Stack-overflow in sqlite3VdbeExec |
||||||||||
Issue descriptionDetailed report: https://clusterfuzz.com/testcase?key=5421111023763456 Fuzzer: libFuzzer_sqlite3_fts3_lpm_fuzzer Fuzz target binary: sqlite3_fts3_lpm_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Stack-overflow Crash Address: 0x7ffd3889bff8 Crash State: sqlite3VdbeExec sqlite3Step chrome_sqlite3_step Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=615335:615343 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5421111023763456 Issue filed automatically. See https://github.com/google/clusterfuzz-tools for more information.
,
Dec 11
Automatically applying components based on crash stacktrace and information from OWNERS files. If this is incorrect, please apply the Test-Predator-Wrong-Components label.
,
Dec 11
Automatically adding ccs based on OWNERS file / target commit history. If this is incorrect, please add ClusterFuzz-Wrong label.
,
Dec 11
Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/7d3def8575ecd2e5e2e7ab7f585961206007bd25 (Adds LPM-based SQLite fuzzer). If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.
,
Dec 11
This very well may be just the SQLite grammar producing some extremely recursive things, but let me check first. :)
,
Dec 20
,
Jan 16
(6 days ago)
Same here, we'll see if this is caused by the issue from 922399. I'm pretty sure it's the same. Just in case, CC'ing the sqlite authors. Here's some extra stack trace:
#2 0x7f507c7bbbf9 in sqlite3MemMalloc third_party/sqlite/amalgamation/sqlite3.c:22762:7
#3 0x7f507c64e499 in mallocWithAlarm third_party/sqlite/amalgamation/sqlite3.c:26604:7
#4 0x7f507c61ebcf in sqlite3Malloc third_party/sqlite/amalgamation/sqlite3.c:26634:5
#5 0x7f507c625168 in sqlite3StrAccumEnlarge third_party/sqlite/amalgamation/sqlite3.c:27989:14
#6 0x7f507c6253e1 in enlargeAndAppend third_party/sqlite/amalgamation/sqlite3.c:28026:7
#7 0x7f507c61f540 in chrome_sqlite3_str_vappendf third_party/sqlite/amalgamation/sqlite3.c:27341:7
#8 0x7f507c625cad in chrome_sqlite3_vmprintf third_party/sqlite/amalgamation/sqlite3.c:28228:3
#9 0x7f507c625ea0 in chrome_sqlite3_mprintf third_party/sqlite/amalgamation/sqlite3.c:28244:7
#10 0x7f507c7d5347 in fts3FilterMethod third_party/sqlite/amalgamation/sqlite3.c:161355:14
#11 0x7f507c6a0f99 in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90021:8
#12 0x7f507c6344dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81444:10
#13 0x7f507c62a64a in chrome_sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81507:16
#14 0x7f507c7f80c7 in fts3SqlExec third_party/sqlite/amalgamation/sqlite3.c:168675:5
#15 0x7f507c7f744e in fts3DeleteAll third_party/sqlite/amalgamation/sqlite3.c:169208:18
#16 0x7f507c7ef91c in fts3DeleteByRowid third_party/sqlite/amalgamation/sqlite3.c:173675:14
#17 0x7f507c7eea67 in sqlite3Fts3UpdateMethod third_party/sqlite/amalgamation/sqlite3.c:173810:10
#18 0x7f507c6a1fed in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90232:10
#19 0x7f507c6344dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81444:10
#20 0x7f507c62a64a in chrome_sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81507:16
#21 0x7f507c7f80c7 in fts3SqlExec third_party/sqlite/amalgamation/sqlite3.c:168675:5
#22 0x7f507c7f744e in fts3DeleteAll third_party/sqlite/amalgamation/sqlite3.c:169208:18
#23 0x7f507c7ef91c in fts3DeleteByRowid third_party/sqlite/amalgamation/sqlite3.c:173675:14
#24 0x7f507c7eea67 in sqlite3Fts3UpdateMethod third_party/sqlite/amalgamation/sqlite3.c:173810:10
#25 0x7f507c6a1fed in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90232:10
#26 0x7f507c6344dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81444:10
#27 0x7f507c62a64a in chrome_sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81507:16
#28 0x7f507c7f80c7 in fts3SqlExec third_party/sqlite/amalgamation/sqlite3.c:168675:5
#29 0x7f507c7f744e in fts3DeleteAll third_party/sqlite/amalgamation/sqlite3.c:169208:18
#30 0x7f507c7ef91c in fts3DeleteByRowid third_party/sqlite/amalgamation/sqlite3.c:173675:14
#31 0x7f507c7eea67 in sqlite3Fts3UpdateMethod third_party/sqlite/amalgamation/sqlite3.c:173810:10
