Giter Site home page Giter Site logo

Comments (3)

msbit avatar msbit commented on July 17, 2024

Got curious and took a look through the SQLite source, looks like the original error comes up in src/expr.c (https://sqlite.org/src/file?name=src/expr.c) around line 1097.

Based on the following from https://www.sqlite.org/limits.html:

SQLite allocates space to hold all host parameters between 1 and the largest host parameter number used. Hence, an SQL statement that contains a host parameter like ?1000000000 would require gigabytes of storage. This could easily overwhelm the resources of the host machine. To prevent excessive memory allocations, the maximum value of a host parameter number is SQLITE_MAX_VARIABLE_NUMBER, which defaults to 999 for SQLite versions prior to 3.32.0 (2020-05-22) or 32766 for SQLite versions after 3.32.0.

which makes sense, because the number of variables in that cause this crash is about 1930.

Given where it's coming from (inside android.content.ContentProviderProxy), I'm guessing there is little you could do about it (except maybe work out how to exploit this for bug bounty fame and fortune).

from fuck-storage-access-framework.

K1rakishou avatar K1rakishou commented on July 17, 2024

Hi. Thanks for taking a look. Yeah, the cause of the crash is a huge amount of operands of the IN operator. But what I don't understand is where are they coming from because I only use one selection argument - COLUMN_DISPLAY_NAME. And for some unknown reason another hundred or so of arguments are appearing out of nowhere. This crash is really rare so it may as well be a bug in SAF implementation of some custom ROM or something like that. I could report it to google but I don't have the STR so they probably won't even look at it. Also I could silence the crash and just return null but I'm afraid this would lead to some other inconsistency bugs.

from fuck-storage-access-framework.

K1rakishou avatar K1rakishou commented on July 17, 2024

Haven't seen this crash since the latest release (which was 5 months ago), I guess the problem was in missing synchronization.

from fuck-storage-access-framework.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.