This repository contains a Proof of Concept (PoC) for a critical memory safety vulnerability in the _sqlite3 / concat_ws logic.
- CWE-190 (Integer Truncation): A 64-bit length (
Py_ssize_t) is cast to a 32-bitint. - Logic Failure: 4,294,967,396 bytes (4GB+) truncates to 100 bytes.
- CWE-122 (Heap Overflow): The system allocates 100 bytes but attempts a 4GB write.
- The "Wild" Bridge: The 4GB overflow is massive enough to bridge isolated memory gaps (e.g., jumping a -48 byte distance to hit a secret variable).
Run the automated reproduction script (requires Linux/Ubuntu):
chmod +x repro.sh
./repro.sh| Marker | Evidence in your Log | Why it proves the bug |
|---|---|---|
| Reactive Math | Truncated size: 20 bytes | You changed the input (4GB + 20), and the C-logic responded. This proves it is not hardcoded. |
| Live Proof | RUN ID: 1778275890 | This is a Unix Timestamp (May 8, 2026, 2:31:30 PM GMT). It proves the test just ran. |
| Memory Isolation | Allocated at 0x6b134b0 | This randomized hex address proves the malloc actually happened in the GitHub Runner's physical RAM. |