SQLite

View Ticket
Login
Plaintext
Ticket Hash: 23439ea5822411389c8edac234c08f2cc27ef3e9
Title: Stack overflow in sqlite3_str_vappendf, caused by int overflow
Status: Fixed Type: Code_Defect
Severity: Important Priority: Low
Subsystem: Utilities Resolution: Fixed
Last Modified: 2020-05-23 20:03:59
Version Found In:
User Comments:
yongheng added on 2020-05-23 17:52:02: 
Affected latest release version. 

POC:
---
CREATE TABLE a(b DOUBLE CHECK( NOT CASE WHEN printf(b, b) THEN 0 END) UNIQUE ON CONFLICT REPLACE);
CREATE TRIGGER c INSERT ON a BEGIN INSERT INTO a SELECT group_concat(b, 2147483647) FROM a;END;
INSERT INTO a(b, b, b) VALUES(NULL, 9, 3);
UPDATE a SET b = 0;
INSERT INTO a VALUES('GERMANY''s%'), ('Y'), ('Brand#23')
---
drh added on 2020-05-23 20:03:59:

Simplified test case: 

SELECT printf('%.*g',2147483647,0.01);

Affects all versions of SQLite since printf() was introduced in version 3.8.3 (2014-02-03).