On 7/27/17, petern <[email protected]> wrote: > > What prevents stack busting or other code injection attacks on an otherwise > valid pseudo-null pointer by simply decoding the address space and > observing where strcmp() loads a register to one of the pointer "keys" > you've insisted be conveniently published for hackers in the data segment? >
I do not understand what this sentence means. Can you explain it again in simpler terms? Refresh my memory please: What exactly (and succinctly) is your complain with the current sqlite3_bind_pointer(), sqlite3_result_pointer(), and sqlite3_value_pointer() design? Are there multiple complains? Can you enumerate them? Please be as specific as possible. -- D. Richard Hipp [email protected] _______________________________________________ sqlite-users mailing list [email protected] http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
