AddressSanitizer: heap-buffer-overflow; READ of size 1 at  thread T0
    #0  in duckdb::StringValueScanner::RemoveEscape(char const*, unsigned long, char, char, bool, duckdb::Vector&) /home/runner/wor

Issue found by csv_multi_param_fuzzer on git commit hash [5dcda](https://github.com/duckdb/duckdb/commit/5dcda9fd79a9346963191518e35c103135f72845) using seed 0.
### To Reproduce
```sql
.sh wget https://github.com/duckdb/duckdb-fuzzer/raw/refs/heads/main/reproduction_inputs/csv/20260313_c0180e.csv
from read_csv('20260313_c0180e.csv', buffer_size=30, delim=';', header=false, null_padding=true, union_by_name=false);
```

### Error Message
```
AddressSanitizer: heap-buffer-overflow; READ of size 1 at  thread T0
    #0  in duckdb::StringValueScanner::RemoveEscape(char const*, unsigned long, char, char, bool, duckdb::Vector&) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/execution/operator/csv_scanner/scanner/string_value_scanner.cpp:1316
```

### Stack Trace
```
READ of size 1 at  thread T0
    #0  in duckdb::StringValueScanner::RemoveEscape(char const*, unsigned long, char, char, bool, duckdb::Vector&) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/execution/operator/csv_scanner/scanner/string_value_scanner.cpp:1316
    #1  in duckdb::StringValueResult::AddPossiblyEscapedValue(duckdb::StringValueResult&, unsigned long, char const*, unsigned long, bool) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/execution/operator/csv_scanner/scanner/string_value_scanner.cpp:593
    #2  in duckdb::StringValueResult::AddQuotedValue(duckdb::StringValueResult&, unsigned long) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/execution/operator/csv_scanner/scanner/string_value_scanner.cpp:539
    #3  in duckdb::StringValueResult::AddRow(duckdb::StringValueResult&, unsigned long) (/home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/build/debug/duckdb) (BuildId: 0a4c8d1e6bd334ea61f2ef37d6da53e36c58c7d4)
    #4  in duckdb::StringValueResult::UnsetComment(duckdb::StringValueResult&, unsigned long) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/execution/operator/csv_scanner/scanner/string_value_scanner.cpp:203
    #5  in void duckdb::BaseScanner::Process<duckdb::StringValueResult>(duckdb::StringValueResult&) (/home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/build/debug/duckdb) (BuildId: 0a4c8d1e6bd334ea61f2ef37d6da53e36c58c7d4)
    #6  in duckdb::StringValueScanner::FinalizeChunkProcess() /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/execution/operator/csv_scanner/scanner/string_value_scanner.cpp:1974
    #7  in void duckdb::BaseScanner::ParseChunkInternal<duckdb::StringValueResult>(duckdb::StringValueResult&) (/home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/build/debug/duckdb) (BuildId: 0a4c8d1e6bd334ea61f2ef37d6da53e36c58c7d4)
    #8  in duckdb::StringValueScanner::ParseChunk() /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/execution/operator/csv_scanner/scanner/string_value_scanner.cpp:1037
    #9  in duckdb::CSVSniffer::DetectTypes() /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/execution/operator/csv_scanner/sniffer/type_detection.cpp:445
    #10  in duckdb::CSVSniffer::SniffCSV(bool) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/execution/operator/csv_scanner/sniffer/csv_sniffer.cpp:181
    #11  in duckdb::CSVSchemaDiscovery::SchemaDiscovery(duckdb::ClientContext&, duckdb::shared_ptr<duckdb::CSVBufferManager, true>&, duckdb::CSVReaderOptions&, duckdb::MultiFileOptions const&, duckdb::vector<duckdb::LogicalType, true, std::allocator<duckdb::LogicalType> >&, duckdb::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, true, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&, duckdb::MultiFileList&) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/execution/operator/csv_scanner/table_function/csv_multi_file_info.cpp:83
    #12  in duckdb::CSVMultiFileInfo::BindReader(duckdb::ClientContext&, duckdb::vector<duckdb::LogicalType, true, std::allocator<duckdb::LogicalType> >&, duckdb::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, true, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&, duckdb::MultiFileBindData&) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/execution/operator/csv_scanner/table_function/csv_multi_file_info.cpp:170
