Overview
| Artifact ID: | ffd764b4ca6204f4a53e3f8e5497d8d2845e77d3ac7e3ffbbe6b8f7052cde35f |
|---|---|
| Ticket: | 33aa4c0de8a62e3397bd58ce4182942939e78aea
Heap buffer overflow on SQL input |
| User & Date: | drh 2023-03-19 23:38:49 |
Changes
- icomment:
Reopened The problem is that the sqlite3_error_offset() routine is returning a valid that is out-of-range for its input. Two errors: First, the sqlite3_error_offset() is returning an out-of-range value. Second, the CLI code that uses sqlite3_error_offset() is failing to properly deal with the out-of-range return value. Reproducible test case (run under valgrind): > ~~~~ CREATE TABLE t1 AS SELECT *,*,*,*,*,*,* FROM sqlite_schema; ALTER TABLE t1 ADD path GENERATED ALWAYS AS (no_such_function(1)); SELECT * FROM t1; ~~~~
- login: "drh"
- mimetype: "text/x-markdown"
- priority changed to: "High"
- resolution changed to: "Open"
- severity changed to: "Severe"
- status changed to: "Open"