SQLite

Ticket Change Details
Login
Overview

Artifact ID: 72fdf8427d27b7e9a119f5724523ad9fa15c2c09
Ticket: e3a290961a63239fc1fb3d187e5c8d737dd7e6d2
out-of-bounds write when using non-default malloc implementation and SQLITE_DIRECT_OVERFLOW_READ
User & Date: dan 2014-10-01 11:54:22
Changes

  1. foundin changed to: "trunk"
  2. icomment:
    If SQLITE_DIRECT_OVERFLOW_READ is defined and a large text or blob field that is aligned with the start of an overflow page is read, SQLite may temporarily modify (and then restore) the contents of up to 4 bytes of space immediately before a buffer obtained from malloc(). Here: 
    
      [http://www.sqlite.org/src/artifact/ede8348a7d62?ln=4166]
    
    Normally this is not a problem, as the default malloc implementation used by SQLite always allocates at least 4 bytes of space for bookkeeping purposes before each buffer returned to SQLite. However, some custom malloc implemenations, or occasionally the built-in memsys3 or memsys5 implemenations, may not do this. In those cases the results are undefined.
    
    Problem has existed for as long as SQLITE_DIRECT_OVERFLOW_READ has. Introduced by [2ab14a8467]. First published in version 3.7.9.
    
  3. login: "dan"
  4. mimetype: "text/x-fossil-plain"
  5. severity changed to: "Important"
  6. status changed to: "Open"
  7. title changed to:
    out-of-bounds write when using non-default malloc implementation and SQLITE_DIRECT_OVERFLOW_READ
    
  8. type changed to: "Code_Defect"