|Title:||Invalid pointer passed to the authorizer callback|
|Last Modified:||2013-05-06 13:45:39|
|Version Found In:||184.108.40.206|
drh added on 2013-05-06 13:03:05:
The UPDATE statement in the following code reads past the end of an array and passes an invalid pointer to the authorizer callback:
CREATE TABLE t1(a,b,c,d,e,f,g,h); UPDATE t1 SET rowid=rowid+100;
The problem can be seen by running the script above in the sqlite3 command-line shell using valgrind. This problem has been in the code since version 2.7.6 circa 2003-01-25 and appears to have been added by check-in [45de93f913a18026a]. The problem has not been noticed before now because it is obscure and mostly harmless - unless the authorizer is used on an UPDATE statement that changes the ROWID the worst that can happen is a single read past the end of an array.
drh added on 2013-05-06 13:45:39:
An additional requirement for hitting this bug is that the number of columns in the table being updated must be a multiple of 8.