SQLite

Check-in [3f657e8876]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Prevent buffer overruns when converting malformed UTF16 to UTF8. Ticket #3482. (CVS 5869)
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 3f657e88767f60d305dd6151e7aa54363341d052
User & Date: drh 2008-11-07 03:29:34.000
Context
2008-11-10
17:08
Fixed typos; Consistent use of Mac OS X name; (CVS 5870) (check-in: dfc9474337 user: shane tags: trunk)
2008-11-07
03:29
Prevent buffer overruns when converting malformed UTF16 to UTF8. Ticket #3482. (CVS 5869) (check-in: 3f657e8876 user: drh tags: trunk)
00:24
Prevent a rollback from crashing if the sector-size field of the rollback journal is corrupted. (CVS 5868) (check-in: cf9d1d933f user: drh tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/utf.c.
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
**    May you find forgiveness for yourself and forgive others.
**    May you share freely, never taking more than you give.
**
*************************************************************************
** This file contains routines used to translate between UTF-8, 
** UTF-16, UTF-16BE, and UTF-16LE.
**
** $Id: utf.c,v 1.65 2008/08/12 15:04:59 danielk1977 Exp $
**
** Notes on UTF-8:
**
**   Byte-0    Byte-1    Byte-2    Byte-3    Value
**  0xxxxxxx                                 00000000 00000000 0xxxxxxx
**  110yyyyy  10xxxxxx                       00000000 00000yyy yyxxxxxx
**  1110zzzz  10yyyyyy  10xxxxxx             00000000 zzzzyyyy yyxxxxxx







|







8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
**    May you find forgiveness for yourself and forgive others.
**    May you share freely, never taking more than you give.
**
*************************************************************************
** This file contains routines used to translate between UTF-8, 
** UTF-16, UTF-16BE, and UTF-16LE.
**
** $Id: utf.c,v 1.66 2008/11/07 03:29:34 drh Exp $
**
** Notes on UTF-8:
**
**   Byte-0    Byte-1    Byte-2    Byte-3    Value
**  0xxxxxxx                                 00000000 00000000 0xxxxxxx
**  110yyyyy  10xxxxxx                       00000000 00000yyy yyxxxxxx
**  1110zzzz  10yyyyyy  10xxxxxx             00000000 zzzzyyyy yyxxxxxx
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246

247
248
249
250
251
252
253
    int rc;
    rc = sqlite3VdbeMemMakeWriteable(pMem);
    if( rc!=SQLITE_OK ){
      assert( rc==SQLITE_NOMEM );
      return SQLITE_NOMEM;
    }
    zIn = (u8*)pMem->z;
    zTerm = &zIn[pMem->n];
    while( zIn<zTerm ){
      temp = *zIn;
      *zIn = *(zIn+1);
      zIn++;
      *zIn++ = temp;
    }
    pMem->enc = desiredEnc;
    goto translate_out;
  }

  /* Set len to the maximum number of bytes required in the output buffer. */
  if( desiredEnc==SQLITE_UTF8 ){
    /* When converting from UTF-16, the maximum growth results from
    ** translating a 2-byte character to a 4-byte UTF-8 character.
    ** A single byte is required for the output string
    ** nul-terminator.
    */

    len = pMem->n * 2 + 1;
  }else{
    /* When converting from UTF-8 to UTF-16 the maximum growth is caused
    ** when a 1-byte UTF-8 character is translated into a 2-byte UTF-16
    ** character. Two bytes are required in the output buffer for the
    ** nul-terminator.
    */







|

















>







222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
    int rc;
    rc = sqlite3VdbeMemMakeWriteable(pMem);
    if( rc!=SQLITE_OK ){
      assert( rc==SQLITE_NOMEM );
      return SQLITE_NOMEM;
    }
    zIn = (u8*)pMem->z;
    zTerm = &zIn[pMem->n&~1];
    while( zIn<zTerm ){
      temp = *zIn;
      *zIn = *(zIn+1);
      zIn++;
      *zIn++ = temp;
    }
    pMem->enc = desiredEnc;
    goto translate_out;
  }

  /* Set len to the maximum number of bytes required in the output buffer. */
  if( desiredEnc==SQLITE_UTF8 ){
    /* When converting from UTF-16, the maximum growth results from
    ** translating a 2-byte character to a 4-byte UTF-8 character.
    ** A single byte is required for the output string
    ** nul-terminator.
    */
    pMem->n &= ~1;
    len = pMem->n * 2 + 1;
  }else{
    /* When converting from UTF-8 to UTF-16 the maximum growth is caused
    ** when a 1-byte UTF-8 character is translated into a 2-byte UTF-16
    ** character. Two bytes are required in the output buffer for the
    ** nul-terminator.
    */
Changes to test/utf16align.test.
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
#***********************************************************************
# 
# This file contains code to verify that the SQLITE_UTF16_ALIGNED
# flag passed into the sqlite3_create_collation() function insures
# that all strings passed to that function are aligned on an even
# byte boundary.
#
# $Id: utf16align.test,v 1.1 2006/02/16 18:16:38 drh Exp $

set testdir [file dirname $argv0]
source $testdir/tester.tcl

# Skip this entire test if we do not support UTF16
#
ifcapable !utf16 {







|







10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
#***********************************************************************
# 
# This file contains code to verify that the SQLITE_UTF16_ALIGNED
# flag passed into the sqlite3_create_collation() function insures
# that all strings passed to that function are aligned on an even
# byte boundary.
#
# $Id: utf16align.test,v 1.2 2008/11/07 03:29:34 drh Exp $

set testdir [file dirname $argv0]
source $testdir/tester.tcl

# Skip this entire test if we do not support UTF16
#
ifcapable !utf16 {
76
77
78
79
80
81
82
83











84
  set unaligned_string_counter 0
  execsql {
    CREATE INDEX t1i2 ON t1(spacer, a);
  }
  expr {$unaligned_string_counter>0}
} 0
integrity_check utf16align-1.4












finish_test








>
>
>
>
>
>
>
>
>
>
>

76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
  set unaligned_string_counter 0
  execsql {
    CREATE INDEX t1i2 ON t1(spacer, a);
  }
  expr {$unaligned_string_counter>0}
} 0
integrity_check utf16align-1.4

# ticket #3482
#
db close
sqlite3 db :memory:
do_test utf16align-2.1 {
  db eval {
    PRAGMA encoding=UTF16be;
    SELECT hex(ltrim(x'6efcda'));
  }
} {6EFC}

finish_test