PHP :: Bug #28537 :: "SELECT rowid, * FROM <view>" crashes

Bug #28537	"SELECT rowid, * FROM <view>" crashes
Submitted:	2004-05-27 01:10 UTC	Modified:	2004-07-10 15:46 UTC
From:	bhoc at tiscali dot ch	Assigned:
Status:	Not a bug	Package:	SQLite related
PHP Version:	5.0.0RC2	OS:	any
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	bhoc at tiscali dot ch
New email:
PHP Version:		OS:

New Comment:

[2004-05-27 01:10 UTC] bhoc at tiscali dot ch

Description:
------------
"select rowid, * from someview" will crash php.
"select rowid, * from sometable" runs fine.

Result -> cgi will crash, server will close the connection.

This was a bug (#364) in older sqlite versions:
http://www.sqlite.org/cvstrac/tktview?tn=364,16

It seems to have reappeared.

-- 
Ben 


Reproduce code:
---------------
function DumpTable($dbname, $tablename) {
  if ($db = sqlite_open($dbname)) {
    $sql = "select rowid, * from $tablename";
    $res = sqlite_query($db, $sql);
    echo "<table border=\"1\">\n";
    while ($row = sqlite_fetch_array($res)) {
      $fieldnum = sqlite_num_fields($res);
      echo "  <tr>";
      for ($i=0; $i<$fieldnum; $i++) {
         echo "<td>$row[$i]</td>";
      }
      echo "  </tr>\n";
    }
    echo "</table>\n";
    sqlite_close($db);
  } 
}


Expected result:
----------------
Nicely formatted output. :)
Works fine with a plain table; will fail with a view.

Actual result:
--------------
<nothing>, cgi crashes, server closes connection.
Tested under Windows XP and Linux

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-05-27 01:44 UTC] bhoc at tiscali dot ch

before someone asks: same behaviour with
http://snaps.php.net/win32/php5-win32-200405262230.zip

[2004-05-27 08:35 UTC] derick@php.net

Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

[2004-05-27 12:25 UTC] bhoc at tiscali dot ch

My currently available environment does not support creating backtraces, unfortunately.
But I have put a simple php applet in
http://download.pentagroup.ch/phpbug-28537.tar.gz. It will create an sqlite database, populate it, query it, roll over and die. Hope this helps.
-- 
Ben

[2004-05-27 13:19 UTC] bhoc at tiscali dot ch

Okay, I did manage to create a backtrace. A spare machine was well-equipped. :)

$ gdb /usr/bin/php
GNU gdb 5.3
<snip>
(gdb) run selectcrash.php
Starting program: /usr/bin/php selectcrash.php
php: /usr/src/php-5.0.0RC2/ext/sqlite/libsqlite/src/select.c:659: generateColumnTypes: Assertion `j<pTabList->nSrc' failed.

Program received signal SIGABRT, Aborted.
0x400d1ac1 in kill () from /lib/libc.so.6
(gdb) bt
#0  0x400d1ac1 in kill () from /lib/libc.so.6
#1  0x400d16eb in raise () from /lib/libc.so.6
#2  0x400d3127 in abort () from /lib/libc.so.6
#3  0x400cad6a in __assert_fail () from /lib/libc.so.6
#4  0x080b004e in generateColumnTypes (pParse=0x0, pTabList=0x822f060,
    pEList=0x822eb40)
    at /usr/src/php-5.0.0RC2/ext/sqlite/libsqlite/src/select.c:662
#5  0x080b262e in sqliteSelect (pParse=0xbfffcce0, p=0x822ef58, eDest=1,
    iParm=0, pParent=0x0, parentTab=0, pParentAgg=0x0)
    at /usr/src/php-5.0.0RC2/ext/sqlite/libsqlite/src/select.c:2219
#6  0x08099397 in yy_reduce (yypParser=0x82316a8, yyruleno=100) at parse.y:270
#7  0x0809a2cb in sqliteParser (yyp=0x82316a8, yymajor=106, yyminor=
      {z = 0x0, dyn = 0, n = 3}, pParse=0x0) at parse.c:3946
#8  0x080b3648 in sqliteRunParser (pParse=0xbfffcce0,
    zSql=0x401e9b68 "select rowid, * from allinfo", pzErrMsg=0xbfffcdcc)
    at /usr/src/php-5.0.0RC2/ext/sqlite/libsqlite/src/tokenize.c:458
#9  0x080aa191 in sqliteMain (db=0x822b090,
    zSql=0x401e9b68 "select rowid, * from allinfo", xCallback=0, pArg=0x0,
    pzTail=0xbfffcdc8, ppVm=0xbfffcdd4, pzErrMsg=0xbfffcdcc)
    at /usr/src/php-5.0.0RC2/ext/sqlite/libsqlite/src/main.c:631
#10 0x080aa306 in sqlite_compile (db=0x822b090,
    zSql=0x401e9b68 "select rowid, * from allinfo", pzTail=0xbfffcdc8,
    ppVm=0xbfffcdd4, pzErrMsg=0xbfffcdcc)
    at /usr/src/php-5.0.0RC2/ext/sqlite/libsqlite/src/main.c:696
#11 0x08095b27 in sqlite_query (object=0x0, db=0x401f05ac,
    sql=0x401e9b68 "select rowid, * from allinfo", sql_len=28, mode=0,
    buffered=1, return_value=0x401e9c6c, prres=0x0)
    at /usr/src/php-5.0.0RC2/ext/sqlite/sqlite.c:1464
#12 0x080961fa in zif_sqlite_query (ht=1075774892, return_value=0x401e9c6c,
    this_ptr=0x0, return_value_used=1)
    at /usr/src/php-5.0.0RC2/ext/sqlite/sqlite.c:1669
#13 0x081779a6 in zend_do_fcall_common_helper (execute_data=0xbfffd580,
    opline=0x401f2ca4, op_array=0x822f4e8)
    at /usr/src/php-5.0.0RC2/Zend/zend_execute.c:2699
#14 0x08177f03 in zend_do_fcall_handler (execute_data=0xbfffd580,
    opline=0x401f2ca4, op_array=0x822f4e8)
    at /usr/src/php-5.0.0RC2/Zend/zend_execute.c:2828
#15 0x08175032 in execute (op_array=0x822f4e8)
    at /usr/src/php-5.0.0RC2/Zend/zend_execute.c:1391
#16 0x08177ab6 in zend_do_fcall_common_helper (execute_data=0xbfffd760,
    opline=0x401e97e4, op_array=0x401e8d68)
    at /usr/src/php-5.0.0RC2/Zend/zend_execute.c:2728
#17 0x08177f03 in zend_do_fcall_handler (execute_data=0xbfffd760,
    opline=0x401e97e4, op_array=0x401e8d68)
    at /usr/src/php-5.0.0RC2/Zend/zend_execute.c:2828
#18 0x08175032 in execute (op_array=0x401e8d68)
    at /usr/src/php-5.0.0RC2/Zend/zend_execute.c:1391
#19 0x0815b3e4 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /usr/src/php-5.0.0RC2/Zend/zend.c:1058
#20 0x0812b912 in php_execute_script (primary_file=0xbffffb00)
    at /usr/src/php-5.0.0RC2/main/main.c:1630
#21 0x0817eec8 in main (argc=2, argv=0xbffffb94)
    at /usr/src/php-5.0.0RC2/sapi/cgi/cgi_main.c:1562
#22 0x400bdd06 in __libc_start_main () from /lib/libc.so.6
(gdb) frame 4
#4  0x080b004e in generateColumnTypes (pParse=0x0, pTabList=0x822f060,
    pEList=0x822eb40)
    at /usr/src/php-5.0.0RC2/ext/sqlite/libsqlite/src/select.c:662
662           assert( iCol==-1 || (iCol>=0 && iCol<pTab->nCol) );

-- 
Ben

[2004-06-17 10:29 UTC] bhoc at tiscali dot ch

Same problem in 5.0.0RC3... :-(
-- 
Ben

[2004-07-10 15:08 UTC] wez@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip

[2004-07-10 15:34 UTC] bhoc at tiscali dot ch

Still crashes. (checked with windows version) :-(

[2004-07-10 15:46 UTC] wez@php.net

In that case, please report the bug to the sqlite developers, since the crash is inside libsqlite.
I'm marking this as Bogus because it isn't a bug in PHP.
Feel free to reference this report from your sqlite report.

The sqlite bug reporting page is here:
http://www.sqlite.org/cvstrac/tktnew

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 17:01:58 2024 UTC