/ View Ticket
Login
Ticket Hash: e3a290961a63239fc1fb3d187e5c8d737dd7e6d2
Title: out-of-bounds write when using non-default malloc implementation and SQLITE_DIRECT_OVERFLOW_READ
Status: Closed Type: Code_Defect
Severity: Important Priority: Immediate
Subsystem: Unknown Resolution: Open
Last Modified: 2014-10-01 12:02:20
Version Found In: trunk
User Comments:
dan added on 2014-10-01 11:54:22:
If SQLITE_DIRECT_OVERFLOW_READ is defined and a large text or blob field that is aligned with the start of an overflow page is read, SQLite may temporarily modify (and then restore) the contents of up to 4 bytes of space immediately before a buffer obtained from malloc(). Here: 

  [http://www.sqlite.org/src/artifact/ede8348a7d62?ln=4166]

Normally this is not a problem, as the default malloc implementation used by SQLite always allocates at least 4 bytes of space for bookkeeping purposes before each buffer returned to SQLite. However, some custom malloc implemenations, or occasionally the built-in memsys3 or memsys5 implemenations, may not do this. In those cases the results are undefined.

Problem has existed for as long as SQLITE_DIRECT_OVERFLOW_READ has. Introduced by [2ab14a8467]. First published in version 3.7.9.

dan added on 2014-10-01 12:02:20:

Fixed by [c3c15d20c6].