiNumEntries=0x9d3fe838) at src/race_dbm_interface.c:10289
#11 0xa4005914 in race_bfw_get_num_folder_contents (uiBrowserHandle=1567856, uiBrowseSessionHandle=uiBrowseSessionHandle@entry=4, uiBrowseFolderHandle=uiBrowseFolderHandle@entry=0,
    puiNumContents=puiNumContents@entry=0x9d3feba4) at src/race_bfw_interface.c:5147
#12 0xa48c4066 in race_get_num_entries (raceHandle=1485896, brwSessionId=4, puiNumEntries=0x9d3feba4) at src/race_browser_interface.c:2122
#13 0x000e0a08 in NMedia::CHandleManager::getMediaConetxt (this=0x15dab4 <NMedia::CHandleManager::instance()::manager>, session_id=383103612, context=0x9d3fec00, ret_list=0x9d3febf4, count=0x0)
    at /home/jenkins-build/workspace/0EP21_SOP_Compile/ZXQ/workspace/multimedia/common/source/common/CHandleManager.cpp:851
#14 0x0011c86c in NMedia::CMMEWrapper::importPlayListWrapper (this=0x336eb8, browseid=383103612, list_category=..., attach=false, play=false, start_index=0, start_time=0)
    at /home/jenkins-build/workspace/0EP21_SOP_Compile/ZXQ/workspace/multimedia/common/source/player/CMMEWrapper.cpp:2617
#15 0x000f8dbc in NMedia::CMediaPlayer::importPlayListWork (this=0x329c70, worker=0x32ecd8, job=0x497c88)
    at /home/jenkins-build/workspace/0EP21_SOP_Compile/ZXQ/workspace/multimedia/common/source/player/CMediaPlayer.cpp:452
#16 0x0010a848 in CMethodJob<NMedia::CMediaPlayer>::run (this=0x497c88, worker=0x32ecd8) at /home/jenkins-build/workspace/0EP21_SOP_Compile/ZXQ/project/projroot/j6p/usr/include/common_base/CMethodJob.h:57
#17 0x00127224 in CBaseWorker::processJobQueue() ()




Thanks and Regards

Deepak
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Fw: Sqlite Crash in sqlite3DbMallocRawNN.

Deepak Hegde
[hidden email]


________________________________
From: Hegde, Deepakakumar (D.)
Sent: Tuesday, November 13, 2018 3:48 PM
To: 'SQLite mailing list'; General Discussion of SQLite Database
Subject: Sqlite Crash in sqlite3DbMallocRawNN.


Hi All,


We are facing a problem in which sqlite library function sqlite3DbMallocRawNN() is getting crashed inside the sqlite3_prepare_v2() function to prepare the statement.


As per the analysis "n" value input to this seems to have a big value causing the crash. checked the input value to sqlite3_prepare_v2() and this seems fine. input query statement is well within the max size allocated for the buffer.


Sqlite version in use: 3.16.1


Checked the internet for this specific function crash and can see some reported this. but could not find any solution particular to this. Please can I know is this issue is reported before and is there any counter measure any any of the higher version?


Also it will be helpful anyone point out any error in the input causing this issue.

Also this issue is seen only once and not able to see the issue again.


coredump back trace:

