|13:45||• Ticket [0eb70d77] Invalid pointer passed to the authorizer callback status still Fixed with 3 other changes (artifact: ee1c6f48 user: drh)|
|13:23||• Fixed ticket [0eb70d77]. (artifact: 7fe0235d user: drh)|
|13:22||Make sure the authorizer callback gets a valid pointer to "ROWID" for the column-name parameter when doing an UPDATE that changes the rowid. Fix for ticket [0eb70d77cb05bb2272]. (check-in: 26a59bb8 user: drh tags: trunk)|
|13:03||• New ticket [0eb70d77] Invalid pointer passed to the authorizer callback. (artifact: 6ec5e901 user: drh)|
|Title:||Invalid pointer passed to the authorizer callback|
|Last Modified:||2013-05-06 13:45:39|
|Version Found In:||126.96.36.199|
drh added on 2013-05-06 13:03:05:
The UPDATE statement in the following code reads past the end of an array and passes an invalid pointer to the authorizer callback:
CREATE TABLE t1(a,b,c,d,e,f,g,h); UPDATE t1 SET rowid=rowid+100;
The problem can be seen by running the script above in the sqlite3 command-line shell using valgrind. This problem has been in the code since version 2.7.6 circa 2003-01-25 and appears to have been added by check-in [45de93f913a18026a]. The problem has not been noticed before now because it is obscure and mostly harmless - unless the authorizer is used on an UPDATE statement that changes the ROWID the worst that can happen is a single read past the end of an array.
drh added on 2013-05-06 13:45:39:
An additional requirement for hitting this bug is that the number of columns in the table being updated must be a multiple of 8.