|
2013-05-06
| ||
| 13:45 | • Ticket [0eb70d77] Invalid pointer passed to the authorizer callback status still Fixed with 3 other changes (artifact: ee1c6f48 user: drh) | |
| 13:23 | • Fixed ticket [0eb70d77]. (artifact: 7fe0235d user: drh) | |
| 13:22 | Make sure the authorizer callback gets a valid pointer to "ROWID" for the column-name parameter when doing an UPDATE that changes the rowid. Fix for ticket [0eb70d77cb05bb2272]. (check-in: 26a59bb8 user: drh tags: trunk) | |
| 13:03 | • New ticket [0eb70d77] Invalid pointer passed to the authorizer callback. (artifact: 6ec5e901 user: drh) | |
| Ticket Hash: | 0eb70d77cb05bb227203136b38199c957bb32e63 | |||
| Title: | Invalid pointer passed to the authorizer callback | |||
| Status: | Fixed | Type: | Code_Defect | |
| Severity: | Important | Priority: | Immediate | |
| Subsystem: | Unknown | Resolution: | Fixed | |
| Last Modified: | 2013-05-06 13:45:39 | |||
| Version Found In: | 3.7.16.2 | |||
| User Comments: | ||||
|
drh added on 2013-05-06 13:03:05:
The UPDATE statement in the following code reads past the end of an array and passes an invalid pointer to the authorizer callback: CREATE TABLE t1(a,b,c,d,e,f,g,h); UPDATE t1 SET rowid=rowid+100; The problem can be seen by running the script above in the sqlite3 command-line shell using valgrind. This problem has been in the code since version 2.7.6 circa 2003-01-25 and appears to have been added by check-in [45de93f913a18026a]. The problem has not been noticed before now because it is obscure and mostly harmless - unless the authorizer is used on an UPDATE statement that changes the ROWID the worst that can happen is a single read past the end of an array. drh added on 2013-05-06 13:45:39: An additional requirement for hitting this bug is that the number of columns in the table being updated must be a multiple of 8. | ||||