SQLite

Check-in [ab0d99d0b5]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Prevent VACUUM from running any commands in sqlite_master.sql other than CREATE statements. That is all that should be there anyhow. This fixes a problem discovered by OSSFuzz. Test cases in TH3.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: ab0d99d0b5edece4c639baa47ce1ca2c02774cb2515e5b7f36d9bd312ccd3310
User & Date: drh 2018-05-02 15:00:26.033
References
2018-05-03
21:51
Improved security for VACUUM. This check-in combines the fixes of [ab0d99d0b5ede] and [27754b74ddf646] in a way that is less likely to to be broken by future changes. (check-in: 260fc69653 user: drh tags: trunk)
Context
2018-05-03
19:56
Overhaul of EXPLAIN QUERY PLAN. The output is now in the form of a tree. More details of the query plan are shown, and what is shown is truer to what actually happens. (check-in: ff01bbdabc user: drh tags: trunk)
03:59
The sqlite3BtreeInsert() routine tries to overwrite an existing cell with modified content if the new content is the same size. Pages are only dirtied if they change. This prototype works some, but still has issues. (check-in: 489451b378 user: drh tags: cell-overwrite-prototype)
2018-05-02
15:00
Prevent VACUUM from running any commands in sqlite_master.sql other than CREATE statements. That is all that should be there anyhow. This fixes a problem discovered by OSSFuzz. Test cases in TH3. (check-in: ab0d99d0b5 user: drh tags: trunk)
08:12
Fix a problem in the xBestIndex method of the closure extension causing it to allocate non-contiguous argvIndex values in some cases (an "xBestIndex malfunction" error). (check-in: 0c67150749 user: dan tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/vacuum.c. 
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257

  /* Query the schema of the main database. Create a mirror schema
  ** in the temporary database.
  */
  db->init.iDb = nDb; /* force new CREATE statements into vacuum_db */
  rc = execSqlF(db, pzErrMsg,
      "SELECT sql FROM \"%w\".sqlite_master"
      " WHERE type='table'AND name<>'sqlite_sequence'"
      " AND coalesce(rootpage,1)>0",
      zDbMain
  );
  if( rc!=SQLITE_OK ) goto end_of_vacuum;
  rc = execSqlF(db, pzErrMsg,
      "SELECT sql FROM \"%w\".sqlite_master"
      " WHERE type='index' AND length(sql)>10",
      zDbMain








|








243
244
245
246
247
248
249
250
251
252
253
254
255
256
257

  /* Query the schema of the main database. Create a mirror schema
  ** in the temporary database.
  */
  db->init.iDb = nDb; /* force new CREATE statements into vacuum_db */
  rc = execSqlF(db, pzErrMsg,
      "SELECT sql FROM \"%w\".sqlite_master"
      " WHERE type='table'AND name<>'sqlite_sequence'"
      " AND coalesce(rootpage,1)>0 AND sql LIKE 'CREATE%%'",
      zDbMain
  );
  if( rc!=SQLITE_OK ) goto end_of_vacuum;
  rc = execSqlF(db, pzErrMsg,
      "SELECT sql FROM \"%w\".sqlite_master"
      " WHERE type='index' AND length(sql)>10",
      zDbMain