database/sqlite
1
0
Fork 0
mirror of https://github.com/sqlite/sqlite.git synced 2025-08-08 14:02:16 +03:00
Code Activity

In extensions rtree, fts3 and fts5, ensure that when dynamic buffers are bound

Browse Source 
to persistent SQL statements using SQLITE_STATIC, the binding is replaced with
an SQL NULL before the buffer is freed. Otherwise, a user may obtain a pointer
to the persistent statement using sqlite3_next_stmt() and attempt to access
the freed buffer using sqlite3_expanded_sql() or similar.

FossilOrigin-Name: 2a5f813bc61f9e780f2ccbda425611f65ad523b6d486a1e5e2b9d5e9f1d260a2
This commit is contained in:
dan
2018-02-07 18:02:50 +00:00
parent fa68815fa3
commit eab0e10304
14 changed files with 47 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ext/rtree/rtree.c
View File

@@ -785,6 +785,7 @@ static int nodeWrite(Rtree *pRtree, RtreeNode *pNode){
sqlite3_step(p);
pNode->isDirty = 0;
rc = sqlite3_reset(p);
sqlite3_bind_null(p, 2);
if( pNode->iNode==0 && rc==SQLITE_OK ){
pNode->iNode = sqlite3_last_insert_rowid(pRtree->db);
nodeHashInsert(pRtree, pNode);