    #13  in duckdb::MultiFileFunction<duckdb::CSVMultiFileInfo>::MultiFileBindInternal(duckdb::ClientContext&, duckdb::unique_ptr<duckdb::MultiFileReader, std::default_delete<duckdb::MultiFileReader>, true>, duckdb::shared_ptr<duckdb::MultiFileList, true>, duckdb::vector<duckdb::LogicalType, true, std::allocator<duckdb::LogicalType> >&, duckdb::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, true, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&, duckdb::MultiFileOptions, duckdb::unique_ptr<duckdb::BaseFileReaderOptions, std::default_delete<duckdb::BaseFileReaderOptions>, true>, duckdb::unique_ptr<duckdb::MultiFileReaderInterface, std::default_delete<duckdb::MultiFileReaderInterface>, true>) (/home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/build/debug/duckdb) (BuildId: 0a4c8d1e6bd334ea61f2ef37d6da53e36c58c7d4)
    #14  in duckdb::MultiFileFunction<duckdb::CSVMultiFileInfo>::MultiFileBind(duckdb::ClientContext&, duckdb::TableFunctionBindInput&, duckdb::vector<duckdb::LogicalType, true, std::allocator<duckdb::LogicalType> >&, duckdb::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, true, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/include/duckdb/common/multi_file/multi_file_function.hpp:186
    #15  in duckdb::Binder::BindTableFunctionInternal(duckdb::TableFunction&, duckdb::TableFunctionRef const&, duckdb::vector<duckdb::Value, true, std::allocator<duckdb::Value> >, std::unordered_map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, duckdb::Value, duckdb::CaseInsensitiveStringHashFunction, duckdb::CaseInsensitiveStringEquality, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, duckdb::Value> > >, duckdb::vector<duckdb::LogicalType, true, std::allocator<duckdb::LogicalType> >, duckdb::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, true, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/planner/binder/tableref/bind_table_function.cpp:239
    #16  in duckdb::Binder::Bind(duckdb::TableFunctionRef&) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/planner/binder/tableref/bind_table_function.cpp:462
    #17  in duckdb::Binder::Bind(duckdb::TableRef&) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/planner/binder.cpp:158
    #18  in duckdb::Binder::BindNode(duckdb::SelectNode&) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/planner/binder/query_node/bind_select_node.cpp:386
    #19  in duckdb::Binder::BindNode(duckdb::QueryNode&) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/planner/binder/query_node/bind_cte_node.cpp:29
    #20  in duckdb::Binder::Bind(duckdb::QueryNode&) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/planner/binder.cpp:139
    #21  in duckdb::Binder::Bind(duckdb::SelectStatement&) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/planner/binder/statement/bind_select.cpp:11
    #22  in duckdb::Binder::Bind(duckdb::SQLStatement&) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/planner/binder.cpp:81
    #23  in duckdb::Planner::CreatePlan(duckdb::SQLStatement&) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/planner/planner.cpp:57
    #24  in duckdb::Planner::CreatePlan(duckdb::unique_ptr<duckdb::SQLStatement, std::default_delete<duckdb::SQLStatement>, true>) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/planner/planner.cpp:163
    #25  in duckdb::ClientContext::CreatePreparedStatementInternal(duckdb::ClientContextLock&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, duckdb::unique_ptr<duckdb::SQLStatement, std::default_delete<duckdb::SQLStatement>, true>, duckdb::PendingQueryParameters) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/main/client_context.cpp:404
    #26  in duckdb::ClientContext::CreatePreparedStatement(duckdb::ClientContextLock&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, duckdb::unique_ptr<duckdb::SQLStatement, std::default_delete<duckdb::SQLStatement>, true>, duckdb::PendingQueryParameters, duckdb::PreparedStatementMode) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/main/client_context.cpp:498
    #27  in duckdb::ClientContext::PendingStatementInternal(duckdb::ClientContextLock&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, duckdb::unique_ptr<duckdb::SQLStatement, std::default_delete<duckdb::SQLStatement>, true>, duckdb::PendingQueryParameters const&) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/main/client_context.cpp:839
