Add null checks to prevent SIGSEGV when getTableByName returns null

rachavz · Raul Chavez · commit 9bc0dc4fc957 · 2026-04-01T06:23:15.000-07:00
When a table name stored in sqlite_master differs in case from the name in the CREATE TABLE statement (e.g. databases created by Turso), the getTableByName lookup could return a null TablePtr. Multiple call sites dereferenced the result without checking for null, causing SIGSEGV crashes. This complements the case-insensitive lookup fix (commit 222e430) by adding defensive null checks at all remaining unprotected call sites in the browse data path and related operations. Fixes #4110
diff --git a/src/TableBrowser.cpp b/src/TableBrowser.cpp
@@ -897,15 +897,18 @@ void TableBrowser::applyViewportSettings(const BrowseDataTableSettings& storedDa
 
     // Show/hide some menu options depending on whether this is a table or a view
     const auto table = db->getTableByName(tablename);
-    if(!table->isView())
+    if(table)
     {
-        // Table
-        ui->actionUnlockViewEditing->setVisible(false);
-        ui->actionShowRowidColumn->setVisible(!table->withoutRowidTable());
-    } else {
-        // View
-        ui->actionUnlockViewEditing->setVisible(true);
-        ui->actionShowRowidColumn->setVisible(false);
+        if(!table->isView())
+        {
+            // Table
+            ui->actionUnlockViewEditing->setVisible(false);
+            ui->actionShowRowidColumn->setVisible(!table->withoutRowidTable());
+        } else {
+            // View
+            ui->actionUnlockViewEditing->setVisible(true);
+            ui->actionShowRowidColumn->setVisible(false);
+        }
     }
 
     // Frozen columns
@@ -990,8 +993,11 @@ void TableBrowser::generateFilters()
     FilterTableHeader* filterHeader = qobject_cast<FilterTableHeader*>(ui->dataTable->horizontalHeader());
     bool oldState = filterHeader->blockSignals(true);
     auto obj = db->getTableByName(currentlyBrowsedTableName());
-    for(auto filterIt=settings.filterValues.cbegin();filterIt!=settings.filterValues.cend();++filterIt)
-        ui->dataTable->setFilter(sqlb::getFieldNumber(obj, filterIt->first) + 1, filterIt->second);
+    if(obj)
+    {
+        for(auto filterIt=settings.filterValues.cbegin();filterIt!=settings.filterValues.cend();++filterIt)
+            ui->dataTable->setFilter(sqlb::getFieldNumber(obj, filterIt->first) + 1, filterIt->second);
+    }
     filterHeader->blockSignals(oldState);
 
     ui->actionClearFilters->setEnabled(m_model->filterCount() > 0 || !ui->editGlobalFilter->text().isEmpty());
@@ -1447,7 +1453,10 @@ void TableBrowser::editDisplayFormat()
     // column is always the rowid column. Ultimately, get the column name from the column object
     sqlb::ObjectIdentifier current_table = currentlyBrowsedTableName();
     size_t field_number = sender()->property("clicked_column").toUInt();
-    QString field_name = QString::fromStdString(db->getTableByName(current_table)->fields.at(field_number-1).name());
+    auto tbl = db->getTableByName(current_table);
+    if(!tbl || field_number < 1 || field_number > tbl->fields.size())
+        return;
+    QString field_name = QString::fromStdString(tbl->fields.at(field_number-1).name());
 
     // Get the current display format of the field
     QString current_displayformat = m_settings[current_table].displayFormats[field_number];
@@ -1548,7 +1557,10 @@ void TableBrowser::setDefaultTableEncoding()
 void TableBrowser::copyColumnName(){
     sqlb::ObjectIdentifier current_table = currentlyBrowsedTableName();
     int col_index = ui->actionBrowseTableEditDisplayFormat->property("clicked_column").toInt();
-    QString field_name = QString::fromStdString(db->getTableByName(current_table)->fields.at(col_index - 1).name());
+    auto tbl = db->getTableByName(current_table);
+    if(!tbl || col_index < 1 || col_index > static_cast<int>(tbl->fields.size()))
+        return;
+    QString field_name = QString::fromStdString(tbl->fields.at(col_index - 1).name());
 
     QClipboard *clipboard = QApplication::clipboard();
     clipboard->setText(field_name);
diff --git a/src/sqlitedb.cpp b/src/sqlitedb.cpp
@@ -1333,7 +1333,10 @@ bool DBBrowserDB::getRow(const sqlb::ObjectIdentifier& table, const QString& row
     std::string query = "SELECT * FROM " + table.toString() + " WHERE ";
 
     // For a single rowid column we can use a simple WHERE condition, for multiple rowid columns we have to use sqlb_make_single_value to decode the composed rowid values.
-    sqlb::StringVector pks = getTableByName(table)->rowidColumns();
+    auto tbl = getTableByName(table);
+    if(!tbl)
+        return false;
+    sqlb::StringVector pks = tbl->rowidColumns();
     if(pks.size() == 1)
         query += sqlb::escapeIdentifier(pks.front()) + "='" + rowid.toStdString() + "'";
     else
@@ -1375,14 +1378,18 @@ unsigned long DBBrowserDB::max(const sqlb::ObjectIdentifier& tableName, const st
     // If, however, there is a sequence table in this database and the given column is the primary key of the table, we try to look up a value in the sequence table
     if(schemata.at(tableName.schema()).tables.count("sqlite_sequence"))
     {
-        auto pk = getTableByName(tableName)->primaryKeyColumns();
-        if(pk.size() == 1 && pk.front().name() == field)
+        auto tbl = getTableByName(tableName);
+        if(tbl)
         {
-            // This SQL statement tries to do two things in one statement: get the current sequence number for this table from the sqlite_sequence table or, if there is no record for the table, return the highest integer value in the given column.
-            // This works by querying the sqlite_sequence table and using an aggregate function (SUM in this case) to make sure to always get exactly one result row, no matter if there is a sequence record or not. We then let COALESCE decide
-            // whether to return that sequence value if there is one or fall back to the SELECT MAX statement from avove if there is no sequence value.
-            query = "SELECT COALESCE(SUM(seq), (" + query + ")) FROM sqlite_sequence WHERE name=" + sqlb::escapeString(tableName.name());
-         }
+            auto pk = tbl->primaryKeyColumns();
+            if(pk.size() == 1 && pk.front().name() == field)
+            {
+                // This SQL statement tries to do two things in one statement: get the current sequence number for this table from the sqlite_sequence table or, if there is no record for the table, return the highest integer value in the given column.
+                // This works by querying the sqlite_sequence table and using an aggregate function (SUM in this case) to make sure to always get exactly one result row, no matter if there is a sequence record or not. We then let COALESCE decide
+                // whether to return that sequence value if there is one or fall back to the SELECT MAX statement from avove if there is no sequence value.
+                query = "SELECT COALESCE(SUM(seq), (" + query + ")) FROM sqlite_sequence WHERE name=" + sqlb::escapeString(tableName.name());
+            }
+        }
     }
 
     return querySingleValueFromDb(query).toULong();
@@ -1789,7 +1796,9 @@ bool DBBrowserDB::alterTable(const sqlb::ObjectIdentifier& tablename, const sqlb
     if(changed_something)
     {
         updateSchema();
-        old_table = *getTableByName(sqlb::ObjectIdentifier(tablename.schema(), new_table.name()));
+        auto newTbl = getTableByName(sqlb::ObjectIdentifier(tablename.schema(), new_table.name()));
+        if(newTbl)
+            old_table = *newTbl;
     }
 
     // Check if there's still more work to be done or if we are finished now
diff --git a/src/sqlitetablemodel.cpp b/src/sqlitetablemodel.cpp
@@ -132,6 +132,12 @@ void SqliteTableModel::setQuery(const sqlb::Query& query)
 
     // Set the row id columns
     m_table_of_query = m_db.getTableByName(query.table());
+    if(!m_table_of_query)
+    {
+        // Table not found in schema (e.g. case mismatch between sqlite_master and SQL statement, or table dropped).
+        // Cannot proceed without table metadata.
+        return;
+    }
     if(!m_table_of_query->isView())
     {
         // It is a table
