chore(master): release sqlite-wasm 0.18.2 (#25)

Update nox e2e step

.github/actionlint.yaml

@@ -0,0 +1,3 @@
+self-hosted-runner:
+  labels:
+    - builder

.github/misc/module.yaml

@@ -0,0 +1,5 @@
+version: 0
+type: compiled
+name: sqlite3
+volumes:
+  sites: ./tmp

.github/release-please/config.json

@@ -0,0 +1,12 @@
+{
+  "bootstrap-sha": "c1fa069dcbadb1bf4bb076408ad4ddbd77c7ede0",
+  "release-type": "simple",
+  "bump-minor-pre-major": true,
+  "bump-patch-for-minor-pre-major": true,
+  "packages": {
+    ".": {
+      "package-name": "sqlite-wasm",
+      "component": "sqlite-wasm"
+    }
+  }
+}

.github/release-please/manifest.json

@@ -0,0 +1,3 @@
+{
+  ".": "0.18.2"
+}

.github/workflows/build.yml

@@ -0,0 +1,45 @@
+name: Build sqlite artifact
+
+on:
+  workflow_call:
+    inputs:
+      ref:
+        description: "git ref"
+        type: string
+        default: master
+
+jobs:
+  build:
+    name: "Build sqlite.wasm"
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          repository: fluencelabs/sqlite
+          ref: ${{ inputs.ref }}
+
+      - name: Setup wasi-sdk
+        run: |
+          curl -L https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-sdk-15/wasi-sdk-15.0-linux.tar.gz | tar xz -C ./
+          mv wasi-sdk-* wasi-sdk
+
+      - name: Setup Rust toolchain
+        uses: dsherret/rust-toolchain-file@v1
+
+      - name: Setup marine
+        uses: fluencelabs/setup-marine@v1
+        with:
+          artifact-name: "marine"
+
+      - name: Build sqlite-wasm
+        run: make
+
+      - name: Upload sqlite-wasm
+        uses: actions/upload-artifact@v3
+        with:
+          name: sqlite-wasm
+          path: sqlite3.wasm
+          if-no-files-found: error

.github/workflows/e2e.yml

@@ -0,0 +1,131 @@
+name: "e2e"
+
+on:
+  pull_request:
+    paths-ignore:
+      - "**.md"
+      - ".github/**"
+      - "!.github/workflows/e2e.yml"
+      - "!.github/workflows/snapshot.yml"
+      - "!.github/workflows/build.yml"
+    types:
+      - "labeled"
+      - "synchronize"
+      - "opened"
+      - "reopened"
+  push:
+    branches:
+      - "master"
+    paths-ignore:
+      - "**.md"
+      - ".github/**"
+      - "!.github/workflows/e2e.yml"
+      - "!.github/workflows/snapshot.yml"
+      - "!.github/workflows/build.yml"
+
+concurrency:
+  group: "${{ github.workflow }}-${{ github.ref }}"
+  cancel-in-progress: true
+
+jobs:
+  build:
+    name: "sqlite"
+    if: >
+      github.event_name == 'push' ||
+      contains(github.event.pull_request.labels.*.name, 'e2e')
+    uses: ./.github/workflows/build.yml
+    with:
+      ref: ${{ github.ref }}
+
+  snapshot:
+    needs: build
+    name: "sqlite-wasm"
+    uses: fluencelabs/sqlite-wasm-connector/.github/workflows/snapshot.yml@master
+
+  spell:
+    needs:
+      - snapshot
+    uses: fluencelabs/spell/.github/workflows/snapshot.yml@main
+    with:
+      cargo-dependencies: |
+        [
+          {
+            "package": "marine-sqlite-connector",
+            "version": "=${{ needs.snapshot.outputs.version }}",
+            "registry": "fluence"
+          }
+        ]
+
+  decider:
+    needs:
+      - spell
+    uses: fluencelabs/decider/.github/workflows/snapshot.yml@main
+    with:
+      cargo-dependencies: |
+        [
+          {
+            "package": "fluence-spell-dtos",
+            "version": "=${{ needs.spell.outputs.cargo-version }}",
+            "registry": "fluence"
+          }
+        ]
+
+  nox:
+    needs:
+      - spell
+      - decider
+
+    uses: fluencelabs/nox/.github/workflows/build.yml@master
+    with:
+      cargo-dependencies: |
+        [
+          {
+            "package": "fluence-spell-dtos",
+            "version": "=${{ needs.spell.outputs.cargo-version }}",
+            "registry": "fluence"
+          },
+          {
+            "package": "fluence-spell-distro",
+            "version": "=${{ needs.spell.outputs.cargo-version }}",
+            "registry": "fluence"
+          },
+          {
+            "package": "decider-distro",
+            "version": "=${{ needs.decider.outputs.cargo-version }}",
+            "manifest": "crates/system-services/Cargo.toml",
+            "registry": "fluence"
+          }
+        ]
+
+  nox-snapshot:
+    name: "nox"
+    needs:
+      - nox
+
+    uses: fluencelabs/nox/.github/workflows/container.yml@master
+    with:
+      image-name: "docker.fluence.dev/sqlite"
+
+  spell-aqua-tests:
+    name: "spell"
+    needs:
+      - nox-snapshot
+    uses: fluencelabs/spell/.github/workflows/tests.yml@main
+    with:
+      nox-image: "${{ needs.nox-snapshot.outputs.nox-image }}"
+
+  registry:
+    needs:
+      - snapshot
+      - nox-snapshot
+    uses: fluencelabs/registry/.github/workflows/tests.yml@main
+    with:
+      nox-image: "${{ needs.nox-snapshot.outputs.nox-image }}"
+      cargo-dependencies: |
+        [
+          {
+            "package": "marine-sqlite-connector",
+            "version": "=${{ needs.snapshot.outputs.version }}",
+            "registry": "fluence"
+          }
+        ]