    #28  in duckdb::ClientContext::PendingStatementOrPreparedStatement(duckdb::ClientContextLock&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, duckdb::unique_ptr<duckdb::SQLStatement, std::default_delete<duckdb::SQLStatement>, true>, duckdb::shared_ptr<duckdb::PreparedStatementData, true>&, duckdb::PendingQueryParameters const&) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/main/client_context.cpp:957
    #29  in duckdb::ClientContext::PendingStatementOrPreparedStatementInternal(duckdb::ClientContextLock&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, duckdb::unique_ptr<duckdb::SQLStatement, std::default_delete<duckdb::SQLStatement>, true>, duckdb::shared_ptr<duckdb::PreparedStatementData, true>&, duckdb::PendingQueryParameters const&) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/main/client_context.cpp:930
    #30  in duckdb::ClientContext::PendingQueryInternal(duckdb::ClientContextLock&, duckdb::unique_ptr<duckdb::SQLStatement, std::default_delete<duckdb::SQLStatement>, true>, duckdb::PendingQueryParameters const&, bool) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/main/client_context.cpp:1149
    #31  in duckdb::ClientContext::PendingQuery(duckdb::unique_ptr<duckdb::SQLStatement, std::default_delete<duckdb::SQLStatement>, true>, std::unordered_map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, duckdb::BoundParameterData, duckdb::CaseInsensitiveStringHashFunction, duckdb::CaseInsensitiveStringEquality, std::allocator<std::pair<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const, duckdb::BoundParameterData> > >&, duckdb::QueryParameters) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/main/client_context.cpp:1136
    #32  in duckdb::ClientContext::PendingQuery(duckdb::unique_ptr<duckdb::SQLStatement, std::default_delete<duckdb::SQLStatement>, true>, duckdb::QueryParameters) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/main/client_context.cpp:1091
    #33  in duckdb::ClientContext::Query(duckdb::unique_ptr<duckdb::SQLStatement, std::default_delete<duckdb::SQLStatement>, true>, duckdb::QueryParameters) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/main/client_context.cpp:1007
    #34  in duckdb::Connection::SendQuery(duckdb::unique_ptr<duckdb::SQLStatement, std::default_delete<duckdb::SQLStatement>, true>, duckdb::QueryParameters) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/main/connection.cpp:98
    #35  in duckdb_shell::ShellState::ExecuteStatement(duckdb::unique_ptr<duckdb::SQLStatement, std::default_delete<duckdb::SQLStatement>, true>) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/tools/shell/shell.cpp:953
    #36  in duckdb_shell::ShellState::ExecuteSQL(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/tools/shell/shell.cpp:1017
    #37  in duckdb_shell::ShellState::RunOneSqlLine(duckdb_shell::InputMode, char*) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/tools/shell/shell.cpp:2736
    #38  in duckdb_shell::ShellState::ProcessInput(duckdb_shell::InputMode) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/tools/shell/shell.cpp:2880
    #39  in RunShell(int, char const**) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/tools/shell/shell.cpp:3257
    #40  in main /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/tools/shell/shell.cpp:3286
    #41   (    #42  in __libc_start_main (    #43  in _start (/home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/build/debug/duckdb) (BuildId: 0a4c8d1e6bd334ea61f2ef37d6da53e36c58c7d4)

 is located 0 bytes after 262144-byte region ,)
allocated by thread T0 here:
    #0  in malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
    #1  in duckdb::Allocator::DefaultAllocate(duckdb::PrivateAllocatorData*, unsigned long) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/common/allocator.cpp:188
    #2  in duckdb::Allocator::AllocateData(unsigned long) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/common/allocator.cpp:137
    #3  in duckdb::BlockAllocator::AllocateData(unsigned long) const /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/storage/block_allocator.cpp:318
    #4  in duckdb::FileBuffer::ReallocBuffer(unsigned long) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/common/file_buffer.cpp:59
