Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Fix a crash that could follow an OOM condition in the instr() SQL function. Problem discovered by OSS-Fuzz. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
6e59e903e4e956617bddef0b94e5cae0 |
User & Date: | dan 2017-03-16 12:11:07.597 |
Original Comment: | Fix a crash that could follow an OOM condition in the instr() SQL function. |
Context
2017-03-16
| ||
13:14 | Fix a problem in the "showdb" utility that prevents it from correctly decoding cells with no content beyond the record header. (check-in: eb7680a1c0 user: drh tags: trunk) | |
12:11 | Fix a crash that could follow an OOM condition in the instr() SQL function. Problem discovered by OSS-Fuzz. (check-in: 6e59e903e4 user: dan tags: trunk) | |
2017-03-15
| ||
20:27 | Updates to README files under the ext/ hierarchy. No changes to code. (check-in: 029bc5d224 user: drh tags: trunk) | |
Changes
Changes to src/func.c.
︙ | ︙ | |||
200 201 202 203 204 205 206 | if( typeHaystack==SQLITE_NULL || typeNeedle==SQLITE_NULL ) return; nHaystack = sqlite3_value_bytes(argv[0]); nNeedle = sqlite3_value_bytes(argv[1]); if( nNeedle>0 ){ if( typeHaystack==SQLITE_BLOB && typeNeedle==SQLITE_BLOB ){ zHaystack = sqlite3_value_blob(argv[0]); zNeedle = sqlite3_value_blob(argv[1]); | < < > > > > | 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 | if( typeHaystack==SQLITE_NULL || typeNeedle==SQLITE_NULL ) return; nHaystack = sqlite3_value_bytes(argv[0]); nNeedle = sqlite3_value_bytes(argv[1]); if( nNeedle>0 ){ if( typeHaystack==SQLITE_BLOB && typeNeedle==SQLITE_BLOB ){ zHaystack = sqlite3_value_blob(argv[0]); zNeedle = sqlite3_value_blob(argv[1]); isText = 0; /* The following condition may be true if the arguments passed to this ** function are values returned by zeroblob() or similar and an OOM ** occurs while expanding the blob value. */ if( zNeedle==0 || (nHaystack && zHaystack==0) ) return; }else{ zHaystack = sqlite3_value_text(argv[0]); zNeedle = sqlite3_value_text(argv[1]); isText = 1; if( zHaystack==0 || zNeedle==0 ) return; } while( nNeedle<=nHaystack && memcmp(zHaystack, zNeedle, nNeedle)!=0 ){ |
︙ | ︙ |
Changes to test/mallocM.test.
︙ | ︙ | |||
17 18 19 20 21 22 23 | set testprefix mallocM sqlite3_db_config_lookaside db 0 0 0 do_execsql_test 1.0 { CREATE TABLE t1(x); } | | > > > > > > > > > > > > > > > > | 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 | set testprefix mallocM sqlite3_db_config_lookaside db 0 0 0 do_execsql_test 1.0 { CREATE TABLE t1(x); } do_faultsim_test 1 -faults oom* -body { execsql { SELECT 'abc' FROM ( SELECT 'xyz' FROM t1 WHERE (SELECT 1) ) } } -test { faultsim_test_result {0 {}} } do_execsql_test 2.0.1 { SELECT instr(x'', x'') } {1} do_execsql_test 2.0.2 { SELECT instr(x'12345678', x'') } {1} do_execsql_test 2.0.3 { SELECT instr(x'', x'1234') } {0} do_faultsim_test 2.1 -faults oom* -body { execsql { SELECT instr (x'00', zeroblob(1)) } } -test { faultsim_test_result {0 1} } do_faultsim_test 2.2 -faults oom* -body { execsql { SELECT instr (zeroblob(1), x'00') } } -test { faultsim_test_result {0 1} } finish_test |