SQLite Forum

Use of unitialized variable in 3.32.1
Login
Thanks for the report!  The problem is now [fixed on trunk][1].

Notes:

  *  This only happens if SQLite is compiled with
     `-DSQLITE_ENABLE_EXPLAIN_COMMENTS` and with `-DSQLITE_ENABLE_STAT4`.
     Most builds of SQLite do not include either of those options.

  *  Even when it does happen, the uninitialized integer is the
     input to an %d format for a string that is used as a debugging
     comment in the byte-code.  So, in other words, the problem causes
     a goofy comment to appear in the comment column of the
     EXPLAIN output.  In other words, it is utterly harmless.

It is good that the problem was found.  (Thanks, borrrden!)
I only include the notes above to try to prevent a CVE from being
written with a scary headline:  "Critical Uninitialized Variable
Usage In SQLite 3.32.1"  How sad that CVE politics have degenerated
to the point that I feel the need to do that....

[1]: https://www.sqlite.org/src/info/1cb248a3fc4c35c5