Overview
| Comment: | Guard against excessive width and precision in floating-point conversions in the printf routines. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
c494171f77dc2e5e04cb6d865e688448 |
| User & Date: | drh on 2015-04-07 12:41:17 |
| Other Links: | manifest | tags |
References
|
2015-05-20
| ||
| 19:48 | Avoid signed integer overflow when converting oversized in-line integer widths and precisions in printf(). Cherrypick of [c494171f77dc], [5ce4e7d7651e], [95625ef3adc3] and [8e4ac2ce2441]. (check-in: b330c7ff user: dan tags: branch-3.8.6) | |
Context
|
2015-05-20
| ||
| 19:48 | Avoid signed integer overflow when converting oversized in-line integer widths and precisions in printf(). Cherrypick of [c494171f77dc], [5ce4e7d7651e], [95625ef3adc3] and [8e4ac2ce2441]. (check-in: b330c7ff user: dan tags: branch-3.8.6) | |
|
2015-04-07
| ||
| 13:28 | Further changes to guard against integer overflow in the width and precision of printf() arguments. (check-in: 5ce4e7d7 user: drh tags: trunk) | |
| 12:41 | Guard against excessive width and precision in floating-point conversions in the printf routines. (check-in: c494171f user: drh tags: trunk) | |
|
2015-04-06
| ||
| 11:04 | Fix a problem with fts3 prefix terms within phrase queries on "order=DESC" tables with a mix of negative and positive rowids. (check-in: 3ad829e5 user: dan tags: trunk) | |
Changes
Modified src/printf.c
from [8da9a268]
to [32f69fcb].
| ︙ | ︙ | |||
446 447 448 449 450 451 452 |
prefix = '-';
}else{
if( flag_plussign ) prefix = '+';
else if( flag_blanksign ) prefix = ' ';
else prefix = 0;
}
if( xtype==etGENERIC && precision>0 ) precision--;
| | | 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 |
prefix = '-';
}else{
if( flag_plussign ) prefix = '+';
else if( flag_blanksign ) prefix = ' ';
else prefix = 0;
}
if( xtype==etGENERIC && precision>0 ) precision--;
for(idx=precision&0xfff, rounder=0.5; idx>0; idx--, rounder*=0.1){}
if( xtype==etFLOAT ) realvalue += rounder;
/* Normalize realvalue to within 10.0 > realvalue >= 1.0 */
exp = 0;
if( sqlite3IsNaN((double)realvalue) ){
bufpt = "NaN";
length = 3;
break;
|
| ︙ | ︙ | |||
501 502 503 504 505 506 507 |
flag_rtz = flag_altform2;
}
if( xtype==etEXP ){
e2 = 0;
}else{
e2 = exp;
}
| | | > | 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 |
flag_rtz = flag_altform2;
}
if( xtype==etEXP ){
e2 = 0;
}else{
e2 = exp;
}
if( MAX(e2,0)+(i64)precision+(i64)width > etBUFSIZE - 15 ){
bufpt = zExtra
= sqlite3Malloc( MAX(e2,0)+(i64)precision+(i64)width+15 );
if( bufpt==0 ){
setStrAccumError(pAccum, STRACCUM_NOMEM);
return;
}
}
zOut = bufpt;
nsd = 16 + flag_altform2*10;
|
| ︙ | ︙ |
Modified test/printf.test
from [ec9870c4]
to [2f11179e].
| ︙ | ︙ | |||
522 523 524 525 526 527 528 529 530 531 532 533 534 535 |
} {abc: 1 1 (0.0) :xyz}
do_test printf-2.1.2.8 {
sqlite3_mprintf_double {abc: %d %d (%1.1e) :xyz} 1 1 1.0e-20
} {abc: 1 1 (1.0e-20) :xyz}
do_test printf-2.1.2.9 {
sqlite3_mprintf_double {abc: %d %d (%1.1g) :xyz} 1 1 1.0e-20
} {abc: 1 1 (1e-20) :xyz}
do_test printf-2.1.3.1 {
sqlite3_mprintf_double {abc: (%*.*f) :xyz} 1 1 1.0
} {abc: (1.0) :xyz}
do_test printf-2.1.3.2 {
sqlite3_mprintf_double {abc: (%*.*e) :xyz} 1 1 1.0
} {abc: (1.0e+00) :xyz}
do_test printf-2.1.3.3 {
| > > > | 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 |
} {abc: 1 1 (0.0) :xyz}
do_test printf-2.1.2.8 {
sqlite3_mprintf_double {abc: %d %d (%1.1e) :xyz} 1 1 1.0e-20
} {abc: 1 1 (1.0e-20) :xyz}
do_test printf-2.1.2.9 {
sqlite3_mprintf_double {abc: %d %d (%1.1g) :xyz} 1 1 1.0e-20
} {abc: 1 1 (1e-20) :xyz}
do_test printf-2.1.2.10 {
sqlite3_mprintf_double {abc: %*.*f} 2000000000 1000000000 1.0e-20
} {abc: }
do_test printf-2.1.3.1 {
sqlite3_mprintf_double {abc: (%*.*f) :xyz} 1 1 1.0
} {abc: (1.0) :xyz}
do_test printf-2.1.3.2 {
sqlite3_mprintf_double {abc: (%*.*e) :xyz} 1 1 1.0
} {abc: (1.0e+00) :xyz}
do_test printf-2.1.3.3 {
|
| ︙ | ︙ |