apunkt/sqlite-vec
1
0
Fork 0
mirror of https://github.com/asg017/sqlite-vec.git synced 2026-04-25 00:36:56 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fix remaining fuzzer issues: leaks, UBSAN NaN, macOS LLVM version

Browse source 
- fuzz.yaml: switch macOS to llvm@18 (latest LLVM uses typed allocation
  C++ ABI symbols not available on macOS 14 runner's system libc++)
- sqlite-vec.c: fix NaN input in vec_quantize_int8 by using !(val <= X)
  comparisons which evaluate to true for NaN, ensuring the clamp fires
- sqlite-vec.c: free pzErrMsg in vec_eachFilter error path (was leaking
  the error string returned by vector_from_value)
- sqlite-vec.c: add sqlite3_free(pNew) to vec0_init error path; vec0_free
  frees the contents but not the struct itself, mirroring vec0Disconnect
- sqlite-vec.c: free knn_data in vec0Filter_knn cleanup when rc != SQLITE_OK;
  on error the cursor's knn_data field is never set so it would not be
  freed by the cursor teardown path

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Alex Garcia 2026-03-03 08:36:59 -08:00
parent 8c976205dd
commit 1b53b942e0
2 changed files with 13 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

10
.github/workflows/fuzz.yaml vendored
View file

@ -63,20 +63,20 @@ jobs:
runs-on: macos-14 runs-on: macos-14
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- name: Install LLVM - name: Install LLVM 18
run: brew install llvm run: brew install llvm@18
- run: ./scripts/vendor.sh - run: ./scripts/vendor.sh
- name: Generate sqlite-vec.h - name: Generate sqlite-vec.h
run: make sqlite-vec.h run: make sqlite-vec.h
- name: Build fuzz targets - name: Build fuzz targets
run: | run: |
LLVM=/opt/homebrew/opt/llvm LLVM=/opt/homebrew/opt/llvm@18
make -C tests/fuzz all \ make -C tests/fuzz all \
FUZZ_CC=$LLVM/bin/clang \ FUZZ_CC=$LLVM/bin/clang \
FUZZ_LDFLAGS="-Wl,-ld_classic -L$LLVM/lib/c++ -Wl,-rpath,$LLVM/lib/c++" FUZZ_LDFLAGS="-Wl,-ld_classic"
- name: Run fuzz targets - name: Run fuzz targets
env: env:
DYLD_LIBRARY_PATH: "/opt/homebrew/opt/llvm/lib/c++:${{ env.DYLD_LIBRARY_PATH }}" DYLD_LIBRARY_PATH: "/opt/homebrew/opt/llvm@18/lib/c++:${{ env.DYLD_LIBRARY_PATH }}"
run: | run: |
DURATION=${{ github.event.inputs.duration || '60' }} DURATION=${{ github.event.inputs.duration || '60' }}
EXIT_CODE=0 EXIT_CODE=0

10
sqlite-vec.c
View file

@ -1465,8 +1465,8 @@ static void vec_quantize_int8(sqlite3_context *context, int argc,
f32 step = (1.0 - (-1.0)) / 255; f32 step = (1.0 - (-1.0)) / 255;
for (size_t i = 0; i < dimensions; i++) { for (size_t i = 0; i < dimensions; i++) {
double val = ((srcVector[i] - (-1.0)) / step) - 128; double val = ((srcVector[i] - (-1.0)) / step) - 128;
if (val > 127.0) val = 127.0; if (!(val <= 127.0)) val = 127.0; /* also clamps NaN */
if (val < -128.0) val = -128.0; if (!(val >= -128.0)) val = -128.0;
out[i] = (i8)val; out[i] = (i8)val;
} }
@ -2577,6 +2577,7 @@ static int vec_eachFilter(sqlite3_vtab_cursor *pVtabCursor, int idxNum,
int rc = vector_from_value(argv[0], &pCur->vector, &pCur->dimensions, int rc = vector_from_value(argv[0], &pCur->vector, &pCur->dimensions,
&pCur->vector_type, &pCur->cleanup, &pzErrMsg); &pCur->vector_type, &pCur->cleanup, &pzErrMsg);
if (rc != SQLITE_OK) { if (rc != SQLITE_OK) {
sqlite3_free(pzErrMsg);
return SQLITE_ERROR; return SQLITE_ERROR;
} }
pCur->iRowid = 0; pCur->iRowid = 0;
@ -5202,6 +5203,7 @@ static int vec0_init(sqlite3 *db, void *pAux, int argc, const char *const *argv,
error: error:
vec0_free(pNew); vec0_free(pNew);
sqlite3_free(pNew);
return SQLITE_ERROR; return SQLITE_ERROR;
} }
@ -7259,6 +7261,10 @@ cleanup:
sqlite3_free(aMetadataIn); sqlite3_free(aMetadataIn);
if (rc != SQLITE_OK) {
sqlite3_free(knn_data);
}
return rc; return rc;
} }