    #5  in duckdb::FileBuffer::ResizeInternal(unsigned long, unsigned long) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/common/file_buffer.cpp:90
    #6  in duckdb::FileBuffer::FileBuffer(duckdb::BlockAllocator&, duckdb::FileBufferType, unsigned long, unsigned long) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/common/file_buffer.cpp:19
    #7  in duckdb::TemplatedUniqueIf<duckdb::FileBuffer, true>::templated_unique_single_t duckdb::make_uniq<duckdb::FileBuffer, duckdb::BlockAllocator&, duckdb::FileBufferType&, unsigned long&, unsigned long&>(duckdb::BlockAllocator&, duckdb::FileBufferType&, unsigned long&, unsigned long&) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/include/duckdb/common/helper.hpp:66
    #8  in duckdb::StandardBufferManager::ConstructManagedBuffer(unsigned long, unsigned long, duckdb::unique_ptr<duckdb::FileBuffer, std::default_delete<duckdb::FileBuffer>, true>&&, duckdb::FileBufferType) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/storage/standard_buffer_manager.cpp:51
    #9  in duckdb::StandardBufferManager::RegisterMemory(duckdb::MemoryTag, unsigned long, unsigned long, bool) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/storage/standard_buffer_manager.cpp:175
    #10  in duckdb::StandardBufferManager::AllocateTemporaryMemory(duckdb::MemoryTag, unsigned long, bool) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/storage/standard_buffer_manager.cpp:183
    #11  in duckdb::StandardBufferManager::Allocate(duckdb::MemoryTag, unsigned long, bool) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/storage/standard_buffer_manager.cpp:202
    #12  in duckdb::ClientBufferManager::Allocate(duckdb::MemoryTag, unsigned long, bool) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/main/client_data.cpp:61
    #13  in duckdb::CSVBuffer::AllocateBuffer(unsigned long) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/execution/operator/csv_scanner/buffer_manager/csv_buffer.cpp:54
    #14  in duckdb::CSVBuffer::CSVBuffer(duckdb::CSVFileHandle&, duckdb::ClientContext&, unsigned long, unsigned long, unsigned long) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/execution/operator/csv_scanner/buffer_manager/csv_buffer.cpp:25
    #15  in void std::_Construct<duckdb::CSVBuffer, duckdb::CSVFileHandle&, duckdb::ClientContext&, unsigned long&, unsigned long, unsigned long>(duckdb::CSVBuffer*, duckdb::CSVFileHandle&, duckdb::ClientContext&, unsigned long&, unsigned long&&, unsigned long&&) /usr/include/c++/13/bits/stl_construct.h:119
    #16  in void std::allocator_traits<std::allocator<void> >::construct<duckdb::CSVBuffer, duckdb::CSVFileHandle&, duckdb::ClientContext&, unsigned long&, unsigned long, unsigned long>(std::allocator<void>&, duckdb::CSVBuffer*, duckdb::CSVFileHandle&, duckdb::ClientContext&, unsigned long&, unsigned long&&, unsigned long&&) /usr/include/c++/13/bits/alloc_traits.h:661
    #17  in std::_Sp_counted_ptr_inplace<duckdb::CSVBuffer, std::allocator<void>, (__gnu_cxx::_Lock_policy)2>::_Sp_counted_ptr_inplace<duckdb::CSVFileHandle&, duckdb::ClientContext&, unsigned long&, unsigned long, unsigned long>(std::allocator<void>, duckdb::CSVFileHandle&, duckdb::ClientContext&, unsigned long&, unsigned long&&, unsigned long&&) /usr/include/c++/13/bits/shared_ptr_base.h:604
    #18  in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::__shared_count<duckdb::CSVBuffer, std::allocator<void>, duckdb::CSVFileHandle&, duckdb::ClientContext&, unsigned long&, unsigned long, unsigned long>(duckdb::CSVBuffer*&, std::_Sp_alloc_shared_tag<std::allocator<void> >, duckdb::CSVFileHandle&, duckdb::ClientContext&, unsigned long&, unsigned long&&, unsigned long&&) /usr/include/c++/13/bits/shared_ptr_base.h:971
    #19  in std::__shared_ptr<duckdb::CSVBuffer, (__gnu_cxx::_Lock_policy)2>::__shared_ptr<std::allocator<void>, duckdb::CSVFileHandle&, duckdb::ClientContext&, unsigned long&, unsigned long, unsigned long>(std::_Sp_alloc_shared_tag<std::allocator<void> >, duckdb::CSVFileHandle&, duckdb::ClientContext&, unsigned long&, unsigned long&&, unsigned long&&) /usr/include/c++/13/bits/shared_ptr_base.h:1712
