php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #28537 "SELECT rowid, * FROM <view>" crashes
Submitted: 2004-05-27 01:10 UTC Modified: 2004-07-10 15:46 UTC
From: bhoc at tiscali dot ch Assigned:
Status: Not a bug Package: SQLite related
PHP Version: 5.0.0RC2 OS: any
Private report: No CVE-ID: None
 [2004-05-27 01:10 UTC] bhoc at tiscali dot ch
Description:
------------
"select rowid, * from someview" will crash php.
"select rowid, * from sometable" runs fine.

Result -> cgi will crash, server will close the connection.

This was a bug (#364) in older sqlite versions:
http://www.sqlite.org/cvstrac/tktview?tn=364,16

It seems to have reappeared.

-- 
Ben 


Reproduce code:
---------------
function DumpTable($dbname, $tablename) {
  if ($db = sqlite_open($dbname)) {
    $sql = "select rowid, * from $tablename";
    $res = sqlite_query($db, $sql);
    echo "<table border=\"1\">\n";
    while ($row = sqlite_fetch_array($res)) {
      $fieldnum = sqlite_num_fields($res);
      echo "  <tr>";
      for ($i=0; $i<$fieldnum; $i++) {
         echo "<td>$row[$i]</td>";
      }
      echo "  </tr>\n";
    }
    echo "</table>\n";
    sqlite_close($db);
  } 
}


Expected result:
----------------
Nicely formatted output. :)
Works fine with a plain table; will fail with a view.

Actual result:
--------------
<nothing>, cgi crashes, server closes connection.
Tested under Windows XP and Linux

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-05-27 01:44 UTC] bhoc at tiscali dot ch
before someone asks: same behaviour with
http://snaps.php.net/win32/php5-win32-200405262230.zip
 [2004-05-27 08:35 UTC] derick@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.
 [2004-05-27 12:25 UTC] bhoc at tiscali dot ch
My currently available environment does not support creating backtraces, unfortunately.
But I have put a simple php applet in
http://download.pentagroup.ch/phpbug-28537.tar.gz. It will create an sqlite database, populate it, query it, roll over and die. Hope this helps.
-- 
Ben
 [2004-05-27 13:19 UTC] bhoc at tiscali dot ch
Okay, I did manage to create a backtrace. A spare machine was well-equipped. :)

$ gdb /usr/bin/php
GNU gdb 5.3
<snip>
(gdb) run selectcrash.php
Starting program: /usr/bin/php selectcrash.php
php: /usr/src/php-5.0.0RC2/ext/sqlite/libsqlite/src/select.c:659: generateColumnTypes: Assertion `j<pTabList->nSrc' failed.

