---------- Forwarded message ----------
From: jur...@ramzes.net
To: sqlite-users@sqlite.org
Date: Thu, 24 Jun 2010 11:15:20 +0200
Subject: CRITICAL bug in sqlite3VdbeExec() code
Dear friends,
This is my bug report.
sqlite version: 3.6.23.1, Check-in [2e6a462ceb]
file: vdbe.c
line: 971
function: sqlite3VdbeExec()
description:
Local variable "pOut is not properly initialized in some cases.
For example:
...
/* Opcode: Variable P1 P2 * P4 *
**
** Transfer the values of bound parameter P1 into register P2
**
** If the parameter is named, then its name appears in P4 and P3==1.
** The P4 value is used by sqlite3_bind_parameter_name().
*/
case OP_Variable: { /* out2-prerelease */
Mem *pVar; /* Value being transferred */
assert( pOp->p1>0 && pOp->p1<=p->nVar );
pVar = &p->aVar[pOp->p1 - 1];
if( sqlite3VdbeMemTooBig(pVar) ){
goto too_big;
}
sqlite3VdbeMemShallowCopy(pOut, pVar, MEM_Static); <<<--- !!!!***
HERE***!!!!
UPDATE_MAX_BLOBSIZE(pOut);
break;
}
...
Function sqlite3VdbeMemShallowCopy() is called with pOut == NULL, of
course with access violation (in Windows version).
"case OP_Variable" I have checked under M$ debugger (not coverable
errors in my PHP/PDO-Sqlite script with parameters binding), but
possible other cases in massive switch statement, I think ...
greetings from Poland,
JureKL.
----------- End forwarded message ---------
D. Richard Hipp
d...@hwaci.com
_______________________________________________
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
