| Ticket Hash: | 3fe897352e8d8ceabbe9aa643f929a9a7ce988df | |||
| Title: | Malformed UTF16 leads to a 2-byte buffer overread | |||
| Status: | Fixed | Type: | Code_Defect | |
| Severity: | Important | Priority: | Immediate | |
| Subsystem: | Unknown | Resolution: | Fixed | |
| Last Modified: | 2009-10-24 01:48:05 | |||
| Version Found In: | 3.6.16 | |||
| Description: | ||||
|
If a malformed UTF16 string that ends with the first half of a surrogate pair
is passed into SQLite through functions such as sqlite3_bind_text16()
then SQLite might read two bytes past the end of the string. This is
normally harmless, but if the string happens to end on a page boundary and
the next page is unmapped, a segfault could result.
shane added on 2009-10-24 01:48:05: | ||||