stack-overflow issue in fts4 module

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

stack-overflow issue in fts4 module

林性伟(林以)
Hi all,

I found a stack overflow issue in fts4 module, which is in `sqlite-snapshot-201911192122.tar.gz` version.

bt:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6e5130e in _int_malloc (av=av@entry=0x7ffff71a8c40 <main_arena>, bytes=bytes@entry=1032) at malloc.c:3557
3557    in malloc.c
#0  0x00007ffff6e5130e in _int_malloc (av=av@entry=0x7ffff71a8c40 <main_arena>, bytes=bytes@entry=1032) at malloc.c:3557
#1  0x00007ffff6e540fc in __GI___libc_malloc (bytes=1032) at malloc.c:3057
#2  0x0000555555596210 in sqlite3MemMalloc (nByte=1024) at ../sqlite3.c:23169
#3  0x00005555555974b3 in mallocWithAlarm (n=1024, pp=0x7fffff7ff0f0) at ../sqlite3.c:27050
#4  0x000055555559755b in sqlite3Malloc (n=1024) at ../sqlite3.c:27080
#5  0x0000555555597cb2 in dbMallocRawFinish (db=0x555555999b78, n=1024) at ../sqlite3.c:27311
#6  0x0000555555597dea in sqlite3DbMallocRawNN (db=0x555555999b78, n=1024) at ../sqlite3.c:27355
#7  0x0000555555597f1f in sqlite3DbRealloc (db=0x555555999b78, p=0x0, n=1024) at ../sqlite3.c:27389
#8  0x00005555555e0139 in growOpArray (v=0x555556236098, nOp=1) at ../sqlite3.c:76974
#9  0x00005555555e021c in growOp3 (p=0x555556236098, op=61, p1=0, p2=1, p3=0) at ../sqlite3.c:77012
#10 0x00005555555e0326 in sqlite3VdbeAddOp3 (p=0x555556236098, op=61, p1=0, p2=1, p3=0) at ../sqlite3.c:77024
#11 0x00005555555e0490 in sqlite3VdbeAddOp2 (p=0x555556236098, op=61, p1=0, p2=1) at ../sqlite3.c:77060
#12 0x00005555555dfc76 in sqlite3VdbeCreate (pParse=0x7fffff8001e0) at ../sqlite3.c:76834
#13 0x000055555564d00c in sqlite3GetVdbe (pParse=0x7fffff8001e0) at ../sqlite3.c:128723
#14 0x0000555555655875 in sqlite3Select (pParse=0x7fffff8001e0, p=0x555556236008, pDest=0x7fffff7ff6a0) at ../sqlite3.c:132283
#15 0x0000555555682002 in yy_reduce (yypParser=0x7fffff7ff7e0, yyruleno=82, yyLookahead=1, yyLookaheadToken=..., pParse=0x7fffff8001e0) at ../sqlite3.c:154326
#16 0x0000555555686d52 in sqlite3Parser (yyp=0x7fffff7ff7e0, yymajor=1, yyminor=...) at ../sqlite3.c:155620
#17 0x0000555555688376 in sqlite3RunParser (pParse=0x7fffff8001e0, zSql=0x5555559bec74 "", pzErrMsg=0x7fffff8001b8) at ../sqlite3.c:156894#18 0x00005555556481de in sqlite3Prepare (db=0x555555999b78, zSql=0x5555559bec38 "SELECT rowid, x.'0' FROM 'main'.'t0' AS x ORDER BY rowid ASC", nBytes=-1, prepFlags=129, pReprepare=0x0, ppStmt=0x555556235708, pzTail=0x0) at ../sqlite3.c:126307
...
...


Best regards,
Xingwei Lin of Ant-financial Light-Year Security Lab

_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: stack-overflow issue in fts4 module

Richard Hipp-3
On 11/20/19, 林性伟(林以) <[hidden email]> wrote:
> Hi all,
>
> I found a stack overflow issue in fts4 module, which is in
> `sqlite-snapshot-201911192122.tar.gz` version.

