Ticket Hash: | f7b4edece25c994857dc139207f55a53c8319fae | |||
Title: | sqlite3_update_hook gives incorrect table name with shared cache | |||
Status: | Fixed | Type: | Code_Defect | |
Severity: | Critical | Priority: | Immediate | |
Subsystem: | Unknown | Resolution: | Fixed | |
Last Modified: | 2011-03-19 02:04:24 | |||
Version Found In: | 3.7.5 | |||
Description: | ||||
The fourth argument to the sqlite3_update_hook() callback is suppose to be
the name of the table that is being updated. However, this string pointer
might point to deallocated memory if shared cache mode is in use. Here
is the scenario:
The prepared statement in step (2) contains a pointer to the table name string in the parsed schema. Step (3) causes the schema to be reparsed, which invalidates that string. But the rollback of step (3) means that the schema cookie is unchanged and so the prepared statement is not invalidated. Step (4) then runs the prepared statement and passes the invalid string to the update hook callback. This problem was found by internal code review and has never been observed in the wild. |