Function in `carray.c`
```
413 SQLITE_API int sqlite3_carray_bind
```
There is `memcpy()` in case of `data type != CARRAY_TEXT` which implies that `sz` is size of data type and `nData` is number of array entries.
```
467 memcpy(pNew->aData, aData, sz*nData);
```
But in this section earlier `sz` was already multiplied by size of data type.
```
433 sqlite3_int64 sz = nData;
434 switch( mFlags & 0x03 ){
435 case CARRAY_INT32: sz *= 4; break;
436 case CARRAY_INT64: sz *= 8; break;
437 case CARRAY_DOUBLE: sz *= 8; break;
438 case CARRAY_TEXT: sz *= sizeof(char*); break;
439 }
```
And in fact it was properly handled on another line but not on the 467 memcpy one
```
446 pNew->aData = sqlite3_malloc64( sz );
```
This leads to `memcpy` read and write overflows which makes my app crash spontaneously.
After I've changed line 467 as showed below crashes stopped.
```
467 memcpy(pNew->aData, aData, sz);
```