---------- Forwarded message ---------- From: jur...@ramzes.net To: sqlite-users@sqlite.org Date: Thu, 24 Jun 2010 11:15:20 +0200 Subject: CRITICAL bug in sqlite3VdbeExec() code Dear friends,
This is my bug report. sqlite version: 3.6.23.1, Check-in [2e6a462ceb] file: vdbe.c line: 971 function: sqlite3VdbeExec() description: Local variable "pOut is not properly initialized in some cases. For example: ... /* Opcode: Variable P1 P2 * P4 * ** ** Transfer the values of bound parameter P1 into register P2 ** ** If the parameter is named, then its name appears in P4 and P3==1. ** The P4 value is used by sqlite3_bind_parameter_name(). */ case OP_Variable: { /* out2-prerelease */ Mem *pVar; /* Value being transferred */ assert( pOp->p1>0 && pOp->p1<=p->nVar ); pVar = &p->aVar[pOp->p1 - 1]; if( sqlite3VdbeMemTooBig(pVar) ){ goto too_big; } sqlite3VdbeMemShallowCopy(pOut, pVar, MEM_Static); <<<--- !!!!*** HERE***!!!! UPDATE_MAX_BLOBSIZE(pOut); break; } ... Function sqlite3VdbeMemShallowCopy() is called with pOut == NULL, of course with access violation (in Windows version). "case OP_Variable" I have checked under M$ debugger (not coverable errors in my PHP/PDO-Sqlite script with parameters binding), but possible other cases in massive switch statement, I think ... greetings from Poland, JureKL. ----------- End forwarded message --------- D. Richard Hipp d...@hwaci.com _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users