/ Check-in [ab0d99d0]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Prevent VACUUM from running any commands in sqlite_master.sql other than CREATE statements. That is all that should be there anyhow. This fixes a problem discovered by OSSFuzz. Test cases in TH3.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256:ab0d99d0b5edece4c639baa47ce1ca2c02774cb2515e5b7f36d9bd312ccd3310
User & Date: drh 2018-05-02 15:00:26
References
2018-05-03
21:51
Improved security for VACUUM. This check-in combines the fixes of [ab0d99d0b5ede] and [27754b74ddf646] in a way that is less likely to to be broken by future changes. check-in: 260fc696 user: drh tags: trunk
Context
2018-05-03
19:56
Overhaul of EXPLAIN QUERY PLAN. The output is now in the form of a tree. More details of the query plan are shown, and what is shown is truer to what actually happens. check-in: ff01bbda user: drh tags: trunk
03:59
The sqlite3BtreeInsert() routine tries to overwrite an existing cell with modified content if the new content is the same size. Pages are only dirtied if they change. This prototype works some, but still has issues. check-in: 489451b3 user: drh tags: cell-overwrite-prototype
2018-05-02
15:00
Prevent VACUUM from running any commands in sqlite_master.sql other than CREATE statements. That is all that should be there anyhow. This fixes a problem discovered by OSSFuzz. Test cases in TH3. check-in: ab0d99d0 user: drh tags: trunk
08:12
Fix a problem in the xBestIndex method of the closure extension causing it to allocate non-contiguous argvIndex values in some cases (an "xBestIndex malfunction" error). check-in: 0c671507 user: dan tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/vacuum.c.

243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
  /* Query the schema of the main database. Create a mirror schema
  ** in the temporary database.
  */
  db->init.iDb = nDb; /* force new CREATE statements into vacuum_db */
  rc = execSqlF(db, pzErrMsg,
      "SELECT sql FROM \"%w\".sqlite_master"
      " WHERE type='table'AND name<>'sqlite_sequence'"
      " AND coalesce(rootpage,1)>0",
      zDbMain
  );
  if( rc!=SQLITE_OK ) goto end_of_vacuum;
  rc = execSqlF(db, pzErrMsg,
      "SELECT sql FROM \"%w\".sqlite_master"
      " WHERE type='index' AND length(sql)>10",
      zDbMain







|







243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
  /* Query the schema of the main database. Create a mirror schema
  ** in the temporary database.
  */
  db->init.iDb = nDb; /* force new CREATE statements into vacuum_db */
  rc = execSqlF(db, pzErrMsg,
      "SELECT sql FROM \"%w\".sqlite_master"
      " WHERE type='table'AND name<>'sqlite_sequence'"
      " AND coalesce(rootpage,1)>0 AND sql LIKE 'CREATE%%'",
      zDbMain
  );
  if( rc!=SQLITE_OK ) goto end_of_vacuum;
  rc = execSqlF(db, pzErrMsg,
      "SELECT sql FROM \"%w\".sqlite_master"
      " WHERE type='index' AND length(sql)>10",
      zDbMain