In SQLite 3.27.2, interleaving reads and writes in a single transaction with
an fts5 virtual table will lead to a NULL Pointer Dereference in
fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and
In SQLite 3.27.2, running fts5 prefix queries inside a transaction could
trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c,
which may lead to an information leak. This is related to
I am aware of release of SQLite 3.28.0, but there are several problems:
- Test failures with USE="icu", now fixed:
- Segmentation fault triggered by test suite (on x86_64, seemingly not on x86_32), investigation ongoing
- Some incompatible change in behavior of fts3_tokenizer() function, potentially breaking some reverse dependencies
(In reply to Arfrever Frehtes Taifersar Arahesis from comment #2)
> - Segmentation fault triggered by test suite
This problem is now fixed:
dev-db/sqlite-3.28.0 is now in the tree.
Security fixes made after release of 3.28.0 have been backported:
"Fix an assert() that may be false for corrupt databases."
"Fix an error in fts3_write.c allowing a corrupt database to cause a crash."
"Fix a problem in fts5 where a corrupt position list could lead to a buffer overwrite."
"Fix another instance in fts3 where a corrupt record can cause a buffer overflow."
"Fix a stack overflow that could occur when renaming a table that has a trigger containing a window function invocation that itself contains a specific syntax error."
"Earlier detection of a database corruption case in balance_nonroot(), to prevent a possible use of an uninitialized variable."
"Fix a memory-leak/segfault caused by using OP_OpenDup and OP_OpenEphemeral on the same VM cursor."
(Waiting some time for sufficient testing of reverse dependencies before starting stabilization.)
Stabilization will happen in bug 685838.
This issue was resolved and addressed in
GLSA 201908-09 at https://security.gentoo.org/glsa/201908-09
by GLSA coordinator Aaron Bauman (b-man).