php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #51492 SQLite2 query starting with a hash causes a segfault
Submitted: 2010-04-07 10:19 UTC Modified: 2010-04-07 14:23 UTC
From: naderman at naderman dot de Assigned:
Status: Wont fix Package: SQLite related
PHP Version: 5.3SVN-2010-04-07 (SVN) OS: Ubuntu Linux 9.10 x86_64
Private report: No CVE-ID:
Have you experienced this issue?
Rate the importance of this bug to you:

 [2010-04-07 10:19 UTC] naderman at naderman dot de
Description:
------------
Running a SQLite 2 query that starts with a hash (#) causes a segmentation fault. I don't believe hashes are correct comment syntax in SQLite so the query is quite certainly invalid and should cause an error.

Test script:
---------------
<?php

$db = sqlite_open(':memory:');
sqlite_query('#', $db);


Actual result:
--------------
#0  *__GI_strncpy (s1=0x7f39c2c66026 "\"", s2=0x7f3900000000 <Address 0x7f3900000000 out of bounds>, n=40) at strncpy.c:41
#1  0x000000000058c594 in sqliteSetNString (pz=0x7fffc0c6b728) at /usr/include/bits/string3.h:122
#2  0x0000000000589a7e in sqliteRunParser (pParse=0x7fffc0c6b570, zSql=0x2755908 "#", pzErrMsg=<value optimized out>) at /home/naderman/projects/php/php-src-5.3/ext/sqlite/libsqlite/src/tokenize.c:436
#3  0x000000000057edfc in sqlite_compile (db=0x2777e30, zSql=0x2755908 "#", pzTail=0x7fffc0c6b6a0, ppVm=0x7fffc0c6b698, pzErrMsg=0x7fffc0c6b728)
    at /home/naderman/projects/php/php-src-5.3/ext/sqlite/libsqlite/src/main.c:728
#4  0x000000000057f02b in sqlite_exec (db=<value optimized out>, zSql=0x2755908 "#", xCallback=0, pArg=<value optimized out>, pzErrMsg=<value optimized out>)
    at /home/naderman/projects/php/php-src-5.3/ext/sqlite/libsqlite/src/main.c:640
#5  0x00000000005695b4 in zif_sqlite_query (ht=<value optimized out>, return_value=0x2752c28, return_value_ptr=<value optimized out>, this_ptr=0x0, return_value_used=0)
    at /home/naderman/projects/php/php-src-5.3/ext/sqlite/sqlite.c:2087
#6  0x0000000000685d76 in zend_do_fcall_common_helper_SPEC (execute_data=0x7f39cc853050) at /home/naderman/projects/php/php-src-5.3/Zend/zend_vm_execute.h:313
#7  0x000000000067fe98 in execute (op_array=0x2753470) at /home/naderman/projects/php/php-src-5.3/Zend/zend_vm_execute.h:104
#8  0x000000000065b82a in zend_execute_scripts (type=8, retval=<value optimized out>, file_count=3) at /home/naderman/projects/php/php-src-5.3/Zend/zend.c:1194
#9  0x000000000060b5bd in php_execute_script (primary_file=<value optimized out>) at /home/naderman/projects/php/php-src-5.3/main/main.c:2260
#10 0x00000000006e1810 in main (argc=<value optimized out>, argv=<value optimized out>) at /home/naderman/projects/php/php-src-5.3/sapi/cli/php_cli.c:1192


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-04-07 14:23 UTC] iliaa@php.net
-Status: Open +Status: Wont fix
 [2010-04-07 14:23 UTC] iliaa@php.net
This is a bug inside SQLite 2 itself and not PHP.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Fri Apr 25 07:02:14 2014 UTC