Re: [sqlite] Bug report: Sqlite seg fault, probably after database gets corrupt

Thu, 01 Aug 2013 12:39:07 -0700 

On Thu, Aug 1, 2013 at 3:30 PM, Brian Vincent <bra...@gmail.com> wrote:

>     if( d1>=(u32)nKey1 && sqlite3VdbeSerialTypeLen(serial_type1)>0 ) break;
>
> The next line will likely segfault if d1>=nKey1, right?  What if d1>=nKey1,
> but it's not true that sqlite3VdbeSerialTypeLen(serial_type1)>0 ?  Wouldn't
> this still cause a segfault?  Is that a valid concern?
>

Not a concern.

The &aKey1[d1] is just an address.  And it never gets dereferenced if the
SerialTypeLen is zero.



>
> -Brian Vincent
>
>
>
> On Thu, Aug 1, 2013 at 2:19 PM, Richard Hipp <d...@sqlite.org> wrote:
>
> > On Thu, Aug 1, 2013 at 2:20 PM, Brian Vincent <bra...@gmail.com> wrote:
> >
> > > I think I can describe, is a
> > > possibly way that a corrupt database is causing sqlite to segfault.
> > >
> >
> > Thanks.  Fixed in http://www.sqlite.org/src/info/c3baca99f4 including a
> > test case.
> >
> >
> > --
> > D. Richard Hipp
> > d...@sqlite.org
> > _______________________________________________
> > sqlite-users mailing list
> > sqlite-users@sqlite.org
> > http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
> >
> _______________________________________________
> sqlite-users mailing list
> sqlite-users@sqlite.org
> http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
>



-- 
D. Richard Hipp
d...@sqlite.org
_______________________________________________
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

Reply via email to