Hello,
We have found a minor bug in the session extension. The problem can occur
in sqlite3session_diff, when there is a table schema mismatch, if no error
pointer is provided.
According to the documentation of sqlite3session_diff:
> ** If the operation successful, SQLITE_OK is returned. Otherwise, an
SQLite
> ** error code. In this case, if argument pzErrMsg is not NULL, *pzErrMsg
> ** may be set to point to a buffer containing an English language error
> ** message...
If an application calls sqlite3session_diff and encounters a schema
mismatch error, while having provided NULL for the pzErrMsg parameter, a
segmentation fault occurs.
We believe this is caused here, in sqlite3session.c: L#1627
if( bMismatch ){
*pzErrMsg = sqlite3_mprintf("table schemas do not match");
rc = SQLITE_SCHEMA;
}
There is no check that pzErrMsg is not NULL here prior to assignment.
There's an easy work-around: providing a pzErrMsg out parameter when
calling sqlite3session_diff resolves the crash.
Cheers,
Micah
_______________________________________________
sqlite-users mailing list
[email protected]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
