Public bug reported: Ubuntu version: 18.04 sqlite version:3.22
Hello,I found some potential bugs in package sqlite3,and the .docx file in the attachment I uploaded shows the occurrence process of the bug in a graphical way.Would you help me check whether the bugs mentioned below are true? Thank you very much for your patience. In file sqlite3/build/sqlite3.c(build is a folder contain files generated by configure) In function sqlite3VtabCallDestroy In line 128391.There is a statement load return value of function vtabDisconnectedAll to pointer p and return value can be null. In line 128392.There is a statment derefer p without check. The entire graphic description is shown in figure 1 in .docx file. In sqlite3-3.22.0/src/tclsqlite.c In function dbReleaseStmt In line 1421: pointer pPrev is initilized to null,and in a certain path,the value of pPrev not be changed and derefered without check. The entire graphic description is shown in figure 2 in .docx file. In file sqlite3/build/sqlite3.c(build is a folder contain files generated by configure) In function vdbeSorterFlushPMA In line 89710,pointer pTask is derefered without check and its value can be null. The entire graphic description is shown in figure 3 in .docx file. In file sqlite3/build/sqlite3.c(build is a folder contain files generated by configure) In function sqlite3CodeRowTriggerDirect In line 126110: pointer v load return value of function sqliteGetVdbe and its value can be null. In line 126120: pointer v act as the 1st parameter of function sqlite3VdbeAddOp4 and in this function,v will derefer without check. The entire graphic description is shown in figure 4 in .docx file. In file sqlite3/build/sqlite3.c(build is a folder contain files generated by configure) In function sqlite3_randomness In line 27774:return value of sqlite3_vfs_find which can be null act as the 1st parameter of function sqlite3OsRandomness,in this function,return value of sqlite3_vfs_find is derefered without check. The entire graphic description is shown in figure 5 in .docx file. In file sqlite3/build/shell.c(build is a folder contain files generated by configure) In function process_input In line 14653: zSql is initialized to null and in certain path,the value of zSql not be changed and derefered without check. The entire graphic description is shown in figure 6 in .docx file. In file sqlite3/build/shell.c(build is a folder contain files generated by configure) In function sqlite3_appendvfs_init In line 3949: return value of function sqlite3_vfs_fund which can be null is loaded to pOrig In line 3950: pOrig is derefered without check The entire graphic description is shown in figure 7 in .docx file. In file sqlite3/build/sqlite3.c(build is a folder contain files generated by configure) In function fts3IncrmergeChomp In line 163794: pSeg is initialized to null. In line 163803: pSeg is derefered without check The entire graphic description is shown in figure 8 in .docx file. ** Affects: sqlite3 (Ubuntu) Importance: Undecided Status: New ** Attachment added: "null_pointer_dereference.docx" https://bugs.launchpad.net/bugs/1940353/+attachment/5518656/+files/null_pointer_dereference.docx -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1940353 Title: Several potential bugs of null pointer dereference To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1940353/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs