PHP :: Bug #51492 :: SQLite2 query starting with a hash causes a segfault

Bug #51492	SQLite2 query starting with a hash causes a segfault
Submitted:	2010-04-07 10:19 UTC	Modified:	2010-04-07 14:23 UTC
From:	naderman at naderman dot de	Assigned:
Status:	Wont fix	Package:	SQLite related
PHP Version:	5.3SVN-2010-04-07 (SVN)	OS:	Ubuntu Linux 9.10 x86_64
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	naderman at naderman dot de
New email:
PHP Version:		OS:

New Comment:

[2010-04-07 10:19 UTC] naderman at naderman dot de

Description:
------------
Running a SQLite 2 query that starts with a hash (#) causes a segmentation fault. I don't believe hashes are correct comment syntax in SQLite so the query is quite certainly invalid and should cause an error.

Test script:
---------------
<?php

$db = sqlite_open(':memory:');
sqlite_query('#', $db);


Actual result:
--------------
#0  *__GI_strncpy (s1=0x7f39c2c66026 "\"", s2=0x7f3900000000 <Address 0x7f3900000000 out of bounds>, n=40) at strncpy.c:41
#1  0x000000000058c594 in sqliteSetNString (pz=0x7fffc0c6b728) at /usr/include/bits/string3.h:122
#2  0x0000000000589a7e in sqliteRunParser (pParse=0x7fffc0c6b570, zSql=0x2755908 "#", pzErrMsg=<value optimized out>) at /home/naderman/projects/php/php-src-5.3/ext/sqlite/libsqlite/src/tokenize.c:436
#3  0x000000000057edfc in sqlite_compile (db=0x2777e30, zSql=0x2755908 "#", pzTail=0x7fffc0c6b6a0, ppVm=0x7fffc0c6b698, pzErrMsg=0x7fffc0c6b728)
    at /home/naderman/projects/php/php-src-5.3/ext/sqlite/libsqlite/src/main.c:728
#4  0x000000000057f02b in sqlite_exec (db=<value optimized out>, zSql=0x2755908 "#", xCallback=0, pArg=<value optimized out>, pzErrMsg=<value optimized out>)
    at /home/naderman/projects/php/php-src-5.3/ext/sqlite/libsqlite/src/main.c:640
#5  0x00000000005695b4 in zif_sqlite_query (ht=<value optimized out>, return_value=0x2752c28, return_value_ptr=<value optimized out>, this_ptr=0x0, return_value_used=0)
    at /home/naderman/projects/php/php-src-5.3/ext/sqlite/sqlite.c:2087
#6  0x0000000000685d76 in zend_do_fcall_common_helper_SPEC (execute_data=0x7f39cc853050) at /home/naderman/projects/php/php-src-5.3/Zend/zend_vm_execute.h:313
#7  0x000000000067fe98 in execute (op_array=0x2753470) at /home/naderman/projects/php/php-src-5.3/Zend/zend_vm_execute.h:104
#8  0x000000000065b82a in zend_execute_scripts (type=8, retval=<value optimized out>, file_count=3) at /home/naderman/projects/php/php-src-5.3/Zend/zend.c:1194
#9  0x000000000060b5bd in php_execute_script (primary_file=<value optimized out>) at /home/naderman/projects/php/php-src-5.3/main/main.c:2260
#10 0x00000000006e1810 in main (argc=<value optimized out>, argv=<value optimized out>) at /home/naderman/projects/php/php-src-5.3/sapi/cli/php_cli.c:1192

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2010-04-07 14:23 UTC] iliaa@php.net

-Status: Open +Status: Wont fix

[2010-04-07 14:23 UTC] iliaa@php.net

This is a bug inside SQLite 2 itself and not PHP.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 16:01:28 2024 UTC