(gdb) bt
#0  sqlite3DbMallocRawNN (db=db@entry=0x1dea20, n=176093659143) at /workspace/workspace/Trigger-Build-Host_Job/host/yunos6.0/third_party/sqlite/sqlite3.c:24732
#1  0xa49ad05a in sqlite3DbStrNDup (db=db@entry=0x1dea20,
    z=0x26c981 "SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE FROM VIDEO UNION SELECT ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE FROM IMAGE UNION SELECT ID,SORTID,NAME,OBJECT_FORMAT,8 AS CONTENT_TYPE ,STRFRMT,PPID,3 as is_invalid,0 AS FILESIZE FROM PLAYLIST) AS TEMP WHERE Content_Type &1 AND PPID=2", n=<optimized out>)
    at /workspace/workspace/Trigger-Build-Host_Job/host/yunos6.0/third_party/sqlite/sqlite3.c:24834
#2  0xa49eceba in sqlite3ExprListSetSpan (pParse=<optimized out>, pSpan=<optimized out>, pSpan=<optimized out>, pList=<optimized out>)
    at /workspace/workspace/Trigger-Build-Host_Job/host/yunos6.0/third_party/sqlite/sqlite3.c:91967
#3  yy_reduce (yyruleno=92, yypParser=0xa0de4b00) at /workspace/workspace/Trigger-Build-Host_Job/host/yunos6.0/third_party/sqlite/sqlite3.c:5598
#4  sqlite3Parser (pParse=<optimized out>, yyminor=..., yymajor=7, yymajor@entry=-1596044280, yyp=<optimized out>)
    at /workspace/workspace/Trigger-Build-Host_Job/host/yunos6.0/third_party/sqlite/sqlite3.c:6592
#5  sqlite3RunParser (pParse=pParse@entry=0x9d3fdce4,
    zSql=zSql@entry=0x26c8f8 "SELECT COUNT(TEMP.ID) FROM (SELECT ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE FROM AUDIO UNION SELECT ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE FROM VIDEO UNION SELECT ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE FROM IMAGE UNION SELECT ID,SORTID,NAME,OBJECT_FORMAT,8 AS CONTENT_TYPE ,STRFRMT,PPID,3 as is_invalid,0 AS FILESIZE FROM PLAYLIST) AS TEMP WHERE Content_Type &1 AND PPID=2", pzErrMsg=pzErrMsg@entry=0x9d3fdcdc)
    at /workspace/workspace/Trigger-Build-Host_Job/host/yunos6.0/third_party/sqlite/sqlite3.c:7538
#6  0xa49f08cc in sqlite3Prepare (db=db@entry=0x1dea20,
    zSql=zSql@entry=0x26c8f8 "SELECT COUNT(TEMP.ID) FROM (SELECT ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE FROM AUDIO UNION SELECT ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE FROM VIDEO UNION SELECT ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE FROM IMAGE UNION SELECT ID,SORTID,NAME,OBJECT_FORMAT,8 AS CONTENT_TYPE ,STRFRMT,PPID,3 as is_invalid,0 AS FILESIZE FROM PLAYLIST) AS TEMP WHERE Content_Type &1 AND PPID=2", nBytes=nBytes@entry=-1, saveSqlFlag=saveSqlFlag@entry=1, pReprepare=pReprepare@entry=0x0,
    ppStmt=ppStmt@entry=0x25cf00, pzTail=pzTail@entry=0x0) at /workspace/workspace/Trigger-Build-Host_Job/host/yunos6.0/third_party/sqlite/sqlite3.c:115300
#7  0xa49f0bee in sqlite3LockAndPrepare (db=0x1dea20,
    zSql=0x26c8f8 "SELECT COUNT(TEMP.ID) FROM (SELECT ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE FROM AUDIO UNION SELECT ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE FROM VIDEO UNION SELECT ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE FROM IMAGE UNION SELECT ID,SORTID,NAME,OBJECT_FORMAT,8 AS CONTENT_TYPE ,STRFRMT,PPID,3 as is_invalid,0 AS FILESIZE FROM PLAYLIST) AS TEMP WHERE Content_Type &1 AND PPID=2", nBytes=-1, saveSqlFlag=1, pOld=0x0, ppStmt=0x25cf00, pzTail=0x0)
    at /workspace/workspace/Trigger-Build-Host_Job/host/yunos6.0/third_party/sqlite/sqlite3.c:115391
#8  0xa49f0db4 in sqlite3_prepare_v2 (db=db@entry=0x1dea20,
    zSql=zSql@entry=0x26c8f8 "SELECT COUNT(TEMP.ID) FROM (SELECT ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE FROM AUDIO UNION SELECT ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE FROM VIDEO UNION SELECT ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE FROM IMAGE UNION SELECT ID,SORTID,NAME,OBJECT_FORMAT,8 AS CONTENT_TYPE ,STRFRMT,PPID,3 as is_invalid,0 AS FILESIZE FROM PLAYLIST) AS TEMP WHERE Content_Type &1 AND PPID=2", nBytes=nBytes@entry=-1, ppStmt=ppStmt@entry=0x25cf00, pzTail=pzTail@entry=0x0)
    at /workspace/workspace/Trigger-Build-Host_Job/host/yunos6.0/third_party/sqlite/sqlite3.c:115467
#9  0xa4114462 in dbm_sqlite_get_integer_value (psSqlite=psSqlite@entry=0x25cefc,
    pcQuery=pcQuery@entry=0x26c8f8 "SELECT COUNT(TEMP.ID) FROM (SELECT ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE FROM AUDIO UNION SELECT ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE FROM VIDEO UNION SELECT ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE FROM IMAGE UNION SELECT ID,SORTID,NAME,OBJECT_FORMAT,8 AS CONTENT_TYPE ,STRFRMT,PPID,3 as is_invalid,0 AS FILESIZE FROM PLAYLIST) AS TEMP WHERE Content_Type &1 AND PPID=2", puiReturnCount=puiReturnCount@entry=0x26e100) at src/race_dbm_common.c:5044
#10 0xa42364fa in race_dbm_query_get_num_entries (uiDBMHandle=2477816, uiQueryHandle=2539768, puiNumEntries=0x9d3fe838) at src/race_dbm_interface.c:10289