#32 0x7f507c6a1fed in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90232:10
#33 0x7f507c6344dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81444:10
#34 0x7f507c62a64a in chrome_sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81507:16
#35 0x7f507c7f80c7 in fts3SqlExec third_party/sqlite/amalgamation/sqlite3.c:168675:5
#36 0x7f507c7f744e in fts3DeleteAll third_party/sqlite/amalgamation/sqlite3.c:169208:18
#37 0x7f507c7ef91c in fts3DeleteByRowid third_party/sqlite/amalgamation/sqlite3.c:173675:14
#38 0x7f507c7eea67 in sqlite3Fts3UpdateMethod third_party/sqlite/amalgamation/sqlite3.c:173810:10
#39 0x7f507c6a1fed in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90232:10
#40 0x7f507c6344dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81444:10
#41 0x7f507c62a64a in chrome_sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81507:16
#42 0x7f507c7f80c7 in fts3SqlExec third_party/sqlite/amalgamation/sqlite3.c:168675:5
#43 0x7f507c7f744e in fts3DeleteAll third_party/sqlite/amalgamation/sqlite3.c:169208:18
#44 0x7f507c7ef91c in fts3DeleteByRowid third_party/sqlite/amalgamation/sqlite3.c:173675:14
#45 0x7f507c7eea67 in sqlite3Fts3UpdateMethod third_party/sqlite/amalgamation/sqlite3.c:173810:10
#46 0x7f507c6a1fed in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90232:10
#47 0x7f507c6344dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81444:10
#48 0x7f507c62a64a in chrome_sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81507:16
#49 0x7f507c7f80c7 in fts3SqlExec third_party/sqlite/amalgamation/sqlite3.c:168675:5
#50 0x7f507c7f744e in fts3DeleteAll third_party/sqlite/amalgamation/sqlite3.c:169208:18
#51 0x7f507c7ef91c in fts3DeleteByRowid third_party/sqlite/amalgamation/sqlite3.c:173675:14
#52 0x7f507c7eea67 in sqlite3Fts3UpdateMethod third_party/sqlite/amalgamation/sqlite3.c:173810:10
#53 0x7f507c6a1fed in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90232:10
#54 0x7f507c6344dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81444:10
#55 0x7f507c62a64a in chrome_sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81507:16
#56 0x7f507c7f80c7 in fts3SqlExec third_party/sqlite/amalgamation/sqlite3.c:168675:5
#57 0x7f507c7f744e in fts3DeleteAll third_party/sqlite/amalgamation/sqlite3.c:169208:18
#58 0x7f507c7ef91c in fts3DeleteByRowid third_party/sqlite/amalgamation/sqlite3.c:173675:14
#59 0x7f507c7eea67 in sqlite3Fts3UpdateMethod third_party/sqlite/amalgamation/sqlite3.c:173810:10
#60 0x7f507c6a1fed in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90232:10
#61 0x7f507c6344dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81444:10
#62 0x7f507c62a64a in chrome_sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81507:16
#63 0x7f507c7f80c7 in fts3SqlExec third_party/sqlite/amalgamation/sqlite3.c:168675:5
#64 0x7f507c7f744e in fts3DeleteAll third_party/sqlite/amalgamation/sqlite3.c:169208:18
#65 0x7f507c7ef91c in fts3DeleteByRowid third_party/sqlite/amalgamation/sqlite3.c:173675:14
#66 0x7f507c7eea67 in sqlite3Fts3UpdateMethod third_party/sqlite/amalgamation/sqlite3.c:173810:10
#67 0x7f507c6a1fed in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90232:10
#68 0x7f507c6344dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81444:10
#69 0x7f507c62a64a in chrome_sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81507:16
#70 0x7f507c7f80c7 in fts3SqlExec third_party/sqlite/amalgamation/sqlite3.c:168675:5
#71 0x7f507c7f744e in fts3DeleteAll third_party/sqlite/amalgamation/sqlite3.c:169208:18
#72 0x7f507c7ef91c in fts3DeleteByRowid third_party/sqlite/amalgamation/sqlite3.c:173675:14
#73 0x7f507c7eea67 in sqlite3Fts3UpdateMethod third_party/sqlite/amalgamation/sqlite3.c:173810:10
#74 0x7f507c6a1fed in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90232:10
#75 0x7f507c6344dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81444:10
#76 0x7f507c62a64a in chrome_sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81507:16
#77 0x7f507c7f80c7 in fts3SqlExec third_party/sqlite/amalgamation/sqlite3.c:168675:5
