Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Prevent unsigned 32-bit integer overflow from leading to a buffer overread inside of an assert(). The problem fixed here is no reachable in production code. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
0f850a25d67a752fe1e9059c0c3f78e0 |
| User & Date: | drh 2019-01-12 21:30:26 |
Context
|
2019-01-13
| ||
| 00:58 | Move a local variable declaration into the outermost scope in which it is used. This fixes an ASAN warning. check-in: ac3b6021 user: drh tags: trunk | |
|
2019-01-12
| ||
| 21:30 | Prevent unsigned 32-bit integer overflow from leading to a buffer overread inside of an assert(). The problem fixed here is no reachable in production code. check-in: 0f850a25 user: drh tags: trunk | |
| 20:55 | Fix another problem with handling corrupt records in fts5_decode(). check-in: 726e398b user: dan tags: trunk | |
Changes
Changes to src/vdbeaux.c.
3879 3880 3881 3882 3883 3884 3885 3886 3887 3888 3889 3890 3891 3892 3893 3894 |
/* Verify that there is enough key space remaining to avoid
** a buffer overread. The "d1+serial_type1+2" subexpression will
** always be greater than or equal to the amount of required key space.
** Use that approximation to avoid the more expensive call to
** sqlite3VdbeSerialTypeLen() in the common case.
*/
if( d1+serial_type1+2>(u32)nKey1
&& d1+sqlite3VdbeSerialTypeLen(serial_type1)>(u32)nKey1
){
break;
}
/* Extract the values to be compared.
*/
d1 += sqlite3VdbeSerialGet(&aKey1[d1], serial_type1, &mem1);
|
| | |
3879 3880 3881 3882 3883 3884 3885 3886 3887 3888 3889 3890 3891 3892 3893 3894 |
/* Verify that there is enough key space remaining to avoid
** a buffer overread. The "d1+serial_type1+2" subexpression will
** always be greater than or equal to the amount of required key space.
** Use that approximation to avoid the more expensive call to
** sqlite3VdbeSerialTypeLen() in the common case.
*/
if( d1+(u64)serial_type1+2>(u64)nKey1
&& d1+(u64)sqlite3VdbeSerialTypeLen(serial_type1)>(u64)nKey1
){
break;
}
/* Extract the values to be compared.
*/
d1 += sqlite3VdbeSerialGet(&aKey1[d1], serial_type1, &mem1);
|