Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sqlite3 aborted: free(): double free detected in tcache 2 #7

Open
rwaldura opened this issue Mar 10, 2023 · 3 comments
Open

sqlite3 aborted: free(): double free detected in tcache 2 #7

rwaldura opened this issue Mar 10, 2023 · 3 comments

Comments

@rwaldura
Copy link

Terminal failure on simple example pulled from https://antonz.org/sqlite-pivot-table/.
Am I doing it wrong?

% curl -o pivot_vtab.c https://raw.githubusercontent.com/jakethaw/pivot_vtab/main/pivot_vtab.c

% gcc -g -fPIC -shared pivot_vtab.c -o pivot_vtab.so

% curl https://antonz.org/sqlite-pivot-table/sales.sql | sqlite3 test.db    

% sqlite3 test.db
SQLite version 3.27.2 2019-02-25 16:06:06
sqlite> select * from sales;
product     year        income    
----------  ----------  ----------
alpha       2020        100       
alpha       2021        120       
alpha       2022        130       
alpha       2023        140       
beta        2020        10        
beta        2021        20        
beta        2022        40        
beta        2023        80        
gamma       2020        80        
gamma       2021        75        
gamma       2022        78        
gamma       2023        80        
sqlite> .load ./pivot_vtab
sqlite> create virtual table v_sales using pivot_vtab (
   ...>   -- rows
   ...>   (select distinct product from sales),
   ...>   -- columns
   ...>   (select distinct year, year from sales),
   ...>   -- cells
   ...>   (select sum(income) from sales where product = ?1 and year = ?2)
   ...> );
sqlite> select * from v_sales;
product     2020        2021        2022        2023      
----------  ----------  ----------  ----------  ----------
alpha       100         120         130         140       
beta        10          20          40          80        
gamma       80          75          78          80        
free(): double free detected in tcache 2
[1]  + 13136 abort      sqlite3 test.db

% uname -a
Linux xxx 4.19.94-ti-r73 #1buster SMP PREEMPT Fri Apr 15 21:38:30 UTC 2022 armv7l GNU/Linux
@rwaldura
Copy link
Author

Same issue with the sample provided.

%  sqlite3 test2.db
SQLite version 3.27.2 2019-02-25 16:06:06
sqlite> .load ./pivot_vtab
sqlite> CREATE TABLE r AS
   ...> SELECT 1 id UNION SELECT 2 UNION SELECT 3;
sqlite> CREATE TABLE c(
   ...>   id   INTEGER PRIMARY KEY,
   ...>   name TEXT
   ...> );
sqlite> INSERT INTO c (name) VALUES
   ...> ('a'),('b'),('c'),('d');
sqlite> CREATE TABLE x(
   ...>   r_id INT,
   ...>   c_id INT,
   ...>   val  TEXT
   ...> );
sqlite> INSERT INTO x (r_id, c_id, val)
   ...> SELECT r.id, c.id, c.name || r.id
   ...>   FROM c, r;
sqlite> CREATE VIRTUAL TABLE pivot USING pivot_vtab(
   ...> (SELECT id r_id -- pivot table key
   ...>     FROM r),
   ...>  (SELECT id c_id,   -- pivot column key - can be referenced in pivot query as ?2
   ...>          name       -- pivot column name
   ...>     FROM c),
   ...> (SELECT val
   ...>     FROM x 
   ...>    WHERE r_id = ?1
   ...>      AND c_id = ?2)
   ...> );
sqlite> SELECT *
   ...>   FROM pivot;
r_id  a      b      c      d    
----  -----  -----  -----  -----
1     a1     b1     c1     d1   
2     a2     b2     c2     d2   
3     a3     b3     c3     d3   
free(): double free detected in tcache 2
[1]    16982 abort      sqlite3 test2.db

@rwaldura
Copy link
Author

rwaldura commented Mar 10, 2023
edited
Loading

Line 479 appears to trigger the error: freeing the pivot key.

% gdb sqlite3
...
sqlite> .load ./pivot_vtab
sqlite> select * from pivot;
r_id        a           b           c           d         
----------  ----------  ----------  ----------  ----------
1           a1          b1          c1          d1        
2           a2          b2          c2          d2        
3           a3          b3          c3          d3        

Breakpoint 1, pivotClose (pCur=0x51e1a0) at pivot_vtab.c:472
472	  pivot_vtab *tab = (pivot_vtab*)pCur->pVtab;
(gdb) n
473	  pivot_cursor *cur = (pivot_cursor*)pCur;
(gdb) 
476	  if( cur->pivot_key ){
(gdb) 
477	    for( i=0; inRow_cols; i++ )
(gdb) 
478	      sqlite3_value_free(cur->pivot_key[i]);
(gdb) print i
$1 = 0
(gdb) p cur->pivot_key[i]
$2 = (sqlite3_value *) 0x0
(gdb) p tab->nRow_cols
$3 = 1
(gdb) p cur->pivot_key
$4 = (sqlite3_value **) 0x519c28
(gdb) n
477	    for( i=0; inRow_cols; i++ )
(gdb) n
479	    sqlite3_free(cur->pivot_key);
(gdb) p cur->pivot_key
$5 = (sqlite3_value **) 0x519c28
(gdb) n
free(): double free detected in tcache 2

Program received signal SIGABRT, Aborted.

@rwaldura rwaldura changed the title free(): double free detected in tcache 2 sqlite3 aborted: free(): double free detected in tcache 2 Mar 10, 2023
@rwaldura
Copy link
Author

Commenting out line 479 appears to fix it... but it hardly seems satisfying.
Let me know if there's a better fix, thanks!

@rwaldura rwaldura mentioned this issue Mar 10, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rwaldura