Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Ensure that UTF16 strings are properly zero-terminated before returning them in an sqlite3_value_text16() request, even if the string is invalid UTF16 because it was formed from an arbitrary and/or odd-length BLOB. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
3a16ddf91f0c9c516a7fc2a9d4a4f69a |
User & Date: | drh 2019-05-03 19:34:41.227 |
References
2019-05-16
| ||
01:22 | Make sure the OP_Concat opcode always correctly zero-terminates a UTF16 string, even if the input strings are ill-formed. This is a followup to check-in [3a16ddf91f0c9c516a7] that fixes a case the previous check-in missed. Also add assert()s to prove correct zero termination. (check-in: d612fb7873 user: drh tags: trunk) | |
Context
2019-05-04
| ||
01:41 | In the sqlite3_value or Mem object, make the MEM_IntReal type completely independent from MEM_Int and MEM_Real. This helps avoid problems when inserting non-float values into a "REAL" column. (check-in: 5a8a23ee5f user: drh tags: trunk) | |
2019-05-03
| ||
19:34 | Ensure that UTF16 strings are properly zero-terminated before returning them in an sqlite3_value_text16() request, even if the string is invalid UTF16 because it was formed from an arbitrary and/or odd-length BLOB. (check-in: 3a16ddf91f user: drh tags: trunk) | |
18:50 | Fix a memory-leak/segfault caused by using OP_OpenDup and OP_OpenEphemeral on the same VM cursor. (check-in: a9b90aa12e user: dan tags: trunk) | |
Changes
Changes to src/vdbemem.c.
︙ | ︙ | |||
266 267 268 269 270 271 272 273 274 | pMem->flags &= (MEM_Null|MEM_Int|MEM_Real|MEM_IntReal); return SQLITE_OK; } /* ** It is already known that pMem contains an unterminated string. ** Add the zero terminator. */ static SQLITE_NOINLINE int vdbeMemAddTerminator(Mem *pMem){ | > > > > > | > | 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 | pMem->flags &= (MEM_Null|MEM_Int|MEM_Real|MEM_IntReal); return SQLITE_OK; } /* ** It is already known that pMem contains an unterminated string. ** Add the zero terminator. ** ** Three bytes of zero are added. In this way, there is guaranteed ** to be a double-zero byte at an even byte boundary in order to ** terminate a UTF16 string, even if the initial size of the buffer ** is an odd number of bytes. */ static SQLITE_NOINLINE int vdbeMemAddTerminator(Mem *pMem){ if( sqlite3VdbeMemGrow(pMem, pMem->n+3, 1) ){ return SQLITE_NOMEM_BKPT; } pMem->z[pMem->n] = 0; pMem->z[pMem->n+1] = 0; pMem->z[pMem->n+2] = 0; pMem->flags |= MEM_Term; return SQLITE_OK; } /* ** Change pMem so that its MEM_Str or MEM_Blob value is stored in ** MEM.zMalloc, where it can be safely written. |
︙ | ︙ | |||
346 347 348 349 350 351 352 | return SQLITE_OK; /* Nothing to do */ }else{ return vdbeMemAddTerminator(pMem); } } /* | | | | | 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 | return SQLITE_OK; /* Nothing to do */ }else{ return vdbeMemAddTerminator(pMem); } } /* ** Add MEM_Str to the set of representations for the given Mem. This ** routine is only called if pMem is a number of some kind, not a NULL ** or a BLOB. ** ** Existing representations MEM_Int and MEM_Real are invalidated if ** bForce is true but are retained if bForce is false. ** ** A MEM_Null value will never be passed to this function. This function is ** used for converting values to text for returning to the user (i.e. via ** sqlite3_value_text()), or for ensuring that values to be used as btree |
︙ | ︙ |