#78 0x7f507c7f744e in fts3DeleteAll third_party/sqlite/amalgamation/sqlite3.c:169208:18
#79 0x7f507c7ef91c in fts3DeleteByRowid third_party/sqlite/amalgamation/sqlite3.c:173675:14
#80 0x7f507c7eea67 in sqlite3Fts3UpdateMethod third_party/sqlite/amalgamation/sqlite3.c:173810:10
#81 0x7f507c6a1fed in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90232:10
#82 0x7f507c6344dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81444:10
#83 0x7f507c62a64a in chrome_sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81507:16
#84 0x7f507c7f80c7 in fts3SqlExec third_party/sqlite/amalgamation/sqlite3.c:168675:5
#85 0x7f507c7f744e in fts3DeleteAll third_party/sqlite/amalgamation/sqlite3.c:169208:18
#86 0x7f507c7ef91c in fts3DeleteByRowid third_party/sqlite/amalgamation/sqlite3.c:173675:14
#87 0x7f507c7eea67 in sqlite3Fts3UpdateMethod third_party/sqlite/amalgamation/sqlite3.c:173810:10
#88 0x7f507c6a1fed in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90232:10
#89 0x7f507c6344dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81444:10
#90 0x7f507c62a64a in chrome_sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81507:16
#91 0x7f507c7f80c7 in fts3SqlExec third_party/sqlite/amalgamation/sqlite3.c:168675:5
#92 0x7f507c7f744e in fts3DeleteAll third_party/sqlite/amalgamation/sqlite3.c:169208:18
#93 0x7f507c7ef91c in fts3DeleteByRowid third_party/sqlite/amalgamation/sqlite3.c:173675:14
#94 0x7f507c7eea67 in sqlite3Fts3UpdateMethod third_party/sqlite/amalgamation/sqlite3.c:173810:10
#95 0x7f507c6a1fed in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90232:10
#96 0x7f507c6344dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81444:10
#97 0x7f507c62a64a in chrome_sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81507:16
#98 0x7f507c7f80c7 in fts3SqlExec third_party/sqlite/amalgamation/sqlite3.c:168675:5
#99 0x7f507c7f744e in fts3DeleteAll third_party/sqlite/amalgamation/sqlite3.c:169208:18
#100 0x7f507c7ef91c in fts3DeleteByRowid third_party/sqlite/amalgamation/sqlite3.c:173675:14
#101 0x7f507c7eea67 in sqlite3Fts3UpdateMethod third_party/sqlite/amalgamation/sqlite3.c:173810:10
#102 0x7f507c6a1fed in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90232:10
#103 0x7f507c6344dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81444:10
#104 0x7f507c62a64a in chrome_sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81507:16
#105 0x7f507c7f80c7 in fts3SqlExec third_party/sqlite/amalgamation/sqlite3.c:168675:5
#106 0x7f507c7f744e in fts3DeleteAll third_party/sqlite/amalgamation/sqlite3.c:169208:18
#107 0x7f507c7ef91c in fts3DeleteByRowid third_party/sqlite/amalgamation/sqlite3.c:173675:14
#108 0x7f507c7eea67 in sqlite3Fts3UpdateMethod third_party/sqlite/amalgamation/sqlite3.c:173810:10
#109 0x7f507c6a1fed in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90232:10
#110 0x7f507c6344dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81444:10
#111 0x7f507c62a64a in chrome_sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81507:16
#112 0x7f507c7f80c7 in fts3SqlExec third_party/sqlite/amalgamation/sqlite3.c:168675:5
#113 0x7f507c7f744e in fts3DeleteAll third_party/sqlite/amalgamation/sqlite3.c:169208:18
#114 0x7f507c7ef91c in fts3DeleteByRowid third_party/sqlite/amalgamation/sqlite3.c:173675:14
#115 0x7f507c7eea67 in sqlite3Fts3UpdateMethod third_party/sqlite/amalgamation/sqlite3.c:173810:10
#116 0x7f507c6a1fed in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90232:10
#117 0x7f507c6344dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81444:10
#118 0x7f507c62a64a in chrome_sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81507:16
#119 0x7f507c7f80c7 in fts3SqlExec third_party/sqlite/amalgamation/sqlite3.c:168675:5
#120 0x7f507c7f744e in fts3DeleteAll third_party/sqlite/amalgamation/sqlite3.c:169208:18
#121 0x7f507c7ef91c in fts3DeleteByRowid third_party/sqlite/amalgamation/sqlite3.c:173675:14
#122 0x7f507c7eea67 in sqlite3Fts3UpdateMethod third_party/sqlite/amalgamation/sqlite3.c:173810:10
#123 0x7f507c6a1fed in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90232:10
#124 0x7f507c6344dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81444:10
#125 0x7f507c62a64a in chrome_sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81507:16
#126 0x7f507c7f80c7 in fts3SqlExec third_party/sqlite/amalgamation/sqlite3.c:168675:5
#127 0x7f507c7f744e in fts3DeleteAll third_party/sqlite/amalgamation/sqlite3.c:169208:18
#128 0x7f507c7ef91c in fts3DeleteByRowid third_party/sqlite/amalgamation/sqlite3.c:173675:14
#129 0x7f507c7eea67 in sqlite3Fts3UpdateMethod third_party/sqlite/amalgamation/sqlite3.c:173810:10
#130 0x7f507c6a1fed in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90232:10
#131 0x7f507c6344dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81444:10
#132 0x7f507c62a64a in chrome_sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81507:16
#133 0x7f507c7f80c7 in fts3SqlExec third_party/sqlite/amalgamation/sqlite3.c:168675:5
#134 0x7f507c7f744e in fts3DeleteAll third_party/sqlite/amalgamation/sqlite3.c:169208:18
#135 0x7f507c7ef91c in fts3DeleteByRowid third_party/sqlite/amalgamation/sqlite3.c:173675:14
#136 0x7f507c7eea67 in sqlite3Fts3UpdateMethod third_party/sqlite/amalgamation/sqlite3.c:173810:10
#137 0x7f507c6a1fed in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90232:10
#138 0x7f507c6344dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81444:10
#139 0x7f507c62a64a in chrome_sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81507:16
#140 0x7f507c7f80c7 in fts3SqlExec third_party/sqlite/amalgamation/sqlite3.c:168675:5
#141 0x7f507c7f744e in fts3DeleteAll third_party/sqlite/amalgamation/sqlite3.c:169208:18
#142 0x7f507c7ef91c in fts3DeleteByRowid third_party/sqlite/amalgamation/sqlite3.c:173675:14
#143 0x7f507c7eea67 in sqlite3Fts3UpdateMethod third_party/sqlite/amalgamation/sqlite3.c:173810:10
#144 0x7f507c6a1fed in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90232:10
#145 0x7f507c6344dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81444:10
#146 0x7f507c62a64a in chrome_sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81507:16
#147 0x7f507c7f80c7 in fts3SqlExec third_party/sqlite/amalgamation/sqlite3.c:168675:5
#148 0x7f507c7f744e in fts3DeleteAll third_party/sqlite/amalgamation/sqlite3.c:169208:18
#149 0x7f507c7ef91c in fts3DeleteByRowid third_party/sqlite/amalgamation/sqlite3.c:173675:14
#150 0x7f507c7eea67 in sqlite3Fts3UpdateMethod third_party/sqlite/amalgamation/sqlite3.c:173810:10
#151 0x7f507c6a1fed in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90232:10
#152 0x7f507c6344dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81444:10
#153 0x7f507c62a64a in chrome_sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81507:16
#154 0x7f507c7f80c7 in fts3SqlExec third_party/sqlite/amalgamation/sqlite3.c:168675:5
#155 0x7f507c7f744e in fts3DeleteAll third_party/sqlite/amalgamation/sqlite3.c:169208:18
#156 0x7f507c7ef91c in fts3DeleteByRowid third_party/sqlite/amalgamation/sqlite3.c:173675:14
#157 0x7f507c7eea67 in sqlite3Fts3UpdateMethod third_party/sqlite/amalgamation/sqlite3.c:173810:10
#158 0x7f507c6a1fed in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90232:10
#159 0x7f507c6344dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81444:10
#160 0x7f507c62a64a in chrome_sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81507:16
#161 0x7f507c7f80c7 in fts3SqlExec third_party/sqlite/amalgamation/sqlite3.c:168675:5
#162 0x7f507c7f744e in fts3DeleteAll third_party/sqlite/amalgamation/sqlite3.c:169208:18
#163 0x7f507c7ef91c in fts3DeleteByRowid third_party/sqlite/amalgamation/sqlite3.c:173675:14
#164 0x7f507c7eea67 in sqlite3Fts3UpdateMethod third_party/sqlite/amalgamation/sqlite3.c:173810:10
#165 0x7f507c6a1fed in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90232:10
#166 0x7f507c6344dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81444:10
#167 0x7f507c62a64a in chrome_sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81507:16
#168 0x7f507c7f80c7 in fts3SqlExec third_party/sqlite/amalgamation/sqlite3.c:168675:5
