touch-packages team mailing list archive

[Seth Arnold <1530552@xxxxxxxxxxxxxxxxxx>]

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to sqlite3 in Ubuntu.
https://bugs.launchpad.net/bugs/1530552

Title:
  Segmentation fault on corrupted sqlite3 database on 14.04.3 LTS

Status in sqlite3 package in Ubuntu:
  Confirmed

Bug description:
  The following command triggers a Segmentation fault:

  $ valgrind sqlite3 test.gpkg  "SELECT * FROM gpkg_contents WHERE table_name = 'poly'"
  ==601== Memcheck, a memory error detector
  ==601== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
  ==601== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
  ==601== Command: sqlite3 test.gpkg SELECT\ *\ FROM\ gpkg_contents\ WHERE\ table_name\ =\ 'poly'
  ==601== 
  ==601== Invalid read of size 1
  ==601==    at 0x4EA9061: ??? (in /usr/lib/x86_64-linux-gnu/libsqlite3.so.0.8.6)
  ==601==    by 0x4EABF86: sqlite3_step (in /usr/lib/x86_64-linux-gnu/libsqlite3.so.0.8.6)
  ==601==    by 0x10DE2D: ??? (in /usr/bin/sqlite3)
  ==601==    by 0x10AF4D: ??? (in /usr/bin/sqlite3)
  ==601==    by 0x5357EC4: (below main) (libc-start.c:287)
  ==601==  Address 0x105ddcd4f is not stack'd, malloc'd or (recently) free'd
  ==601== 
  ==601== 
  ==601== Process terminating with default action of signal 11 (SIGSEGV)
  ==601==  Access not within mapped region at address 0x105DDCD4F
  ==601==    at 0x4EA9061: ??? (in /usr/lib/x86_64-linux-gnu/libsqlite3.so.0.8.6)
  ==601==    by 0x4EABF86: sqlite3_step (in /usr/lib/x86_64-linux-gnu/libsqlite3.so.0.8.6)
  ==601==    by 0x10DE2D: ??? (in /usr/bin/sqlite3)
  ==601==    by 0x10AF4D: ??? (in /usr/bin/sqlite3)
  ==601==    by 0x5357EC4: (below main) (libc-start.c:287)
  ==601==  If you believe this happened as a result of a stack
  ==601==  overflow in your program's main thread (unlikely but
  ==601==  possible), you can try to increase the size of the
  ==601==  main thread stack using the --main-stacksize= flag.
  ==601==  The main thread stack size used in this run was 8388608.
  ==601== 
  ==601== HEAP SUMMARY:
  ==601==     in use at exit: 196,267 bytes in 1,176 blocks
  ==601==   total heap usage: 1,975 allocs, 799 frees, 481,840 bytes allocated
  ==601== 
  ==601== LEAK SUMMARY:
  ==601==    definitely lost: 0 bytes in 0 blocks
  ==601==    indirectly lost: 0 bytes in 0 blocks
  ==601==      possibly lost: 196,256 bytes in 1,175 blocks
  ==601==    still reachable: 11 bytes in 1 blocks
  ==601==         suppressed: 0 bytes in 0 blocks
  ==601== Rerun with --leak-check=full to see details of leaked memory
  ==601== 
  ==601== For counts of detected and suppressed errors, rerun with: -v
  ==601== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)

  $ dpkg -l | grep sqlite3
  ii  libsqlite3-0:amd64                                    3.8.2-1ubuntu2.1                                       amd64        SQLite 3 shared library
  ii  libsqlite3-0:i386                                     3.8.2-1ubuntu2.1                                       i386         SQLite 3 shared library
  ii  libsqlite3-dev:amd64                                  3.8.2-1ubuntu2.1                                       amd64        SQLite 3 development files
  ii  sqlite3                                               3.8.2-1ubuntu2.1                                       amd64        Command line interface for SQLite 3

  
  It seems security patches must be missing as the same database with latest self-compiled sqlite 3.9.2 outputs:

  $ sqlite-autoconf-3090200/sqlite3 test.gpkg  "SELECT * FROM gpkg_contents WHERE table_name = 'poly'"
  Error: database disk image is malformed

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1530552/+subscriptions