Fix a theoretical OOB memory access in sqlite3_stmt_scanstatus_v2().

FossilOrigin-Name: 87be9580747b405c2c534beadb0f95cee0d4f34e0245f90e157a6b7ada38e092
2025-08-05 15:55:57 +03:00 · 2024-03-25 18:30:15 +00:00
parent 791b6f36cc
commit eb5bd4db91
4 changed files with 22 additions and 10 deletions
--- a/src/vdbeapi.c
+++ b/src/vdbeapi.c
@@ -2404,7 +2404,6 @@ int sqlite3_stmt_scanstatus_v2(
  }
  if( flags & SQLITE_SCANSTAT_COMPLEX ){
    idx = iScan;
-    pScan = &p->aScan[idx];
  }else{
    /* If the COMPLEX flag is clear, then this function must ignore any
    ** ScanStatus structures with ScanStatus.addrLoop set to 0. */
@@ -2417,6 +2416,8 @@ int sqlite3_stmt_scanstatus_v2(
    }
  }
  if( idx>=p->nScan ) return 1;
+  assert( pScan==0 || pScan==&p->aScan[idx] );
+  pScan = &p->aScan[idx];

  switch( iScanStatusOp ){
    case SQLITE_SCANSTAT_NLOOP: {