Closed
Bug 365166
Opened 19 years ago
Closed 18 years ago
crash [@ strlen] calling mozIStorageStatement::getColumnName of a statement created with "PRAGMA user_version" or "PRAGMA schema_version"
Categories
(Core :: SQLite and Embedded Database Bindings, defect)
Tracking
()
RESOLVED
FIXED
mozilla1.9alpha8
People
(Reporter: alexander.beedie, Assigned: asqueella)
References
Details
(Keywords: crash, testcase)
Crash Data
Attachments
(2 files, 2 obsolete files)
|
1.47 KB,
application/vnd.mozilla.xul+xml
|
Details | |
|
3.15 KB,
patch
|
sdwilsh
:
review+
|
Details | Diff | Splinter Review |
User-Agent: Opera/9.10 (Windows NT 5.1; U; en)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1
firefox crashes immediately and unrecoverably with the two sqlite version PRAGMA queries (user_version and schema_version) if you call the created statement's getColumnName() method on the results
Reproducible: Always
Steps to Reproduce:
sample code:
----------------------------------
var sql = "PRAGMA schema_version";
var storage_svc = Components.classes["@mozilla.org/storage/service;1"].getService(Components.interfaces.mozIStorageService);
var conn = storage_svc.openDatabase(ANY_SQLITE_DB);
var statement = conn.createStatement(sql);
var data = [];
while (statement.executeStep()) {
var row = [];
for (var i=0,k=statement.columnCount; i<k; i++) {
row[statement.getColumnName(i)] = statement.getUTF8String(i);
}
data.push(row);
}
----------------------------------
stepping in via the venkman debugger i can see that the specific part crashing firefox is "statement.getColumnName(i)".
Actual Results:
firefox crashes unrecoverably
Expected Results:
a result for the sqlite schema_version or user_version PRAGMA commands
the crash is severe, and could possibly be indicative of some nasty edge case lower down in the sqlite wrapper. still, i guess not too many people are routinely calling PRAGMA commands.
(i've put a workaround in my own extension to explicitly detect and handle these sql constructions separately)
many thanks,
-alex
|
Reporter | |
Comment 1•19 years ago
|
||
note: can't seem to submit bugs to the Storage component from the bugzilla front page, hence putting it in General (apologies)
Keywords: crash
Version: unspecified → 2.0 Branch
|
||
Updated•19 years ago
|
Assignee: nobody → vladimir
Component: General → Storage
Product: Firefox → Toolkit
QA Contact: general → storage
Version: 2.0 Branch → 1.8 Branch
|
|
||
Updated•19 years ago
|
Severity: major → critical
|
|
Reporter | |
Comment 2•19 years ago
|
||
ZIP containing one XUL file and one JS file. unzip them to any dir, drag the XUL file onto firefox to open it. press one of the two buttons on the displayed page to see the crash.
note: UniversalXPConnect security manager is called so that the storage service can be called from a file:// uri, so make sure you "allow" that. (take a look at the JS to confirm i'm doing nothing sinister!)
|
Assignee | |
Comment 3•19 years ago
|
||
Thanks for the testcase.
The crash happens at http://bonsai.mozilla.org/cvsblame.cgi?file=/mozilla/storage/src/mozStorageStatement.cpp&rev=1.15&mark=255#246 because cname is null. sqlite docs are not very clear on this:
"The first argument is a prepared SQL statement. This function returns the column heading for the Nth column of that statement, where N is the second function argument. The string returned is UTF-8 for sqlite3_column_name() and UTF-16 for sqlite3_column_name16()."