Thanks and Regards

Deepak
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Sqlite Crash in sqlite3DbMallocRawNN.

Richard Hipp-3
In reply to this post by Deepak Hegde
On 11/13/18, Hegde, Deepakakumar (D.) <[hidden email]> wrote:
> Hi All,
>
>
> We are facing a problem in which sqlite library function
> sqlite3DbMallocRawNN() is getting crashed inside the sqlite3_prepare_v2()
> function to prepare the statement.

This sort of thing is almost always the result of heap corruption
occurring elsewhere in your system.  It is not a problem with SQLite,
but rather SQLite just happened to be the unlucky component to stumble
over the corrupted heap left behind by some other component.

Are you able to run your application using ASAN or Valgrind?  That
will usually pinpoint the problem pretty quickly.

>
>
> As per the analysis "n" value input to this seems to have a big value
> causing the crash. checked the input value to sqlite3_prepare_v2() and this
> seems fine. input query statement is well within the max size allocated for
> the buffer.
>
>
> Sqlite version in use: 3.16.1
>
>
> Checked the internet for this specific function crash and can see some
> reported this. but could not find any solution particular to this. Please
> can I know is this issue is reported before and is there any counter measure
> any any of the higher version?
>
>
> Also it will be helpful anyone point out any error in the input causing this
> issue.
>
> Also this issue is seen only once and not able to see the issue again.
>
>
> coredump back trace:
>
> (gdb) bt
> #0  sqlite3DbMallocRawNN (db=db@entry=0x1dea20, n=176093659143) at
> /workspace/workspace/Trigger-Build-Host_Job/host/yunos6.0/third_party/sqlite/sqlite3.c:24732
> #1  0xa49ad05a in sqlite3DbStrNDup (db=db@entry=0x1dea20,
>     z=0x26c981
> "SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE
> FROM VIDEO UNION SELECT
> ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE
> FROM IMAGE UNION SELECT ID,SORTID,NAME,OBJECT_FORMAT,8 AS CONTENT_TYPE
> ,STRFRMT,PPID,3 as is_invalid,0 AS FILESIZE FROM PLAYLIST) AS TEMP WHERE
> Content_Type &1 AND PPID=2", n=<optimized out>)
>     at
> /workspace/workspace/Trigger-Build-Host_Job/host/yunos6.0/third_party/sqlite/sqlite3.c:24834
> #2  0xa49eceba in sqlite3ExprListSetSpan (pParse=<optimized out>,
> pSpan=<optimized out>, pSpan=<optimized out>, pList=<optimized out>)
>     at
> /workspace/workspace/Trigger-Build-Host_Job/host/yunos6.0/third_party/sqlite/sqlite3.c:91967
> #3  yy_reduce (yyruleno=92, yypParser=0xa0de4b00) at
> /workspace/workspace/Trigger-Build-Host_Job/host/yunos6.0/third_party/sqlite/sqlite3.c:5598
> #4  sqlite3Parser (pParse=<optimized out>, yyminor=..., yymajor=7,
> yymajor@entry=-1596044280, yyp=<optimized out>)
>     at
> /workspace/workspace/Trigger-Build-Host_Job/host/yunos6.0/third_party/sqlite/sqlite3.c:6592
> #5  sqlite3RunParser (pParse=pParse@entry=0x9d3fdce4,
>     zSql=zSql@entry=0x26c8f8 "SELECT COUNT(TEMP.ID) FROM (SELECT
> ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE
> FROM AUDIO UNION SELECT
> ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE
> FROM VIDEO UNION SELECT
> ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE
> FROM IMAGE UNION SELECT ID,SORTID,NAME,OBJECT_FORMAT,8 AS CONTENT_TYPE
> ,STRFRMT,PPID,3 as is_invalid,0 AS FILESIZE FROM PLAYLIST) AS TEMP WHERE
> Content_Type &1 AND PPID=2", pzErrMsg=pzErrMsg@entry=0x9d3fdcdc)
>     at
> /workspace/workspace/Trigger-Build-Host_Job/host/yunos6.0/third_party/sqlite/sqlite3.c:7538
> #6  0xa49f08cc in sqlite3Prepare (db=db@entry=0x1dea20,
>     zSql=zSql@entry=0x26c8f8 "SELECT COUNT(TEMP.ID) FROM (SELECT
> ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE
> FROM AUDIO UNION SELECT
> ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE
> FROM VIDEO UNION SELECT
> ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE
> FROM IMAGE UNION SELECT ID,SORTID,NAME,OBJECT_FORMAT,8 AS CONTENT_TYPE
> ,STRFRMT,PPID,3 as is_invalid,0 AS FILESIZE FROM PLAYLIST) AS TEMP WHERE
> Content_Type &1 AND PPID=2", nBytes=nBytes@entry=-1,
> saveSqlFlag=saveSqlFlag@entry=1, pReprepare=pReprepare@entry=0x0,
>     ppStmt=ppStmt@entry=0x25cf00, pzTail=pzTail@entry=0x0) at
> /workspace/workspace/Trigger-Build-Host_Job/host/yunos6.0/third_party/sqlite/sqlite3.c:115300
> #7  0xa49f0bee in sqlite3LockAndPrepare (db=0x1dea20,
>     zSql=0x26c8f8 "SELECT COUNT(TEMP.ID) FROM (SELECT
> ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE
> FROM AUDIO UNION SELECT
> ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE
> FROM VIDEO UNION SELECT
> ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE
> FROM IMAGE UNION SELECT ID,SORTID,NAME,OBJECT_FORMAT,8 AS CONTENT_TYPE
> ,STRFRMT,PPID,3 as is_invalid,0 AS FILESIZE FROM PLAYLIST) AS TEMP WHERE
> Content_Type &1 AND PPID=2", nBytes=-1, saveSqlFlag=1, pOld=0x0,
> ppStmt=0x25cf00, pzTail=0x0)
>     at
> /workspace/workspace/Trigger-Build-Host_Job/host/yunos6.0/third_party/sqlite/sqlite3.c:115391
> #8  0xa49f0db4 in sqlite3_prepare_v2 (db=db@entry=0x1dea20,
>     zSql=zSql@entry=0x26c8f8 "SELECT COUNT(TEMP.ID) FROM (SELECT
> ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE
> FROM AUDIO UNION SELECT
> ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE
> FROM VIDEO UNION SELECT
> ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE
> FROM IMAGE UNION SELECT ID,SORTID,NAME,OBJECT_FORMAT,8 AS CONTENT_TYPE
> ,STRFRMT,PPID,3 as is_invalid,0 AS FILESIZE FROM PLAYLIST) AS TEMP WHERE
> Content_Type &1 AND PPID=2", nBytes=nBytes@entry=-1,
> ppStmt=ppStmt@entry=0x25cf00, pzTail=pzTail@entry=0x0)
>     at
> /workspace/workspace/Trigger-Build-Host_Job/host/yunos6.0/third_party/sqlite/sqlite3.c:115467
> #9  0xa4114462 in dbm_sqlite_get_integer_value
> (psSqlite=psSqlite@entry=0x25cefc,
>     pcQuery=pcQuery@entry=0x26c8f8 "SELECT COUNT(TEMP.ID) FROM (SELECT
> ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE
> FROM AUDIO UNION SELECT
> ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE
> FROM VIDEO UNION SELECT
