Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Detect oversized strings in the OP_String opcode even if the P4 argument is originally UTF8 and has to be converted to UTF16 to match the database file and that conversion causes the string to become shorter and cross below SQLITE_LIMIT_LENGTH threshold. This might fix an OSSFuzz problem that we have been so far unable to reproduce. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: | c13d563925db12bc2c91ff9432050261 |
| User & Date: | drh 2019-02-21 16:41:34 |
Context
|
2019-02-22
| ||
| 15:42 | Modify sqlite3_str_finish() and sqlite3VMPrintf() so that they always return NULL on any OOM or SQLITE_LIMIT_LENGTH error. check-in: e7144ffd user: drh tags: trunk | |
|
2019-02-21
| ||
| 18:11 | Fix OOM handling in sqlite3NestedParse(). Leaf check-in: e6e9dd5c user: dan tags: nested-parse-oom | |
| 16:41 | Detect oversized strings in the OP_String opcode even if the P4 argument is originally UTF8 and has to be converted to UTF16 to match the database file and that conversion causes the string to become shorter and cross below SQLITE_LIMIT_LENGTH threshold. This might fix an OSSFuzz problem that we have been so far unable to reproduce. check-in: c13d5639 user: drh tags: trunk | |
|
2019-02-20
| ||
| 19:20 | Changes to the unix VFS that allegedly enable it to build of Fuchsia. We have no way of testing this. check-in: be21a641 user: drh tags: trunk | |
Changes
Changes to src/vdbe.c.
1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 |
pOp->opcode = OP_String;
pOp->p1 = sqlite3Strlen30(pOp->p4.z);
#ifndef SQLITE_OMIT_UTF16
if( encoding!=SQLITE_UTF8 ){
rc = sqlite3VdbeMemSetStr(pOut, pOp->p4.z, -1, SQLITE_UTF8, SQLITE_STATIC);
assert( rc==SQLITE_OK || rc==SQLITE_TOOBIG );
if( SQLITE_OK!=sqlite3VdbeChangeEncoding(pOut, encoding) ) goto no_mem;
assert( pOut->szMalloc>0 && pOut->zMalloc==pOut->z );
assert( VdbeMemDynamic(pOut)==0 );
pOut->szMalloc = 0;
pOut->flags |= MEM_Static;
if( pOp->p4type==P4_DYNAMIC ){
sqlite3DbFree(db, pOp->p4.z);
}
pOp->p4type = P4_DYNAMIC;
pOp->p4.z = pOut->z;
pOp->p1 = pOut->n;
}
testcase( rc==SQLITE_TOOBIG );
#endif
if( pOp->p1>db->aLimit[SQLITE_LIMIT_LENGTH] ){
goto too_big;
}
assert( rc==SQLITE_OK );
/* Fall through to the next case, OP_String */
}
|
> < |
1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 |
pOp->opcode = OP_String;
pOp->p1 = sqlite3Strlen30(pOp->p4.z);
#ifndef SQLITE_OMIT_UTF16
if( encoding!=SQLITE_UTF8 ){
rc = sqlite3VdbeMemSetStr(pOut, pOp->p4.z, -1, SQLITE_UTF8, SQLITE_STATIC);
assert( rc==SQLITE_OK || rc==SQLITE_TOOBIG );
if( rc ) goto too_big;
if( SQLITE_OK!=sqlite3VdbeChangeEncoding(pOut, encoding) ) goto no_mem;
assert( pOut->szMalloc>0 && pOut->zMalloc==pOut->z );
assert( VdbeMemDynamic(pOut)==0 );
pOut->szMalloc = 0;
pOut->flags |= MEM_Static;
if( pOp->p4type==P4_DYNAMIC ){
sqlite3DbFree(db, pOp->p4.z);
}
pOp->p4type = P4_DYNAMIC;
pOp->p4.z = pOut->z;
pOp->p1 = pOut->n;
}
#endif
if( pOp->p1>db->aLimit[SQLITE_LIMIT_LENGTH] ){
goto too_big;
}
assert( rc==SQLITE_OK );
/* Fall through to the next case, OP_String */
}
|