Windows 7 64-bit crash

Hi, i am new in sqlcipher.
I use sqlcipher to encrypt sqlite3 database. I built sqlcipher.dll myself with source code which version is 3.41.2. I met crash several times. Sometimes error module name is ntdll.dll, sometimes error module is sqlcipher.dll. I met an error today. The error module name is ntdll.dll.

I use windbg to locate the root cause. The result is:

img_v2_11fe07c6-2729-461f-89eb-8cf98f66c30g1850×983 249 KB

I don’t know how to fix it. Could you please help me if you have met this issue. Thanks a lot.

Full info：
STACK_TEXT:
000000000e0ba680 0000000077698e54 : 0000000000000000 0000000000000000 000000000499fa60 000007feec8676a0 : ntdll!RtlpWaitOnCriticalSection+0xb4
000000000e0ba730 000007feec73383d : 0000000000000001 0000000000000000 0000000000000006 000000000e0ba768 : ntdll!RtlEnterCriticalSection+0xd1
000000000e0ba760 000007feec6d7a82 : 0000000000000006 000000000e0ba788 0000000000000000 000000000e0ba7a0 : sqlcipher!sqlite3_status+0xdefb2
000000000e0ba790 000000013f297f9d : 000000000e0ba880 000000000e0ba900 0000000000000006 0000000000000000 : sqlcipher!sqlite3_status+0x831f7
000000000e0ba810 000000013f29e8ca : 0000000009b9e90a 0000000009b9e90a 000000000e0ba9a0 0000000000000009 : RoadAcquisitionUI_N2_1_1_1_release+0x37f9d
000000000e0ba8a0 000000013f2b47a2 : 000000000e0bada0 0000000004995570 403f487f2c051695 000007fef86f0000 : RoadAcquisitionUI_N2_1_1_1_release+0x3e8ca
000000000e0babe0 0000000050367d0f : 00000000506e7660 0000000000000000 0000000004994fd0 00000000049955c0 : RoadAcquisitionUI_N2_1_1_1_release+0x547a2
000000000e0bad90 000000005037496d : 0000000004925e40 0000000000000003 0000000004925e40 0000000000000000 : Qt5Core!QMetaObject::activate+0x58f
000000000e0baeb0 000000005036d878 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : Qt5Core!QTimer::timerEvent+0x5d
000000000e0baef0 000000006e4f97f0 : 000000000486ab30 0000000002a00d60 0000000004925e40 0000000000000000 : Qt5Core!QObject::event+0x68
000000000e0bb090 000000006e4f87de : 00000000002ac840 000000000e0bb1c0 000000000e0bb858 0000000000000000 : Qt5Widgets!QApplicationPrivate::notify_helper+0x140
000000000e0bb0c0 0000000050348759 : 00000000047a2c00 0000000004925e40 000000000e0bb858 0000000004925e40 : Qt5Widgets!QApplication::notify+0x1a6e
000000000e0bb7b0 00000000503922ec : 00000000f952694b 0000000000000000 00000000047a2cf0 0000000000000000 : Qt5Core!QCoreApplication::notifyInternal2+0xb9
000000000e0bb830 0000000050390028 : 0000000000000000 00000000774468b2 fffffffffffffffe 00000000774488e4 : Qt5Core!QEventDispatcherWin32Private::sendTimerEvent+0xfc
000000000e0bb890 000000006e4f97f0 : 000000000486ab30 000000000486ab30 0000000002a00d60 00000000774488e4 : Qt5Core!QEventDispatcherWin32::event+0x158
000000000e0bb900 000000006e4f87de : 00000000002ac840 000000000e0bba30 0000000009829aa0 0000000000000083 : Qt5Widgets!QApplicationPrivate::notify_helper+0x140
000000000e0bb930 0000000050348759 : 0000000009829a00 00000000048938a0 0000000009829aa0 00000000048938a0 : Qt5Widgets!QApplication::notify+0x1a6e
000000000e0bc020 000000005034a5a1 : 0000000009ccddc4 0000000000000000 0000000009829aa0 0000000000000000 : Qt5Core!QCoreApplication::notifyInternal2+0xb9
000000000e0bc0a0 0000000050391429 : 0000000000000000 0000000000000000 0000000000000000 0000000009ccddd0 : Qt5Core!QCoreApplicationPrivate::sendPostedEvents+0x231
000000000e0bc170 0000000077449c11 : 000000000e0bc398 0000000000000000 0000000000000000 0000000000000038 : Qt5Core!QEventDispatcherWin32::processEvents+0xdf9
000000000e0bc2b0 000000007744992a : 000000000e0bc438 0000000050391050 0000000009cc1501 00000000007bda10 : user32!UserCallWinProcCheckWow+0x1ad
000000000e0bc370 0000000050390aed : 0000000000000024 0000000000000024 0000000000000001 0000000050391050 : user32!DispatchMessageWorker+0x3d0
000000000e0bc400 00000000503447f2 : 00000000047da460 0000000000000000 0000000004963b60 00000000002ac840 : Qt5Core!QEventDispatcherWin32::processEvents+0x4bd
000000000e0bf7b0 00000000501b2292 : 0000000009b9b9c0 0000000009b9b9c0 0000000009b9b950 0000000009ccdda0 : Qt5Core!QEventLoop::exec+0x1c2
000000000e0bf830 00000000501b7935 : 0000000009b9b9c0 0000000009b9b9c0 0000000009ccdda0 0000000009ccdda0 : Qt5Core!QThread::exec+0x92
000000000e0bf880 00000000775459cd : 0000000009b9b9c0 00000000048938a0 0000000000000000 0000000000000000 : Qt5Core!QThread::start+0x335
000000000e0bf8d0 000000007767a561 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : kernel32!BaseThreadInitThunk+0xd
000000000e0bf900 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : ntdll!RtlUserThreadStart+0x1d

