[sqlite] sqlite-3.31.0 segfaults on fuzzcheck on s390x architectures

2020-01-27 Thread Ondrej Dubaj 
Hi,

I came across a problem during mate test, where fuzzcheck ends with
segfault.
The problem appears to be only on this arches. Other architectures are
working fine.

Build here:

https://koji.fedoraproject.org/koji/taskinfo?taskID=40950404

Log:

./fuzzcheck /builddir/build/BUILD/sqlite-src-331/test/fuzzdata1.db
/builddir/build/BUILD/sqlite-src-331/test/fuzzdata2.db
/builddir/build/BUILD/sqlite-src-331/test/fuzzdata3.db
/builddir/build/BUILD/sqlite-src-331/test/fuzzdata4.db
/builddir/build/BUILD/sqlite-src-331/test/fuzzdata5.db
/builddir/build/BUILD/sqlite-src-331/test/fuzzdata6.db
/builddir/build/BUILD/sqlite-src-331/test/fuzzdata7.db
/builddir/build/BUILD/sqlite-src-331/test/fuzzdata8.db
fuzzdata1.db: SQL fuzz
fuzzdata1.db: 0% 10% 20% 30% 40% 50% 60% 70%./fuzzcheck
/builddir/build/BUILD/sqlite-src-331/test/fuzzdata1.db
(sqlid=7726,dbid=1): segfault
make: *** [Makefile:1242: fuzztest] Error 1

Ondrej
___
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

[sqlite] bug on zPath length

2020-01-23 Thread Ondrej Dubaj 
Hi,

I discovered an issue found by coverity scan.
sqlite-src-326/shell.c:5697: var_compare_op: Comparing "zFree" to null
implies that "zFree" might be null.
sqlite-src-326/shell.c:5698: alias_transfer: Assigning: "zPath" =
"zFree".
sqlite-src-326/shell.c:5699: var_deref_model: Passing null pointer
"zPath" to "strlen", which dereferences it.
# 5697| if( zFree==0 ){ rc = SQLITE_NOMEM; }
# 5698| zPath = (const char*)zFree;
# 5699|-> nPath = (int)strlen(zPath);
# 5700| }
# 5701| }

It sais that ZPath can be NULL during strlen() action. I have made a patch,
which seems to solve this issue. Can you please confirm or discomfirm my
cheanges?

diff --git a/ext/misc/zipfile.c b/ext/misc/zipfile.c
index e6141ef..1f214a4 100644
--- a/ext/misc/zipfile.c
+++ b/ext/misc/zipfile.c
@@ -1630,9 +1630,12 @@ static int zipfileUpdate(
** otherwise. */
if( zPath[nPath-1]!='/' ){
zFree = sqlite3_mprintf("%s/", zPath);
- if( zFree==0 ){ rc = SQLITE_NOMEM; }
- zPath = (const char*)zFree;
- nPath = (int)strlen(zPath);
+ if( zFree==0 ){
+ rc = SQLITE_NOMEM;
+ } else {
+ zPath = (const char*)zFree;
+ nPath = (int)strlen(zPath);
+ }
}
}
___
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users