Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically adding ccs based on OWNERS file / target commit history.

If this is incorrect, please add ClusterFuzz-Wrong label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/chromium/src/+/7d3def8575ecd2e5e2e7ab7f585961206007bd25 (Adds LPM-based SQLite fuzzer).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

Testcase:
SELECT (SELECT DISTINCT RAISE(ABORT , '')   UNION SELECT DISTINCT 1   ORDER BY RAISE(IGNORE)  ASC   ) ;

CC'ing Dr. Hipp.

Should now be fixed on the SQLite trunk

 Issue 914652  has been merged into this issue.

 Issue 914675  has been merged into this issue.

 Issue 913820  has been merged into this issue.

This crash occurs very frequently on windows platform and is likely preventing the fuzzer sqlite3_select_expr_lpm_fuzzer from making much progress. Fixing this will allow more bugs to be found.

Marking this bug as a blocker for next Beta release.

If this is incorrect, please add ClusterFuzz-Wrong label and remove the ReleaseBlock-Beta label.

drhsqlite@: Could you please point us to the change that fixed this?

Fixed by SQLite check-in https://sqlite.org/src/info/ddf06db702761d66

Is it fine to remove the Beta blocker now?

Yep, I removed it. Sorry, none of these SQLite null-dereferences should be blockers for anything since they only can be triggered by a malicious attacker--and crashing the renderer process is easy to do in any case, so we don't care.

I am backporting this fix.

 Issue 911251  has been merged into this issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c61e3e2f00de49b85c2bd76c252d2a9fd13ed643

commit c61e3e2f00de49b85c2bd76c252d2a9fd13ed643
Author: Victor Costan <pwnall@chromium.org>
Date: Fri Jan 11 23:20:45 2019

sqlite: Backport a few bug fixes.

This CL removes an unnecessary change in
0006-Fix-dbfuzz2-for-Clusterfuzz.patch and backports fixes for a few
recently discovered issues. The added patches will go away in the
next SQLite upgrade.

Bug: 911253, 911255, 914407,  915348 ,  915479 ,  916478 ,  917285 ,  917380 ,  917834 ,  918035 
Change-Id: I595de36637cdb256153d92f21958b05e2ea6ac92
Reviewed-on: https://chromium-review.googlesource.com/c/1406928
Reviewed-by: Chris Mumford <cmumford@google.com>
Commit-Queue: Victor Costan <pwnall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#622207}
[modify] https://crrev.com/c61e3e2f00de49b85c2bd76c252d2a9fd13ed643/third_party/sqlite/amalgamation/sqlite3.c
[modify] https://crrev.com/c61e3e2f00de49b85c2bd76c252d2a9fd13ed643/third_party/sqlite/patches/0001-Modify-default-VFS-to-support-WebDatabase.patch
[modify] https://crrev.com/c61e3e2f00de49b85c2bd76c252d2a9fd13ed643/third_party/sqlite/patches/0002-Virtual-table-supporting-recovery-of-corrupted-datab.patch
[modify] https://crrev.com/c61e3e2f00de49b85c2bd76c252d2a9fd13ed643/third_party/sqlite/patches/0003-Custom-shell.c-helpers-to-load-Chromium-s-ICU-data.patch
[modify] https://crrev.com/c61e3e2f00de49b85c2bd76c252d2a9fd13ed643/third_party/sqlite/patches/0004-fts3-Disable-fts3_tokenizer-and-fts4.patch
[modify] https://crrev.com/c61e3e2f00de49b85c2bd76c252d2a9fd13ed643/third_party/sqlite/patches/0005-fuchsia-Use-dot-file-locking-for-sqlite.patch
[modify] https://crrev.com/c61e3e2f00de49b85c2bd76c252d2a9fd13ed643/third_party/sqlite/patches/0006-Fix-dbfuzz2-for-Clusterfuzz.patch
[add] https://crrev.com/c61e3e2f00de49b85c2bd76c252d2a9fd13ed643/third_party/sqlite/patches/0007-Fix-the-Makefile-so-that-it-honors-CFLAGS-when-build.patch
[add] https://crrev.com/c61e3e2f00de49b85c2bd76c252d2a9fd13ed643/third_party/sqlite/patches/0008-Adjustments-to-the-page-cache-to-try-to-avoid-harmle.patch
[add] https://crrev.com/c61e3e2f00de49b85c2bd76c252d2a9fd13ed643/third_party/sqlite/patches/0009-Remove-an-ALWAYS-from-a-branch-that-is-not-always-ta.patch
[add] https://crrev.com/c61e3e2f00de49b85c2bd76c252d2a9fd13ed643/third_party/sqlite/patches/0010-Fix-a-problem-with-nested-CTEs-with-the-same-table.patch
[add] https://crrev.com/c61e3e2f00de49b85c2bd76c252d2a9fd13ed643/third_party/sqlite/patches/0011-Fix-detection-of-self-referencing-rows-in-foreign-ke.patch
[add] https://crrev.com/c61e3e2f00de49b85c2bd76c252d2a9fd13ed643/third_party/sqlite/patches/0012-Fix-a-segfault-caused-by-using-the-RAISE-function-in.patch
[add] https://crrev.com/c61e3e2f00de49b85c2bd76c252d2a9fd13ed643/third_party/sqlite/patches/0013-Fix-for-an-assert-that-could-be-false.patch
[add] https://crrev.com/c61e3e2f00de49b85c2bd76c252d2a9fd13ed643/third_party/sqlite/patches/0014-Fix-another-problem-found-by-Matthew-Denton-s-new-fu.patch
[add] https://crrev.com/c61e3e2f00de49b85c2bd76c252d2a9fd13ed643/third_party/sqlite/patches/0015-Report-a-new-corruption-case.patch
[add] https://crrev.com/c61e3e2f00de49b85c2bd76c252d2a9fd13ed643/third_party/sqlite/patches/0016-Avoid-a-buffer-overread-in-ptrmapPutOvflPtr.patch
[add] https://crrev.com/c61e3e2f00de49b85c2bd76c252d2a9fd13ed643/third_party/sqlite/patches/0017-Improved-detection-of-cell-corruption-in-sqlite3Vdbe.patch
[modify] https://crrev.com/c61e3e2f00de49b85c2bd76c252d2a9fd13ed643/third_party/sqlite/src/Makefile.in
[modify] https://crrev.com/c61e3e2f00de49b85c2bd76c252d2a9fd13ed643/third_party/sqlite/src/src/btree.c
[modify] https://crrev.com/c61e3e2f00de49b85c2bd76c252d2a9fd13ed643/third_party/sqlite/src/src/expr.c
[modify] https://crrev.com/c61e3e2f00de49b85c2bd76c252d2a9fd13ed643/third_party/sqlite/src/src/fkey.c
[modify] https://crrev.com/c61e3e2f00de49b85c2bd76c252d2a9fd13ed643/third_party/sqlite/src/src/pcache1.c
[modify] https://crrev.com/c61e3e2f00de49b85c2bd76c252d2a9fd13ed643/third_party/sqlite/src/src/select.c
[modify] https://crrev.com/c61e3e2f00de49b85c2bd76c252d2a9fd13ed643/third_party/sqlite/src/src/vdbeaux.c
[modify] https://crrev.com/c61e3e2f00de49b85c2bd76c252d2a9fd13ed643/third_party/sqlite/src/test/dbfuzz2.c
[modify] https://crrev.com/c61e3e2f00de49b85c2bd76c252d2a9fd13ed643/third_party/sqlite/src/test/fuzzcheck.c

ClusterFuzz has detected this issue as fixed in range 622194:622213.

