[sqlite] Assertion failed in Sqlite

2019-12-28 Thread Bigthing Do 
Hi,

We found a assertion bug in sqlite3, here is the poc:

—
CREATE TABLE v0 ( v1 CHAR(25) , v2 INTEGER UNIQUE ON CONFLICT ABORT NOT NULL 
PRIMARY KEY CHECK( datetime ( lower ( v2 ) , NOT lower ( v1 / 1 ) ) == 'MED 
PACK' NOT LIKE v2 ) ) ; CREATE TRIGGER alias AFTER INSERT ON v0 BEGIN INSERT OR 
REPLACE INTO v0 SELECT v1 , SUM ( v2 ) FROM v0 GROUP BY v2 ORDER BY 'SM PACK' ; 
END ; CREATE TRIGGER x INSERT ON v0 BEGIN UPDATE v0 SET v1 = quote ( v2 ) WHERE 
v2 IN ( SELECT v2 FROM v0 ORDER BY v1 ) ; END ; INSERT INTO v0 VALUES ( 10 , 1 
) ; INSERT INTO v0 VALUES ( 'Al' , 10 ) ; INSERT INTO v0 ( v1 ) VALUES ( 10 ) 
,( 0 ) ,( 99 ) ,( 9223372036854775807 ) ,( 3 ) ,( 10 ) ; UPDATE v0 SET v2 = ( 
SELECT max ( v2 ) AS y FROM v0 AS v WHERE v2 = 10 AND v1 MATCH v0 . v1 ) ; 
SELECT v1 BETWEEN v2 AND '!INSERT INTO test VALUES (1, 0, 0); !INSERT INTO test 
VALUES (0, 1, 0); !INSERT INTO test VALUES (0, 0, null);’ ;


int sqlite3BtreeInsert(BtCursor *, const BtreePayload *, int, int): Assertion 
`pCur->curFlags & BTCF_ValidNKey' failed.
—
This bug is reported before but seems not completely fixed.
This bug exists in the latest development code and release code. We will be 
appreciated if we can be noticed with the commit the bug gets fixed.

Yongheng & Rui
___
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] Bug Report

2019-12-27 Thread Bigthing Do 
Hi,

We tried debugging a little bit with the core dump, it crashes with a null 
reference actually:

`
Program received signal SIGSEGV, Segmentation fault.
[--registers---]
RAX: 0x74 ('t')
RBX: 0x782550 --> 0x76b088 --> 0x1
RCX: 0x61 ('a')
RDX: 0x0
RSI: 0x0
RDI: 0x782098 --> 0x31656c626174 ('table1')
RBP: 0x782548 --> 0x10001
RSP: 0x7fffb6b0 --> 0x78d1b0 --> 0x78d1e8 --> 0x50804496
RIP: 0x4b4237 (:movzx  ecx,BYTE PTR [rdx+rsi*1])
R8 : 0x77d0e8 --> 0x1
R9 : 0x0
R10: 0x77d0f8 --> 0x0
R11: 0x0
R12: 0x1
R13: 0x7fffc680 --> 0x76a9b8 --> 0x73c300 --> 0x780003
R14: 0x7fffc680 --> 0x76a9b8 --> 0x73c300 --> 0x780003
R15: 0x0
EFLAGS: 0x10246 (carry PARITY adjust ZERO sign trap INTERRUPT direction 
overflow)
[-code-]
   0x4b422d :   jne0x4b4270 
   0x4b422f :   addrsi,0x1
   0x4b4233 :   movzx  eax,BYTE PTR [rdi+rsi*1]
=> 0x4b4237 :   movzx  ecx,BYTE PTR [rdx+rsi*1]
`

We got the same result if we debug with address sanitizer, not an out of memory 
error.


Thanks,
Ming Jia

> On Dec 27, 2019, at 2:56 PM, Keith Medcalf  wrote:
> 
> 
> On Friday, 27 December, 2019 12:50, Igor Korot  wrote:
> 
>> On Fri, Dec 27, 2019 at 12:57 PM Bigthing Do  wrote:
> 
>>> We met an accidental crash in sqlite with the following sample:
> 
>>> CREATE VIEW table1 ( col1 , col2 ) AS WITH aaa AS ( SELECT * FROM table1 ) 
>>> SELECT col2 FROM table1 ORDER BY 1 ;
>>> WITH aaa AS ( SELECT * FROM table1 ) SELECT col1 , rank () OVER( ORDER BY 
>>> col1 DESC ) FROM table1 ;
> 
>> Could you please provide the schema for table1?
> 
> table1 is a circular view ... that is table1 is a view that tries to select 
> from table1 which is a view which selects from table1 which is a view which 
> selects from table1 ... until eventually all memory and stack is consumed and 
> sqlite crashes.
> 
> -- 
> The fact that there's a Highway to Hell but only a Stairway to Heaven says a 
> lot about anticipated traffic volume.
> 
> 
> 
> 
> ___
> sqlite-users mailing list
> sqlite-users@mailinglists.sqlite.org
> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

___
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] Assertion Failed In sqlite3

2019-12-27 Thread Bigthing Do 
Hi Manuel,

Hh, what a coincident. It might be so. The test case looks very different 
though. Let’s wait for Richard to find it out then.

Yongheng & Rui

> On Dec 27, 2019, at 2:03 PM, Manuel Rigger  wrote:
> 
> Hi Yongheng and Rui,
> 
> This might be a duplicate to a bug that I reported, since both test cases
> trigger the same assertion error. See
> https://sqlite.org/src/tktview?name=37823501c6.
> 
> Best,
> Manuel
> 
> On Fri, Dec 27, 2019 at 6:09 PM Yongheng Chen  wrote:
> 
>> Hi,
>> 
>> We found an assertion violation bug in sqlite. Here’s the PoC:
>> —
>> CREATE TABLE v0 ( v1 INTEGER PRIMARY KEY ) ; INSERT INTO v0 VALUES ( 10 )
>> ;
>> SELECT '29' , count () OVER( ORDER BY v1 ) AS m FROM v0 ORDER BY v1 > (
>> SELECT m ) ;
>> —
>> 
>> The bug exists in the latest development code and release code.
>> 
>> Yongheng & Rui
>> ___
>> sqlite-users mailing list
>> sqlite-users@mailinglists.sqlite.org
>> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
>> 
> ___
> sqlite-users mailing list
> sqlite-users@mailinglists.sqlite.org
> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

___
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

[sqlite] Bug Report

2019-12-27 Thread Bigthing Do 
Dear sqlite developers:

We met an accidental crash in sqlite with the following sample: 

CREATE VIEW table1 ( col1 , col2 ) AS WITH aaa AS ( SELECT * FROM table1 ) 
SELECT col2 FROM table1 ORDER BY 1 ;
WITH aaa AS ( SELECT * FROM table1 ) SELECT col1 , rank () OVER( ORDER BY col1 
DESC ) FROM table1 ;


We are using release version of sqlite: `SQLite version 3.30.1 2019-10-10 
20:19:45`

Thanks

Ming Jia
___
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users