SQLite

Check-in [27754b74]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a possible infinite loop in VACUUM that can come up when the schema has been carefully corrupted. Problem discovered by OSSFuzz. Test cases in TH3.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 27754b74ddf6463c6f9c48ea0df3637945b5ea086b92a41ddeb55b9aaefea4c2
User & Date: drh 2018-02-12 13:30:34
References
2018-05-03
21:51
Improved security for VACUUM. This check-in combines the fixes of [ab0d99d0b5ede] and [27754b74ddf646] in a way that is less likely to to be broken by future changes. (check-in: 260fc696 user: drh tags: trunk)
Context
2018-02-12
15:27
Update test file func6.test so that it works with SQLITE_ENABLE_NULL_TRIM builds. (check-in: e128d72f user: dan tags: trunk)
13:30
Fix a possible infinite loop in VACUUM that can come up when the schema has been carefully corrupted. Problem discovered by OSSFuzz. Test cases in TH3. (check-in: 27754b74 user: drh tags: trunk)
2018-02-10
02:31
Fix misplaced testcase() macros from the previous check-in. (check-in: 3aed949a user: drh tags: trunk)
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/vacuum.c. 

35
36
37
38
39
40
41

42
43
44
45
46
47
48
49
50


  /* printf("SQL: [%s]\n", zSql); fflush(stdout); */
  rc = sqlite3_prepare_v2(db, zSql, -1, &pStmt, 0);
  if( rc!=SQLITE_OK ) return rc;
  while( SQLITE_ROW==(rc = sqlite3_step(pStmt)) ){
    const char *zSubSql = (const char*)sqlite3_column_text(pStmt,0);
    assert( sqlite3_strnicmp(zSql,"SELECT",6)==0 );

    if( zSubSql ){
      assert( zSubSql[0]!='S' );
      rc = execSql(db, pzErrMsg, zSubSql);
      if( rc!=SQLITE_OK ) break;
    }
  }
  assert( rc!=SQLITE_ROW );
  if( rc==SQLITE_DONE ) rc = SQLITE_OK;
  if( rc ){








>
|
<








35
36
37
38
39
40
41
42
43

44
45
46
47
48
49
50


  /* printf("SQL: [%s]\n", zSql); fflush(stdout); */
  rc = sqlite3_prepare_v2(db, zSql, -1, &pStmt, 0);
  if( rc!=SQLITE_OK ) return rc;
  while( SQLITE_ROW==(rc = sqlite3_step(pStmt)) ){
    const char *zSubSql = (const char*)sqlite3_column_text(pStmt,0);
    assert( sqlite3_strnicmp(zSql,"SELECT",6)==0 );
    assert( sqlite3_strnicmp(zSubSql,"SELECT",6)!=0 || CORRUPT_DB );
    if( zSubSql && zSubSql[0]!='S' ){

      rc = execSql(db, pzErrMsg, zSubSql);
      if( rc!=SQLITE_OK ) break;
    }
  }
  assert( rc!=SQLITE_ROW );
  if( rc==SQLITE_DONE ) rc = SQLITE_OK;
  if( rc ){