I believe DRH answered this on Tuesday: "The two lines at https://www.sqlite.org/src/artifact/4e4aea7c?ln=7314-7316 guaranteed that the NULL pointer deference at https://www.sqlite.org/src/artifact/4e4aea7c?ln=7328 never happens.
-- D. Richard Hipp d...@sqlite.org" -----Original Message----- From: sqlite-users [mailto:sqlite-users-boun...@mailinglists.sqlite.org] On Behalf Of Zhendong Wu Sent: Thursday, December 08, 2016 11:51 PM To: sqlite-users@mailinglists.sqlite.org Subject: [sqlite] About a potential error in sqlite3.c, could you please check it? Hi, I have downloaded the source code of SQLite Version 3.15.2 which is a big file called sqlite3.c. I statically analyzed the code and found a potential error. Could you please check it? Thank you. In file ‘sqlite3.c’, function ‘sqlite3PagerOpenWal’, the piece of code is shown as follow. 53659: SQLITE_PRIVATE int sqlite3PagerOpenWal( 53660: Pager *pPager, /* Pager object */ 53661: int *pbOpen /* OUT: Set to true if call is a no-op */ 53662: ) { … 53683: *pbOpen = 1; If NULL is passed to the second parameter of function ‘sqlite3PagerOpenWal’, LINE 53683 will dereference a NULL pointer and cause a Segmentation fault. For example, in LINE 49625 ‘rc = sqlite3PagerOpenWal(pPager, 0);’ the second argument is 0. I think ‘pPager’ may be from untrusted source and it may cause LINE 53662 dereference a NULL pointer. Looking forward to your reply. Best, Zhendong -- Zhendong Wu Ph.D. Candidate School of Computer National University of Defense Technology Changsha, Hunan, China 410073 _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
