/ Check-in [292cf68b]
Login
Overview
Comment:Merge increment blob I/O fixes from trunk.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | apple-osx
Files: files | file ages | folders
SHA1:292cf68b4c934c3a666d938d3857f6bd8a484044
User & Date: drh 2015-02-07 15:30:08
Context
2015-02-13
12:13
Merge all recent trunk fixes and enhancements into the apple-osx branch. check-in: b2449d67 user: drh tags: apple-osx
2015-02-07
15:30
Merge increment blob I/O fixes from trunk. check-in: 292cf68b user: drh tags: apple-osx
15:16
Fix potential 32-bit integer overflow problems on the offset and length parameters to sqlite3_blob_read() and sqlite3_blob_write(). For sqlite3_blob_open(), make sure the *ppBlob return parameter is zeroed if the interface fails with SQLITE_MISUSE. check-in: 5df02f50 user: drh tags: trunk
2015-02-06
16:03
Merge all recent trunk enhancements into the apple-osx branch. check-in: 44711921 user: drh tags: apple-osx
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/vdbeblob.c.

150
151
152
153
154
155
156






157
158
159
160
161
162
163
164
165
166
167
168
169
...
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
  int rc = SQLITE_OK;
  char *zErr = 0;
  Table *pTab;
  Parse *pParse = 0;
  Incrblob *pBlob = 0;

#ifdef SQLITE_ENABLE_API_ARMOR






  if( !sqlite3SafetyCheckOk(db) || ppBlob==0 || zTable==0 ){
    return SQLITE_MISUSE_BKPT;
  }
#endif
  flags = !!flags;                /* flags = (flags ? 1 : 0); */
  *ppBlob = 0;

  sqlite3_mutex_enter(db->mutex);

  pBlob = (Incrblob *)sqlite3DbMallocZero(db, sizeof(Incrblob));
  if( !pBlob ) goto blob_open_out;
  pParse = sqlite3StackAllocRaw(db, sizeof(*pParse));
  if( !pParse ) goto blob_open_out;
................................................................................
  sqlite3 *db;

  if( p==0 ) return SQLITE_MISUSE_BKPT;
  db = p->db;
  sqlite3_mutex_enter(db->mutex);
  v = (Vdbe*)p->pStmt;

  if( n<0 || iOffset<0 || (iOffset+n)>p->nByte ){
    /* Request is out of range. Return a transient error. */
    rc = SQLITE_ERROR;
  }else if( v==0 ){
    /* If there is no statement handle, then the blob-handle has
    ** already been invalidated. Return SQLITE_ABORT in this case.
    */
    rc = SQLITE_ABORT;







>
>
>
>
>
>
|




<







 







|







150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167

168
169
170
171
172
173
174
...
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
  int rc = SQLITE_OK;
  char *zErr = 0;
  Table *pTab;
  Parse *pParse = 0;
  Incrblob *pBlob = 0;

#ifdef SQLITE_ENABLE_API_ARMOR
  if( ppBlob==0 ){
    return SQLITE_MISUSE_BKPT;
  }
#endif
  *ppBlob = 0;
#ifdef SQLITE_ENABLE_API_ARMOR
  if( !sqlite3SafetyCheckOk(db) || zTable==0 ){
    return SQLITE_MISUSE_BKPT;
  }
#endif
  flags = !!flags;                /* flags = (flags ? 1 : 0); */


  sqlite3_mutex_enter(db->mutex);

  pBlob = (Incrblob *)sqlite3DbMallocZero(db, sizeof(Incrblob));
  if( !pBlob ) goto blob_open_out;
  pParse = sqlite3StackAllocRaw(db, sizeof(*pParse));
  if( !pParse ) goto blob_open_out;
................................................................................
  sqlite3 *db;

  if( p==0 ) return SQLITE_MISUSE_BKPT;
  db = p->db;
  sqlite3_mutex_enter(db->mutex);
  v = (Vdbe*)p->pStmt;

  if( n<0 || iOffset<0 || ((sqlite3_int64)iOffset+n)>p->nByte ){
    /* Request is out of range. Return a transient error. */
    rc = SQLITE_ERROR;
  }else if( v==0 ){
    /* If there is no statement handle, then the blob-handle has
    ** already been invalidated. Return SQLITE_ABORT in this case.
    */
    rc = SQLITE_ABORT;

Changes to test/incrblob2.test.

319
320
321
322
323
324
325









326
327
328
329
330
331













332
333
334
335
336
337
338
  close $rdHandle
} {}

do_test incrblob2-6.2 {
  set rdHandle [db incrblob -readonly t1 data 1]
  sqlite3_blob_read $rdHandle 0 2
} {AB}










do_test incrblob2-6.3 {
  set wrHandle [db incrblob t1 data 1]
  sqlite3_blob_write $wrHandle 0 ZZZZZZZZZZ
  sqlite3_blob_read $rdHandle 2 4
} {ZZZZ}














do_test incrblob2-6.4 {
  close $wrHandle
  close $rdHandle
} {}

sqlite3_memory_highwater 1







>
>
>
>
>
>
>
>
>






>
>
>
>
>
>
>
>
>
>
>
>
>







319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
  close $rdHandle
} {}

do_test incrblob2-6.2 {
  set rdHandle [db incrblob -readonly t1 data 1]
  sqlite3_blob_read $rdHandle 0 2
} {AB}

do_test incrblob2-6.2b {
  set rc [catch {
    # Prior to 2015-02-07, the following caused a segfault due to
    # integer overflow.
    sqlite3_blob_read $rdHandle 2147483647 2147483647
  } errmsg]
  lappend rc $errmsg
} {1 SQLITE_ERROR}

do_test incrblob2-6.3 {
  set wrHandle [db incrblob t1 data 1]
  sqlite3_blob_write $wrHandle 0 ZZZZZZZZZZ
  sqlite3_blob_read $rdHandle 2 4
} {ZZZZ}

do_test incrblob2-6.3b {
  set rc [catch {
    # Prior to 2015-02-07, the following caused a segfault due to
    # integer overflow.
    sqlite3_blob_write $wrHandle 2147483647 YYYYYYYYYYYYYYYYYY
  } errmsg]
  lappend rc $errmsg
} {1 SQLITE_ERROR}
do_test incrblob2-6.3c {
  sqlite3_blob_read $rdHandle 2 4
} {ZZZZ}


do_test incrblob2-6.4 {
  close $wrHandle
  close $rdHandle
} {}

sqlite3_memory_highwater 1