Ticket Hash: | f50af3e8a565776b1dd3248dfa2d4a87d60e4153 | |||
Title: | OOB memory access on a table rename | |||
Status: | Fixed | Type: | Code_Defect | |
Severity: | Important | Priority: | Low | |
Subsystem: | Unknown | Resolution: | Fixed | |
Last Modified: | 2020-02-23 17:38:04 | |||
Version Found In: | 3.31.1 | |||
User Comments: | ||||
drh added on 2020-02-23 16:09:56:
(text/x-fossil-wiki)
The ALTER TABLE statement in the following SQL causes an out-of-bounds memory access: <blockquote><verbatim> CREATE TABLE t1(x); CREATE VIEW t2 AS SELECT 1 FROM t1, (t1 AS a0, t1); ALTER TABLE t1 RENAME TO t3; </verbatim></blockquote> This problem was discovered and reported by sakura(@eternalsakura13) of Alpha Team, Qihoo 360 drh added on 2020-02-23 16:16:40: (text/x-fossil-wiki) The OOB memory access occurs inside the [https://www.sqlite.org/src/artifact/f48a4423c8f198d7?ln=668-679|renameTokenCheckAll()] procedure, which is a debugging procedure that only exists for debugging builds. It is unclear whether or not this problem exists in release builds. drh added on 2020-02-23 17:38:04: (text/x-fossil-wiki) The test case shown above is indeed harmless for release builds. However, Sakura provides another more complex test case (not shown here) that does cause an OOB memory access on release builds due to the two-size lookaside memory allocator added in version 3.31.0. It is the same problem in both cases, and is fixed by check-in [c431b3fd8fd0f6a6]. |