Segfaults with SQLITE_LIMIT_LENGTH=0
(1) By hgarrereyn on 2021-09-03 09:42:56 [source]
The following code crashes with "AddressSanitizer: attempting free on address which was not malloc()-ed" in the sqlite3_prepare_v2
call. In different contexts it may also crash with a global stack underflow.
#include "sqlite3.h"
int main() {
sqlite3 *db;
sqlite3_open(":memory:", &db);
sqlite3_limit(db, SQLITE_LIMIT_LENGTH, 0);
sqlite3_stmt *stmt;
sqlite3_prepare_v2(db, "SELECT foo", 11, &stmt, 0);
sqlite3_finalize(stmt);
sqlite3_close(db);
}
Setting SQLITE_LIMIT_LENGTH to 0 doesn't make sense of course but perhaps this should be safeguarded, i.e. under the SQLITE_ENABLE_API_ARMOR flag.