#169 0x7f507c7f744e in fts3DeleteAll third_party/sqlite/amalgamation/sqlite3.c:169208:18
#170 0x7f507c7ef91c in fts3DeleteByRowid third_party/sqlite/amalgamation/sqlite3.c:173675:14
#171 0x7f507c7eea67 in sqlite3Fts3UpdateMethod third_party/sqlite/amalgamation/sqlite3.c:173810:10
#172 0x7f507c6a1fed in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90232:10
#173 0x7f507c6344dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81444:10
#174 0x7f507c62a64a in chrome_sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81507:16
#175 0x7f507c7f80c7 in fts3SqlExec third_party/sqlite/amalgamation/sqlite3.c:168675:5
#176 0x7f507c7f744e in fts3DeleteAll third_party/sqlite/amalgamation/sqlite3.c:169208:18
#177 0x7f507c7ef91c in fts3DeleteByRowid third_party/sqlite/amalgamation/sqlite3.c:173675:14
#178 0x7f507c7eea67 in sqlite3Fts3UpdateMethod third_party/sqlite/amalgamation/sqlite3.c:173810:10
#179 0x7f507c6a1fed in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90232:10
#180 0x7f507c6344dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81444:10
#181 0x7f507c62a64a in chrome_sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81507:16
#182 0x7f507c7f80c7 in fts3SqlExec third_party/sqlite/amalgamation/sqlite3.c:168675:5
#183 0x7f507c7f744e in fts3DeleteAll third_party/sqlite/amalgamation/sqlite3.c:169208:18
#184 0x7f507c7ef91c in fts3DeleteByRowid third_party/sqlite/amalgamation/sqlite3.c:173675:14
#185 0x7f507c7eea67 in sqlite3Fts3UpdateMethod third_party/sqlite/amalgamation/sqlite3.c:173810:10
#186 0x7f507c6a1fed in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90232:10
#187 0x7f507c6344dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81444:10
#188 0x7f507c62a64a in chrome_sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81507:16
#189 0x7f507c7f80c7 in fts3SqlExec third_party/sqlite/amalgamation/sqlite3.c:168675:5
#190 0x7f507c7f744e in fts3DeleteAll third_party/sqlite/amalgamation/sqlite3.c:169208:18
#191 0x7f507c7ef91c in fts3DeleteByRowid third_party/sqlite/amalgamation/sqlite3.c:173675:14
#192 0x7f507c7eea67 in sqlite3Fts3UpdateMethod third_party/sqlite/amalgamation/sqlite3.c:173810:10
#193 0x7f507c6a1fed in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90232:10
#194 0x7f507c6344dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81444:10
#195 0x7f507c62a64a in chrome_sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81507:16
#196 0x7f507c7f80c7 in fts3SqlExec third_party/sqlite/amalgamation/sqlite3.c:168675:5
#197 0x7f507c7f744e in fts3DeleteAll third_party/sqlite/amalgamation/sqlite3.c:169208:18
#198 0x7f507c7ef91c in fts3DeleteByRowid third_party/sqlite/amalgamation/sqlite3.c:173675:14
#199 0x7f507c7eea67 in sqlite3Fts3UpdateMethod third_party/sqlite/amalgamation/sqlite3.c:173810:10
#200 0x7f507c6a1fed in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90232:10
#201 0x7f507c6344dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81444:10
#202 0x7f507c62a64a in chrome_sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81507:16
#203 0x7f507c7f80c7 in fts3SqlExec third_party/sqlite/amalgamation/sqlite3.c:168675:5
#204 0x7f507c7f744e in fts3DeleteAll third_party/sqlite/amalgamation/sqlite3.c:169208:18
#205 0x7f507c7ef91c in fts3DeleteByRowid third_party/sqlite/amalgamation/sqlite3.c:173675:14
#206 0x7f507c7eea67 in sqlite3Fts3UpdateMethod third_party/sqlite/amalgamation/sqlite3.c:173810:10
#207 0x7f507c6a1fed in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90232:10
#208 0x7f507c6344dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81444:10
#209 0x7f507c62a64a in chrome_sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81507:16
#210 0x7f507c7f80c7 in fts3SqlExec third_party/sqlite/amalgamation/sqlite3.c:168675:5
#211 0x7f507c7f744e in fts3DeleteAll third_party/sqlite/amalgamation/sqlite3.c:169208:18
#212 0x7f507c7ef91c in fts3DeleteByRowid third_party/sqlite/amalgamation/sqlite3.c:173675:14
#213 0x7f507c7eea67 in sqlite3Fts3UpdateMethod third_party/sqlite/amalgamation/sqlite3.c:173810:10
#214 0x7f507c6a1fed in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90232:10
