| Ticket Hash: | 3fe897352e8d8ceabbe9aa643f929a9a7ce988df | |||
| Title: | Malformed UTF16 leads to a 2-byte buffer overread | |||
| Status: | Fixed | Type: | Code_Defect | |
| Severity: | Important | Priority: | Immediate | |
| Subsystem: | Unknown | Resolution: | Fixed | |
| Last Modified: | 2009-10-24 01:48:05 | |||
| Version Found In: | 3.6.16 | |||
| Description: | ||||
If a malformed UTF16 string that ends with the first half of a surrogate pair is passed into SQLite through functions such as sqlite3_bind_text16() then SQLite might read two bytes past the end of the string. This is normally harmless, but if the string happens to end on a page boundary and the next page is unmapped, a segfault could result. <hr><i>shane added on 2009-10-24 01:48:05:</i><br> Check-in [19064d7cea]. | ||||