> Alternatively, it could be related to: > https://www.sqlite.org/src/info/4feb3159c6bc3f7e33959 > > This was released as a part of 3.27.2 and looks like it has the right > text as well. What concerns me is that the ticket[0] is almost a week > before TALOS's timeline for "Vendor patched" plus it mentioned "free > that has not been malloc'ed" rather than "use after free". That said, > the test case examples for both issue are similar.�
This looks like a promising candidate. If you have the actual test case examples (I don't seem to be able to find them) it's surely "just" a matter of trying the PoC against this revision and its parent. Or going a bit further, using it to bisect between 3.27 and 3.28 (using a git mirror of the source). robert.
