Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Fix an OOB read in the INSTR() function introduced yesterday by check-in [3fb40f518086c1e8] and detected by OSSFuzz. The test case is in TH3. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
d49047c1b59bbfd05204af9973cdb0fa |
User & Date: | drh 2019-09-18 11:16:46.746 |
Context
2019-09-18
| ||
11:46 | Fix a "jump depends on unititialized value" valgrind error in fts5 triggered by corrupt database records. (check-in: 6b6751cd90 user: dan tags: trunk) | |
11:16 | Fix an OOB read in the INSTR() function introduced yesterday by check-in [3fb40f518086c1e8] and detected by OSSFuzz. The test case is in TH3. (check-in: d49047c1b5 user: drh tags: trunk) | |
2019-09-17
| ||
21:28 | Do not change the OP_String8 opcode into OP_String until *after* any necessary encoding conversions are accomplished. Otherwise, a rerun of the prepared statement after an OOM can result in errors. Test case in TH3. (check-in: 8efd62594e user: drh tags: trunk) | |
Changes
Changes to src/func.c.
︙ | ︙ | |||
220 221 222 223 224 225 226 227 228 229 230 | }else if( typeHaystack!=SQLITE_BLOB && typeNeedle!=SQLITE_BLOB ){ zHaystack = sqlite3_value_text(argv[0]); zNeedle = sqlite3_value_text(argv[1]); isText = 1; }else{ pC1 = sqlite3_value_dup(argv[0]); zHaystack = sqlite3_value_text(pC1); pC2 = sqlite3_value_dup(argv[1]); zNeedle = sqlite3_value_text(pC2); isText = 1; } | > > > > | < < < > > > > | 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 | }else if( typeHaystack!=SQLITE_BLOB && typeNeedle!=SQLITE_BLOB ){ zHaystack = sqlite3_value_text(argv[0]); zNeedle = sqlite3_value_text(argv[1]); isText = 1; }else{ pC1 = sqlite3_value_dup(argv[0]); zHaystack = sqlite3_value_text(pC1); if( zHaystack==0 ) goto endInstrOOM; nHaystack = sqlite3_value_bytes(pC1); pC2 = sqlite3_value_dup(argv[1]); zNeedle = sqlite3_value_text(pC2); if( zNeedle==0 ) goto endInstrOOM; nNeedle = sqlite3_value_bytes(pC2); isText = 1; } if( zNeedle==0 || (nHaystack && zHaystack==0) ) goto endInstrOOM; firstChar = zNeedle[0]; while( nNeedle<=nHaystack && (zHaystack[0]!=firstChar || memcmp(zHaystack, zNeedle, nNeedle)!=0) ){ N++; do{ nHaystack--; zHaystack++; }while( isText && (zHaystack[0]&0xc0)==0x80 ); } if( nNeedle>nHaystack ) N = 0; } sqlite3_result_int(context, N); endInstr: sqlite3_value_free(pC1); sqlite3_value_free(pC2); return; endInstrOOM: sqlite3_result_error_nomem(context); goto endInstr; } /* ** Implementation of the printf() function. */ static void printfFunc( sqlite3_context *context, |
︙ | ︙ |