#215 0x7f507c6344dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81444:10
#216 0x7f507c62a64a in chrome_sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81507:16
#217 0x7f507c7f80c7 in fts3SqlExec third_party/sqlite/amalgamation/sqlite3.c:168675:5
#218 0x7f507c7f744e in fts3DeleteAll third_party/sqlite/amalgamation/sqlite3.c:169208:18
#219 0x7f507c7ef91c in fts3DeleteByRowid third_party/sqlite/amalgamation/sqlite3.c:173675:14
#220 0x7f507c7eea67 in sqlite3Fts3UpdateMethod third_party/sqlite/amalgamation/sqlite3.c:173810:10
#221 0x7f507c6a1fed in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90232:10
#222 0x7f507c6344dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81444:10
#223 0x7f507c62a64a in chrome_sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81507:16
#224 0x7f507c7f80c7 in fts3SqlExec third_party/sqlite/amalgamation/sqlite3.c:168675:5
#225 0x7f507c7f744e in fts3DeleteAll third_party/sqlite/amalgamation/sqlite3.c:169208:18
#226 0x7f507c7ef91c in fts3DeleteByRowid third_party/sqlite/amalgamation/sqlite3.c:173675:14
#227 0x7f507c7eea67 in sqlite3Fts3UpdateMethod third_party/sqlite/amalgamation/sqlite3.c:173810:10
#228 0x7f507c6a1fed in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90232:10
#229 0x7f507c6344dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81444:10
#230 0x7f507c62a64a in chrome_sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81507:16
#231 0x7f507c7f80c7 in fts3SqlExec third_party/sqlite/amalgamation/sqlite3.c:168675:5
#232 0x7f507c7f744e in fts3DeleteAll third_party/sqlite/amalgamation/sqlite3.c:169208:18
#233 0x7f507c7ef91c in fts3DeleteByRowid third_party/sqlite/amalgamation/sqlite3.c:173675:14
#234 0x7f507c7eea67 in sqlite3Fts3UpdateMethod third_party/sqlite/amalgamation/sqlite3.c:173810:10
#235 0x7f507c6a1fed in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90232:10
#236 0x7f507c6344dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81444:10
#237 0x7f507c62a64a in chrome_sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81507:16
#238 0x7f507c7f80c7 in fts3SqlExec third_party/sqlite/amalgamation/sqlite3.c:168675:5
#239 0x7f507c7f744e in fts3DeleteAll third_party/sqlite/amalgamation/sqlite3.c:169208:18
#240 0x7f507c7ef91c in fts3DeleteByRowid third_party/sqlite/amalgamation/sqlite3.c:173675:14
#241 0x7f507c7eea67 in sqlite3Fts3UpdateMethod third_party/sqlite/amalgamation/sqlite3.c:173810:10
#242 0x7f507c6a1fed in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90232:10
#243 0x7f507c6344dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81444:10
#244 0x7f507c62a64a in chrome_sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81507:16
#245 0x7f507c7f80c7 in fts3SqlExec third_party/sqlite/amalgamation/sqlite3.c:168675:5
#246 0x7f507c7f744e in fts3DeleteAll third_party/sqlite/amalgamation/sqlite3.c:169208:18
#247 0x7f507c7ef91c in fts3DeleteByRowid third_party/sqlite/amalgamation/sqlite3.c:173675:14
#248 0x7f507c7eea67 in sqlite3Fts3UpdateMethod third_party/sqlite/amalgamation/sqlite3.c:173810:10
#249 0x7f507c6a1fed in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90232:10
#250 0x7f507c6344dc in sqlite3Step third_party/sqlite/amalgamation/sqlite3.c:81444:10
#251 0x7f507c62a64a in chrome_sqlite3_step third_party/sqlite/amalgamation/sqlite3.c:81507:16
#252 0x7f507c7f80c7 in fts3SqlExec third_party/sqlite/amalgamation/sqlite3.c:168675:5
#253 0x7f507c7f744e in fts3DeleteAll third_party/sqlite/amalgamation/sqlite3.c:169208:18
#254 0x7f507c7ef91c in fts3DeleteByRowid third_party/sqlite/amalgamation/sqlite3.c:173675:14
#255 0x7f507c7eea67 in sqlite3Fts3UpdateMethod third_party/sqlite/amalgamation/sqlite3.c:173810:10
#256 0x7f507c6a1fed in sqlite3VdbeExec third_party/sqlite/amalgamation/sqlite3.c:90232:10
,
Jan 17
(6 days ago)
Looking at the stack trace, this seems like a duplicate. However, I don't have access to the reproducer testcase in order to confirm that.
,
Jan 19
(3 days ago)
Thank you very much for looking into this quickly, Richard! I've attached the test case. My guess matches everyone else's here -- I think this is Issue 922399.
,
Jan 20
(3 days ago)
Unable to repro, even after lowering RLIMIT_STACK to 250000. What is the stack size limit for your testing infrastructure?
,
Jan 20
(2 days ago)
Were you running dbfuzz2, by any chance? I was able to repro with our SQLite build (with and without pending backports). This test case is against sqlite3_fts3_lpm_fuzzer, which (AFAIK) currently only exists in the Chromium tree.
,
Yesterday
(38 hours ago)
I can now recreate the problem. It appears that the issue was fixed by check-in https://sqlite.org/src/info/da587d18575ac06a
,
Yesterday
(32 hours ago)
I'm going to take the bullet and backport this, so we stop bothering you with clusterfuzz reports for the same problem.
,
Today
(9 hours ago)
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/846fd43e9412f97c0f0732807537fa3981c38ee3 commit 846fd43e9412f97c0f0732807537fa3981c38ee3 Author: Victor Costan <pwnall@chromium.org> Date: Tue Jan 22 21:15:35 2019 sqlite: Backport a fourth round of bugfixes. Bug: 914028 , 914614 , 917075, 917786, 921417 , 921684, 922399, 922844, 922849, 923196 , 923715 , 923743 , 923902 Change-Id: Id642f518153293afa8787b70692a97560dc4691b Reviewed-on: https://chromium-review.googlesource.com/c/1424164 Reviewed-by: Chris Mumford <cmumford@google.com> Commit-Queue: Victor Costan <pwnall@chromium.org> Auto-Submit: Victor Costan <pwnall@chromium.org> Cr-Commit-Position: refs/heads/master@{#624921} [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/amalgamation/rename_exports.h [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/amalgamation/sqlite3.c [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/amalgamation/sqlite3.h [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0001-Modify-default-VFS-to-support-WebDatabase.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0002-Virtual-table-supporting-recovery-of-corrupted-datab.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0003-Custom-shell.c-helpers-to-load-Chromium-s-ICU-data.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0004-fts3-Disable-fts3_tokenizer-and-fts4.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0005-fuchsia-Use-dot-file-locking-for-sqlite.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0006-Fix-dbfuzz2-for-Clusterfuzz.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0007-Fix-the-Makefile-so-that-it-honors-CFLAGS-when-build.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0008-Adjustments-to-the-page-cache-to-try-to-avoid-harmle.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0009-Remove-an-ALWAYS-from-a-branch-that-is-not-always-ta.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0010-Fix-a-problem-with-nested-CTEs-with-the-same-table.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0011-Fix-detection-of-self-referencing-rows-in-foreign-ke.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0012-Fix-a-segfault-caused-by-using-the-RAISE-function-in.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0013-Fix-for-an-assert-that-could-be-false.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0014-Fix-another-problem-found-by-Matthew-Denton-s-new-fu.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0015-Report-a-new-corruption-case.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0016-Avoid-a-buffer-overread-in-ptrmapPutOvflPtr.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0017-Improved-detection-of-cell-corruption-in-sqlite3Vdbe.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0018-Fix-a-segfault-in-fts3-prompted-by-a-corrupted-datab.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0019-Prevent-integer-overflow-from-leading-to-buffer-over.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0020-Add-extra-tests-for-database-corruption-inside-defra.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0021-Fix-an-off-by-one-error-on-a-Goto-in-the-code-genera.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0022-Fix-overread-on-corrupted-btree-key.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0023-Avoid-buffer-overreads-on-corrupted-database-files.