/ Check-in [10cc44f5]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix incorrect validation of the size of the BLOB returned by a geometry function on the RHS of a MATCH operator in RTree. The old code worked for 64-bit systems (by chance) but fails on 32-bit.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 10cc44f5a63e6cadf6940bb7310a177ee7fa6ee2
User & Date: drh 2015-05-22 23:17:28
Context
2015-05-22
23:39
Fix another bad assert() in btree - one that can be false on a corrupt database file. check-in: 89f0bbfd user: drh tags: trunk
23:26
Merge enhancements from trunk, including the new sqlite3_value_dup() API and the addition of the apSqlParam field in the sqlite3_rtree_query_info object of R-Tree. check-in: cdc0ca6f user: drh tags: sessions
23:17
Fix incorrect validation of the size of the BLOB returned by a geometry function on the RHS of a MATCH operator in RTree. The old code worked for 64-bit systems (by chance) but fails on 32-bit. check-in: 10cc44f5 user: drh tags: trunk
21:12
Add the sqlite3_value_dup() and sqlite3_value_free() interfaces. Use these interfaces to enhance R-Tree to add the sqlite3_rtree_query_info.apSqlParam field. check-in: c1814242 user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to ext/rtree/rtree.c.

1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
  int nExpected;                     /* Expected size of the BLOB */

  /* Check that value is actually a blob. */
  if( sqlite3_value_type(pValue)!=SQLITE_BLOB ) return SQLITE_ERROR;

  /* Check that the blob is roughly the right size. */
  nBlob = sqlite3_value_bytes(pValue);
  if( nBlob<(int)sizeof(RtreeMatchArg) 
   || ((nBlob-sizeof(RtreeMatchArg))%sizeof(RtreeDValue))!=0
  ){
    return SQLITE_ERROR;
  }

  pInfo = (sqlite3_rtree_query_info*)sqlite3_malloc( sizeof(*pInfo)+nBlob );
  if( !pInfo ) return SQLITE_NOMEM;
  memset(pInfo, 0, sizeof(*pInfo));
  pBlob = (RtreeMatchArg*)&pInfo[1];







|
<
<







1479
1480
1481
1482
1483
1484
1485
1486


1487
1488
1489
1490
1491
1492
1493
  int nExpected;                     /* Expected size of the BLOB */

  /* Check that value is actually a blob. */
  if( sqlite3_value_type(pValue)!=SQLITE_BLOB ) return SQLITE_ERROR;

  /* Check that the blob is roughly the right size. */
  nBlob = sqlite3_value_bytes(pValue);
  if( nBlob<(int)sizeof(RtreeMatchArg) ){


    return SQLITE_ERROR;
  }

  pInfo = (sqlite3_rtree_query_info*)sqlite3_malloc( sizeof(*pInfo)+nBlob );
  if( !pInfo ) return SQLITE_NOMEM;
  memset(pInfo, 0, sizeof(*pInfo));
  pBlob = (RtreeMatchArg*)&pInfo[1];