Bug 428153 - segfault using EXPLAIN
Summary: segfault using EXPLAIN
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: sqlite
Version: 5.0
Hardware: All
OS: Linux
Target Milestone: rc
: ---
Assignee: Panu Matilainen
QA Contact:
: 435696 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2008-01-09 17:32 UTC by Dave Malcolm
Modified: 2018-10-20 00:14 UTC (History)
4 users (show)

Clone Of:
Last Closed: 2009-04-22 12:50:09 UTC

Attachments (Terms of Use)
Fix opcode name generation (2.00 KB, patch)
2008-01-10 07:46 UTC, Panu Matilainen
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2009:0441 normal SHIPPED_LIVE sqlite bug fix update 2009-04-22 12:50:06 UTC

Description Dave Malcolm 2008-01-09 17:32:37 UTC
Description of problem:
[dmalcolm@cassandra ~]$ gdb sqlite3 
GNU gdb Red Hat Linux (6.5-16.el5rh)
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...Using host libthread_db
library "/lib/libthread_db.so.1".

(gdb) run
Starting program: /usr/bin/sqlite3 
[Thread debugging using libthread_db enabled]
[New Thread -1208596800 (LWP 18243)]
SQLite version 3.3.6
Enter ".help" for instructions
sqlite> create table foo ( bar varchar(40) );
sqlite> select * from foo;
sqlite> explain select * from foo;

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1208596800 (LWP 18243)]
0x42807353 in strlen () from /lib/libc.so.6
(gdb) bt
#0  0x42807353 in strlen () from /lib/libc.so.6
#1  0x42a917e7 in sqlite3VdbeList (p=0x85e5c38) at ./src/vdbeaux.c:659
#2  0x42a8ed9f in sqlite3_step (pStmt=0x85e5c38) at ./src/vdbeapi.c:219
#3  0x42a97655 in sqlite3_exec (db=0x85e2058, zSql=0x85e5f90 "explain select *
from foo;", 
    xCallback=0x8049fc0 <callback>, pArg=0xbfca962c, pzErrMsg=0xbfca95d8) at
#4  0x0804cae1 in process_input (p=0xbfca962c, in=0x0) at ./src/shell.c:1495
#5  0x0804d32d in main (argc=1, argv=0xbfcaabe4) at ./src/shell.c:1786
#6  0x427b0dec in __libc_start_main () from /lib/libc.so.6
#7  0x08049171 in _start ()
(gdb) up
#1  0x42a917e7 in sqlite3VdbeList (p=0x85e5c38) at ./src/vdbeaux.c:659
659         pMem->n = strlen(pMem->z);
(gdb) p *pMem
$1 = {i = 0, r = 0, z = 0x8000 <Address 0x8000 out of bounds>, n = 0, flags = 162, 
  type = 0 '\0', enc = 0 '\0', xDel = 0, zShort = '\0' <repeats 31 times>}

Version-Release number of selected component (if applicable):

How reproducible:

Comment 1 Panu Matilainen 2008-01-10 06:56:28 UTC
Easily reproduced in 3.3.6, appears fixed in at least >= 3.4.2...

Comment 2 Panu Matilainen 2008-01-10 07:46:30 UTC
Created attachment 291242 [details]
Fix opcode name generation

The problem is that opcode names are supposed to be automatically generated
during build but 3.3.6 uses invalid options to sort which breaks the
autogeneration completely. So when "explain" attempts to look up string
describing an opcode it tries to access array items that simply aren't there...

Attached patch from upstream CVS fixes the opcode generation and this crash.

Comment 3 Panu Matilainen 2008-03-03 13:08:33 UTC
*** Bug 435696 has been marked as a duplicate of this bug. ***

Comment 5 RHEL Product and Program Management 2008-07-21 23:07:37 UTC
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. If you would like
this request to be reviewed for the next minor release, ask your
support representative to set the next rhel-x.y flag to "?".

Comment 22 errata-xmlrpc 2009-04-22 12:50:09 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.