Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Fix a potential crash that can occur while reading an index from a corrupt database file. The corruption is a record-header-size that is larger than 0x7fffffff. Problem detected by OSSFuzz against GDAL and reported to us (with a suggested fix) by Even Rouault. The test case is in TH3. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | branch-3.25 |
Files: | files | file ages | folders |
SHA3-256: |
5d2916589649421b53c599417577c870 |
User & Date: | drh 2018-10-01 14:05:03.008 |
Context
2018-10-25
| ||
15:25 | In the WHERE-constraint propagation optimization, if there are duplicate constraint, make sure only one of them propagates. Proposed fix for ticket [cf5ed20fc8621b165]. (check-in: caebf87925 user: drh tags: branch-3.25) | |
2018-10-01
| ||
14:05 | Fix a potential crash that can occur while reading an index from a corrupt database file. The corruption is a record-header-size that is larger than 0x7fffffff. Problem detected by OSSFuzz against GDAL and reported to us (with a suggested fix) by Even Rouault. The test case is in TH3. (check-in: 5d29165896 user: drh tags: branch-3.25) | |
13:54 | Fix a potential crash that can occur while reading an index from a corrupt database file. The corruption is a record-header-size that is larger than 0x7fffffff. Problem detected by OSSFuzz against GDAL and reported to us (with a suggested fix) by Even Rouault. The test case is in TH3. (check-in: 8ac2cdda68 user: drh tags: trunk) | |
11:00 | Ensure that the OP_VColumn opcode does set sqlite3_vtab_nochange() unless the OPFLAG_NOCHNG bit is set in P5. Fix for ticket [69d642332d25aa3b7315a6d385] (check-in: 31ac8dbae4 user: drh tags: branch-3.25) | |
Changes
Changes to src/vdbeaux.c.
︙ | ︙ | |||
4553 4554 4555 4556 4557 4558 4559 | return rc; } /* The index entry must begin with a header size */ (void)getVarint32((u8*)m.z, szHdr); testcase( szHdr==3 ); testcase( szHdr==m.n ); | > > | | 4553 4554 4555 4556 4557 4558 4559 4560 4561 4562 4563 4564 4565 4566 4567 4568 4569 | return rc; } /* The index entry must begin with a header size */ (void)getVarint32((u8*)m.z, szHdr); testcase( szHdr==3 ); testcase( szHdr==m.n ); testcase( szHdr>0x7fffffff ); assert( m.n>=0 ); if( unlikely(szHdr<3 || szHdr>(unsigned)m.n) ){ goto idx_rowid_corruption; } /* The last field of the index should be an integer - the ROWID. ** Verify that the last entry really is an integer. */ (void)getVarint32((u8*)&m.z[szHdr-1], typeRowid); testcase( typeRowid==1 ); |
︙ | ︙ |