Skip to content

[Bug]: NULL Pointer Dereference in cypher_execute() #10

Open
#12
Open
[Bug]: NULL Pointer Dereference in cypher_execute()#10
#12
Labels
bugSomething isn't working
@dirtyfilthy

Description

@dirtyfilthy
dirtyfilthy
opened on Nov 17, 2025

Pre-submission Checklist

  • I have searched existing issues to ensure this bug hasn't been reported
  • I have read the documentation
  • I am using a supported platform (Linux x86_64)

Version

main #001122d

Platform

Ubuntu 20.04

Bug Description

Problem: The cypher_execute() SQL function segfaults when called before a graph virtual table is created. The function accesses the global pGraph pointer without null validation.

Root Cause: The global pGraph variable (defined in src/graph.c:27) is initialized to NULL and only set when CREATE VIRTUAL TABLE graph USING graph() is executed. If cypher_execute() is called before table creation, pGraph is NULL, causing segfaults when passed to functions that dereference it.

Affected Files:

  • src/cypher/cypher-executor-sql.c - Function cypherExecuteSqlFunc() at lines 82, 116

The function uses pGraph without checking if it's NULL

Steps to Reproduce

import sqlite3
conn = sqlite3.connect(":memory:")
conn.enable_load_extension(True)
conn.load_extension("libgraph.so")

# This will segfault because no graph virtual table exists yet:
conn.execute("SELECT cypher_execute('MATCH (n) RETURN n')")

Code Sample

see above

Error Message / Stack Trace



Expected Behavior


SQLite should return an error indicating that a graph virtual table needs to be created first, e.g.:


Error: Graph virtual table not initialized. Create a graph table first using: CREATE VIRTUAL TABLE graph USING graph();



Actual Behavior


Process crashes with segmentation fault (SIGSEGV) because pGraph is NULL and is dereferenced without validation.


Environment Details


SQLite version: 3.x (system libsqlite3)

Extension: sqlite-graph (current main/master branch)

OS: Linux (aarch64), likely affects all platforms

Reproduction: Confirmed with GDB showing segfault when pGraph is NULL


Additional Context


No response


Severity


    

  •  This is a critical bug (crashes, data loss)
    • 

  •  This is a major bug (significant functionality broken)
    • 

  •  This is a minor bug (minor functionality affected)
    • 

  •  This is a cosmetic issue
    • 

Metadata
Metadata
Assignees
No one assigned
    Labels
    bugSomething isn't working
    Type
    No type
    Fields
    No fields configured for issues without a type.
    Projects
    No projects
    Milestone
    No milestone
    Relationships
    None yet
    Development
    No branches or pull requests
    Issue actions