Skip to content

Possible misuse of sqlite3_column_table_name et al #27776

@ericsink

Description

@ericsink

Original issue at ericsink/SQLitePCL.raw#479

I am concerned about possible problems with the calls to the SQLite column metadata functions (sqlite3_column_database_name, sqlite3_column_table_name, sqlite3_column_origin_name) in this area of the code:

var databaseName = sqlite3_column_database_name(Handle, i).utf8_to_string();
if (databaseName != blobDatabaseName)
{
continue;
}
var tableName = sqlite3_column_table_name(Handle, i).utf8_to_string();
if (tableName != blobTableName)
{
continue;
}
var columnName = sqlite3_column_origin_name(Handle, i).utf8_to_string();
if (columnName == "rowid")
{
_rowidOrdinal = i;
break;
}
var rc = sqlite3_table_column_metadata(
_connection.Handle,
databaseName,
tableName,
columnName,
out var dataType,
out var collSeq,
out var notNull,
out var primaryKey,
out var autoInc);

The docs:

https://www.sqlite.org/c3ref/column_database_name.html

say that these functions return NULL when the origin is an expression ... not a column value. And looking at the code, it seems possible that those NULLs would find their way into the call to sqlite3_table_column_metadata. Which would explain the behavior seen in the original issue.

Metadata

Metadata

Assignees

No one assigned

    Type

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions