Bug#1052327: libdbd-odbc-perl: Test failure in t/rt_57957.t
Paul Wise
pabs at debian.org
Tue Oct 10 05:48:42 BST 2023
Control: reassign -1 libsqliteodbc 0.9999-1
Control: retitle -1 libsqliteodbc: regression: crashes (SIGSEGV) with line comments
Control: affects -1 + libdbd-odbc-perl
Control: tags -1 + patch
Control: forwarded -1 Christian Werner <chw at ch-werner.de>
On Wed, 20 Sep 2023 17:00:50 +0200 gregor herrmann wrote:
> As noticed by ci.debian.org, t/rt_57957.t started to fail at some
> point between 2023-09-02 and 2023-09-18.
The two tests that fail are the line comment ones:
4 - Prepare with line comment named placeholder
6 - Prepare with line comment and ? placeholder
They both fail by causing a SIGSEGV in Perl itself.
Executing the same SQL within sqlite3 does not cause a SIGSEGV:
$ sqlite3
SQLite version 3.43.1 2023-09-11 12:01:27
Enter ".help" for usage hints.
Connected to a transient in-memory database.
Use ".open FILENAME" to reopen on a persistent database.
sqlite> select -- placeholder ? in a comment
1;
1
When I modify the SQL a bit so that gdb can actually load the core dump
from inside pbuilder, I get a backtrace inside sqliteodbc.
When I downgrade libsqliteodbc from 0.9999-1 to 0.9998-3+b1 then the
crash no longer happens, so this is a bug in sqliteodbc.
When I modify the pyodbc tests to include a test with a line comment,
then I get a Python crash and the crash is fixed with 0.9998-3+b1.
Looking at the diff from 0.9998-3 to 0.9999-1, I see that this version
added support for line comments by adding this case to the code:
case '-':
*p++ = *q;
if (!inq && q[1] == '-') {
++q;
while (*q) {
*p++ = *q;
if (*q == '\n') {
break;
}
}
}
break;
So this is crashing because the q pointer isn't getting incremented so
it never reaches the \n character nor the end of the SQL string, but
the p pointer is getting incremented within the infinite loop, so it
gets incremented past the end of its allocated memory.
The fix is to increment both pointers at once.
*p++ = *q++;
This fixes the libdbd-odbc-perl test failures too.
I have sent the attached patch to upstream.
--
bye,
pabs
https://wiki.debian.org/PaulWise
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Fix-crash-with-line-comments-in-SQL-fixup.patch
Type: text/x-patch
Size: 1517 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-perl-maintainers/attachments/20231010/19e54420/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-perl-maintainers/attachments/20231010/19e54420/attachment.sig>
More information about the pkg-perl-maintainers
mailing list