Detailed report: https://clusterfuzz.com/testcase?key=6224479589761024

Fuzzer: libFuzzer_sqlite3_select_expr_lpm_fuzzer
Fuzz target binary: sqlite3_select_expr_lpm_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Null-dereference READ
Crash Address: 0x000000000000
Crash State:
  sqlite3ExprCompare
  resolveOrderByTermToExprList
  resolveCompoundOrderBy
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=615329:615346
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_ubsan&range=622194:622213

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6224479589761024

See https://github.com/google/clusterfuzz-tools for instructions to reproduce this bug locally.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6224479589761024 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

The following revision refers to this bug: 
https://chromium.googlesource.com/chromium/src.git/+/e6d709904788b93ca8f88bbf67ad0a7af26e5bb8

Commit: e6d709904788b93ca8f88bbf67ad0a7af26e5bb8
Author: staphany@chromium.org
Commiter: pwnall@chromium.org
Date: 2019-01-15 22:21:13 +0000 UTC

sqlite: Backport a few bug fixes.

This CL removes an unnecessary change in
0006-Fix-dbfuzz2-for-Clusterfuzz.patch and backports fixes for a few
recently discovered issues. The added patches will go away in the
next SQLite upgrade.

(cherry picked from commit c61e3e2f00de49b85c2bd76c252d2a9fd13ed643)

Bug: 911253, 911255, 914407,  915348 ,  915479 ,  916478 ,  917285 ,  917380 ,  917834 ,  918035 
Change-Id: I595de36637cdb256153d92f21958b05e2ea6ac92
Reviewed-on: https://chromium-review.googlesource.com/c/1406928
Reviewed-by: Chris Mumford <cmumford@google.com>
Commit-Queue: Victor Costan <pwnall@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#622207}
Reviewed-on: https://chromium-review.googlesource.com/c/1413452
Reviewed-by: Victor Costan <pwnall@chromium.org>
Cr-Commit-Position: refs/branch-heads/3626@{#703}
Cr-Branched-From: d897fb137fbaaa9355c0c93124cc048824eb1e65-refs/heads/master@{#612437}

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e6d709904788b93ca8f88bbf67ad0a7af26e5bb8

commit e6d709904788b93ca8f88bbf67ad0a7af26e5bb8
Author: Staphany Park <staphany@chromium.org>
Date: Tue Jan 15 22:21:13 2019

sqlite: Backport a few bug fixes.

This CL removes an unnecessary change in
0006-Fix-dbfuzz2-for-Clusterfuzz.patch and backports fixes for a few
recently discovered issues. The added patches will go away in the
next SQLite upgrade.

(cherry picked from commit c61e3e2f00de49b85c2bd76c252d2a9fd13ed643)

