SQLite query segfaults

Form the Pike Developers mailinglist:

23989767 Yesterday 21:13 /42 lines/ Marc Simpson marc@0branch.com
Sender: SRS0+Qc9x=6M=lists.lysator.liu.se=pike-devel-bounces@lysator.liu.se
Imported: Yesterday 21:13 by Brevbäraren
External recipient: pike-devel@lists.lysator.liu.se
To: Pike (-) developers forum <20962>
Subject: SQLite query segfaults

Hi folks,

It seems that I can reliably segfault recent Pike 8.1 installs when using sprintf-style SQLite queries:

$ echo '
  create table demo(a, b);
  insert into  demo(a, b) values(1, "abc")' | sqlite3 demo.db

$ pike
Pike v8.1 release 13 running Hilfe v3.5 [...]
> Sql.Sql db = Sql.Sql("sqlite://demo.db");
> db->query("select * from demo");
(1) Result: ({ /* 1 element */
                ([ /* 2 elements */
                  "a": "1",
                  "b": "abc"
                ])
            })
> db->query("select * from demo where a = :a", ([":a": 1 ]));
(2) Result: ({ /* 1 element */
                ([ /* 2 elements */
                  "a": "1",
                  "b": "abc"
                ])
            })
> db->query("select * from demo where a = %d", 1);
Segmentation fault

This occurs on both macOS and Linux; on macOS, segfaults are observed when the SQLite module is linked against either MacPorts' SQLite 3 or the system wide dylib in /usr/lib.

Note that query() with a mapping argument doesn't segfault; furthermore, no such segfault occurs under Pike v8.0 release 702.

Please let me know whether this is reproducible (and/or whether more information is required).

Thanks, Marc

(23989767) /Marc Simpson marc@0branch.com/--------