.github/workflows/lint.yml

@@ -0,0 +1,35 @@
+name: lint
+
+on:
+  pull_request:
+    types:
+      - opened
+      - edited
+      - synchronize
+
+concurrency:
+  group: "${{ github.workflow }}-${{ github.ref }}"
+  cancel-in-progress: true
+
+jobs:
+  pr:
+    name: Validate PR title
+    runs-on: ubuntu-latest
+    steps:
+      - uses: amannn/action-semantic-pull-request@v5
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  reviewdog:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Lint actions
+        uses: reviewdog/action-actionlint@v1
+        env:
+          SHELLCHECK_OPTS: "-e SC2086 -e SC2207 -e SC2128 -e SC2035"
+        with:
+          reporter: github-pr-check
+          fail_on_error: true

.github/workflows/release.yml

@@ -0,0 +1,77 @@
+name: "release"
+
+on:
+  push:
+    branches:
+      - "master"
+
+concurrency:
+  group: "${{ github.workflow }}-${{ github.ref }}"
+
+jobs:
+  release-please:
+    runs-on: ubuntu-latest
+
+    outputs:
+      release-created: ${{ steps.release.outputs['release_created'] }}
+      tag-name: ${{ steps.release.outputs['tag_name'] }}
+      version: ${{ steps.release.outputs['version'] }}
+      pr: ${{ steps.release.outputs['pr'] }}
+
+    steps:
+      - name: Run release-please
+        id: release
+        uses: google-github-actions/release-please-action@v3
+        with:
+          token: ${{ secrets.FLUENCEBOT_RELEASE_PLEASE_PAT }}
+          command: manifest
+          config-file: .github/release-please/config.json
+          manifest-file: .github/release-please/manifest.json
+
+      - name: Show output from release-please
+        if: steps.release.outputs.releases_created
+        env:
+          RELEASE_PLEASE_OUTPUT: ${{ toJSON(steps.release.outputs) }}
+        run: echo "${RELEASE_PLEASE_OUTPUT}" | jq
+
+  build:
+    if: needs.release-please.outputs.release-created
+    needs: release-please
+    uses: ./.github/workflows/build.yml
+    with:
+      ref: ${{ github.ref }}
+
+  publish:
+    runs-on: ubuntu-latest
+    needs:
+      - release-please
+      - build
+
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Download sqlite-wasm
+        uses: actions/download-artifact@v3
+        with:
+          name: sqlite-wasm
+          path: artifacts/
+
+      - name: Create archive
+        run: tar caf artifacts/sqlite3.tar.gz -C ./artifacts/ sqlite3.wasm -C ../.github/misc/ module.yaml
+
+      - name: Generate checksums
+        id: sum
+        run: |
+          sha256sum * | tee > sqlite3_SHA256_SUMS
+        working-directory: artifacts
+
+      - name: Upload binaries
+        uses: softprops/action-gh-release@v1
+        with:
+          files: |
+            artifacts/*
+          tag_name: ${{ needs.release-please.outputs.tag-name }}