Bug: 911253, 911255, 914407,  915348 ,  915479 ,  916478 ,  917285 ,  917380 ,  917834 ,  918035 
Change-Id: I595de36637cdb256153d92f21958b05e2ea6ac92
Reviewed-on: https://chromium-review.googlesource.com/c/1406928
Reviewed-by: Chris Mumford <cmumford@google.com>
Commit-Queue: Victor Costan <pwnall@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#622207}
Reviewed-on: https://chromium-review.googlesource.com/c/1413452
Reviewed-by: Victor Costan <pwnall@chromium.org>
Cr-Commit-Position: refs/branch-heads/3626@{#703}
Cr-Branched-From: d897fb137fbaaa9355c0c93124cc048824eb1e65-refs/heads/master@{#612437}
[modify] https://crrev.com/e6d709904788b93ca8f88bbf67ad0a7af26e5bb8/third_party/sqlite/amalgamation/sqlite3.c
[add] https://crrev.com/e6d709904788b93ca8f88bbf67ad0a7af26e5bb8/third_party/sqlite/patches/0001-Modify-default-VFS-to-support-WebDatabase.patch
[add] https://crrev.com/e6d709904788b93ca8f88bbf67ad0a7af26e5bb8/third_party/sqlite/patches/0002-Virtual-table-supporting-recovery-of-corrupted-datab.patch
[add] https://crrev.com/e6d709904788b93ca8f88bbf67ad0a7af26e5bb8/third_party/sqlite/patches/0003-Custom-shell.c-helpers-to-load-Chromium-s-ICU-data.patch
[add] https://crrev.com/e6d709904788b93ca8f88bbf67ad0a7af26e5bb8/third_party/sqlite/patches/0004-fts3-Disable-fts3_tokenizer-and-fts4.patch
[add] https://crrev.com/e6d709904788b93ca8f88bbf67ad0a7af26e5bb8/third_party/sqlite/patches/0005-fuchsia-Use-dot-file-locking-for-sqlite.patch
[add] https://crrev.com/e6d709904788b93ca8f88bbf67ad0a7af26e5bb8/third_party/sqlite/patches/0006-Fix-dbfuzz2-for-Clusterfuzz.patch
[add] https://crrev.com/e6d709904788b93ca8f88bbf67ad0a7af26e5bb8/third_party/sqlite/patches/0007-Fix-the-Makefile-so-that-it-honors-CFLAGS-when-build.patch
[add] https://crrev.com/e6d709904788b93ca8f88bbf67ad0a7af26e5bb8/third_party/sqlite/patches/0008-Adjustments-to-the-page-cache-to-try-to-avoid-harmle.patch
[add] https://crrev.com/e6d709904788b93ca8f88bbf67ad0a7af26e5bb8/third_party/sqlite/patches/0009-Remove-an-ALWAYS-from-a-branch-that-is-not-always-ta.patch
[add] https://crrev.com/e6d709904788b93ca8f88bbf67ad0a7af26e5bb8/third_party/sqlite/patches/0010-Fix-a-problem-with-nested-CTEs-with-the-same-table.patch
[add] https://crrev.com/e6d709904788b93ca8f88bbf67ad0a7af26e5bb8/third_party/sqlite/patches/0011-Fix-detection-of-self-referencing-rows-in-foreign-ke.patch
[add] https://crrev.com/e6d709904788b93ca8f88bbf67ad0a7af26e5bb8/third_party/sqlite/patches/0012-Fix-a-segfault-caused-by-using-the-RAISE-function-in.patch
[add] https://crrev.com/e6d709904788b93ca8f88bbf67ad0a7af26e5bb8/third_party/sqlite/patches/0013-Fix-for-an-assert-that-could-be-false.patch
[add] https://crrev.com/e6d709904788b93ca8f88bbf67ad0a7af26e5bb8/third_party/sqlite/patches/0014-Fix-another-problem-found-by-Matthew-Denton-s-new-fu.patch
[add] https://crrev.com/e6d709904788b93ca8f88bbf67ad0a7af26e5bb8/third_party/sqlite/patches/0015-Report-a-new-corruption-case.patch
[add] https://crrev.com/e6d709904788b93ca8f88bbf67ad0a7af26e5bb8/third_party/sqlite/patches/0016-Avoid-a-buffer-overread-in-ptrmapPutOvflPtr.patch
[add] https://crrev.com/e6d709904788b93ca8f88bbf67ad0a7af26e5bb8/third_party/sqlite/patches/0017-Improved-detection-of-cell-corruption-in-sqlite3Vdbe.patch
[modify] https://crrev.com/e6d709904788b93ca8f88bbf67ad0a7af26e5bb8/third_party/sqlite/src/Makefile.in
[modify] https://crrev.com/e6d709904788b93ca8f88bbf67ad0a7af26e5bb8/third_party/sqlite/src/src/btree.c
[modify] https://crrev.com/e6d709904788b93ca8f88bbf67ad0a7af26e5bb8/third_party/sqlite/src/src/expr.c
[modify] https://crrev.com/e6d709904788b93ca8f88bbf67ad0a7af26e5bb8/third_party/sqlite/src/src/fkey.c
[modify] https://crrev.com/e6d709904788b93ca8f88bbf67ad0a7af26e5bb8/third_party/sqlite/src/src/pcache1.c
[modify] https://crrev.com/e6d709904788b93ca8f88bbf67ad0a7af26e5bb8/third_party/sqlite/src/src/select.c
[modify] https://crrev.com/e6d709904788b93ca8f88bbf67ad0a7af26e5bb8/third_party/sqlite/src/src/vdbeaux.c
[modify] https://crrev.com/e6d709904788b93ca8f88bbf67ad0a7af26e5bb8/third_party/sqlite/src/test/fuzzcheck.c