> One example of this occurred circa 2013-08-30 on the canonical repository for the Fossil DVCS. In that event, file descriptor 2 (standard error) was being erroneously closed (by stunnel, we suspect) prior to sqlite3_open_v2() so that the file descriptor used for the repository database file was 2. Later, an application bug caused an assert() statement to emit an error message by invoking write(2,...). But since file descriptor 2 was now connected to a database file, the error message overwrote part of the database.
Kind of crazy that this is an issue in modern operating systems. There are just so many ways to avoid this obvious footgun of an API design. stdin/out/err should be reserved file descriptors. In fact, why reuse file descriptors at all? Just count up.
nok22kon 6 hours ago [-]
> Multiple copies of SQLite linked into the same application
I had recent SQLite corruption, and I suspect it was this - I was accessing an SQLite database from the same python process using both the builtin sqlite3 package, and also the third party apsw library
webprofusion 6 hours ago [-]
Interesting that it doesn't specifically call out Anti-Virus scanning (which does occasionally result in at least one of these scenarios). I've seen many SQLite database become corrupted and the best you can do is have a backup.
BiteCode_dev 1 hours ago [-]
I had one machine on my entire client's network that could never download a LibreOffice document without it being corrupted.
Turns out it was kaspersky intercepting network calls, and deciding it was a very dangerous piece of file, and it would truncate it completely silently.
After wasting a non-billable afternoon on it, I just disabled the antivirus out of desperation and figured it out.
The solution was to generate a self signed certificate and TLS the connection and prevent the bugger to MITM us.
Since this day, even on a local network with behind a proxies and using a VPN, I still use https for all the services if I'm allowed.
wolfi1 4 hours ago [-]
if processes lock the file shouldn't AV refrain from reading or even writing it?
rcxdude 2 hours ago [-]
Nope, AV hooks into the filesystem layer (the NT kernel has 'filesystem filters' for this) and intercepts all reads and writes on the system.
5 hours ago [-]
linzhangrun 3 days ago [-]
Interesting title for official SQLite documentation :)
unfocso 3 days ago [-]
The whole sqlite documentation is full of gold gems and other curious documents mostly to appease bureocrats and big companies. It doubles as a fun read other than being incredibly useful.
It’s impressive. To admit fallibility is to be honest. It represents confidence.
search_facility 3 hours ago [-]
Also represents good test coverage
zeroimpl 6 hours ago [-]
So is the official pronunciation of SQLite spelling out the letters then? I’d expect “a” not “an”…
cyberax 6 hours ago [-]
I have never heard it pronounced in any other way than "s-q-lite".
5 hours ago [-]
red1oon 4 days ago [-]
Article date is Jan 2022.
This changes when SQLite runs as WASM in a browser — a context that only became properly viable with OPFS synchronous access handles in mid-2022.
andrewl 3 days ago [-]
The January 6, 2022 date at the bottom of the page is not the date the page was last updated. It is the date problem 8.9 (Boundary value error in the secondary journals used by nested transactions) directly above it was fixed. The date at the very bottom of the screen in the middle says the page itself was last updated on 2026-04-13.
How to Corrupt an SQLite Database File - https://news.ycombinator.com/item?id=41846796 - Oct 2024 (1 comment)
How to Corrupt an SQLite Database File - https://news.ycombinator.com/item?id=33503555 - Nov 2022 (1 comment)
How to Corrupt an SQLite Database File - https://news.ycombinator.com/item?id=31214131 - April 2022 (139 comments)
How to Corrupt an SQLite Database File - https://news.ycombinator.com/item?id=16579986 - March 2018 (10 comments)
How to Corrupt an SQLite Database File - https://news.ycombinator.com/item?id=6502229 - Oct 2013 (63 comments)
Kind of crazy that this is an issue in modern operating systems. There are just so many ways to avoid this obvious footgun of an API design. stdin/out/err should be reserved file descriptors. In fact, why reuse file descriptors at all? Just count up.
I had recent SQLite corruption, and I suspect it was this - I was accessing an SQLite database from the same python process using both the builtin sqlite3 package, and also the third party apsw library
Turns out it was kaspersky intercepting network calls, and deciding it was a very dangerous piece of file, and it would truncate it completely silently.
After wasting a non-billable afternoon on it, I just disabled the antivirus out of desperation and figured it out.
The solution was to generate a self signed certificate and TLS the connection and prevent the bugger to MITM us.
Since this day, even on a local network with behind a proxies and using a VPN, I still use https for all the services if I'm allowed.
See, for example: "Defense about the dark arts" (https://sqlite.org/security.Html) and "Why in C?" saying "Because C is best."