Red Hat Bugzilla – Bug 428153
segfault using EXPLAIN
Last modified: 2013-04-12 15:29:52 EDT
Description of problem: [dmalcolm@cassandra ~]$ gdb sqlite3 GNU gdb Red Hat Linux (6.5-16.el5rh) Copyright (C) 2006 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-redhat-linux-gnu"...Using host libthread_db library "/lib/libthread_db.so.1". (gdb) run Starting program: /usr/bin/sqlite3 [Thread debugging using libthread_db enabled] [New Thread -1208596800 (LWP 18243)] SQLite version 3.3.6 Enter ".help" for instructions sqlite> create table foo ( bar varchar(40) ); sqlite> select * from foo; sqlite> explain select * from foo; Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1208596800 (LWP 18243)] 0x42807353 in strlen () from /lib/libc.so.6 (gdb) bt #0 0x42807353 in strlen () from /lib/libc.so.6 #1 0x42a917e7 in sqlite3VdbeList (p=0x85e5c38) at ./src/vdbeaux.c:659 #2 0x42a8ed9f in sqlite3_step (pStmt=0x85e5c38) at ./src/vdbeapi.c:219 #3 0x42a97655 in sqlite3_exec (db=0x85e2058, zSql=0x85e5f90 "explain select * from foo;", xCallback=0x8049fc0 <callback>, pArg=0xbfca962c, pzErrMsg=0xbfca95d8) at ./src/legacy.c:78 #4 0x0804cae1 in process_input (p=0xbfca962c, in=0x0) at ./src/shell.c:1495 #5 0x0804d32d in main (argc=1, argv=0xbfcaabe4) at ./src/shell.c:1786 #6 0x427b0dec in __libc_start_main () from /lib/libc.so.6 #7 0x08049171 in _start () (gdb) up #1 0x42a917e7 in sqlite3VdbeList (p=0x85e5c38) at ./src/vdbeaux.c:659 659 pMem->n = strlen(pMem->z); (gdb) p *pMem $1 = {i = 0, r = 0, z = 0x8000 <Address 0x8000 out of bounds>, n = 0, flags = 162, type = 0 '\0', enc = 0 '\0', xDel = 0, zShort = '\0' <repeats 31 times>} Version-Release number of selected component (if applicable): sqlite-3.3.6-2 How reproducible: 100%
Easily reproduced in 3.3.6, appears fixed in at least >= 3.4.2...
Created attachment 291242 [details] Fix opcode name generation The problem is that opcode names are supposed to be automatically generated during build but 3.3.6 uses invalid options to sort which breaks the autogeneration completely. So when "explain" attempts to look up string describing an opcode it tries to access array items that simply aren't there... Attached patch from upstream CVS fixes the opcode generation and this crash.
*** Bug 435696 has been marked as a duplicate of this bug. ***
This request was evaluated by Red Hat Product Management for inclusion, but this component is not scheduled to be updated in the current Red Hat Enterprise Linux release. If you would like this request to be reviewed for the next minor release, ask your support representative to set the next rhel-x.y flag to "?".
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-0441.html