Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Fix a potential buffer overrun in the replace() function. (CVS 3947) |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
b0fb4a3cf6ddbc17ccd0c719b34a720d |
User & Date: | danielk1977 2007-05-08 14:39:04.000 |
Context
2007-05-08
| ||
14:51 | Add the max_page_count pragma used to limit the maximum size of a database file. Untested. (CVS 3948) (check-in: b1b74f0668 user: drh tags: trunk) | |
14:39 | Fix a potential buffer overrun in the replace() function. (CVS 3947) (check-in: b0fb4a3cf6 user: danielk1977 tags: trunk) | |
13:58 | Add more code to enforce the limits specified in limits.h. (CVS 3946) (check-in: c59d436095 user: drh tags: trunk) | |
Changes
Changes to src/func.c.
︙ | |||
12 13 14 15 16 17 18 | 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | - + | ** This file contains the C functions that implement various SQL ** functions of SQLite. ** ** There is only one exported symbol in this file - the function ** sqliteRegisterBuildinFunctions() found at the bottom of the file. ** All other code has file scope. ** |
︙ | |||
749 750 751 752 753 754 755 | 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 | - + + + + + + + | if( zPattern==0 || zPattern[0]==0 ) return; nRep = sqlite3_value_bytes(argv[2]); zRep = sqlite3_value_text(argv[2]); if( zRep==0 ) return; if( nPattern>=nRep ){ nOut = nStr; }else{ |
︙ |
Changes to test/func.test.
1 2 3 4 5 6 7 8 9 10 11 12 13 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | - + | # 2001 September 15 # # The author disclaims copyright to this source code. In place of # a legal notice, here is a blessing: # # May you do good and not evil. # May you find forgiveness for yourself and forgive others. # May you share freely, never taking more than you give. # #*********************************************************************** # This file implements regression tests for SQLite library. The # focus of this file is testing built-in functions. # |
︙ | |||
329 330 331 332 333 334 335 336 337 338 339 340 341 342 | 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 | + | } {00112233445566778899AABBCCDDEEFF} do_test func-9.11 { execsql {SELECT hex(replace('abcdefg','ef','12'))} } {61626364313267} do_test func-9.12 { execsql {SELECT hex(replace('abcdefg','','12'))} } {{}} breakpoint do_test func-9.13 { execsql {SELECT hex(replace('aabcdefg','a','aaa'))} } {616161616161626364656667} # Use the "sqlite_register_test_function" TCL command which is part of # the text fixture in order to verify correct operation of some of # the user-defined SQL function APIs that are not used by the built-in |
︙ | |||
778 779 780 781 782 783 784 785 786 787 788 789 790 791 | 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 | + + + + + + + + + + | } {{This is the larger-main test string}} do_test func-21.8 { execsql { SELECT replace("aaaaaaa", "a", "0123456789"); } } {0123456789012345678901234567890123456789012345678901234567890123456789} do_test func-21.9 { # Attempt to exploit a buffer-overflow that at one time existed # in the REPLACE function. set ::str "[string repeat A 29998]CC[string repeat A 35537]" set ::rep [string repeat B 65536] execsql { SELECT LENGTH(REPLACE($::str, 'C', $::rep)); } } [expr 29998 + 2*65536 + 35537] # Tests for the TRIM, LTRIM and RTRIM functions. # do_test func-22.1 { catchsql {SELECT trim(1,2,3)} } {1 {wrong number of arguments to function trim()}} do_test func-22.2 { catchsql {SELECT ltrim(1,2,3)} |
︙ |