GNU bug report logs -
#58850
29.0.50; sqlite crashes on error
Previous Next
Reported by: Andrew Hyatt <ahyatt <at> gmail.com>
Date: Sat, 29 Oct 2022 00:48:02 UTC
Severity: normal
Found in version 29.0.50
Fixed in version 29.1
Done: Andrew Hyatt <ahyatt <at> gmail.com>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
On 02.11.22 04:33, Andrew Hyatt wrote:
> It does work for me, thank you for the fix! I don't think I really
> understand what is going on here either (does anyone? is the length of
> the path in the name the relevant thing here?), but if there's a
> solution that works, then that's enough for me, thanks. I'll close this
> bug.
It was a classical stack-buffer overflow. The "name=..." part of the
printed representation of SQLite objects was printed to a fixed-size
buffer on the processor stack. With a long enough name, this overwrites
other stuff on the stack, like the return address, and boom. I fixed
this by not using a buffer al all, which is the way this is done
normally. There was actually no need for using the buffer in the first
place.
Thanks for the report, and the testing!
This bug report was last modified 2 years and 202 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.