Thank you for the bug report.

However, your report is not helpful in finding and fixing the problem.
If possible, please send the following information:

(1) The complete stack trace - not just the first 18 levels of the
stack.  This is especially important for a stack-overflow error.

(2) The text of the SQL statement that caused the stack overflow.

(3) The database schema

Thanks.
--
D. Richard Hipp
[hidden email]
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

回复: stack-overflow issue in fts4 module

林性伟(林以)
Hi,

Sorry to make you inconvenient.

poc, test.sql:
CREATE VIRTUAL TABLE t0 USING fts4(content=t0,0);
SELECT count() FROM t0(0);

Full asan bt:
$ ./sqlite3
SQLite version 3.31.0 2019-11-19 21:22:16
Enter ".help" for usage hints.
Connected to a transient in-memory database.
Use ".open FILENAME" to reopen on a persistent database.
sqlite> .read test.sql
ASAN:DEADLYSIGNAL
=================================================================
==5120==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc62facc08 (pc 0x7fc7deb73ad0 bp 0x7ffc62fad450 sp 0x7ffc62facbf0 T0)
    #0 0x7fc7deb73acf in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeacf)
    #1 0x55e8762c6593 in sqlite3MemMalloc ../sqlite3.c:23169
    #2 0x55e87624c111 in mallocWithAlarm ../sqlite3.c:27050
    #3 0x55e87624c111 in sqlite3Malloc ../sqlite3.c:27080
    #4 0x55e87625101f in dbMallocRawFinish ../sqlite3.c:27311
    #5 0x55e876253812 in tokenExpr ../sqlite3.c:150870
    #6 0x55e8764082d8 in yy_reduce ../sqlite3.c:154723
    #7 0x55e8764082d8 in sqlite3Parser ../sqlite3.c:155620
    #8 0x55e8764082d8 in sqlite3RunParser ../sqlite3.c:156894
    #9 0x55e876415a18 in sqlite3Prepare ../sqlite3.c:126307
    #10 0x55e87641665d in sqlite3LockAndPrepare ../sqlite3.c:126379
    #11 0x55e87648e4f7 in sqlite3_prepare_v3 ../sqlite3.c:126484
    #12 0x55e87648e4f7 in fts3FilterMethod ../sqlite3.c:166603
    #13 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #14 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #15 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #16 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #17 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #18 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #19 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #20 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #21 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #22 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #23 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #24 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #25 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685    #26 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #27 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #28 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #29 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #30 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #31 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #32 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #33 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #34 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #35 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #36 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #37 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #38 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #39 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #40 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #41 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #42 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #43 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #44 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #45 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #46 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #47 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #48 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #49 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #50 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #51 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #52 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #53 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #54 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #55 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #56 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #57 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #58 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #59 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #60 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #61 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #62 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #63 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #64 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #65 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #66 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #67 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #68 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #69 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #70 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #71 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #72 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #73 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #74 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #75 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #76 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #77 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #78 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #79 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #80 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685    #81 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #82 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #83 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #84 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #85 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #86 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #87 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #88 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #89 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #90 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #91 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #92 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #93 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #94 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #95 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #96 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #97 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #98 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #99 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #100 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #101 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #102 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #103 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #104 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #105 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #106 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #107 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #108 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #109 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #110 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #111 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #112 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #113 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #114 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #115 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #116 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #117 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #118 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #119 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #120 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #121 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #122 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #123 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #124 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #125 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685    #126 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #127 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #128 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #129 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #130 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #131 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #132 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #133 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #134 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #135 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #136 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #137 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #138 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #139 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #140 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #141 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #142 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #143 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #144 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #145 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #146 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #147 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #148 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #149 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #150 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #151 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #152 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #153 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #154 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #155 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #156 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #157 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #158 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #159 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #160 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #161 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #162 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #163 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #164 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #165 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #166 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #167 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #168 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #169 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #170 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #171 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #172 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #173 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #174 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #175 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685    #176 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #177 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #178 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #179 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #180 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #181 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #182 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #183 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #184 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #185 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #186 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #187 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #188 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #189 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #190 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #191 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #192 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #193 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #194 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #195 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #196 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #197 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #198 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #199 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #200 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #201 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #202 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #203 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #204 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #205 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #206 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #207 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #208 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #209 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #210 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #211 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #212 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #213 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #214 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #215 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #216 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #217 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #218 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #219 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #220 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #221 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #222 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #223 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #224 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #225 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #226 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #227 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #228 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #229 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #230 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #231 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #232 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #233 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #234 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #235 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #236 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465    #237 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #238 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #239 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #240 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #241 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #242 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #243 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #244 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #245 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #246 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #247 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #248 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #249 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #250 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #251 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #252 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #253 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #254 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #255 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #256 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #257 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #258 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #259 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #260 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #261 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #262 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #263 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #264 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #265 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #266 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #267 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #268 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #269 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #270 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #271 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #272 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #273 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #274 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #275 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #276 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #277 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #278 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #279 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #280 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #281 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #282 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #283 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #284 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #285 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #286 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #287 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #288 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #289 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #290 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #291 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #292 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #293 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #294 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #295 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #296 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465    #297 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #298 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #299 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #300 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #301 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #302 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #303 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #304 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #305 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #306 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #307 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #308 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #309 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #310 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
    #311 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465
    #312 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
    #313 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438
    #314 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620
    #315 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685
SUMMARY: AddressSanitizer: stack-overflow (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeacf) in __interceptor_malloc
==5120==ABORTING

