Bug 428153

Summary: segfault using EXPLAIN
Product: Red Hat Enterprise Linux 5 Reporter: Dave Malcolm <dmalcolm>
Component: sqliteAssignee: Panu Matilainen <pmatilai>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: 5.0CC: msusta, riek, syeghiay, tao
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-04-22 12:50:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Fix opcode name generation none

Description Dave Malcolm 2008-01-09 17:32:37 UTC 
Description of problem:
[dmalcolm@cassandra ~]$ gdb sqlite3 
GNU gdb Red Hat Linux (6.5-16.el5rh)
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...Using host libthread_db
library "/lib/libthread_db.so.1".

(gdb) run
Starting program: /usr/bin/sqlite3 
[Thread debugging using libthread_db enabled]
[New Thread -1208596800 (LWP 18243)]
SQLite version 3.3.6
Enter ".help" for instructions
sqlite> create table foo ( bar varchar(40) );
sqlite> select * from foo;
sqlite> explain select * from foo;

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1208596800 (LWP 18243)]
0x42807353 in strlen () from /lib/libc.so.6
(gdb) bt
#0  0x42807353 in strlen () from /lib/libc.so.6
#1  0x42a917e7 in sqlite3VdbeList (p=0x85e5c38) at ./src/vdbeaux.c:659
#2  0x42a8ed9f in sqlite3_step (pStmt=0x85e5c38) at ./src/vdbeapi.c:219
#3  0x42a97655 in sqlite3_exec (db=0x85e2058, zSql=0x85e5f90 "explain select *
from foo;", 
    xCallback=0x8049fc0 <callback>, pArg=0xbfca962c, pzErrMsg=0xbfca95d8) at
./src/legacy.c:78
#4  0x0804cae1 in process_input (p=0xbfca962c, in=0x0) at ./src/shell.c:1495
#5  0x0804d32d in main (argc=1, argv=0xbfcaabe4) at ./src/shell.c:1786
#6  0x427b0dec in __libc_start_main () from /lib/libc.so.6
#7  0x08049171 in _start ()
(gdb) up
#1  0x42a917e7 in sqlite3VdbeList (p=0x85e5c38) at ./src/vdbeaux.c:659
659         pMem->n = strlen(pMem->z);
(gdb) p *pMem
$1 = {i = 0, r = 0, z = 0x8000 <Address 0x8000 out of bounds>, n = 0, flags = 162, 
  type = 0 '\0', enc = 0 '\0', xDel = 0, zShort = '\0' <repeats 31 times>}


Version-Release number of selected component (if applicable):
sqlite-3.3.6-2

How reproducible:
100%
Comment 1 Panu Matilainen 2008-01-10 06:56:28 UTC 
Easily reproduced in 3.3.6, appears fixed in at least >= 3.4.2...
Comment 2 Panu Matilainen 2008-01-10 07:46:30 UTC 
Created attachment 291242 [details]
Fix opcode name generation

The problem is that opcode names are supposed to be automatically generated
during build but 3.3.6 uses invalid options to sort which breaks the
autogeneration completely. So when "explain" attempts to look up string
describing an opcode it tries to access array items that simply aren't there...


Attached patch from upstream CVS fixes the opcode generation and this crash.
Comment 3 Panu Matilainen 2008-03-03 13:08:33 UTC 
*** Bug 435696 has been marked as a duplicate of this bug. ***
Comment 5 RHEL Program Management 2008-07-21 23:07:37 UTC 
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. If you would like
this request to be reviewed for the next minor release, ask your
support representative to set the next rhel-x.y flag to "?".
Comment 22 errata-xmlrpc 2009-04-22 12:50:09 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-0441.html