Program received signal SIGABRT, Aborted.
0x400d1ac1 in kill () from /lib/libc.so.6
(gdb) bt
#0  0x400d1ac1 in kill () from /lib/libc.so.6
#1  0x400d16eb in raise () from /lib/libc.so.6
#2  0x400d3127 in abort () from /lib/libc.so.6
#3  0x400cad6a in __assert_fail () from /lib/libc.so.6
#4  0x080b004e in generateColumnTypes (pParse=0x0, pTabList=0x822f060,
    pEList=0x822eb40)
    at /usr/src/php-5.0.0RC2/ext/sqlite/libsqlite/src/select.c:662
#5  0x080b262e in sqliteSelect (pParse=0xbfffcce0, p=0x822ef58, eDest=1,
    iParm=0, pParent=0x0, parentTab=0, pParentAgg=0x0)
    at /usr/src/php-5.0.0RC2/ext/sqlite/libsqlite/src/select.c:2219
#6  0x08099397 in yy_reduce (yypParser=0x82316a8, yyruleno=100) at parse.y:270
#7  0x0809a2cb in sqliteParser (yyp=0x82316a8, yymajor=106, yyminor=
      {z = 0x0, dyn = 0, n = 3}, pParse=0x0) at parse.c:3946
#8  0x080b3648 in sqliteRunParser (pParse=0xbfffcce0,
    zSql=0x401e9b68 "select rowid, * from allinfo", pzErrMsg=0xbfffcdcc)
    at /usr/src/php-5.0.0RC2/ext/sqlite/libsqlite/src/tokenize.c:458
#9  0x080aa191 in sqliteMain (db=0x822b090,
    zSql=0x401e9b68 "select rowid, * from allinfo", xCallback=0, pArg=0x0,
    pzTail=0xbfffcdc8, ppVm=0xbfffcdd4, pzErrMsg=0xbfffcdcc)
    at /usr/src/php-5.0.0RC2/ext/sqlite/libsqlite/src/main.c:631
#10 0x080aa306 in sqlite_compile (db=0x822b090,
    zSql=0x401e9b68 "select rowid, * from allinfo", pzTail=0xbfffcdc8,
    ppVm=0xbfffcdd4, pzErrMsg=0xbfffcdcc)
    at /usr/src/php-5.0.0RC2/ext/sqlite/libsqlite/src/main.c:696
#11 0x08095b27 in sqlite_query (object=0x0, db=0x401f05ac,
    sql=0x401e9b68 "select rowid, * from allinfo", sql_len=28, mode=0,
    buffered=1, return_value=0x401e9c6c, prres=0x0)
    at /usr/src/php-5.0.0RC2/ext/sqlite/sqlite.c:1464
#12 0x080961fa in zif_sqlite_query (ht=1075774892, return_value=0x401e9c6c,
    this_ptr=0x0, return_value_used=1)
    at /usr/src/php-5.0.0RC2/ext/sqlite/sqlite.c:1669
#13 0x081779a6 in zend_do_fcall_common_helper (execute_data=0xbfffd580,
    opline=0x401f2ca4, op_array=0x822f4e8)
    at /usr/src/php-5.0.0RC2/Zend/zend_execute.c:2699
#14 0x08177f03 in zend_do_fcall_handler (execute_data=0xbfffd580,
    opline=0x401f2ca4, op_array=0x822f4e8)
    at /usr/src/php-5.0.0RC2/Zend/zend_execute.c:2828
#15 0x08175032 in execute (op_array=0x822f4e8)
    at /usr/src/php-5.0.0RC2/Zend/zend_execute.c:1391
#16 0x08177ab6 in zend_do_fcall_common_helper (execute_data=0xbfffd760,
    opline=0x401e97e4, op_array=0x401e8d68)
    at /usr/src/php-5.0.0RC2/Zend/zend_execute.c:2728
#17 0x08177f03 in zend_do_fcall_handler (execute_data=0xbfffd760,
    opline=0x401e97e4, op_array=0x401e8d68)
    at /usr/src/php-5.0.0RC2/Zend/zend_execute.c:2828
#18 0x08175032 in execute (op_array=0x401e8d68)
    at /usr/src/php-5.0.0RC2/Zend/zend_execute.c:1391
#19 0x0815b3e4 in zend_execute_scripts (type=8, retval=0x0, file_count=3)
    at /usr/src/php-5.0.0RC2/Zend/zend.c:1058
#20 0x0812b912 in php_execute_script (primary_file=0xbffffb00)
    at /usr/src/php-5.0.0RC2/main/main.c:1630
#21 0x0817eec8 in main (argc=2, argv=0xbffffb94)
    at /usr/src/php-5.0.0RC2/sapi/cgi/cgi_main.c:1562
#22 0x400bdd06 in __libc_start_main () from /lib/libc.so.6
(gdb) frame 4
#4  0x080b004e in generateColumnTypes (pParse=0x0, pTabList=0x822f060,
    pEList=0x822eb40)
    at /usr/src/php-5.0.0RC2/ext/sqlite/libsqlite/src/select.c:662
662           assert( iCol==-1 || (iCol>=0 && iCol<pTab->nCol) );

-- 
Ben
 [2004-06-17 10:29 UTC] bhoc at tiscali dot ch
Same problem in 5.0.0RC3... :-(
-- 
Ben
 [2004-07-10 15:08 UTC] wez@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip


 [2004-07-10 15:34 UTC] bhoc at tiscali dot ch
Still crashes. (checked with windows version) :-(
 [2004-07-10 15:46 UTC] wez@php.net
In that case, please report the bug to the sqlite developers, since the crash is inside libsqlite.
I'm marking this as Bogus because it isn't a bug in PHP.
Feel free to reference this report from your sqlite report.

The sqlite bug reporting page is here:
http://www.sqlite.org/cvstrac/tktnew

 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 30 14:01:28 2024 UTC