Best regards,
Xingwei Lin of Ant-financial Light-Year Security Lab


------------------------------------------------------------------
发件人:Richard Hipp <[hidden email]>
发送时间:2019年11月21日(星期四) 19:40
收件人:SQLite mailing list <[hidden email]>
抄 送:林性伟(林以) <[hidden email]>
主 题:Re: [sqlite] stack-overflow issue in fts4 module

On 11/20/19, 林性伟(林以) <[hidden email]> wrote:
> Hi all,
>
> I found a stack overflow issue in fts4 module, which is in
> `sqlite-snapshot-201911192122.tar.gz` version.

Thank you for the bug report.

However, your report is not helpful in finding and fixing the problem.
If possible, please send the following information:

(1) The complete stack trace - not just the first 18 levels of the
stack.  This is especially important for a stack-overflow error.

(2) The text of the SQL statement that caused the stack overflow.

(3) The database schema

Thanks.
--
D. Richard Hipp
[hidden email]
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: 回复: stack-overflow issue in fts4 module

OBones
林性伟(林以) wrote:
> Hi,
>
> Sorry to make you inconvenient.
>
> poc, test.sql:
> CREATE VIRTUAL TABLE t0 USING fts4(content=t0,0);
> SELECT count() FROM t0(0);
Maybe I'm completely wrong, but using t0 both as the name of the virtual
table and the source for its content seems to me like the perfect
condition to create a infinite recursion.
The example in the documentation uses two tables:
https://www.sqlite.org/fts3.html#_external_content_fts4_tables_

Regards
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: 回复: stack-overflow issue in fts4 module

Richard Hipp-3
On 11/25/19, OBones <[hidden email]> wrote:
> Maybe I'm completely wrong, but using t0 both as the name of the virtual
> table and the source for its content seems to me like the perfect
> condition to create a infinite recursion.

You are exactly correct in diagnosing the problem.  This is an attack
that we didn't think of.  The recursion is detected and blocked by
check-in https://www.sqlite.org/src/info/2eb997327c2c369c from last
week.

--
D. Richard Hipp
[hidden email]
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users