Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Avoid branching on an uninitalized variable when comparing SQL values with the undefined serial types 10 and 11 (which only appear in corrupt databases). |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: | b4a45d3b78fede2433ac18f20b1ab7bd |
| User & Date: | dan 2015-05-26 20:07:32 |
Context
|
2015-05-26
| ||
| 20:31 | Avoid a buffer overread when comparing against a corrupt record that spans at least one overflow page. check-in: 62a5b363 user: dan tags: trunk | |
| 20:07 | Avoid branching on an uninitalized variable when comparing SQL values with the undefined serial types 10 and 11 (which only appear in corrupt databases). check-in: b4a45d3b user: dan tags: trunk | |
| 19:08 | The "make fuzztest" target now uses fuzzcheck instead of fuzzershell. Test data is added for database fuzz testing. check-in: 5e3e410b user: drh tags: trunk | |
Changes
Changes to src/vdbeaux.c.
3673 3674 3675 3676 3677 3678 3679 3680 3681 3682 3683 3684 3685 3686 3687 |
}
}
}
/* RHS is real */
else if( pRhs->flags & MEM_Real ){
serial_type = aKey1[idx1];
if( serial_type>=12 ){
rc = +1;
}else if( serial_type==0 ){
rc = -1;
}else{
double rhs = pRhs->u.r;
double lhs;
sqlite3VdbeSerialGet(&aKey1[d1], serial_type, &mem1);
|
| > > > > |
3673 3674 3675 3676 3677 3678 3679 3680 3681 3682 3683 3684 3685 3686 3687 3688 3689 3690 3691 |
}
}
}
/* RHS is real */
else if( pRhs->flags & MEM_Real ){
serial_type = aKey1[idx1];
if( serial_type>=10 ){
/* Serial types 12 or greater are strings and blobs (greater than
** numbers). Types 10 and 11 are currently "reserved for future
** use", so it doesn't really matter what the results of comparing
** them to numberic values are. */
rc = +1;
}else if( serial_type==0 ){
rc = -1;
}else{
double rhs = pRhs->u.r;
double lhs;
sqlite3VdbeSerialGet(&aKey1[d1], serial_type, &mem1);
|