Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Further changes to guard against integer overflow in the width and precision of printf() arguments. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
5ce4e7d7651e5c72a59f03f7aeb36629 |
User & Date: | drh 2015-04-07 13:28:41.878 |
References
2015-05-20
| ||
19:48 | Avoid signed integer overflow when converting oversized in-line integer widths and precisions in printf(). Cherrypick of [c494171f77dc], [5ce4e7d7651e], [95625ef3adc3] and [8e4ac2ce2441]. (check-in: b330c7ff6f user: dan tags: branch-3.8.6) | |
Context
2015-05-20
| ||
19:48 | Avoid signed integer overflow when converting oversized in-line integer widths and precisions in printf(). Cherrypick of [c494171f77dc], [5ce4e7d7651e], [95625ef3adc3] and [8e4ac2ce2441]. (check-in: b330c7ff6f user: dan tags: branch-3.8.6) | |
2015-04-07
| ||
14:38 | Another change to avoid a problem caused by integer overflow in the printf() code. (check-in: 95625ef3ad user: dan tags: trunk) | |
13:28 | Further changes to guard against integer overflow in the width and precision of printf() arguments. (check-in: 5ce4e7d765 user: drh tags: trunk) | |
12:41 | Guard against excessive width and precision in floating-point conversions in the printf routines. (check-in: c494171f77 user: drh tags: trunk) | |
Changes
Changes to src/printf.c.
︙ | ︙ | |||
386 387 388 389 390 391 392 393 394 395 396 397 398 399 | if( longvalue==0 ) flag_alternateform = 0; if( flag_zeropad && precision<width-(prefix!=0) ){ precision = width-(prefix!=0); } if( precision<etBUFSIZE-10 ){ nOut = etBUFSIZE; zOut = buf; }else{ nOut = precision + 10; zOut = zExtra = sqlite3Malloc( nOut ); if( zOut==0 ){ setStrAccumError(pAccum, STRACCUM_NOMEM); return; } | > | 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 | if( longvalue==0 ) flag_alternateform = 0; if( flag_zeropad && precision<width-(prefix!=0) ){ precision = width-(prefix!=0); } if( precision<etBUFSIZE-10 ){ nOut = etBUFSIZE; zOut = buf; if( precision<0 ) precision = 0; }else{ nOut = precision + 10; zOut = zExtra = sqlite3Malloc( nOut ); if( zOut==0 ){ setStrAccumError(pAccum, STRACCUM_NOMEM); return; } |
︙ | ︙ | |||
446 447 448 449 450 451 452 453 454 455 456 457 458 459 | prefix = '-'; }else{ if( flag_plussign ) prefix = '+'; else if( flag_blanksign ) prefix = ' '; else prefix = 0; } if( xtype==etGENERIC && precision>0 ) precision--; for(idx=precision&0xfff, rounder=0.5; idx>0; idx--, rounder*=0.1){} if( xtype==etFLOAT ) realvalue += rounder; /* Normalize realvalue to within 10.0 > realvalue >= 1.0 */ exp = 0; if( sqlite3IsNaN((double)realvalue) ){ bufpt = "NaN"; length = 3; | > | 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 | prefix = '-'; }else{ if( flag_plussign ) prefix = '+'; else if( flag_blanksign ) prefix = ' '; else prefix = 0; } if( xtype==etGENERIC && precision>0 ) precision--; testcase( precision>0xfff ); for(idx=precision&0xfff, rounder=0.5; idx>0; idx--, rounder*=0.1){} if( xtype==etFLOAT ) realvalue += rounder; /* Normalize realvalue to within 10.0 > realvalue >= 1.0 */ exp = 0; if( sqlite3IsNaN((double)realvalue) ){ bufpt = "NaN"; length = 3; |
︙ | ︙ | |||
735 736 737 738 739 740 741 | ** able to accept at least N more bytes of text. ** ** Return the number of bytes of text that StrAccum is able to accept ** after the attempted enlargement. The value returned might be zero. */ static int sqlite3StrAccumEnlarge(StrAccum *p, int N){ char *zNew; | | | 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 | ** able to accept at least N more bytes of text. ** ** Return the number of bytes of text that StrAccum is able to accept ** after the attempted enlargement. The value returned might be zero. */ static int sqlite3StrAccumEnlarge(StrAccum *p, int N){ char *zNew; assert( p->nChar+(i64)N >= p->nAlloc ); /* Only called if really needed */ if( p->accError ){ testcase(p->accError==STRACCUM_TOOBIG); testcase(p->accError==STRACCUM_NOMEM); return 0; } if( !p->useMalloc ){ N = p->nAlloc - p->nChar - 1; |
︙ | ︙ | |||
784 785 786 787 788 789 790 | return N; } /* ** Append N copies of character c to the given string buffer. */ void sqlite3AppendChar(StrAccum *p, int N, char c){ | > | > > | 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 | return N; } /* ** Append N copies of character c to the given string buffer. */ void sqlite3AppendChar(StrAccum *p, int N, char c){ testcase( p->nChar + (i64)N > 0x7fffffff ); if( p->nChar+(i64)N >= p->nAlloc && (N = sqlite3StrAccumEnlarge(p, N))<=0 ){ return; } while( (N--)>0 ) p->zText[p->nChar++] = c; } /* ** The StrAccum "p" is not large enough to accept N new bytes of z[]. ** So enlarge if first, then do the append. ** |
︙ | ︙ |
Changes to test/printf.test.
