| Ticket Hash: | 3fe897352e8d8ceabbe9aa643f929a9a7ce988df | ||
| Title: | Malformed UTF16 leads to a 2-byte buffer overread | ||
| Status: | Fixed | Type: | Code_Defect |
| Severity: | Important | Priority: | Immediate |
| Subsystem: | Unknown | Resolution: | Fixed |
| Last Modified: |
2009-10-24 01:48:05 15.69 years ago |
Created: |
2009-10-23 17:22:24 15.69 years ago |
| Version Found In: | 3.6.16 | ||
| Description: | ||||
|
If a malformed UTF16 string that ends with the first half of a surrogate pair
is passed into SQLite through functions such as sqlite3_bind_text16()
then SQLite might read two bytes past the end of the string. This is
normally harmless, but if the string happens to end on a page boundary and
the next page is unmapped, a segfault could result.
shane added on 2009-10-24 01:48:05: | ||||