/ Check-in [1f5b1841]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a potential buffer overrun in sqlite3_mprintf() when a non-terminated string is passed to a "%s" format with a precision specifying the number of bytes to copy. (CVS 5067)
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 1f5b18419bb4e2552ac26593381e2eb866bb67fd
User & Date: drh 2008-04-29 15:22:27
Context
2008-04-29
15:38
Zero the per-pager temporary space allocation to avoid warnings from valgrind. (CVS 5068) check-in: f854ae57 user: drh tags: trunk
15:22
Fix a potential buffer overrun in sqlite3_mprintf() when a non-terminated string is passed to a "%s" format with a precision specifying the number of bytes to copy. (CVS 5067) check-in: 1f5b1841 user: drh tags: trunk
00:15
Always convert IEEE NaN into NULL. Ticket #3060. Add test cases to verify that this is happening. (CVS 5066) check-in: 9b07e59e user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/printf.c.

623
624
625
626
627
628
629



630
631

632
633
634
635
636
637
638
      case etDYNSTRING:
        bufpt = va_arg(ap,char*);
        if( bufpt==0 ){
          bufpt = "";
        }else if( xtype==etDYNSTRING ){
          zExtra = bufpt;
        }



        length = strlen(bufpt);
        if( precision>=0 && precision<length ) length = precision;

        break;
      case etSQLESCAPE:
      case etSQLESCAPE2:
      case etSQLESCAPE3: {
        int i, j, n, ch, isnull;
        int needQuote;
        char q = ((xtype==etSQLESCAPE3)?'"':'\'');   /* Quote character */







>
>
>
|
<
>







623
624
625
626
627
628
629
630
631
632
633

634
635
636
637
638
639
640
641
      case etDYNSTRING:
        bufpt = va_arg(ap,char*);
        if( bufpt==0 ){
          bufpt = "";
        }else if( xtype==etDYNSTRING ){
          zExtra = bufpt;
        }
        if( precision>=0 ){
          for(length=0; length<precision && bufpt[length]; length++){}
        }else{
          length = strlen(bufpt);

        }
        break;
      case etSQLESCAPE:
      case etSQLESCAPE2:
      case etSQLESCAPE3: {
        int i, j, n, ch, isnull;
        int needQuote;
        char q = ((xtype==etSQLESCAPE3)?'"':'\'');   /* Quote character */