SQLite

View Ticket
Login
Ticket Hash: 520070ec7fbaac73eda0e0123596b7bb3e9a6897
Title: Array overrun in the skip-scan optimization
Status: Fixed Type: Code_Defect
Severity: Severe Priority: Immediate
Subsystem: Unknown Resolution: Fixed
Last Modified: 2013-12-22 20:44:24
Version Found In: 3.8.2
User Comments:
drh added on 2013-12-22 20:28:07: (text/x-fossil-wiki)
The following SQL causes an array overrun in the skip-scan logic, resulting
in memory corruption:

<blockquote><verbatim>
CREATE TABLE t1(a,b,c,d,e,f,g,h,i);
CREATE INDEX t1all ON t1(a,b,c,d,e,f,g,h);
INSERT INTO t1 VALUES(1,2,3,4,5,6,7,8,9);
ANALYZE;
DELETE FROM sqlite_stat1;
INSERT INTO sqlite_stat1 
  VALUES('t1','t1all','655360 163840 40960 10240 2560 640 160 40 10');
ANALYZE sqlite_master;
SELECT i FROM t1 WHERE h=8;
</verbatim></blockquote>

This problem was introduced by check-in [b0bb975c0986fe01] which was part
of the 3.8.2 release.  The problem was reported to the developer via private
email.