Overview
Artifact ID: | 72fdf8427d27b7e9a119f5724523ad9fa15c2c09 |
---|---|
Ticket: | e3a290961a63239fc1fb3d187e5c8d737dd7e6d2
out-of-bounds write when using non-default malloc implementation and SQLITE_DIRECT_OVERFLOW_READ |
User & Date: | dan 2014-10-01 11:54:22 |
Changes
- foundin changed to: "trunk"
- icomment:
If SQLITE_DIRECT_OVERFLOW_READ is defined and a large text or blob field that is aligned with the start of an overflow page is read, SQLite may temporarily modify (and then restore) the contents of up to 4 bytes of space immediately before a buffer obtained from malloc(). Here: [http://www.sqlite.org/src/artifact/ede8348a7d62?ln=4166] Normally this is not a problem, as the default malloc implementation used by SQLite always allocates at least 4 bytes of space for bookkeeping purposes before each buffer returned to SQLite. However, some custom malloc implemenations, or occasionally the built-in memsys3 or memsys5 implemenations, may not do this. In those cases the results are undefined. Problem has existed for as long as SQLITE_DIRECT_OVERFLOW_READ has. Introduced by [2ab14a8467]. First published in version 3.7.9.
- login: "dan"
- mimetype: "text/x-fossil-plain"
- severity changed to: "Important"
- status changed to: "Open"
- title changed to:
out-of-bounds write when using non-default malloc implementation and SQLITE_DIRECT_OVERFLOW_READ
- type changed to: "Code_Defect"