SQLite
View Ticket
Not logged in
Ticket UUID: 0eb70d77cb05bb227203136b38199c957bb32e63
Title: Invalid pointer passed to the authorizer callback
Status: Fixed Type: Code_Defect
Severity: Important Priority: Immediate
Subsystem: Unknown Resolution: Fixed
Last Modified: 2013-05-06 13:45:39
Version Found In: 3.7.16.2
User Comments:
drh added on 2013-05-06 13:03:05: (text/x-fossil-wiki)
The UPDATE statement in the following code reads past the end of an
array and passes an invalid pointer to the authorizer callback:

<blockquote><verbatim>
CREATE TABLE t1(a,b,c,d,e,f,g,h);
UPDATE t1 SET rowid=rowid+100;
</verbatim></blockquote>

The problem can be seen by running the script above in the sqlite3 command-line
shell using valgrind.  This problem has been in the code since version 2.7.6
circa 2003-01-25 and appears to have been added by check-in
[45de93f913a18026a].  The problem has not been noticed before now because
it is obscure and mostly harmless - unless the authorizer is used on an UPDATE 
statement that changes the ROWID the worst
that can happen is a single read past the end of an array.

drh added on 2013-05-06 13:45:39: (text/x-fossil-wiki)
An additional requirement for hitting this bug is that the number of columns
in the table being updated must be a multiple of 8.