selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error. Reference and upstream commit: https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387
Created mingw-sqlite tracking bugs for this issue: Affects: epel-7 [bug 1791315] Affects: fedora-all [bug 1791316] Created sqlite tracking bugs for this issue: Affects: fedora-all [bug 1791317]
There seems to be a reproducer in the upstream commit: [huzaifas@babylon ~]$ cat a.sql CREATE TABLE v0 (a); CREATE VIEW v2 (v3) AS WITH x1 AS (SELECT * FROM v2) SELECT v3 AS x, v3 AS y FROM v2; SELECT * FROM v2; [huzaifas@babylon ~]$ sqlite3 < a.sql Segmentation fault (core dumped) [huzaifas@babylon ~]$ Valgrind suggests that the problem is conditional jump based on uninitialized value and corresponding OOB read.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4442 https://access.redhat.com/errata/RHSA-2020:4442
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-20218