Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Fix a potential crash that can occur while reading an index from a corrupt database file. The corruption is a record-header-size that is larger than 0x7fffffff. Problem detected by OSSFuzz against GDAL and reported to us (with a suggested fix) by Even Rouault. The test case is in TH3. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | branch-3.25 |
| Files: | files | file ages | folders |
| SHA3-256: |
5d2916589649421b53c599417577c870 |
| User & Date: | drh 2018-10-01 14:05:03 |
Context
|
2018-10-25
| ||
| 15:25 | In the WHERE-constraint propagation optimization, if there are duplicate constraint, make sure only one of them propagates. Proposed fix for ticket [cf5ed20fc8621b165]. (check-in: caebf879 user: drh tags: branch-3.25) | |
|
2018-10-01
| ||
| 14:05 | Fix a potential crash that can occur while reading an index from a corrupt database file. The corruption is a record-header-size that is larger than 0x7fffffff. Problem detected by OSSFuzz against GDAL and reported to us (with a suggested fix) by Even Rouault. The test case is in TH3. (check-in: 5d291658 user: drh tags: branch-3.25) | |
| 13:54 | Fix a potential crash that can occur while reading an index from a corrupt database file. The corruption is a record-header-size that is larger than 0x7fffffff. Problem detected by OSSFuzz against GDAL and reported to us (with a suggested fix) by Even Rouault. The test case is in TH3. (check-in: 8ac2cdda user: drh tags: trunk) | |
| 11:00 | Ensure that the OP_VColumn opcode does set sqlite3_vtab_nochange() unless the OPFLAG_NOCHNG bit is set in P5. Fix for ticket [69d642332d25aa3b7315a6d385] (check-in: 31ac8dba user: drh tags: branch-3.25) | |
Changes
Changes to src/vdbeaux.c.
4553 4554 4555 4556 4557 4558 4559 4560 4561 4562 4563 4564 4565 4566 4567 |
return rc;
}
/* The index entry must begin with a header size */
(void)getVarint32((u8*)m.z, szHdr);
testcase( szHdr==3 );
testcase( szHdr==m.n );
if( unlikely(szHdr<3 || (int)szHdr>m.n) ){
goto idx_rowid_corruption;
}
/* The last field of the index should be an integer - the ROWID.
** Verify that the last entry really is an integer. */
(void)getVarint32((u8*)&m.z[szHdr-1], typeRowid);
testcase( typeRowid==1 );
|
> > | |
4553 4554 4555 4556 4557 4558 4559 4560 4561 4562 4563 4564 4565 4566 4567 4568 4569 |
return rc;
}
/* The index entry must begin with a header size */
(void)getVarint32((u8*)m.z, szHdr);
testcase( szHdr==3 );
testcase( szHdr==m.n );
testcase( szHdr>0x7fffffff );
assert( m.n>=0 );
if( unlikely(szHdr<3 || szHdr>(unsigned)m.n) ){
goto idx_rowid_corruption;
}
/* The last field of the index should be an integer - the ROWID.
** Verify that the last entry really is an integer. */
(void)getVarint32((u8*)&m.z[szHdr-1], typeRowid);
testcase( typeRowid==1 );
|