|Title:||out-of-bounds write when using non-default malloc implementation and SQLITE_DIRECT_OVERFLOW_READ|
|Last Modified:||2014-10-01 12:02:20|
|Version Found In:||trunk|
dan added on 2014-10-01 11:54:22:
If SQLITE_DIRECT_OVERFLOW_READ is defined and a large text or blob field that is aligned with the start of an overflow page is read, SQLite may temporarily modify (and then restore) the contents of up to 4 bytes of space immediately before a buffer obtained from malloc(). Here: [http://www.sqlite.org/src/artifact/ede8348a7d62?ln=4166] Normally this is not a problem, as the default malloc implementation used by SQLite always allocates at least 4 bytes of space for bookkeeping purposes before each buffer returned to SQLite. However, some custom malloc implemenations, or occasionally the built-in memsys3 or memsys5 implemenations, may not do this. In those cases the results are undefined. Problem has existed for as long as SQLITE_DIRECT_OVERFLOW_READ has. Introduced by [2ab14a8467]. First published in version 3.7.9.
dan added on 2014-10-01 12:02:20:
Fixed by [c3c15d20c6].