/ Check-in [14d855d2]
Login
Home Timeline Branches Tags Tickets
Overview
Comment:Fix a crash that could occur following an OOM in the group_concat() function if the second argument is an SQLITE_BLOB value.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:14d855d2b2b5b3485e0673d11405db7266b34c6d
User & Date: dan 2016-12-30 17:40:14
Context
2017-01-01
12:44
Detect row-value comparison size mismatches even when the size of one operand is obscured by an unexpanded subquery. check-in: 2c4d167c user: drh tags: trunk
2016-12-31
21:55
Add the --help and --all options to the wordcount test utility. Closed-Leaf check-in: 18baeadf user: drh tags: wordcount-enhancement
14:33
Minor #include change to speedtest1.c so that it will compile under MSVC. check-in: 8c28fde0 user: drh tags: speedtest1
2016-12-30
17:40
Fix a crash that could occur following an OOM in the group_concat() function if the second argument is an SQLITE_BLOB value. check-in: 14d855d2 user: dan tags: trunk
15:16
Strengthen the defense against OOM in the instr() SQL function. check-in: a0971e71 user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/func.c. 

1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644

      if( argc==2 ){
        zSep = (char*)sqlite3_value_text(argv[1]);
        nSep = sqlite3_value_bytes(argv[1]);
      }else{
        zSep = ",";
        nSep = 1;
      }
      if( nSep ) sqlite3StrAccumAppend(pAccum, zSep, nSep);
    }
    zVal = (char*)sqlite3_value_text(argv[0]);
    nVal = sqlite3_value_bytes(argv[0]);
    if( zVal ) sqlite3StrAccumAppend(pAccum, zVal, nVal);
  }
}
static void groupConcatFinalize(sqlite3_context *context){








|








1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644

      if( argc==2 ){
        zSep = (char*)sqlite3_value_text(argv[1]);
        nSep = sqlite3_value_bytes(argv[1]);
      }else{
        zSep = ",";
        nSep = 1;
      }
      if( zSep ) sqlite3StrAccumAppend(pAccum, zSep, nSep);
    }
    zVal = (char*)sqlite3_value_text(argv[0]);
    nVal = sqlite3_value_bytes(argv[0]);
    if( zVal ) sqlite3StrAccumAppend(pAccum, zVal, nVal);
  }
}
static void groupConcatFinalize(sqlite3_context *context){

Added test/gcfault.test. 



















































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56

# 2016 December 30
#
# The author disclaims copyright to this source code.  In place of
# a legal notice, here is a blessing:
#
#    May you do good and not evil.
#    May you find forgiveness for yourself and forgive others.
#    May you share freely, never taking more than you give.
#
#***********************************************************************
# This file implements regression tests for SQLite library.  The
# focus of this file is testing OOM error handling within the built-in 
# group_concat() function.
#

set testdir [file dirname $argv0]
source $testdir/tester.tcl
set testprefix gcfault


foreach {enc} {
  utf16
  utf8
} {
  reset_db
  sqlite3_db_config_lookaside db 0 0 0
  execsql "PRAGMA encoding = $enc"

  do_execsql_test 1.$enc.1 {
    CREATE TABLE s(i, s);
    INSERT INTO s VALUES(1, ',0123456789,');
    INSERT INTO s VALUES(2, X'2c303132333435363738392c');

    CREATE TABLE e(e);
    INSERT INTO e VALUES('v1'), ('v2');
  } {}

  do_faultsim_test 1.$enc.1 -faults oom* -body {
    execsql { SELECT group_concat(e, (SELECT s FROM s WHERE i=1)) FROM e }
  }

  do_faultsim_test 1.$enc.2 -faults oom-t* -body {
    execsql { SELECT group_concat(e, (SELECT s FROM s WHERE i=2)) FROM e }
  }

  do_faultsim_test 1.$enc.3 -faults oom-t* -prep {
    set ::STMT [sqlite3_prepare db {SELECT group_concat(e, ?) FROM e} -1 dummy]
    sqlite3_bind_text $::STMT 1 ",0123456789," 12
  } -body {
    while { "SQLITE_ROW"==[sqlite3_step $::STMT] } { }
  } -test {
    sqlite3_finalize $::STMT
  }
}

finish_test

Changes to test/instr.test. 

