Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Fix a buffer overread in debugging routine sqlite3VdbeMemPrettyPrint(). Problem discovered by OSS-Fuzz. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
f336fba7d7d41b91a5000d01dddf7858 |
| User & Date: | dan 2017-03-17 13:59:06 |
Context
|
2017-03-17
| ||
| 14:15 | Fix the Makefile.in so that it builds the ossshell test program correctly. check-in: 36f5602e user: drh tags: trunk | |
| 13:59 | Fix a buffer overread in debugging routine sqlite3VdbeMemPrettyPrint(). Problem discovered by OSS-Fuzz. check-in: f336fba7 user: dan tags: trunk | |
| 03:21 | Fix a problem in the enhanced PRAGMA integrity_check where it verifies CHECK constraints: Do not be confused by the reuse of the Table.pCheck field by VIEWs with named columns. Problem discovered by OSS-Fuzz. check-in: 019dd3d5 user: drh tags: trunk | |
Changes
Changes to src/vdbe.c.
2653 2654 2655 2656 2657 2658 2659 2660 2661 2662 2663 2664 2665 2666 2667 2668 |
|| (len = sqlite3VdbeSerialTypeLen(t))==0
){
/* Content is irrelevant for
** 1. the typeof() function,
** 2. the length(X) function if X is a blob, and
** 3. if the content length is zero.
** So we might as well use bogus content rather than reading
** content from disk. */
static u8 aZero[8]; /* This is the bogus content */
sqlite3VdbeSerialGet(aZero, t, pDest);
}else{
rc = sqlite3VdbeMemFromBtree(pC->uc.pCursor, aOffset[p2], len, pDest);
if( rc!=SQLITE_OK ) goto abort_due_to_error;
sqlite3VdbeSerialGet((const u8*)pDest->z, t, pDest);
pDest->flags &= ~MEM_Ephem;
}
|
| > > > > > | |
2653 2654 2655 2656 2657 2658 2659 2660 2661 2662 2663 2664 2665 2666 2667 2668 2669 2670 2671 2672 2673 |
|| (len = sqlite3VdbeSerialTypeLen(t))==0
){
/* Content is irrelevant for
** 1. the typeof() function,
** 2. the length(X) function if X is a blob, and
** 3. if the content length is zero.
** So we might as well use bogus content rather than reading
** content from disk.
**
** Although sqlite3VdbeSerialGet() may read at most 8 bytes from the
** buffer passed to it, debugging function VdbeMemPrettyPrint() may
** read up to 16. So 16 bytes of bogus content is supplied.
*/
static u8 aZero[16]; /* This is the bogus content */
sqlite3VdbeSerialGet(aZero, t, pDest);
}else{
rc = sqlite3VdbeMemFromBtree(pC->uc.pCursor, aOffset[p2], len, pDest);
if( rc!=SQLITE_OK ) goto abort_due_to_error;
sqlite3VdbeSerialGet((const u8*)pDest->z, t, pDest);
pDest->flags &= ~MEM_Ephem;
}
|