Fix a buffer overread in debugging routine sqlite3VdbeMemPrettyPrint().

Problem discovered by OSS-Fuzz. FossilOrigin-Name: f336fba7d7d41b91a5000d01dddf785821fa79ea31dbd8d1f769d55f7e871896
2025-08-08 14:02:16 +03:00 · 2017-03-17 13:59:06 +00:00
parent a3b2da9889
commit 1f9144ed41
3 changed files with 15 additions and 10 deletions
--- a/src/vdbe.c
+++ b/src/vdbe.c
@@ -2657,8 +2657,13 @@ case OP_Column: {
      **    2. the length(X) function if X is a blob, and
      **    3. if the content length is zero.
      ** So we might as well use bogus content rather than reading
-      ** content from disk. */
-      static u8 aZero[8];  /* This is the bogus content */
+      ** content from disk. 
+      **
+      ** Although sqlite3VdbeSerialGet() may read at most 8 bytes from the
+      ** buffer passed to it, debugging function VdbeMemPrettyPrint() may
+      ** read up to 16. So 16 bytes of bogus content is supplied.
+      */
+      static u8 aZero[16];  /* This is the bogus content */
      sqlite3VdbeSerialGet(aZero, t, pDest);
    }else{
      rc = sqlite3VdbeMemFromBtree(pC->uc.pCursor, aOffset[p2], len, pDest);