︙ | ︙ | |||
468 469 470 471 472 473 474 475 476 477 478 479 480 481 | sqlite3_mprintf_int {abc: (% 6d) (% 6x) (% 6o) :xyz}\ 0xff676981 0xff676981 0xff676981 } {abc: (-9999999) (ff676981) (37731664601) :xyz} do_test printf-1.16.7 { sqlite3_mprintf_int {abc: (%#6d) (%#6x) (%#6o) :xyz}\ 0xff676981 0xff676981 0xff676981 } {abc: (-9999999) (0xff676981) (037731664601) :xyz} do_test printf-2.1.1.1 { sqlite3_mprintf_double {abc: (%*.*f) :xyz} 1 1 0.001 } {abc: (0.0) :xyz} do_test printf-2.1.1.2 { sqlite3_mprintf_double {abc: (%*.*e) :xyz} 1 1 0.001 } {abc: (1.0e-03) :xyz} do_test printf-2.1.1.3 { | > > > > > > > > > > > > | 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 | sqlite3_mprintf_int {abc: (% 6d) (% 6x) (% 6o) :xyz}\ 0xff676981 0xff676981 0xff676981 } {abc: (-9999999) (ff676981) (37731664601) :xyz} do_test printf-1.16.7 { sqlite3_mprintf_int {abc: (%#6d) (%#6x) (%#6o) :xyz}\ 0xff676981 0xff676981 0xff676981 } {abc: (-9999999) (0xff676981) (037731664601) :xyz} do_test printf-1.17.1 { sqlite3_mprintf_int {abd: %2147483647d %2147483647x %2147483647o} 1 1 1 } {} do_test printf-1.17.2 { sqlite3_mprintf_int {abd: %*d %x} 2147483647 1 1 } {} do_test printf-1.17.3 { sqlite3_mprintf_int {abd: %*d %x} -2147483648 1 1 } {} do_test printf-1.17.4 { sqlite3_mprintf_int {abd: %.2147483648d %x %x} 1 1 1 } {abd: 1 1 1} do_test printf-2.1.1.1 { sqlite3_mprintf_double {abc: (%*.*f) :xyz} 1 1 0.001 } {abc: (0.0) :xyz} do_test printf-2.1.1.2 { sqlite3_mprintf_double {abc: (%*.*e) :xyz} 1 1 0.001 } {abc: (1.0e-03) :xyz} do_test printf-2.1.1.3 { |
︙ | ︙ | |||
3465 3466 3467 3468 3469 3470 3471 3472 3473 3474 3475 3476 3477 3478 | } [format {%d %d A String: (%s)} 1 2 {This is the string}] do_test printf-3.5 { sqlite3_mprintf_str {%d %d A String: (%30s)} 1 2 {This is the string} } [format {%d %d A String: (%30s)} 1 2 {This is the string}] do_test printf-3.6 { sqlite3_mprintf_str {%d %d A String: (%-30s)} 1 2 {This is the string} } [format {%d %d A String: (%-30s)} 1 2 {This is the string}] do_test snprintf-3.11 { sqlite3_snprintf_str 2 {x%d %d %s} 10 10 {This is the string} } {x} do_test snprintf-3.12 { sqlite3_snprintf_str 3 {x%d %d %s} 10 10 {This is the string} } {x1} do_test snprintf-3.13 { | > > > > > > > > > | 3477 3478 3479 3480 3481 3482 3483 3484 3485 3486 3487 3488 3489 3490 3491 3492 3493 3494 3495 3496 3497 3498 3499 | } [format {%d %d A String: (%s)} 1 2 {This is the string}] do_test printf-3.5 { sqlite3_mprintf_str {%d %d A String: (%30s)} 1 2 {This is the string} } [format {%d %d A String: (%30s)} 1 2 {This is the string}] do_test printf-3.6 { sqlite3_mprintf_str {%d %d A String: (%-30s)} 1 2 {This is the string} } [format {%d %d A String: (%-30s)} 1 2 {This is the string}] do_test printf-3.7 { sqlite3_mprintf_str {%d A String: (%*s)} 1 2147483647 {This is the string} } [] do_test printf-3.8 { sqlite3_mprintf_str {%d A String: (%*s)} 1 -2147483648 {This is the string} } [] do_test printf-3.9 { sqlite3_mprintf_str {%d A String: (%.*s)} 1 -2147483648 {This is the string} } {1 A String: (This is the string)} do_test snprintf-3.11 { sqlite3_snprintf_str 2 {x%d %d %s} 10 10 {This is the string} } {x} do_test snprintf-3.12 { sqlite3_snprintf_str 3 {x%d %d %s} 10 10 {This is the string} } {x1} do_test snprintf-3.13 { |
︙ | ︙ |