.gitignore

@@ -1,3 +1,4 @@
+wasi-sdk*
 # IntelliJ
 .idea
 

CHANGELOG.md

@@ -0,0 +1,15 @@
+# Changelog
+
+## [0.18.2](https://github.com/fluencelabs/sqlite/compare/sqlite-wasm-v0.18.1...sqlite-wasm-v0.18.2) (2023-12-25)
+
+
+### Bug Fixes
+
+* fix use-after-free when using sqlite_bind_text/sqlite_bind_blob with sqlite_step ([#24](https://github.com/fluencelabs/sqlite/issues/24)) ([13a62f2](https://github.com/fluencelabs/sqlite/commit/13a62f2b1017e2e5e860951bf01516c0aea739a0))
+
+## [0.18.1](https://github.com/fluencelabs/sqlite/compare/sqlite-wasm-v0.18.0...sqlite-wasm-v0.18.1) (2023-04-06)
+
+
+### Bug Fixes
+
+* bind_text and bind_blob string arguments clean up ([#18](https://github.com/fluencelabs/sqlite/issues/18)) ([258b8d1](https://github.com/fluencelabs/sqlite/commit/258b8d11b6beadf625dbeb69bd98da1b2b40176c))

Dockerfile

@@ -7,12 +7,10 @@ RUN apt update \
     git \
     make \
     pkg-config \
-    libtinfo6 \
-    cargo
+    libtinfo6
 
-RUN cargo install marine --version 0.12.7
-RUN curl -L https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-sdk-15/wasi-sdk-15.0-linux.tar.gz | tar xz -C /
+RUN mkdir -p ~/.local/bin && curl -L https://github.com/fluencelabs/marine/releases/download/marine-v0.14.1/marine-linux-x86_64 -o ~/.local/bin/marine && chmod +x ~/.local/bin/marine
 
 VOLUME /code
 WORKDIR /code
-CMD make
+ENTRYPOINT /code/entrypoint.sh

Makefile

@@ -1,6 +1,6 @@
 TARGET = sqlite3
-CC = /wasi-sdk-15.0/bin/clang
-SYSROOT = /wasi-sdk-15.0/share/wasi-sysroot
+CC = ./wasi-sdk/bin/clang
+SYSROOT = ./wasi-sdk/share/wasi-sysroot
 TARGET_TRIPLE = wasm32-wasi
 CFLAGS = -fvisibility=hidden
 SDK = sdk/logger.h
@@ -26,10 +26,10 @@ EXPORT_FUNCS = \
 	--export=sqlite3_column_name_,$\
 	--export=sqlite3_step,$\
 	--export=sqlite3_reset,$\
-	--export=sqlite3_bind_blob,$\
+	--export=sqlite3_bind_blob_,$\
 	--export=sqlite3_bind_double,$\
 	--export=sqlite3_bind_int64,$\
-	--export=sqlite3_bind_text,$\
+	--export=sqlite3_bind_text_,$\
 	--export=sqlite3_bind_null,$\
 	--export=sqlite3_column_count,$\
 	--export=sqlite3_column_double,$\
@@ -164,8 +164,8 @@ all: default
 
 $(TARGET): $(SQLITE_SRC) $(WRAPPER_SRC)
 	$(CC) -O3 --sysroot=$(SYSROOT) --target=$(TARGET_TRIPLE) $(SQLITE_FLAGS) $(CFLAGS) $(LDFLAGS) -Wl,$(EXPORT_FUNCS) $^ -o $@.wasm
-	/root/.cargo/bin/marine set version -i ./sqlite3.wasm -v 0.7.0
-	/root/.cargo/bin/marine set it -i ./sqlite3.wasm -w sqlite3.wit
+	marine set version -i ./sqlite3.wasm -v $(shell cat version.txt)
+	marine set it -i ./sqlite3.wasm -w sqlite3.wit
 
