/ Check-in [f91471e7]
Login
SQLite training in Houston TX on 2019-11-05 (details)
Part of the 2019 Tcl Conference

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix some segfaults that could occur in obscure circumstances where error messages contained characters that could be mistaken for printf format specifiers.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: f91471e7234db490f97298b1ccb8d6c7fc45b089
User & Date: dan 2010-10-21 15:12:44
Context
2010-10-21
22:58
Make sure the estimated row count for ephemeral tables is initialized so that automatic indices can be used on those tables. check-in: d30f7b2d user: drh tags: trunk
15:49
Merge trunk changes into experimental branch. check-in: fd1e5cad user: dan tags: experimental
15:12
Fix some segfaults that could occur in obscure circumstances where error messages contained characters that could be mistaken for printf format specifiers. check-in: f91471e7 user: dan tags: trunk
12:34
Fix a typo-bug that prevented --disable-amalgamation from working in Makefile.in. Also fix an overly long line in Makfile.in. check-in: 2c3c4ba0 user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/vdbeblob.c.

227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
...
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288

    sqlite3_bind_int64((sqlite3_stmt *)v, 1, iRow);
    rc = sqlite3_step((sqlite3_stmt *)v);
    if( rc!=SQLITE_ROW ){
      nAttempt++;
      rc = sqlite3_finalize((sqlite3_stmt *)v);
      sqlite3DbFree(db, zErr);
      zErr = sqlite3MPrintf(db, sqlite3_errmsg(db));
      v = 0;
    }
  } while( nAttempt<5 && rc==SQLITE_SCHEMA );

  if( rc==SQLITE_ROW ){
    /* The row-record has been opened successfully. Check that the
    ** column in question contains text or a blob. If it contains
................................................................................
    rc = SQLITE_ERROR;
  }

blob_open_out:
  if( v && (rc!=SQLITE_OK || db->mallocFailed) ){
    sqlite3VdbeFinalize(v);
  }
  sqlite3Error(db, rc, zErr);
  sqlite3DbFree(db, zErr);
  sqlite3StackFree(db, pParse);
  rc = sqlite3ApiExit(db, rc);
  sqlite3_mutex_leave(db->mutex);
  return rc;
}








|







 







|







227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
...
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288

    sqlite3_bind_int64((sqlite3_stmt *)v, 1, iRow);
    rc = sqlite3_step((sqlite3_stmt *)v);
    if( rc!=SQLITE_ROW ){
      nAttempt++;
      rc = sqlite3_finalize((sqlite3_stmt *)v);
      sqlite3DbFree(db, zErr);
      zErr = sqlite3MPrintf(db, "%s", sqlite3_errmsg(db));
      v = 0;
    }
  } while( nAttempt<5 && rc==SQLITE_SCHEMA );

  if( rc==SQLITE_ROW ){
    /* The row-record has been opened successfully. Check that the
    ** column in question contains text or a blob. If it contains
................................................................................
    rc = SQLITE_ERROR;
  }

blob_open_out:
  if( v && (rc!=SQLITE_OK || db->mallocFailed) ){
    sqlite3VdbeFinalize(v);
  }
  sqlite3Error(db, rc, (zErr ? "%s" : 0), zErr);
  sqlite3DbFree(db, zErr);
  sqlite3StackFree(db, pParse);
  rc = sqlite3ApiExit(db, rc);
  sqlite3_mutex_leave(db->mutex);
  return rc;
}

Changes to src/vtab.c.

668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
        pTab->aCol = pParse->pNewTable->aCol;
        pTab->nCol = pParse->pNewTable->nCol;
        pParse->pNewTable->nCol = 0;
        pParse->pNewTable->aCol = 0;
      }
      db->pVTab = 0;
    }else{
      sqlite3Error(db, SQLITE_ERROR, zErr);
      sqlite3DbFree(db, zErr);
      rc = SQLITE_ERROR;
    }
    pParse->declareVtab = 0;
  
    if( pParse->pVdbe ){
      sqlite3VdbeFinalize(pParse->pVdbe);







|







668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
        pTab->aCol = pParse->pNewTable->aCol;
        pTab->nCol = pParse->pNewTable->nCol;
        pParse->pNewTable->nCol = 0;
        pParse->pNewTable->aCol = 0;
      }
      db->pVTab = 0;
    }else{
      sqlite3Error(db, SQLITE_ERROR, (zErr ? "%s" : 0), zErr);
      sqlite3DbFree(db, zErr);
      rc = SQLITE_ERROR;
    }
    pParse->declareVtab = 0;
  
    if( pParse->pVdbe ){
      sqlite3VdbeFinalize(pParse->pVdbe);

Changes to test/incrblob.test.

672
673
674
675
676
677
678









679
680
681
do_test incrblob-8.6 {
  set rc [catch {sqlite3_blob_write $::b 0 etilqs 6} msg]
  lappend rc $msg
} {0 {}}
do_test incrblob-8.7 {
  execsql {SELECT b FROM t1 WHERE a = 314159}
} {etilqs}











finish_test







>
>
>
>
>
>
>
>
>



672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
do_test incrblob-8.6 {
  set rc [catch {sqlite3_blob_write $::b 0 etilqs 6} msg]
  lappend rc $msg
} {0 {}}
do_test incrblob-8.7 {
  execsql {SELECT b FROM t1 WHERE a = 314159}
} {etilqs}

# The following test case exposes an instance in the blob code where
# an error message was set using a call similar to sqlite3_mprintf(zErr),
# where zErr is an arbitrary string. This is no good if the string contains
# characters that can be mistaken for printf() formatting directives.
#
do_test incrblob-9.1 {
  list [catch { db incrblob t1 "A tricky column name %s%s" 1 } msg] $msg
} {1 {no such column: "A tricky column name %s%s"}}


finish_test

Changes to test/vtab1.test.

1158
1159
1160
1161
1162
1163
1164















1165
1166
1167
  do_test vtab1-16.$tn {
    set echo_module_fail(xRename,t2) "the xRename method has failed"
    catchsql { ALTER TABLE echo_t2 RENAME TO another_name }
  } "1 {echo-vtab-error: the xRename method has failed}"
  unset echo_module_fail(xRename,t2)
  incr tn
}
















unset -nocomplain echo_module_begin_fail
finish_test







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>



1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
  do_test vtab1-16.$tn {
    set echo_module_fail(xRename,t2) "the xRename method has failed"
    catchsql { ALTER TABLE echo_t2 RENAME TO another_name }
  } "1 {echo-vtab-error: the xRename method has failed}"
  unset echo_module_fail(xRename,t2)
  incr tn
}

# The following test case exposes an instance in sqlite3_declare_vtab()
# an error message was set using a call similar to sqlite3_mprintf(zErr),
# where zErr is an arbitrary string. This is no good if the string contains
# characters that can be mistaken for printf() formatting directives.
#
do_test vtab1-17.1 {
  execsql { 
    PRAGMA writable_schema = 1;
    INSERT INTO sqlite_master VALUES(
      'table', 't3', 't3', 0, 'INSERT INTO "%s%s" VALUES(1)'
    );
  }
  catchsql { CREATE VIRTUAL TABLE t4 USING echo(t3); }
} {1 {vtable constructor failed: t4}}

unset -nocomplain echo_module_begin_fail
finish_test