Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Fix a buffer overread in debugging routine sqlite3VdbeMemPrettyPrint(). Problem discovered by OSS-Fuzz. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
f336fba7d7d41b91a5000d01dddf7858 |
User & Date: | dan 2017-03-17 13:59:06.018 |
Context
2017-03-17
| ||
14:15 | Fix the Makefile.in so that it builds the ossshell test program correctly. (check-in: 36f5602ec9 user: drh tags: trunk) | |
13:59 | Fix a buffer overread in debugging routine sqlite3VdbeMemPrettyPrint(). Problem discovered by OSS-Fuzz. (check-in: f336fba7d7 user: dan tags: trunk) | |
03:21 | Fix a problem in the enhanced PRAGMA integrity_check where it verifies CHECK constraints: Do not be confused by the reuse of the Table.pCheck field by VIEWs with named columns. Problem discovered by OSS-Fuzz. (check-in: 019dd3d5ba user: drh tags: trunk) | |
Changes
Changes to src/vdbe.c.
︙ | ︙ | |||
2653 2654 2655 2656 2657 2658 2659 | || (len = sqlite3VdbeSerialTypeLen(t))==0 ){ /* Content is irrelevant for ** 1. the typeof() function, ** 2. the length(X) function if X is a blob, and ** 3. if the content length is zero. ** So we might as well use bogus content rather than reading | | > > > > > | | 2653 2654 2655 2656 2657 2658 2659 2660 2661 2662 2663 2664 2665 2666 2667 2668 2669 2670 2671 2672 2673 | || (len = sqlite3VdbeSerialTypeLen(t))==0 ){ /* Content is irrelevant for ** 1. the typeof() function, ** 2. the length(X) function if X is a blob, and ** 3. if the content length is zero. ** So we might as well use bogus content rather than reading ** content from disk. ** ** Although sqlite3VdbeSerialGet() may read at most 8 bytes from the ** buffer passed to it, debugging function VdbeMemPrettyPrint() may ** read up to 16. So 16 bytes of bogus content is supplied. */ static u8 aZero[16]; /* This is the bogus content */ sqlite3VdbeSerialGet(aZero, t, pDest); }else{ rc = sqlite3VdbeMemFromBtree(pC->uc.pCursor, aOffset[p2], len, pDest); if( rc!=SQLITE_OK ) goto abort_due_to_error; sqlite3VdbeSerialGet((const u8*)pDest->z, t, pDest); pDest->flags &= ~MEM_Ephem; } |
︙ | ︙ |