243
244
245
246
247
248
249
250









251

} {999}
do_execsql_test instr-1.61 {
  SELECT coalesce(instr('abc',NULL), 999);
} {999}
do_execsql_test instr-1.62 {
  SELECT coalesce(instr(NULL,NULL), 999);
} {999}










finish_test









>
>
>
>
>
>
>
>
>


243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260

} {999}
do_execsql_test instr-1.61 {
  SELECT coalesce(instr('abc',NULL), 999);
} {999}
do_execsql_test instr-1.62 {
  SELECT coalesce(instr(NULL,NULL), 999);
} {999}

do_execsql_test instr-1.63 {
  SELECT instr(X'', 'abc')
} 0
do_execsql_test instr-1.64 {
  CREATE TABLE x1(a, b);
  INSERT INTO x1 VALUES(X'', 'abc');
  SELECT instr(a, b) FROM x1;
} 0

finish_test

Changes to test/instrfault.test. 

25
26
27
28
29
30
31


32
33
34
35
36
37
38
..
59
60
61
62
63
64
65






















66
67
68

set ::HAYSTACK "[string repeat 123 10]$NEEDLE[string repeat 456 10]"

foreach {enc} {
  utf8
  utf16
} {
  reset_db


  execsql "PRAGMA encoding = $enc"
  do_execsql_test 1.$enc.1 {
    CREATE TABLE t1(n, h);
    INSERT INTO t1 VALUES($::NEEDLE, $::HAYSTACK);
  } {}

  do_faultsim_test 1.$enc.1 -faults oom-t* -prep {
................................................................................
    set rc [sqlite3_step $::stmt]
    if {$rc=="SQLITE_NOMEM"} { error "out of memory" }
    sqlite3_column_int $::stmt 0
  } -test {
    faultsim_test_result {0 31}
    sqlite3_finalize $::stmt
  }






















}

finish_test








>
>







 







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>




25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
..
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

set ::HAYSTACK "[string repeat 123 10]$NEEDLE[string repeat 456 10]"

foreach {enc} {
  utf8
  utf16
} {
  reset_db
  sqlite3_db_config_lookaside db 0 0 0

  execsql "PRAGMA encoding = $enc"
  do_execsql_test 1.$enc.1 {
    CREATE TABLE t1(n, h);
    INSERT INTO t1 VALUES($::NEEDLE, $::HAYSTACK);
  } {}

  do_faultsim_test 1.$enc.1 -faults oom-t* -prep {
................................................................................
    set rc [sqlite3_step $::stmt]
    if {$rc=="SQLITE_NOMEM"} { error "out of memory" }
    sqlite3_column_int $::stmt 0
  } -test {
    faultsim_test_result {0 31}
    sqlite3_finalize $::stmt
  }

  do_faultsim_test 1.$enc.4 -faults oom-t* -prep {
    set ::stmt [sqlite3_prepare_v2 db "SELECT instr(?, ?)" -1 dummy]
    sqlite3_bind_blob $::stmt 1 $::HAYSTACK [string length $::HAYSTACK]
    sqlite3_bind_text $::stmt 2 $::NEEDLE [string length $::NEEDLE]
  } -body {
    set rc [sqlite3_step $::stmt]
    if {$rc=="SQLITE_NOMEM"} { error "out of memory" }
    sqlite3_column_int $::stmt 0
  } -test {
    faultsim_test_result {0 31}
    sqlite3_finalize $::stmt
  }

  do_execsql_test 1.$enc.5.0 {
    CREATE TABLE h1(a, b);
    INSERT INTO h1 VALUES('abcdefg%200hijkl', randomblob(200));
    INSERT INTO h1 SELECT b, a FROM h1;
  }
  do_faultsim_test 1.$enc.5 -faults oom-t* -body {
    execsql { SELECT rowid FROM h1 WHERE instr(a,b) }
  } -test {}
}

finish_test

This page was generated in about 0.007s by Fossil 2.5 [52b3b8ed22] 2018-04-10 17:48:28