> ID,SORTID,NAME,Object_Format,Content_Type,STRFRMT,PPID,is_invalid,FILESIZE
> FROM IMAGE UNION SELECT ID,SORTID,NAME,OBJECT_FORMAT,8 AS CONTENT_TYPE
> ,STRFRMT,PPID,3 as is_invalid,0 AS FILESIZE FROM PLAYLIST) AS TEMP WHERE
> Content_Type &1 AND PPID=2", puiReturnCount=puiReturnCount@entry=0x26e100)
> at src/race_dbm_common.c:5044
> #10 0xa42364fa in race_dbm_query_get_num_entries (uiDBMHandle=2477816,
> uiQueryHandle=2539768, puiNumEntries=0x9d3fe838) at
> src/race_dbm_interface.c:10289
> #11 0xa4005914 in race_bfw_get_num_folder_contents (uiBrowserHandle=1567856,
> uiBrowseSessionHandle=uiBrowseSessionHandle@entry=4,
> uiBrowseFolderHandle=uiBrowseFolderHandle@entry=0,
>     puiNumContents=puiNumContents@entry=0x9d3feba4) at
> src/race_bfw_interface.c:5147
> #12 0xa48c4066 in race_get_num_entries (raceHandle=1485896, brwSessionId=4,
> puiNumEntries=0x9d3feba4) at src/race_browser_interface.c:2122
> #13 0x000e0a08 in NMedia::CHandleManager::getMediaConetxt (this=0x15dab4
> <NMedia::CHandleManager::instance()::manager>, session_id=383103612,
> context=0x9d3fec00, ret_list=0x9d3febf4, count=0x0)
>     at
> /home/jenkins-build/workspace/0EP21_SOP_Compile/ZXQ/workspace/multimedia/common/source/common/CHandleManager.cpp:851
> #14 0x0011c86c in NMedia::CMMEWrapper::importPlayListWrapper (this=0x336eb8,
> browseid=383103612, list_category=..., attach=false, play=false,
> start_index=0, start_time=0)
>     at
> /home/jenkins-build/workspace/0EP21_SOP_Compile/ZXQ/workspace/multimedia/common/source/player/CMMEWrapper.cpp:2617
> #15 0x000f8dbc in NMedia::CMediaPlayer::importPlayListWork (this=0x329c70,
> worker=0x32ecd8, job=0x497c88)
>     at
> /home/jenkins-build/workspace/0EP21_SOP_Compile/ZXQ/workspace/multimedia/common/source/player/CMediaPlayer.cpp:452
> #16 0x0010a848 in CMethodJob<NMedia::CMediaPlayer>::run (this=0x497c88,
> worker=0x32ecd8) at
> /home/jenkins-build/workspace/0EP21_SOP_Compile/ZXQ/project/projroot/j6p/usr/include/common_base/CMethodJob.h:57
> #17 0x00127224 in CBaseWorker::processJobQueue() ()
>
>
>
>
> Thanks and Regards
>
> Deepak
> _______________________________________________
> sqlite-users mailing list
> [hidden email]
> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
>


--
D. Richard Hipp
[hidden email]
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Sqlite Crash in sqlite3DbMallocRawNN.

Jens Alfke-2
In reply to this post by Deepak Hegde


> On Nov 13, 2018, at 2:18 AM, Hegde, Deepakakumar (D.) <[hidden email]> wrote:
>
> #0  sqlite3DbMallocRawNN (db=db@entry=0x1dea20, n=176093659143 <tel:176093659143>) at /workspace/workspace/Trigger-Build-Host_Job/host/yunos6.0/third_party/sqlite/sqlite3.c:24732

176093659143 = 0x2900000007

Looks kind of like it was supposed to be 7, but some garbage was left in the upper 32 bits of the 64-bit value. What OS and CPU type is this?

Richard — to me this doesn’t smell like heap corruption, just bad input to malloc.

—Jens
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users