Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Fix a crash that could follow an OOM condition in the instr() SQL function. Problem discovered by OSS-Fuzz. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
6e59e903e4e956617bddef0b94e5cae0 |
| User & Date: | dan 2017-03-16 12:11:07 |
| Original Comment: | Fix a crash that could follow an OOM condition in the instr() SQL function. |
Context
|
2017-03-16
| ||
| 13:14 | Fix a problem in the "showdb" utility that prevents it from correctly decoding cells with no content beyond the record header. (check-in: eb7680a1 user: drh tags: trunk) | |
| 12:11 | Fix a crash that could follow an OOM condition in the instr() SQL function. Problem discovered by OSS-Fuzz. (check-in: 6e59e903 user: dan tags: trunk) | |
|
2017-03-15
| ||
| 20:27 | Updates to README files under the ext/ hierarchy. No changes to code. (check-in: 029bc5d2 user: drh tags: trunk) | |
Changes
Changes to src/func.c.
200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 |
if( typeHaystack==SQLITE_NULL || typeNeedle==SQLITE_NULL ) return;
nHaystack = sqlite3_value_bytes(argv[0]);
nNeedle = sqlite3_value_bytes(argv[1]);
if( nNeedle>0 ){
if( typeHaystack==SQLITE_BLOB && typeNeedle==SQLITE_BLOB ){
zHaystack = sqlite3_value_blob(argv[0]);
zNeedle = sqlite3_value_blob(argv[1]);
assert( zNeedle!=0 );
assert( zHaystack!=0 || nHaystack==0 );
isText = 0;
}else{
zHaystack = sqlite3_value_text(argv[0]);
zNeedle = sqlite3_value_text(argv[1]);
isText = 1;
if( zHaystack==0 || zNeedle==0 ) return;
}
while( nNeedle<=nHaystack && memcmp(zHaystack, zNeedle, nNeedle)!=0 ){
|
< < > > > > |
200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 |
if( typeHaystack==SQLITE_NULL || typeNeedle==SQLITE_NULL ) return;
nHaystack = sqlite3_value_bytes(argv[0]);
nNeedle = sqlite3_value_bytes(argv[1]);
if( nNeedle>0 ){
if( typeHaystack==SQLITE_BLOB && typeNeedle==SQLITE_BLOB ){
zHaystack = sqlite3_value_blob(argv[0]);
zNeedle = sqlite3_value_blob(argv[1]);
isText = 0;
/* The following condition may be true if the arguments passed to this
** function are values returned by zeroblob() or similar and an OOM
** occurs while expanding the blob value. */
if( zNeedle==0 || (nHaystack && zHaystack==0) ) return;
}else{
zHaystack = sqlite3_value_text(argv[0]);
zNeedle = sqlite3_value_text(argv[1]);
isText = 1;
if( zHaystack==0 || zNeedle==0 ) return;
}
while( nNeedle<=nHaystack && memcmp(zHaystack, zNeedle, nNeedle)!=0 ){
|
Changes to test/mallocM.test.
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
set testprefix mallocM
sqlite3_db_config_lookaside db 0 0 0
do_execsql_test 1.0 {
CREATE TABLE t1(x);
}
do_faultsim_test 1 -faults oom-t* -body {
execsql {
SELECT 'abc' FROM ( SELECT 'xyz' FROM t1 WHERE (SELECT 1) )
}
} -test {
faultsim_test_result {0 {}}
}
finish_test
|
| > > > > > > > > > > > > > > > > |
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 |
set testprefix mallocM
sqlite3_db_config_lookaside db 0 0 0
do_execsql_test 1.0 {
CREATE TABLE t1(x);
}
do_faultsim_test 1 -faults oom* -body {
execsql {
SELECT 'abc' FROM ( SELECT 'xyz' FROM t1 WHERE (SELECT 1) )
}
} -test {
faultsim_test_result {0 {}}
}
do_execsql_test 2.0.1 { SELECT instr(x'', x'') } {1}
do_execsql_test 2.0.2 { SELECT instr(x'12345678', x'') } {1}
do_execsql_test 2.0.3 { SELECT instr(x'', x'1234') } {0}
do_faultsim_test 2.1 -faults oom* -body {
execsql { SELECT instr (x'00', zeroblob(1)) }
} -test {
faultsim_test_result {0 1}
}
do_faultsim_test 2.2 -faults oom* -body {
execsql { SELECT instr (zeroblob(1), x'00') }
} -test {
faultsim_test_result {0 1}
}
finish_test
|