Bug 428153 - segfault using EXPLAIN
segfault using EXPLAIN
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: sqlite (Show other bugs)
5.0
All Linux
low Severity low
: rc
: ---
Assigned To: Panu Matilainen
:
: 435696 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-01-09 12:32 EST by Dave Malcolm
Modified: 2013-04-12 15:29 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-04-22 08:50:09 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Fix opcode name generation (2.00 KB, patch)
2008-01-10 02:46 EST, Panu Matilainen
no flags Details | Diff

  None (edit)
Description Dave Malcolm 2008-01-09 12:32:37 EST
Description of problem:
[dmalcolm@cassandra ~]$ gdb sqlite3 
GNU gdb Red Hat Linux (6.5-16.el5rh)
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...Using host libthread_db
library "/lib/libthread_db.so.1".

(gdb) run
Starting program: /usr/bin/sqlite3 
[Thread debugging using libthread_db enabled]
[New Thread -1208596800 (LWP 18243)]
SQLite version 3.3.6
Enter ".help" for instructions
sqlite> create table foo ( bar varchar(40) );
sqlite> select * from foo;
sqlite> explain select * from foo;

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1208596800 (LWP 18243)]
0x42807353 in strlen () from /lib/libc.so.6
(gdb) bt
#0  0x42807353 in strlen () from /lib/libc.so.6
#1  0x42a917e7 in sqlite3VdbeList (p=0x85e5c38) at ./src/vdbeaux.c:659
#2  0x42a8ed9f in sqlite3_step (pStmt=0x85e5c38) at ./src/vdbeapi.c:219
#3  0x42a97655 in sqlite3_exec (db=0x85e2058, zSql=0x85e5f90 "explain select *
from foo;", 
    xCallback=0x8049fc0 <callback>, pArg=0xbfca962c, pzErrMsg=0xbfca95d8) at
./src/legacy.c:78
#4  0x0804cae1 in process_input (p=0xbfca962c, in=0x0) at ./src/shell.c:1495
#5  0x0804d32d in main (argc=1, argv=0xbfcaabe4) at ./src/shell.c:1786
#6  0x427b0dec in __libc_start_main () from /lib/libc.so.6
#7  0x08049171 in _start ()
(gdb) up
#1  0x42a917e7 in sqlite3VdbeList (p=0x85e5c38) at ./src/vdbeaux.c:659
659         pMem->n = strlen(pMem->z);
(gdb) p *pMem
$1 = {i = 0, r = 0, z = 0x8000 <Address 0x8000 out of bounds>, n = 0, flags = 162, 
  type = 0 '\0', enc = 0 '\0', xDel = 0, zShort = '\0' <repeats 31 times>}


Version-Release number of selected component (if applicable):
sqlite-3.3.6-2

How reproducible:
100%
Comment 1 Panu Matilainen 2008-01-10 01:56:28 EST
Easily reproduced in 3.3.6, appears fixed in at least >= 3.4.2...
Comment 2 Panu Matilainen 2008-01-10 02:46:30 EST
Created attachment 291242 [details]
Fix opcode name generation

The problem is that opcode names are supposed to be automatically generated
during build but 3.3.6 uses invalid options to sort which breaks the
autogeneration completely. So when "explain" attempts to look up string
describing an opcode it tries to access array items that simply aren't there...


Attached patch from upstream CVS fixes the opcode generation and this crash.
Comment 3 Panu Matilainen 2008-03-03 08:08:33 EST
*** Bug 435696 has been marked as a duplicate of this bug. ***
Comment 5 RHEL Product and Program Management 2008-07-21 19:07:37 EDT
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. If you would like
this request to be reviewed for the next minor release, ask your
support representative to set the next rhel-x.y flag to "?".
Comment 22 errata-xmlrpc 2009-04-22 08:50:09 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-0441.html

Note You need to log in before you can comment on or make changes to this bug.