On Wed, Apr 29, 2020 at 5:13 AM Marc Simpson marc@0branch.com wrote:

Hi folks,

It seems that I can reliably segfault recent Pike 8.1 installs when using sprintf-style SQLite queries:

$ echo '
  create table demo(a, b);
  insert into  demo(a, b) values(1, "abc")' | sqlite3 demo.db

$ pike
Pike v8.1 release 13 running Hilfe v3.5 [...]
> Sql.Sql db = Sql.Sql("sqlite://demo.db");
> db->query("select * from demo");
(1) Result: ({ /* 1 element */
                ([ /* 2 elements */
                  "a": "1",
                  "b": "abc"
                ])
            })
> db->query("select * from demo where a = :a", ([":a": 1 ]));
(2) Result: ({ /* 1 element */
                ([ /* 2 elements */
                  "a": "1",
                  "b": "abc"
                ])
            })
> db->query("select * from demo where a = %d", 1);
Segmentation fault

This occurs on both macOS and Linux; on macOS, segfaults are observed when the SQLite module is linked against either MacPorts' SQLite 3 or the system wide dylib in /usr/lib.

Note that query() with a mapping argument doesn't segfault; furthermore, no such segfault occurs under Pike v8.0 release 702.

Please let me know whether this is reproducible (and/or whether more information is required).

Reproduced on a very recent build of Pike. Can be done in a more self-contained way using an in-memory database:

Pike v8.1 release 13 running Hilfe v3.5 (Incremental Pike Frontend) Ok.

Sql.Sql db = Sql.Sql("sqlite://:memory:"); db->query("create table demo (a, b)");

(1) Result: 0

db->query("insert into demo values (1, 'abc')");

(2) Result: 0

db->query("select * from demo where a = :a", ([":a": 1]));

(3) Result: ({ /* 1 element */ ([ /* 2 elements */ "a": "1", "b": "abc" ]) })

db->query("select * from demo where a = %d", 1);

Segmentation fault

Will do some bisection.

ChrisA