Skip to content

sqlite: reject malformed update changesets#63330

Closed
mcollina wants to merge 1 commit into
nodejs:mainfrom
mcollina:fix/sqlite-applychangeset-corrupt-update
Closed

sqlite: reject malformed update changesets#63330
mcollina wants to merge 1 commit into
nodejs:mainfrom
mcollina:fix/sqlite-applychangeset-corrupt-update

Conversation

@mcollina
Copy link
Copy Markdown
Member

@mcollina mcollina commented May 15, 2026
edited
Loading

Reject malformed UPDATE changesets that omit a primary-key old value instead of
passing a null sqlite3_value* into sessionBindValue() during
sqlite3changeset_apply().

This turns the reporter's crashing payload into SQLITE_CORRUPT /
ERR_SQLITE_ERROR and adds a regression test that verifies Node throws instead
of crashing the child process.

@nodejs-github-bot
Copy link
Copy Markdown
Collaborator

nodejs-github-bot commented May 15, 2026

Review requested:

  • @nodejs/security-wg
  • @nodejs/sqlite

@nodejs-github-bot nodejs-github-bot added dependencies Pull requests that update a dependency file. needs-ci PRs that need a full CI run. sqlite Issues and PRs related to the SQLite subsystem. labels May 15, 2026
@mcollina mcollina closed this May 15, 2026
@louwers
Copy link
Copy Markdown
Contributor

louwers commented May 15, 2026

Is this an issue? Happy to look into it.

@mcollina mcollina deleted the fix/sqlite-applychangeset-corrupt-update branch May 15, 2026 16:30
@mcollina
Copy link
Copy Markdown
Member Author

mcollina commented May 15, 2026

Nope, bad thing on my end

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file. needs-ci PRs that need a full CI run. sqlite Issues and PRs related to the SQLite subsystem.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mcollina @nodejs-github-bot @louwers