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0024-Fix-integer-overflow-while-running-PRAGMA-integrity_.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0025-Improved-corruption-handling-while-balancing-pages.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0026-Avoid-reading-off-the-front-of-a-page-buffer-when-ba.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0027-Fix-MSAN-error-in-sqlite3VdbeRecordUnpack-on-a-corru.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0028-Fix-deleting-a-B-tree-entry-in-a-corrupt-database.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0029-Fix-sorting-results-with-SRT_EphemTab-and-a-LIMIT-cl.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0030-Fix-detection-of-orphaned-and-malformed-autoindexes.patch [add] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0031-Fix-potential-buffer-overread.patch [add] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0032-Fix-handling-negative-number-of-pages-database-field.patch [add] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0033-Fix-corner-case-in-inserting-null-into-integer-prima.patch [add] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0034-Fix-insert-infinite-recursion-on-some-corrupted-data.patch [add] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0035-Fix-null-pointer-dereference-in-sqlite3ExprCompare.patch [add] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0036-Fix-NEVER-that-is-sometimes-true.patch [add] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0037-Initialize-extra-bytes-allocated-for-saved-cursor-po.patch [add] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0038-Fix-leaks-caused-by-circular-references-in-vtable-sh.patch [add] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0039-Fix-overly-large-malloc-on-btree-corruption.patch [add] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/patches/0040-Fix-null-pointer-access-on-corrupted-index-key.patch [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/src/ext/fts3/fts3_write.c [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/src/ext/fts5/fts5_index.c [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/src/ext/fts5/fts5_storage.c [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/src/ext/rtree/rtree.c [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/src/src/btree.c [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/src/src/build.c [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/src/src/expr.c [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/src/src/insert.c [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/src/src/pcache1.c [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/src/src/prepare.c [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/src/src/sqlite.h.in [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/src/src/sqliteInt.h [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/src/src/trigger.c [modify] https://crrev.com/846fd43e9412f97c0f0732807537fa3981c38ee3/third_party/sqlite/src/src/vdbeaux.c
,
Today
(8 hours ago)
ClusterFuzz has detected this issue as fixed in range 624909:624923. Detailed report: https://clusterfuzz.com/testcase?key=5421111023763456 Fuzzer: libFuzzer_sqlite3_fts3_lpm_fuzzer Fuzz target binary: sqlite3_fts3_lpm_fuzzer Job Type: libfuzzer_chrome_asan Platform Id: linux Crash Type: Stack-overflow Crash Address: 0x7ffd3889bff8 Crash State: sqlite3VdbeExec sqlite3Step chrome_sqlite3_step Sanitizer: address (ASAN) Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=615335:615343 Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan&range=624909:624923 Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5421111023763456 See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally. If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
,
Today
(8 hours ago)
ClusterFuzz testcase 5421111023763456 is verified as fixed, so closing issue as verified. If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue. |
||||||||||
►
Sign in to add a comment |
||||||||||
Comment 1 by ClusterFuzz
, Dec 11