Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Prevent unsigned 32-bit integer overflow from leading to a buffer overread inside of an assert(). The problem fixed here is no reachable in production code. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
0f850a25d67a752fe1e9059c0c3f78e0 |
User & Date: | drh 2019-01-12 21:30:26.399 |
Context
2019-01-13
| ||
00:58 | Move a local variable declaration into the outermost scope in which it is used. This fixes an ASAN warning. (check-in: ac3b6021d9 user: drh tags: trunk) | |
2019-01-12
| ||
21:30 | Prevent unsigned 32-bit integer overflow from leading to a buffer overread inside of an assert(). The problem fixed here is no reachable in production code. (check-in: 0f850a25d6 user: drh tags: trunk) | |
20:55 | Fix another problem with handling corrupt records in fts5_decode(). (check-in: 726e398b9d user: dan tags: trunk) | |
Changes
Changes to src/vdbeaux.c.
︙ | ︙ | |||
3879 3880 3881 3882 3883 3884 3885 | /* Verify that there is enough key space remaining to avoid ** a buffer overread. The "d1+serial_type1+2" subexpression will ** always be greater than or equal to the amount of required key space. ** Use that approximation to avoid the more expensive call to ** sqlite3VdbeSerialTypeLen() in the common case. */ | | | | 3879 3880 3881 3882 3883 3884 3885 3886 3887 3888 3889 3890 3891 3892 3893 3894 | /* Verify that there is enough key space remaining to avoid ** a buffer overread. The "d1+serial_type1+2" subexpression will ** always be greater than or equal to the amount of required key space. ** Use that approximation to avoid the more expensive call to ** sqlite3VdbeSerialTypeLen() in the common case. */ if( d1+(u64)serial_type1+2>(u64)nKey1 && d1+(u64)sqlite3VdbeSerialTypeLen(serial_type1)>(u64)nKey1 ){ break; } /* Extract the values to be compared. */ d1 += sqlite3VdbeSerialGet(&aKey1[d1], serial_type1, &mem1); |
︙ | ︙ |