Skip to content

sqlite: fix sqlite3_stmt leak in prepare create failure#62419

Open
araujogui wants to merge 1 commit intonodejs:mainfrom
araujogui:sqlite-stmt-leak
Open

sqlite: fix sqlite3_stmt leak in prepare create failure#62419
araujogui wants to merge 1 commit intonodejs:mainfrom
araujogui:sqlite-stmt-leak

Conversation

@araujogui
Copy link
Member

@araujogui araujogui commented Mar 24, 2026

If StatementSync::Create fails to allocate a JS object (OOM), the sqlite3_stmt prepared by sqlite3_prepare_v2 was leaked and a null pointer was silently inserted into db->statements_

@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Mar 24, 2026

Review requested:

  • @nodejs/sqlite

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. needs-ci PRs that need a full CI run. sqlite Issues and PRs related to the SQLite subsystem. labels Mar 24, 2026
@codecov
Copy link

codecov bot commented Mar 24, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 0% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 89.67%. Comparing base (2263b4d) to head (6a3fa74).
⚠️ Report is 5 commits behind head on main.

Files with missing lines Patch % Lines
src/node_sqlite.cc 0.00% 2 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #62419      +/-   ##
==========================================
- Coverage   89.68%   89.67%   -0.02%     
==========================================
  Files         676      676              
  Lines      206710   206713       +3     
  Branches    39584    39586       +2     
==========================================
- Hits       185398   185365      -33     
- Misses      13441    13485      +44     
+ Partials     7871     7863       -8
Files with missing lines Coverage Δ
src/node_sqlite.cc 80.71% <0.00%> (-0.10%) ⬇️

... and 37 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

louwers
louwers reviewed Mar 24, 2026
View reviewed changes
Copy link
Contributor

@louwers louwers left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can RAII be used instead?

@araujogui
Copy link
Member Author

araujogui commented Mar 24, 2026

Can RAII be used instead?

Well, we could use std::unique_ptr<sqlite3_stmt, decltype(&sqlite3_finalize)>, but I feel the current way is good enough.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@louwers louwers louwers left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

c++ Issues and PRs that require attention from people who are familiar with C++. needs-ci PRs that need a full CI run. sqlite Issues and PRs related to the SQLite subsystem.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@araujogui @nodejs-github-bot @louwers