THREAD_SHA1_HASH_MOD_FUNC: 3b441b03d612992613249197766d0519aa5ce4fe

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: cc38e8f33980f4b6416a3afefa3f419b17cb25d6

THREAD_SHA1_HASH_MOD: e8a37ecbb8eddf16cedc56a74f0f9dbe04a9297e

FAULT_INSTR_CODE: 15ffcb8b

SYMBOL_STACK_INDEX: 2

SYMBOL_NAME: sqlcipher!sqlite3_status+defb2

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: sqlcipher

IMAGE_NAME: sqlcipher.dll

DEBUG_FLR_IMAGE_TIMESTAMP: 64559c8e

STACK_COMMAND: ~39s ; .ecxr ; kb

FAILURE_BUCKET_ID: NULL_CLASS_PTR_WRITE_c0000005_sqlcipher.dll!sqlite3_status

BUCKET_ID: X64_APPLICATION_FAULT_NULL_CLASS_PTR_WRITE_NULL_CLASS_PTR_DEREFERENCE_INVALID_POINTER_WRITE_sqlcipher!sqlite3_status+defb2

FAILURE_EXCEPTION_CODE: c0000005

FAILURE_IMAGE_NAME: sqlcipher.dll

BUCKET_ID_IMAGE_STR: sqlcipher.dll

FAILURE_MODULE_NAME: sqlcipher

BUCKET_ID_MODULE_STR: sqlcipher

FAILURE_FUNCTION_NAME: sqlite3_status

BUCKET_ID_FUNCTION_STR: sqlite3_status

BUCKET_ID_OFFSET: defb2

BUCKET_ID_MODTIMEDATESTAMP: 64559c8e

BUCKET_ID_MODCHECKSUM: 0

BUCKET_ID_MODVER_STR: 3.41.2.0

BUCKET_ID_PREFIX_STR: X64_APPLICATION_FAULT_NULL_CLASS_PTR_WRITE_NULL_CLASS_PTR_DEREFERENCE_INVALID_POINTER_WRITE_

FAILURE_PROBLEM_CLASS: APPLICATION_FAULT

FAILURE_SYMBOL_NAME: sqlcipher.dll!sqlite3_status

TARGET_TIME: 2023-09-05T06:23:10.000Z

OSBUILD: 7601

OSSERVICEPACK: 23677

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 256

PRODUCT_TYPE: 1

OSPLATFORM_TYPE: x64

OSNAME: Windows 7

OSEDITION: Windows 7 WinNt (Service Pack 1) SingleUserTS

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: 2017-02-10 00:34:46

BUILDDATESTAMP_STR: 170209-0600

BUILDLAB_STR: win7sp1_ldr

BUILDOSVER_STR: 6.1.7601.23677

ANALYSIS_SESSION_ELAPSED_TIME: 951

ANALYSIS_SOURCE: UM

FAILURE_ID_HASH_STRING: um:null_class_ptr_write_c0000005_sqlcipher.dll!sqlite3_status

FAILURE_ID_HASH: {f572ce5f-48fa-70ff-46e3-3a1bdd2729dd}

Followup: MachineOwner

There is not enough information to advise on what is wrong here. Is your application code calling sqlite3_status() and if so under what circumstances?

There is no sqlite_status() called in my application code. Maybe sqlite3_status() was called in sqlcipher.dll.

Hello @hezonghua - can you provide a minimal reproduction of code that will trigger this crash? If so we might be able to investigate further. Barring that there isn’t enough information here for us to take action on.

Hello @sjlombardo, thank you for your support. I will paste code below due to could not upload attachments.
//class CDatabase:

//database.h:
#include “sqlcipher/sqlite3.h”

//database.cpp:
#include “database.h”
CommonStatus::CommonStatus CDatabase::open(const string p_dbname, sqlite3 **db)
{
int rc;
string print_str = “”;
const char *errmsg_ptr = nullptr;

rc = sqlite3_open(p_dbname.c_str(), db);
if (rc != SQLITE_OK) {
	//open database failed, will print error string log
	print_str = p_dbname;
	print_str.append(" open error");
	errmsg_ptr = sqlite3_errmsg(*db);
	if (errmsg_ptr) {
		print_str.append(errmsg_ptr);
	}
	
	return CommonStatus::database_open_failed;
}
else {
	return CommonStatus::success;
}
return CommonStatus::database_open_failed;

}

static int callback(void *data, int argc, char **argv, char **azColName) {
int i;
if (data == NULL)
{
return 0;
}
//sprintf_s((char )data, 100, “%s”, “sdferoptgergm”);
//fprintf(stderr, "%s: ", (const char)data);
for (i = 0; i < argc; i++) {
sprintf_s((char *)data, 1024, “%s%s:%s;”, (char *)data, azColName[i], argv[i] ? argv[i] : “NULL”);
}
printf(“\n”);
return 0;
}

CommonStatus::CommonStatus CDatabase::exec(string p_commont, sqlite3 * p_db, const string p_sql, char* p_data)
{
int rc;
char *zErrMsg = NULL;
string print_str = “”;
if (!p_db) {
print_str = “”;
print_str.append(“database is NULL”);
CCommon::WriteLogErr(QString(“[Error] %1: %2”).arg(FUNCTION).arg(LINE).toStdString() + print_str);
return CommonStatus::database_exec_failed;
}
rc = sqlite3_exec(p_db, p_sql.c_str(), callback, p_data, &zErrMsg);

if (rc != SQLITE_OK) {
	print_str = p_commont;
	print_str.append(" SQL exec error: ");
	print_str.append(rc + " ");
	if (zErrMsg) {
		print_str.append(zErrMsg);
	}

	//CCommon::WriteLogErr(QString("[Error] %1: %2").arg(__FUNCTION__).arg(__LINE__).toStdString() + print_str);
	sqlite3_free(zErrMsg);
	return CommonStatus::database_exec_failed;
}
else {
	;
}

return CommonStatus::success;

}

BOOL CDatabase::TableExists(const string p_dbname, const string p_table_name)
{
return false;
}

void CDatabase::close(sqlite3 * p_db)
{
sqlite3_close(p_db);
}

//class CDatabaseData:
//cpp
#include “database.h”

void CDatabaseData::initCollectRecordDb()
{
//create database file
CDatabase cdatabase;
string sql = “”;
sqlite3 *db = nullptr;

//collect record database file not exist
if (!CCommon::FileExists(m_collectRecordDataBaseName)) {
	sqlite3_initialize();
	if (cdatabase.open(m_collectRecordDataBaseName, &db) == CommonStatus::success) {
		sqlite3_key(db, STR_DB_PASSWD, strlen(STR_DB_PASSWD));//encrypt db with passwd

		sql = "CREATE TABLE \"record\" ( \
		\"id\" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, \
		\"back_calib_flag\" TEXT NOT NULL, \
		\"device_id\" TEXT NOT NULL, \
		\"road_code\" TEXT NOT NULL, \
		\"road_name\" TEXT,\
		\"drive_direction\" TEXT,\
		\"road_level\" TEXT,\
		\"road_type\" TEXT,\
		\"start_stake\" TEXT,\
		\"start_time\" TEXT,\
        \"end_time\" TEXT,\
        \"end_stake\" TEXT,\
        \"mileage\" TEXT,\
        \"road_remark\" TEXT,\
		\"total_mileage\" TEXT,\
        \"road_type_change\" TEXT,\
        \"road_level_change\" TEXT,\
        \"delete_record_time\" TEXT);";
		cdatabase.exec("m_collectRecordDataBaseName", db, sql, NULL);

		cdatabase.close(db);
	}
	else
	{
		CCommon::WriteLogErr(QString("[Debug] %1: %2: Open collect record failed!").arg(__FUNCTION__).arg(__LINE__).toStdString());
	}
	sqlite3_shutdown();
}

}

CommonStatus::CommonStatus CDatabaseData::AddBeginInfo(int nBackCalibrateFlag, string strDeviceID, string strRoadCode, string strRoadName, string strDriveDirection, string strRoadLevel, string strRoadType, string strStartStake, string strStartTime)
{
m_collect_record_db_inuse = true;
CDatabase cdatabase;
sqlite3 *db = NULL;
sqlite3 *dbb = NULL;
string sql = “”;
string sqll = “”;
if (CCommon::FileExists(m_collectRecordDataBaseName))
{
sqlite3_initialize();
if (cdatabase.open(m_collectRecordDataBaseName, &db) == CommonStatus::success)
{
sqlite3_key(db, STR_DB_PASSWD, strlen(STR_DB_PASSWD));//encrypt db with passwd

		sql = "insert into record (back_calib_flag,device_id,road_code,road_name,drive_direction,road_level,road_type,start_stake,start_time) values('" +
			to_string(nBackCalibrateFlag) + "','" + strDeviceID + "','" + strRoadCode + "','" +
			strRoadName + "','" + strDriveDirection + "','" + strRoadLevel + "','" +
			strRoadType + "','" + strStartStake + "','" + strStartTime + "');";
		CCommon::WriteLogErr(QString("[Debug] %1: %2: sql = %3.").arg(__FUNCTION__).arg(__LINE__).arg(sql.c_str()).toStdString());

		if (cdatabase.exec("AddBeginInfo", db, sql, NULL) == CommonStatus::success)
		{
			cdatabase.close(db);
			db = nullptr;
		}
		else
		{
			cdatabase.close(db);
			db = nullptr;
			CCommon::WriteLogErr(QString("[Error] %1: %2: execu add begin data to db failed").arg(__FUNCTION__).arg(__LINE__).toStdString());
			sqlite3_shutdown();
			goto ERRORRETURN;
		}
	}
	sqlite3_shutdown();
}
else
{
	DatabaseInit();
	goto ERRORRETURN;
}

m_collect_record_db_inuse = false;
return CommonStatus::success;

ERRORRETURN:
m_collect_record_db_inuse = false;
CCommon::WriteLogErr(QString(“[Error] %1: %2: add begin data to db failed”).arg(FUNCTION).arg(LINE).toStdString());
return CommonStatus::database_exec_failed;
}

CommonStatus::CommonStatus CDatabaseData::UpdateEndinfo(int nId, string strEndTime, string strCurrentStake, string strMileage, string strRoadRemark, string strTotalMileage, string strRoadTypeRecord, string strRoadLevelRecord)
{
string sql = “”;
CDatabase cdatabase;
sqlite3 *db_updata = NULL;

if (CCommon::FileExists(m_collectRecordDataBaseName))
{
	sqlite3_initialize();
	if (cdatabase.open(m_collectRecordDataBaseName, &db_updata) == CommonStatus::success)
	{
		sqlite3_key(db_updata, STR_DB_PASSWD, strlen(STR_DB_PASSWD));//encrypt db with passwd

		SqlGetLock(db_updata, 50);
		CCommon::WriteLogErr(QString("[Debug] %1: %2: Begin to make sql.").arg(__FUNCTION__).arg(__LINE__).toStdString());
		sql = QString().sprintf("update 'record' set end_time='%s',end_stake='%s',mileage='%s',road_remark='%s',total_mileage='%s',road_type_change='{%s}',road_level_change='{%s}' where id='%s'", strEndTime.c_str(), strCurrentStake.c_str(), strMileage.c_str(), strRoadRemark.c_str(), strTotalMileage.c_str(), strRoadTypeRecord.c_str(), strRoadLevelRecord.c_str(), to_string(nId)).toStdString();
		CCommon::WriteLogErr(QString("[Debug] %1: %2: sql = %3").arg(__FUNCTION__).arg(__LINE__).arg(sql.c_str()).toStdString());
		sqlite3_exec(db_updata, "PRAGMA synchronous = FULL; ", 0, 0, 0);
		CCommon::WriteLogErr(QString("[Debug] %1: %2: Before execute begin.").arg(__FUNCTION__).arg(__LINE__).toStdString());
		cdatabase.exec("UpdateEndInfo", db_updata, "begin;", NULL);
		CCommon::WriteLogErr(QString("[Debug] %1: %2: Before execute sql.").arg(__FUNCTION__).arg(__LINE__).toStdString());
		if (cdatabase.exec("UpdateEndInfo", db_updata, sql, NULL) == CommonStatus::success)
		{
			CCommon::WriteLogErr(QString("[Debug] %1: %2: Before execute commit.").arg(__FUNCTION__).arg(__LINE__).toStdString());
			cdatabase.exec("UpdateEndInfo", db_updata, "commit;", NULL);
			CCommon::WriteLogErr(QString("[Debug] %1: %2: Before close.").arg(__FUNCTION__).arg(__LINE__).toStdString());
			cdatabase.close(db_updata);
			CCommon::WriteLogErr(QString("[Debug] %1: %2: After close.").arg(__FUNCTION__).arg(__LINE__).toStdString());
			db_updata = NULL;
		}
		else
		{
			CCommon::WriteLogErr(QString("[Error] %1: %2: Execute update end data to db failed").arg(__FUNCTION__).arg(__LINE__).toStdString());
			cdatabase.exec("UpdateEndInfo", db_updata, "commit;", NULL);
			CCommon::WriteLogErr(QString("[Debug] %1: %2: Before close.").arg(__FUNCTION__).arg(__LINE__).toStdString());
			cdatabase.close(db_updata);
			CCommon::WriteLogErr(QString("[Debug] %1: %2: After close.").arg(__FUNCTION__).arg(__LINE__).toStdString());
			db_updata = NULL;
			sqlite3_shutdown();
			CCommon::WriteLogErr(QString("[Debug] %1: %2: After shutdown.").arg(__FUNCTION__).arg(__LINE__).toStdString());
			goto ERRORRETURN;
		}
	}
	sqlite3_shutdown();
	CCommon::WriteLogErr(QString("[Debug] %1: %2: After shutdown.").arg(__FUNCTION__).arg(__LINE__).toStdString());
}
else
{
	DatabaseInit();
	goto ERRORRETURN;
}

return CommonStatus::success;

ERRORRETURN:

return CommonStatus::database_exec_failed;

}

Hello @hezonghua - that looks like more than a minimal reproducible sample. I would suggest packaging your project completely and uploading to github so that it can be quickly downloaded. Be sure to include any and all dependencies and build scripts, along with a permissive open source license.