PHP :: Bug #55949 :: sqlite crashes

Bug #55949	sqlite crashes
Submitted:	2004-01-07 01:05 UTC	Modified:	2004-01-14 16:17 UTC
From:	mike at blueroot dot net	Assigned:	wez (profile)
Status:	Closed	Package:	SQLite (PECL)
PHP Version:	4.3.3	OS:	Linux (Mandrake 9.1)
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	mike at blueroot dot net
New email:
PHP Version:		OS:

New Comment:

[2004-01-07 01:05 UTC] mike at blueroot dot net

Description:
------------
SQLite crashes under certain circumstances

Reproduce code:
---------------
$db = sqlite_open('database/my.db');
$table = 'Transactions';

$new = ", transaction_buyer_email varchar(60), transaction_buyer_id varchar(60)";
$tmp_table = $table.'_tmp';
$sql = "SELECT sql FROM sqlite_master WHERE type='table' and name='$table';";
$res = sqlite_query($sql, $db);

$row = sqlite_fetch_array($res);
$orig_db_sql = $row[0];
$tmp_db_sql = str_replace("TABLE $table", "TABLE {$table}_tmp", $orig_db_sql);

$matches = array();
preg_match("/\((.*)\)/", $orig_db_sql, $matches);
$columns = $matches[1];
$columns_array = split(", ", $columns);
foreach ($columns_array as $column){
    list($name, $type) = split(" ", $column);
    $original[$name] = $type;
}

$tmp_res = sqlite_query($tmp_db_sql, $db);
$move_res = sqlite_query("INSERT INTO {$table}_tmp SELECT * FROM $table", $db);
$drop_res = sqlite_query("DROP TABLE $table", $db);
echo $sql = "CREATE TABLE $table ($columns $new)";
$create_res = sqlite_query($sql, $db);
$just_columns = join(",", array_keys($original));
$sql = "INSERT INTO $table($columns) SELECT * FROM {$table}_tmp";
$move_back_res = sqlite_query($sql, $db);
$drop_tmp_res = sqlite_query("DROP TABLE {$table}_tmp", $db);


Expected result:
----------------
There is a bug in the above code, but it crashes the second (and subsequent times), it should return some error from the database.

Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 18054)]
sqlite_step (pVm=0x0, pN=0x81ffe68, pazValue=0xbfffc304, pazColName=0xbfffc308)
    at /tmp/tmpt95nZ8/SQLite-1.0/libsqlite/src/vdbe.c:801
801     /tmp/tmpt95nZ8/SQLite-1.0/libsqlite/src/vdbe.c: No such file or directory.
        in /tmp/tmpt95nZ8/SQLite-1.0/libsqlite/src/vdbe.c
(gdb) bt
#0  sqlite_step (pVm=0x0, pN=0x81ffe68, pazValue=0xbfffc304, pazColName=0xbfffc308)
    at /tmp/tmpt95nZ8/SQLite-1.0/libsqlite/src/vdbe.c:801
#1  0x404cfdc9 in php_sqlite_fetch (rres=0x81ffe5c) at /tmp/tmpt95nZ8/SQLite-1.0/sqlite.c:876
#2  0x404d01e5 in sqlite_query (db=0x82002fc, sql=0x81ff78c "", sql_len=0, mode=0, buffered=0,
    return_value=0x81ff254, rres=0x81ffe5c) at /tmp/tmpt95nZ8/SQLite-1.0/sqlite.c:988
#3  0x404d048e in zif_sqlite_query (ht=2, return_value=0x81ff254, this_ptr=0x0, return_value_used=1)
    at /tmp/tmpt95nZ8/SQLite-1.0/sqlite.c:1064
#4  0x08130ed4 in execute (op_array=0x81fc2e4)
    at /home/mike/software/php/php-4.3.3/Zend/zend_execute.c:1616
#5  0x08125818 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /home/mike/software/php/php-4.3.3/Zend/zend.c:885
#6  0x081028ed in php_execute_script (primary_file=0xbffff6a0)
    at /home/mike/software/php/php-4.3.3/main/main.c:1723
#7  0x08135cd5 in main (argc=2, argv=0xbffff724)
    at /home/mike/software/php/php-4.3.3/sapi/cli/php_cli.c:818
#8  0x4035dc57 in __libc_start_main () from /lib/i686/libc.so.6

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-01-14 16:06 UTC] ilia at prohost dot org

Re-opening as a PHP bug #26911.   
   
In the future please report sqlite bugs on   
http://bugs.php.net, thank you.

[2004-01-14 16:17 UTC] iliaa@php.net

This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.

[2007-10-18 20:12 UTC] fdf at fgh dot hgj

http://www.forex.co.ir
http://www.meta-fx.com
forex    ?????

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Oct 25 19:00:01 2025 UTC