Several potential bugs of null pointer dereference
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sqlite3 (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Ubuntu version: 18.04
sqlite version:3.22
Hello,I found some potential bugs in package sqlite3,and the .docx file in the attachment I uploaded shows the occurrence process of the bug in a graphical way.Would you help me check whether the bugs mentioned below are true? Thank you very much for your patience.
In file sqlite3/
In function sqlite3VtabCall
In line 128391.There is a statement load return value of function vtabDisconnectedAll to pointer p and return value can be null.
In line 128392.There is a statment derefer p without check.
The entire graphic description is shown in figure 1 in .docx file.
In sqlite3-
In function dbReleaseStmt
In line 1421:
pointer pPrev is initilized to null,and in a certain path,the value of pPrev not be changed and derefered without check.
The entire graphic description is shown in figure 2 in .docx file.
In file sqlite3/
In function vdbeSorterFlushPMA
In line 89710,pointer pTask is derefered without check and its value can be null.
The entire graphic description is shown in figure 3 in .docx file.
In file sqlite3/
In function sqlite3CodeRowT
In line 126110:
pointer v load return value of function sqliteGetVdbe and its value can be null.
In line 126120:
pointer v act as the 1st parameter of function sqlite3VdbeAddOp4 and in this function,v will derefer without check.
The entire graphic description is shown in figure 4 in .docx file.
In file sqlite3/
In function sqlite3_randomness
In line 27774:return value of sqlite3_vfs_find which can be null act as the 1st parameter of function sqlite3OsRandom
The entire graphic description is shown in figure 5 in .docx file.
In file sqlite3/
In function process_input
In line 14653:
zSql is initialized to null and in certain path,the value of zSql not be changed and derefered without check.
The entire graphic description is shown in figure 6 in .docx file.
In file sqlite3/
In function sqlite3_
In line 3949:
return value of function sqlite3_vfs_fund which can be null is loaded to pOrig
In line 3950:
pOrig is derefered without check
The entire graphic description is shown in figure 7 in .docx file.
In file sqlite3/
In function fts3IncrmergeChomp
In line 163794:
pSeg is initialized to null.
In line 163803:
pSeg is derefered without check
The entire graphic description is shown in figure 8 in .docx file.