[sqlite-dev] SQLite 3.28.0 and trunk: Segmentation fault in fuzzcheck
Arfrever Frehtes Taifersar Arahesis
SQLite 3.28.0 and newest revision of trunk fail fuzztest target in test suite
when some specific options are enabled.
Steps to reproduce:
export CFLAGS="-DSQLITE_ENABLE_EXPLAIN_COMMENTS -DSQLITE_ENABLE_ICU -DSQLITE_ENABLE_STMT_SCANSTATUS -DSQLITE_ENABLE_STMTVTAB"
sed -e "s/^TLIBS = @LIBS@/& -licui18n -licuuc/" -i Makefile.in
./configure --enable-fts5
make
make test
Output of 'make test':
...
./fuzzcheck --limit-mem 100M /tmp/sqlite/test/fuzzdata1.db /tmp/sqlite/test/fuzzdata2.db /tmp/sqlite/test/fuzzdata3.db /tmp/sqlite/test/fuzzdata4.db /tmp/sqlite/test/fuzzdata5.db /tmp/sqlite/test/fuzzdata6.db /tmp/sqlite/test/fuzzdata7.db /tmp/sqlite/test/fuzzdata8.db
fuzzdata1.db: SQL fuzz as of 2015-06-20
fuzzdata1.db: 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% - 9903 tests
fuzzdata2.db: SQL tests from Michal Zalewski on 2015-05-01
fuzzdata2.db: 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% - 9959 tests
fuzzdata3.db: Database fuzz as of 2015-06-24
fuzzdata3.db: 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% - 2316 tests
fuzzdata4.db: JSON1 test cases as of 2015-09-23
fuzzdata4.db: 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% - 2575 tests
fuzzdata5.db: Test cases received from the OSS-FUZZ project
fuzzdata5.db: 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% - 8834 tests
fuzzdata6.db: Test cases for UPSERT
fuzzdata6.db: 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% - 3896 tests
fuzzdata7.db: DB cases created using dbfuzz2
fuzzdata7.db: 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% - 8133 tests
fuzzdata8.db: Interesting dbsqlfuzz cases from 2019-01-24
fuzzdata8.db: 0% 10% 20% 30%make: *** [Makefile:1247: fastfuzztest] Segmentation fault
Output of gdb ('gdb --args ./fuzzcheck ...'):
...
(gdb) r
...
fuzzdata1.db: SQL fuzz as of 2015-06-20
fuzzdata1.db: 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% - 9903 tests
fuzzdata2.db: SQL tests from Michal Zalewski on 2015-05-01
fuzzdata2.db: 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% - 9959 tests
fuzzdata3.db: Database fuzz as of 2015-06-24
fuzzdata3.db: 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% - 2316 tests
fuzzdata4.db: JSON1 test cases as of 2015-09-23
fuzzdata4.db: 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% - 2575 tests
fuzzdata5.db: Test cases received from the OSS-FUZZ project
fuzzdata5.db: 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% - 8834 tests
fuzzdata6.db: Test cases for UPSERT
fuzzdata6.db: 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% - 3896 tests
fuzzdata7.db: DB cases created using dbfuzz2
fuzzdata7.db: 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% - 8133 tests
fuzzdata8.db: Interesting dbsqlfuzz cases from 2019-01-24
fuzzdata8.db: 0% 10% 20% 30%
Program received signal SIGSEGV, Segmentation fault.
0x000055555558cb01 in cellSizePtr ()
(gdb) bt
#0 0x000055555558cb01 in cellSizePtr ()
#1 0x0000555555595bea in computeCellSize ()
#2 0x0000555555595c83 in cachedCellSize ()
#3 0x0000555555597bf3 in balance_nonroot ()
#4 0x0000555555599209 in balance ()
#5 0x0000555555599c15 in sqlite3BtreeInsert ()
#6 0x00005555555b497e in sqlite3VdbeExec ()
#7 0x00005555555aa947 in sqlite3Step ()
#8 0x00005555555aabbb in sqlite3_step ()
#9 0x0000555555560c67 in runDbSql ()
#10 0x000055555556118c in runCombinedDbSqlInput ()
#11 0x000055555556400b in main ()
--
Arfrever Frehtes Taifersar Arahesis
_______________________________________________
sqlite-dev mailing list
sqlit...@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-dev
Richard Hipp
> SQLite 3.27.2 passes fuzztest target in test suite.
> SQLite 3.28.0 and newest revision of trunk fail fuzztest target in test
> suite
> when some specific options are enabled.
Should be fixed on trunk now.
--
D. Richard Hipp
d...@sqlite.org
Arfrever Frehtes Taifersar Arahesis
> On 5/2/19, Arfrever Frehtes Taifersar Arahesis <arfrev...@gmail.com>
> wrote:
>> SQLite 3.27.2 passes fuzztest target in test suite.
>> SQLite 3.28.0 and newest revision of trunk fail fuzztest target in test
>> suite
>> when some specific options are enabled.
>
> Should be fixed on trunk now.
I confirm that https://sqlite.org/src/info/c509d8a8aebe0da4 works for me.
--
Arfrever Frehtes Taifersar Arahesis