 .PRECIOUS: $(TARGET)
 

docker-compose.yml

@@ -5,4 +5,4 @@ services:
       context: .
     container_name: sqlite3_builder
     volumes:
-     - .:/code
+     - ./:/code

entrypoint.sh

@@ -0,0 +1,5 @@
+export PATH="${PATH}:/root/.cargo/bin:/root/.local/bin"
+curl -L https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-sdk-15/wasi-sdk-15.0-linux.tar.gz | tar xz -C .
+rm -rf wasi-sdk
+mv -f wasi-sdk-* wasi-sdk
+make

rust-toolchain.toml

@@ -0,0 +1,9 @@
+[toolchain]
+channel = "nightly-2023-08-27"
+components = [
+  "rustfmt",
+  "clippy",
+]
+targets = [
+  "x86_64-unknown-linux-gnu",
+]

src/vdbeapi.c

@@ -1528,21 +1528,30 @@ static int bindText(sqlite3_stmt *pStmt, /* The statement to bind against */
 /*
 ** Bind a blob value to an SQL statement variable.
 */
-int sqlite3_bind_blob(sqlite3_stmt *pStmt, int i, const void *zData, int nData,
-                      void (*xDel)(void *)) {
+#ifndef __sqlite_unmodified_upstream
+int sqlite3_bind_blob_(sqlite3_stmt *pStmt, int i, const void *zData, int nData,
+                      void (*xDel)(void *))
+    __attribute__((export_name("sqlite3_bind_blob"))) {
 #ifdef SQLITE_ENABLE_API_ARMOR
   if (nData < 0)
     return SQLITE_MISUSE_BKPT;
 #endif
 
-#ifdef __sqlite_unmodified_upstream
-  return bindText(pStmt, i, zData, nData, xDel, 0);
-#else
-  // xDel is a custom deallocator and if it is not SQLITE_STATIC
-  // due to our IT architecture it can't be provided from other modules.
-  return bindText(pStmt, i, zData, nData,
-    (xDel==SQLITE_STATIC || xDel==SQLITE_TRANSIENT)?xDel:free, 0);
+  // xDel is a custom deallocator and due to our IT architecture it can't be provided from other modules.
+  // However the memory zData uses has to be cleaned up eventually.
+  // So, it is cleared as intended in IT, and xDel is set to SQLITE_TRANSIENT to make sqlite copy the data.
+  add_object_to_release((void*)zData);
+  return bindText(pStmt, i, zData, nData, SQLITE_TRANSIENT, 0);
+}
 #endif
+
+int sqlite3_bind_blob(sqlite3_stmt *pStmt, int i, const void *zData, int nData,
+                      void (*xDel)(void *)) {
+#ifdef SQLITE_ENABLE_API_ARMOR
+  if (nData < 0) return SQLITE_MISUSE_BKPT;
+#endif
+
+  return bindText(pStmt, i, zData, nData, xDel, 0);
 }
 int sqlite3_bind_blob64(sqlite3_stmt *pStmt, int i, const void *zData,
                         sqlite3_uint64 nData, void (*xDel)(void *)) {
@@ -1594,17 +1603,24 @@ int sqlite3_bind_pointer(sqlite3_stmt *pStmt, int i, void *pPtr,
   }
   return rc;
 }
+
 int sqlite3_bind_text(sqlite3_stmt *pStmt, int i, const char *zData, int nData,
                       void (*xDel)(void *)) {
-#ifdef __sqlite_unmodified_upstream
   return bindText(pStmt, i, zData, nData, xDel, SQLITE_UTF8);
-#else
-  // xDel is a custom deallocator and if it is not SQLITE_STATIC
-  // due to our IT architecture it can't be provided from other modules.
-  return bindText(pStmt, i, zData, nData,
-    (xDel==SQLITE_STATIC || xDel==SQLITE_TRANSIENT)?xDel:free, SQLITE_UTF8);
-#endif
 }
+
+#ifndef __sqlite_unmodified_upstream
+int sqlite3_bind_text_(sqlite3_stmt *pStmt, int i, const char *zData, int nData,
+                      void (*xDel)(void *))
+    __attribute__((export_name("sqlite3_bind_text"))) {
+  // xDel is a custom deallocator and due to our IT architecture it can't be provided from other modules.
+  // However the memory zData uses has to be cleaned up eventually.
+  // So, it is cleared as intended in IT, and xDel is set to SQLITE_TRANSIENT to make sqlite copy the data.
+  add_object_to_release((void*)zData);
+  return bindText(pStmt, i, zData, nData, SQLITE_TRANSIENT, SQLITE_UTF8);
+}
+#endif
+
 int sqlite3_bind_text64(sqlite3_stmt *pStmt, int i, const char *zData,
                         sqlite3_uint64 nData, void (*xDel)(void *),
                         unsigned char enc) {

version.txt

@@ -0,0 +1 @@
+0.18.2