    #20  in std::shared_ptr<duckdb::CSVBuffer>::shared_ptr<std::allocator<void>, duckdb::CSVFileHandle&, duckdb::ClientContext&, unsigned long&, unsigned long, unsigned long>(std::_Sp_alloc_shared_tag<std::allocator<void> >, duckdb::CSVFileHandle&, duckdb::ClientContext&, unsigned long&, unsigned long&&, unsigned long&&) /usr/include/c++/13/bits/shared_ptr.h:464
    #21  in std::shared_ptr<std::enable_if<!std::is_array<duckdb::CSVBuffer>::value, duckdb::CSVBuffer>::type> std::make_shared<duckdb::CSVBuffer, duckdb::CSVFileHandle&, duckdb::ClientContext&, unsigned long&, unsigned long, unsigned long>(duckdb::CSVFileHandle&, duckdb::ClientContext&, unsigned long&, unsigned long&&, unsigned long&&) /usr/include/c++/13/bits/shared_ptr.h:1010
    #22  in duckdb::shared_ptr<duckdb::CSVBuffer, true> duckdb::make_shared_ptr<duckdb::CSVBuffer, duckdb::CSVFileHandle&, duckdb::ClientContext&, unsigned long&, unsigned long, unsigned long>(duckdb::CSVFileHandle&, duckdb::ClientContext&, unsigned long&, unsigned long&&, unsigned long&&) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/include/duckdb/common/helper.hpp:74
    #23  in duckdb::CSVBuffer::Next(duckdb::CSVFileHandle&, unsigned long, bool&) const /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/execution/operator/csv_scanner/buffer_manager/csv_buffer.cpp:43
    #24  in duckdb::CSVBufferManager::ReadNextAndCacheIt() /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/execution/operator/csv_scanner/buffer_manager/csv_buffer_manager.cpp:39
    #25  in duckdb::CSVBufferManager::GetBuffer(unsigned long) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/execution/operator/csv_scanner/buffer_manager/csv_buffer_manager.cpp:68
    #26  in duckdb::ColumnCountScanner::FinalizeChunkProcess() /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/execution/operator/csv_scanner/scanner/column_count_scanner.cpp:170
    #27  in void duckdb::BaseScanner::ParseChunkInternal<duckdb::ColumnCountResult>(duckdb::ColumnCountResult&) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/include/duckdb/execution/operator/csv_scanner/base_scanner.hpp:422
    #28  in duckdb::ColumnCountScanner::ParseChunk() /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/execution/operator/csv_scanner/scanner/column_count_scanner.cpp:149
    #29  in duckdb::CSVSniffer::AnalyzeDialectCandidate(duckdb::unique_ptr<duckdb::ColumnCountScanner, std::default_delete<duckdb::ColumnCountScanner>, true>, duckdb::CandidateStats&, duckdb::vector<duckdb::unique_ptr<duckdb::ColumnCountScanner, std::default_delete<duckdb::ColumnCountScanner>, true>, true, std::allocator<duckdb::unique_ptr<duckdb::ColumnCountScanner, std::default_delete<duckdb::ColumnCountScanner>, true> > >&) /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/execution/operator/csv_scanner/sniffer/dialect_detection.cpp:219
    #30  in duckdb::CSVSniffer::DetectDialect() /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/execution/operator/csv_scanner/sniffer/dialect_detection.cpp:615

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/runner/work/duckdb-fuzzer-ci/duckdb-fuzzer-ci/duckdb/src/execution/operator/csv_scanner/scanner/string_value_scanner.cpp:1316 in duckdb::StringValueScanner::RemoveEscape(char const*, unsigned long, char, char, bool, duckdb::Vector&)
Shadow bytes around the buggy address:
  : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  : fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  : fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  : fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  : fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  : fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==8074==ABORTING
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

AddressSanitizer: heap-buffer-overflow; READ of size 1 at thread T0 #0 in duckdb::StringValueScanner::RemoveEscape(char const*, unsigned long, char, char, bool, duckdb::Vector&) /home/runner/wor #4351

To Reproduce

Error Message

Stack Trace

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

AddressSanitizer: heap-buffer-overflow; READ of size 1 at thread T0 #0 in duckdb::StringValueScanner::RemoveEscape(char const*, unsigned long, char, char, bool, duckdb::Vector&) /home/runner/wor #4351

Description

To Reproduce

Error Message

Stack Trace

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions