Sqlite shows EXC_BAD_ACCESS in ios SDK

Question

This code is work perfectly in iphone,ipad simulator in both xcode 4.5 and xcode 4.6.Also Debug perfectly with device in xcode 4.5. but when i am trying to debug device in xcode 4.6.2 then this error shows.

This is the Query

NSString *insertQuery=[NSString stringWithFormat:@"Insert into %@ (ID,Question,Answer,Option1,Option2,Option3,Explanation,ImageName,Used) values(%d,'%@','%@','%@','%@','%@','%@','%@','%@')",table,[[d objectForKey:@"ID"]intValue],[d objectForKey:@"Question"],[d objectForKey:@"Answer"],[d objectForKey:@"Option1"],[d objectForKey:@"Option2"],[d objectForKey:@"Option3"],[d objectForKey:@"Explanation"],[d objectForKey:@"ImageName"],@"N"];
                        NSLog(@"insert query-%@",insertQuery);
                        [database executeNonQuery:insertQuery];

here is the code which shows the EXC_BAD_ACCESS error

- (BOOL)executeNonQuery:(NSString *)sql, ... 
    {
    va_list args;
    va_start(args, sql);

    NSMutableArray *argsArray = [[NSMutableArray alloc] init];
    NSUInteger i;
    for (i = 0; i < [sql length]; ++i)
         {
        if ([sql characterAtIndex:i] == '?')

                   [argsArray addObject:va_arg(args, id)]; //This line shows error.
    }

    va_end(args);

    BOOL success = [self executeNonQuery:sql arguments:argsArray];

    [argsArray release];
    return success;
   }

bbum · Answer 1 · 2013-05-07T14:57:27.463

2

Boy howdy that is some dangerous code; unprotected query composition + parsing! SQL Injection Attack potential is high!

The problem is that you are interpreting dynamically generated string contents with no consideration for what is in the strings. The version of Xcode is irrelevant.

When you compose your insertQuery and then pass it to executeNonQuery:, if that string contains any ? characters, then that will require another argument be passed to that method.

I.e. say [[d objectForKey:@"ID"]intValue] returns @"fd?Edfds???sdfefsads?f?"; that'll be interpreted as needing six arguments in your executeNonQuery: method.

BOOM

If you are going to compose a complete query into your insertQuery string, then you would need to pass it to whatever can directly evaluate the SQL. Looking at the call, I'd bet that executeNonQuery:arguments: will make yet another pass through the string and/or arguments to bind arguments to the ?s.

edited May 07 '13 at 14:57

answered May 07 '13 at 05:44

bbum

162,346
23
271
359

thanks for reply..but i am still confuse please give me an example how can i pass query directly to [database executenonquery:...] – utkal patel May 07 '13 at 06:57
[database executeNonQuery: @"INSERT INTO ? VALUES (?,?,?,?,?,?,?,?,?);",table,[[d objectForKey:@"ID"]intValue],[d objectForKey:@"Question"],[d objectForKey:@"Answer"],[d objectForKey:@"Option1"],[d objectForKey:@"Option2"],[d objectForKey:@"Option3"],[d objectForKey:@"Explanation"],[d objectForKey:@"ImageName"],@"N"]; //i tried this am i right..? – utkal patel May 07 '13 at 07:10
That would seem to be how the API is designed, yes. – bbum May 07 '13 at 14:56

Sqlite shows EXC_BAD_ACCESS in ios SDK

1 Answers1

Linked