SQLite: Check-in [8a55b8e1]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview

Comment:	Avoid a crash that can occur after an obscure OOM in the built-in INSTR() function.
Downloads:	Tarball \| ZIP archive \| SQL archive
Timelines:	family \| ancestors \| descendants \| both \| branch-3.15
Files:	files \| file ages \| folders
SHA1:	8a55b8e179f3fd14ae656680ed4ebd462800e2f6
User & Date:	drh 2016-11-23 20:19:00

Context

2016-11-23
20:24		Fix the JSON1 extension so that the JSON validator correctly rejects malformed backslash escapes within string literals. check-in: 7c466283 user: drh tags: branch-3.15
20:19		Avoid a crash that can occur after an obscure OOM in the built-in INSTR() function. check-in: 8a55b8e1 user: drh tags: branch-3.15
20:12		Mark the ICU extension functions as deterministic. check-in: 8fd2fcce user: drh tags: branch-3.15
2016-11-04
12:05		Avoid a crash that can occur after an obscure OOM in the built-in INSTR() function. check-in: b86b79c4 user: dan tags: trunk

Changes

Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/func.c.

    zHaystack = sqlite3_value_blob(argv[0]);
    zNeedle = sqlite3_value_blob(argv[1]);
    isText = 0;
  }else{
    zHaystack = sqlite3_value_text(argv[0]);
    zNeedle = sqlite3_value_text(argv[1]);
    isText = 1;


  }
  while( nNeedle<=nHaystack && memcmp(zHaystack, zNeedle, nNeedle)!=0 ){
    N++;
    do{
      nHaystack--;
      zHaystack++;
    }while( isText && (zHaystack[0]&0xc0)==0x80 );

>
>

    zHaystack = sqlite3_value_blob(argv[0]);
    zNeedle = sqlite3_value_blob(argv[1]);
    isText = 0;
  }else{
    zHaystack = sqlite3_value_text(argv[0]);
    zNeedle = sqlite3_value_text(argv[1]);
    isText = 1;
    if( zNeedle==0 ) return;
    assert( zHaystack );
  }
  while( nNeedle<=nHaystack && memcmp(zHaystack, zNeedle, nNeedle)!=0 ){
    N++;
    do{
      nHaystack--;
      zHaystack++;
    }while( isText && (zHaystack[0]&0xc0)==0x80 );

Added test/instrfault.test.

>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

# 2016 November 4
#
# The author disclaims copyright to this source code.  In place of
# a legal notice, here is a blessing:
#
#    May you do good and not evil.
#    May you find forgiveness for yourself and forgive others.
#    May you share freely, never taking more than you give.
#
#***********************************************************************
# This file implements regression tests for SQLite library.  The
# focus of this file is testing OOM error handling within the built-in 
# INSTR() function.
#


set testdir [file dirname $argv0]
source $testdir/tester.tcl
set testprefix instrfault

# Use big NEEDLE and HAYSTACK strings. Strings so large they cannot
# use lookaside buffers.
#
set ::NEEDLE [string repeat "abcdefghijklmnopqrstuvwxyz" 10]
set ::HAYSTACK "[string repeat 123 10]$NEEDLE[string repeat 456 10]"

foreach {enc} {
  utf8
  utf16
} {
  reset_db
  execsql "PRAGMA encoding = $enc"
  do_execsql_test 1.$enc.1 {
    CREATE TABLE t1(n, h);
    INSERT INTO t1 VALUES($::NEEDLE, $::HAYSTACK);
  } {}

  do_faultsim_test 1.$enc.1 -faults oom-t* -prep {
    execsql { SELECT instr(h, n) FROM t1 }
  } -body {
    execsql { SELECT instr(h, n) FROM t1 }
  } -test {
    faultsim_test_result {0 31}
  }

  do_faultsim_test 1.$enc.2 -faults oom-t* -prep {
    execsql { SELECT instr($::HAYSTACK, $::NEEDLE) FROM t1 }
  } -body {
    execsql { SELECT instr($::HAYSTACK, $::NEEDLE) FROM t1 }
  } -test {
    faultsim_test_result {0 31}
  }

  do_faultsim_test 1.$enc.3 -faults oom-t* -prep {
    set ::stmt [sqlite3_prepare_v2 db "SELECT instr(?, ?)" -1 dummy]
    sqlite3_bind_text $::stmt 1 $::HAYSTACK [string length $::HAYSTACK]
    sqlite3_bind_text $::stmt 2 $::NEEDLE [string length $::NEEDLE]
  } -body {
    set rc [sqlite3_step $::stmt]
    if {$rc=="SQLITE_NOMEM"} { error "out of memory" }
    sqlite3_column_int $::stmt 0
  } -test {
    faultsim_test_result {0 31}
    sqlite3_finalize $::stmt
  }
}

finish_test