Ticket Hash: | e3a290961a63239fc1fb3d187e5c8d737dd7e6d2 | |||
Title: | out-of-bounds write when using non-default malloc implementation and SQLITE_DIRECT_OVERFLOW_READ | |||
Status: | Closed | Type: | Code_Defect | |
Severity: | Important | Priority: | Immediate | |
Subsystem: | Unknown | Resolution: | Open | |
Last Modified: | 2014-10-01 12:02:20 | |||
Version Found In: | trunk | |||
User Comments: | ||||
dan added on 2014-10-01 11:54:22:
If SQLITE_DIRECT_OVERFLOW_READ is defined and a large text or blob field that is aligned with the start of an overflow page is read, SQLite may temporarily modify (and then restore) the contents of up to 4 bytes of space immediately before a buffer obtained from malloc(). Here: [http://www.sqlite.org/src/artifact/ede8348a7d62?ln=4166] Normally this is not a problem, as the default malloc implementation used by SQLite always allocates at least 4 bytes of space for bookkeeping purposes before each buffer returned to SQLite. However, some custom malloc implemenations, or occasionally the built-in memsys3 or memsys5 implemenations, may not do this. In those cases the results are undefined. Problem has existed for as long as SQLITE_DIRECT_OVERFLOW_READ has. Introduced by [2ab14a8467]. First published in version 3.7.9. dan added on 2014-10-01 12:02:20: Fixed by [c3c15d20c6]. |