On 8 Jul 2013, at 10:24am, Mitina, Tatiana <[email protected]> wrote:
> Could you fix security issues found by Klocwork in sqlite 3.7.12.1? > See the attached Klocwork report. The last bugs I see reported to SQLite from klocwork were in 2006. They were both fixed long ago. Klocwork has spotted a number of errors in the Android implementation of the SQLite library leading to error reports for Android developers. An example of such a report is this: <http://www.klocwork.com/products/documentation/current/Checkers:ANDROID.RLK.SQLOBJ> Unfortunately no date is attached to this report so I can’t tell how old it is. However, the bug (which really is a bug) is not in the SQLite API but in the Android library that calls the SQLite API. The people responsible for fixing it are the developer team of the Android library, not the developer team of SQLite. A quick look at every bug on <http://www.klocwork.com/products/documentation/current/Java_checker_reference> which includes 'SQL' suggests that all of them are bugs in the Android library not the SQLite API. Most are failures to close queries but a couple are security concerns resulting from failing to check the return code from one API call before proceeding to another. There are choices to be made in fixing them which are best left up those familiar with the inner workings of Android so I guess we’ll leave it to them. If the problems you’re talking about are not mentioned above we’d love to know about them. Unfortunately attachments cannot normally be used with this list. If you want us to see your bug and your content is text, can you please paste it directly into the body of a message ? If your content is not text, could you put it on a server somewhere and post the URL ? Or you could post the URL of an existing bug report. Thanks. Simon. _______________________________________________ sqlite-users mailing list [email protected] http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
