That claim sounds implausible - the memory usage patterns should not be a function of untrusted input.
Conversation
SQLite still has memory corruption bugs. A subset of those are vulnerabilities. I can link to some of the recent ones, but I don't feel that's necessary. I don't see how it's implausible that C code is still going to have edge cases not totally handled leading to mem corruption.
1
I think it sounds more plausible that someone thought "you feed a corrupt sqlite db file to it" is a CVE, when accepting untrusted db files is not the intended usage.
1
That is the intended usage of SQLite. That's part of the threat model for it in the real world and it certainly aims to be safe in that case. It's also supposed to remain memory safe with a lot of attacker control over the database queries.
1
1
This Tweet was deleted by the Tweet author. Learn more
I didn't say running untrusted SQL. I said "a lot of attacker control over the database queries". If I meant executing arbitrary SQL, that's what I would have said, and I clearly didn't mean that. Please don't misrepresent my statements any more.
1
1
sqlite.org/whentouse.html
> SQLite does not compete with client/server databases. SQLite competes with fopen().
#2 on list of recommend uses
> Application file format
Also listed:
> Data transfer format
And yes, it is widely used this way in the real world, as intended.
1
1
I believe you. This is a highly irresponsible recommendation, both from a security perspective and a design one, and ppl should ignore it.
This Tweet was deleted by the Tweet author. Learn more
Consider something like the XCF file format used by a program like GIMP including all kinds of fancy structured data. People are certainly exchanging these files. SQLite would be a substantially safer base to build on than the current GIMP implementation. I'm quite sure of that.
2
Or the formats used by word processors for rich text documents like the Open Document Format (ODF). There are lots of complex, structured file formats. File formats are just one example of one of many forms of untrusted input handled in the real world.
Complex structured file formats are fundamentally a mistake. They should not exist.
1
1
GIMP / Krita has a use case with lots of complexity. The file format is going to be complex. Telling people that their use cases and needs are invalid isn't a viable way to achieve security. Software is going to be made to meet those needs. We know how to make it decently secure.
1