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: testcase
Summary: firefox crashes on the getColumnName method of a statement created with "PRAGMA user_version" or "PRAGMA schema_version" → crash [@ strlen] calling mozIStorageStatement::getColumnName of a statement created with "PRAGMA user_version" or "PRAGMA schema_version"
Version: 1.8 Branch → Trunk
|
|
Assignee | |
Comment 4•19 years ago
|
||
Attachment #249807 -
Attachment is obsolete: true
|
|
Assignee | |
Updated•19 years ago
|
Attachment #250499 -
Attachment mime type: application/octet-stream → application/vnd.mozilla.xul+xml
|
|
Assignee | |
Comment 6•19 years ago
|
||
okay, opened http://www.sqlite.org/cvstrac/tktview?tn=2143 for sqlite docs and I think we should just use mColumnNames instead of asking sqlite about the column name again.
|
|
Assignee | |
Comment 7•19 years ago
|
||
So this just adds the necessary null-checks and an xpcshell testcase (I also fixed a similar crasher in mozStorageStatementWrapper).
Looking at the code I find it weird that everyone tries to cache the column names.
http://mxr-test.landfill.bugzilla.org/seamonkey/search?string=mColumnNames
I think we can remove the mColumnNames member from statement classes, and just get the column names in mozStorageStatementWrapper::GetRow and mozStorageStatement::GetColumnName.
Assignee: vladimir → asqueella
Status: NEW → ASSIGNED
Attachment #250520 -
Flags: first-review?(vladimir)
|
|
Assignee | |
Comment 8•19 years ago
|
||
Hm, the ticket I opened against sqlite is fixed already, they made sqlite3_column_name return a proper string for these queries. So if we want this on branches, the above patch can be used, otherwise we can wait for the next version of sqlite to be landed on trunk.
Or we can be overly cautious and add the null-check anyway..
Attachment #250520 -
Flags: first-review?(vladimir) → review?(vladimir)
|
||
Comment 9•18 years ago
|
||
Comment on attachment 250520 [details] [diff] [review]
minimal patch
If you could kindly un-bit rot this, I'll gladly review it.
Attachment #250520 -
Flags: review?(vladimir)
|
|
||
Comment 10•18 years ago
|
||
Comment on attachment 250520 [details] [diff] [review]
minimal patch
Actually, this looks good - I just need something that applies still to check in :)
Attachment #250520 -
Flags: review+
|
|
Assignee | |
Comment 11•18 years ago
|
||
Comment on attachment 250520 [details] [diff] [review]
minimal patch
We probably should wait for bug 341137 to get fixed, then just check in the testcase and remove the existing null-checks of sqlite3_column_name.
Attachment #250520 -
Attachment is obsolete: true
|
|
||
Comment 12•18 years ago
|
||
We have until July 18th to land this. I'm willing to drop whatever it is that I'm working on to get the review done to make sure it gets in (or loose sleep, which ever is less important)
Nickolay, could you get an updated patch now that we've upgraded please?
Flags: blocking1.9?
Target Milestone: --- → mozilla1.9beta1
|
|
Assignee | |
Comment 13•18 years ago
|
||
Attachment #270499 -
Flags: review?(sdwilsh)
|
|
Assignee | |
Comment 14•18 years ago
|
||
Since the crash itself was already fixed upstream, this is not something that should be blocking, imo.
Flags: blocking1.9?
|
|
||
Comment 15•18 years ago
|
||
Comment on attachment 270499 [details] [diff] [review]
patch: remove unnecessary null-check and add a testcase now that the crash is fixed upstream
r=sdwilsh. Thanks!
Attachment #270499 -
Flags: review?(sdwilsh) → review+
|
|
Assignee | |
Updated•18 years ago
|
Whiteboard: [checkin needed]
|
|
||
Comment 16•18 years ago
|
||
Checking in storage/src/mozStorageStatement.cpp;
new revision: 1.18; previous revision: 1.17
Checking in storage/test/unit/test_bug-365166.js;
initial revision: 1.1
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Whiteboard: [checkin needed]
|
||
Updated•14 years ago
|
Crash Signature: [@ strlen]
|
||
Updated•1 year ago
|
Product: Toolkit → Core
You need to log in
before you can comment on or make changes to this bug.
Description
•