You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The call to memcpy is unsafe, as the input passed to this call is unsanitized. This can lead to undefined behavior in the following scenario where memcpy is called as follows:
memcpy(ptr, NULL, 0);
The second argument of memcpy should never be NULL.
Steps to Reproduce
Run the following command, to create an sqlite3 database where a BLOB column contains NULL.
#!/bin/bash
DB="test.db"
sqlite3 "$DB"<<EOFCREATE TABLE files (id INTEGER PRIMARY KEY, data BLOB);INSERT INTO files (data) VALUES (X'');.headers on.mode columnSELECT id, length(data) AS blob_length FROM files;EOF
Then, build node-sqlite3 from source with UBSan enabled:
a. export CXXFLAGS=-fsanitize=undefined
b. export CFLAGS=-fsanitize=undefined
c. export LDFLAGS=-fsanitize=undefined
d. npm install --build-from-source
Write trigger.js, the JavaScript program that triggers the undefined behavior:
constsqlite3=require('sqlite3`);
constdb=newsqlite3.Database('test.db');db.get("SELECT data FROM files LIMIT 1",(err,row)=>{if(err){console.error("Query error:",err);return;}constblob=row.data;console.log("Raw blob value:",blob);console.log("Type:",typeofblob);if(Buffer.isBuffer(blob)){console.log("Length of blob:",blob.length);console.log("Hex dump:",blob.toString('hex'));}elseif(blob===null){console.log("Value is NULL");}db.close();});
Run with node trigger.js
Output:
$> node trigger.js
../src/statement.h:60:19: runtime error: null pointer passed as argument 2, which is declared to never be null
Issue Summary
The call to
memcpyis unsafe, as the input passed to this call is unsanitized. This can lead to undefined behavior in the following scenario wherememcpyis called as follows:The second argument of
memcpyshould never be NULL.Steps to Reproduce
Then, build node-sqlite3 from source with UBSan enabled:
a.
export CXXFLAGS=-fsanitize=undefinedb.
export CFLAGS=-fsanitize=undefinedc.
export LDFLAGS=-fsanitize=undefinedd.
npm install --build-from-sourceWrite
trigger.js, the JavaScript program that triggers the undefined behavior:node trigger.jsOutput:
Version
master
Node.js Version
22.14.0
How did you install the library?
Install from source