php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #55949 sqlite crashes
Submitted: 2004-01-07 01:05 UTC Modified: 2004-01-14 16:17 UTC
From: mike at blueroot dot net Assigned: wez (profile)
Status: Closed Package: SQLite (PECL)
PHP Version: 4.3.3 OS: Linux (Mandrake 9.1)
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: mike at blueroot dot net
New email:
PHP Version: OS:

 

 [2004-01-07 01:05 UTC] mike at blueroot dot net
Description:
------------
SQLite crashes under certain circumstances

Reproduce code:
---------------
$db = sqlite_open('database/my.db');
$table = 'Transactions';

$new = ", transaction_buyer_email varchar(60), transaction_buyer_id varchar(60)";
$tmp_table = $table.'_tmp';
$sql = "SELECT sql FROM sqlite_master WHERE type='table' and name='$table';";
$res = sqlite_query($sql, $db);

$row = sqlite_fetch_array($res);
$orig_db_sql = $row[0];
$tmp_db_sql = str_replace("TABLE $table", "TABLE {$table}_tmp", $orig_db_sql);

$matches = array();
preg_match("/\((.*)\)/", $orig_db_sql, $matches);
$columns = $matches[1];
$columns_array = split(", ", $columns);
foreach ($columns_array as $column){
    list($name, $type) = split(" ", $column);
    $original[$name] = $type;
}

$tmp_res = sqlite_query($tmp_db_sql, $db);
$move_res = sqlite_query("INSERT INTO {$table}_tmp SELECT * FROM $table", $db);
$drop_res = sqlite_query("DROP TABLE $table", $db);
echo $sql = "CREATE TABLE $table ($columns $new)";
$create_res = sqlite_query($sql, $db);
$just_columns = join(",", array_keys($original));
$sql = "INSERT INTO $table($columns) SELECT * FROM {$table}_tmp";
$move_back_res = sqlite_query($sql, $db);
$drop_tmp_res = sqlite_query("DROP TABLE {$table}_tmp", $db);


Expected result:
----------------
There is a bug in the above code, but it crashes the second (and subsequent times), it should return some error from the database.

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 18054)]
sqlite_step (pVm=0x0, pN=0x81ffe68, pazValue=0xbfffc304, pazColName=0xbfffc308)
    at /tmp/tmpt95nZ8/SQLite-1.0/libsqlite/src/vdbe.c:801
801     /tmp/tmpt95nZ8/SQLite-1.0/libsqlite/src/vdbe.c: No such file or directory.
        in /tmp/tmpt95nZ8/SQLite-1.0/libsqlite/src/vdbe.c
(gdb) bt
#0  sqlite_step (pVm=0x0, pN=0x81ffe68, pazValue=0xbfffc304, pazColName=0xbfffc308)
    at /tmp/tmpt95nZ8/SQLite-1.0/libsqlite/src/vdbe.c:801
#1  0x404cfdc9 in php_sqlite_fetch (rres=0x81ffe5c) at /tmp/tmpt95nZ8/SQLite-1.0/sqlite.c:876
#2  0x404d01e5 in sqlite_query (db=0x82002fc, sql=0x81ff78c "", sql_len=0, mode=0, buffered=0,
    return_value=0x81ff254, rres=0x81ffe5c) at /tmp/tmpt95nZ8/SQLite-1.0/sqlite.c:988
#3  0x404d048e in zif_sqlite_query (ht=2, return_value=0x81ff254, this_ptr=0x0, return_value_used=1)
    at /tmp/tmpt95nZ8/SQLite-1.0/sqlite.c:1064
#4  0x08130ed4 in execute (op_array=0x81fc2e4)
    at /home/mike/software/php/php-4.3.3/Zend/zend_execute.c:1616
#5  0x08125818 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/mike/software/php/php-4.3.3/Zend/zend.c:885
#6  0x081028ed in php_execute_script (primary_file=0xbffff6a0)
    at /home/mike/software/php/php-4.3.3/main/main.c:1723
#7  0x08135cd5 in main (argc=2, argv=0xbffff724)
    at /home/mike/software/php/php-4.3.3/sapi/cli/php_cli.c:818
#8  0x4035dc57 in __libc_start_main () from /lib/i686/libc.so.6


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-01-14 16:06 UTC] ilia at prohost dot org
Re-opening as a PHP bug #26911.   
   
In the future please report sqlite bugs on   
http://bugs.php.net, thank you.
 [2004-01-14 16:17 UTC] iliaa@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.


 [2007-10-18 20:12 UTC] fdf at fgh dot hgj
http://www.forex.co.ir
http://www.meta-fx.com
forex    ?????
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 30 14:01:28 2024 UTC