/ Ticket Change Details
Login
Overview

Artifact ID: 72fdf8427d27b7e9a119f5724523ad9fa15c2c09
Ticket: e3a290961a63239fc1fb3d187e5c8d737dd7e6d2
out-of-bounds write when using non-default malloc implementation and SQLITE_DIRECT_OVERFLOW_READ
User & Date: dan 2014-10-01 11:54:22
Changes

  1. Change foundin to "trunk"
  2. Change icomment to:

    If SQLITE_DIRECT_OVERFLOW_READ is defined and a large text or blob field that is aligned with the start of an overflow page is read, SQLite may temporarily modify (and then restore) the contents of up to 4 bytes of space immediately before a buffer obtained from malloc(). Here:

    http://www.sqlite.org/src/artifact/ede8348a7d62?ln=4166

    Normally this is not a problem, as the default malloc implementation used by SQLite always allocates at least 4 bytes of space for bookkeeping purposes before each buffer returned to SQLite. However, some custom malloc implemenations, or occasionally the built-in memsys3 or memsys5 implemenations, may not do this. In those cases the results are undefined.

    Problem has existed for as long as SQLITE_DIRECT_OVERFLOW_READ has. Introduced by [2ab14a8467]. First published in version 3.7.9.

  3. Change login to "dan"
  4. Change mimetype to "text/x-fossil-plain"
  5. Change severity to "Important"
  6. Change status to "Open"
  7. Change title to:

    out-of-bounds write when using non-default malloc implementation and SQLITE_DIRECT_OVERFLOW_READ

  8. Change type to "Code_Defect"