Version
v25.6.0
Platform
Linux 749dbb0e74fd 6.8.0-106-generic #106-Ubuntu SMP PREEMPT_DYNAMIC Fri Mar 6 07:58:08 UTC 2026 x86_64 x86_64 x86_64 GNU/Linux
Subsystem
sqlite
What steps will reproduce the bug?
There are some inconsistencies in how the sqlite3_reset API is checked.
All places where it is called via StatementSync::ResetStatement() are checked. For example:
|
int r = stmt->ResetStatement(); |
|
CHECK_ERROR_OR_THROW(env->isolate(), stmt->db_.get(), r, SQLITE_OK, void()); |
or some others not via ResetStatement():
|
int r = sqlite3_reset(stmt->statement_); |
|
CHECK_ERROR_OR_THROW(env->isolate(), stmt->db_.get(), r, SQLITE_OK, void()); |
etc...
However, the following locations are not checked and should probably get exception checking as well:
|
auto reset = OnScopeLeave([&]() { sqlite3_reset(stmt); }); |
|
auto reset = OnScopeLeave([&]() { sqlite3_reset(stmt->statement_); }); |
|
auto reset = OnScopeLeave([&]() { sqlite3_reset(stmt->statement_); }); |
|
sqlite3_reset(iter->stmt_->statement_); |
|
sqlite3_reset(iter->stmt_->statement_); |
Similarly, sqlite3_step() is normally checked for errors, but not here:
I could provide patches if this is a confirmed bug and the fix is desired.
How often does it reproduce? Is there a required condition?
Only reproduces if there's an internal libsqlite3 failure.
What is the expected behavior? Why is that the expected behavior?
I would expect consistent checking and throwing of exceptions.
What do you see instead?
Failure is ignored silently.
Additional information
This was detected with the help of a static-dynamic hybrid analyzer I'm developing.
Version
v25.6.0
Platform
Subsystem
sqlite
What steps will reproduce the bug?
There are some inconsistencies in how the
sqlite3_resetAPI is checked.All places where it is called via
StatementSync::ResetStatement()are checked. For example:node/src/node_sqlite.cc
Lines 3092 to 3093 in bf7e79c
or some others not via
ResetStatement():node/src/node_sqlite.cc
Lines 3353 to 3354 in bf7e79c
etc...
However, the following locations are not checked and should probably get exception checking as well:
node/src/node_sqlite.cc
Line 2972 in bf7e79c
node/src/node_sqlite.cc
Line 3026 in bf7e79c
node/src/node_sqlite.cc
Line 3473 in bf7e79c
node/src/node_sqlite.cc
Line 3705 in bf7e79c
node/src/node_sqlite.cc
Line 3757 in bf7e79c
Similarly,
sqlite3_step()is normally checked for errors, but not here:node/src/node_sqlite.cc
Line 2896 in bf7e79c
I could provide patches if this is a confirmed bug and the fix is desired.
How often does it reproduce? Is there a required condition?
Only reproduces if there's an internal libsqlite3 failure.
What is the expected behavior? Why is that the expected behavior?
I would expect consistent checking and throwing of exceptions.
What do you see instead?
Failure is ignored silently.
Additional information
This was detected with the help of a static-dynamic hybrid analyzer I'm developing.