Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Modify sqlite3_str_finish() and sqlite3VMPrintf() so that they always return NULL on any OOM or SQLITE_LIMIT_LENGTH error. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
e7144ffd21294d7aebbfa6aa5a262797 |
User & Date: | drh 2019-02-22 15:42:10.523 |
Context
2019-02-22
| ||
16:18 | In sqlite3NestedParse() be sure to detect all SQLITE_NOMEM and SQLITE_TOOBIG errors and to distinguish between them. (check-in: 73056b314b user: drh tags: trunk) | |
15:42 | Modify sqlite3_str_finish() and sqlite3VMPrintf() so that they always return NULL on any OOM or SQLITE_LIMIT_LENGTH error. (check-in: e7144ffd21 user: drh tags: trunk) | |
2019-02-21
| ||
16:41 | Detect oversized strings in the OP_String opcode even if the P4 argument is originally UTF8 and has to be converted to UTF16 to match the database file and that conversion causes the string to become shorter and cross below SQLITE_LIMIT_LENGTH threshold. This might fix an OSSFuzz problem that we have been so far unable to reproduce. (check-in: c13d563925 user: drh tags: trunk) | |
Changes
Changes to src/printf.c.
︙ | ︙ | |||
132 133 134 135 136 137 138 | /* ** Set the StrAccum object to an error mode. */ static void setStrAccumError(StrAccum *p, u8 eError){ assert( eError==SQLITE_NOMEM || eError==SQLITE_TOOBIG ); p->accError = eError; | | | 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 | /* ** Set the StrAccum object to an error mode. */ static void setStrAccumError(StrAccum *p, u8 eError){ assert( eError==SQLITE_NOMEM || eError==SQLITE_TOOBIG ); p->accError = eError; if( p->mxAlloc ) sqlite3_str_reset(p); } /* ** Extra argument values from a PrintfArguments object */ static sqlite3_int64 getIntArg(PrintfArguments *p){ if( p->nArg<=p->nUsed ) return 0; |
︙ | ︙ | |||
162 163 164 165 166 167 168 169 170 171 172 173 174 175 | ** of the output buffer in pAccum, then cause an SQLITE_TOOBIG error. ** Do the size check before the memory allocation to prevent rogue ** SQL from requesting large allocations using the precision or width ** field of the printf() function. */ static char *printfTempBuf(sqlite3_str *pAccum, sqlite3_int64 n){ char *z; if( n>pAccum->nAlloc && n>pAccum->mxAlloc ){ setStrAccumError(pAccum, SQLITE_TOOBIG); return 0; } z = sqlite3DbMallocRaw(pAccum->db, n); if( z==0 ){ setStrAccumError(pAccum, SQLITE_NOMEM); | > | 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 | ** of the output buffer in pAccum, then cause an SQLITE_TOOBIG error. ** Do the size check before the memory allocation to prevent rogue ** SQL from requesting large allocations using the precision or width ** field of the printf() function. */ static char *printfTempBuf(sqlite3_str *pAccum, sqlite3_int64 n){ char *z; if( pAccum->accError ) return 0; if( n>pAccum->nAlloc && n>pAccum->mxAlloc ){ setStrAccumError(pAccum, SQLITE_TOOBIG); return 0; } z = sqlite3DbMallocRaw(pAccum->db, n); if( z==0 ){ setStrAccumError(pAccum, SQLITE_NOMEM); |
︙ | ︙ | |||
881 882 883 884 885 886 887 | assert( p->nChar+(i64)N >= p->nAlloc ); /* Only called if really needed */ if( p->accError ){ testcase(p->accError==SQLITE_TOOBIG); testcase(p->accError==SQLITE_NOMEM); return 0; } if( p->mxAlloc==0 ){ | < | | 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 | assert( p->nChar+(i64)N >= p->nAlloc ); /* Only called if really needed */ if( p->accError ){ testcase(p->accError==SQLITE_TOOBIG); testcase(p->accError==SQLITE_NOMEM); return 0; } if( p->mxAlloc==0 ){ setStrAccumError(p, SQLITE_TOOBIG); return p->nAlloc - p->nChar - 1; }else{ char *zOld = isMalloced(p) ? p->zText : 0; i64 szNew = p->nChar; szNew += N + 1; if( szNew+p->nChar<=p->mxAlloc ){ /* Force exponential buffer size growth as long as it does not overflow, ** to avoid having to call this routine too often */ |
︙ | ︙ | |||
955 956 957 958 959 960 961 | ** Append N bytes of text from z to the StrAccum object. Increase the ** size of the memory allocation for StrAccum if necessary. */ void sqlite3_str_append(sqlite3_str *p, const char *z, int N){ assert( z!=0 || N==0 ); assert( p->zText!=0 || p->nChar==0 || p->accError ); assert( N>=0 ); | | | 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 | ** Append N bytes of text from z to the StrAccum object. Increase the ** size of the memory allocation for StrAccum if necessary. */ void sqlite3_str_append(sqlite3_str *p, const char *z, int N){ assert( z!=0 || N==0 ); assert( p->zText!=0 || p->nChar==0 || p->accError ); assert( N>=0 ); assert( p->accError==0 || p->nAlloc==0 || p->mxAlloc==0 ); if( p->nChar+N >= p->nAlloc ){ enlargeAndAppend(p,z,N); }else if( N ){ assert( p->zText ); p->nChar += N; memcpy(&p->zText[p->nChar-N], z, N); } |
︙ | ︙ |
Changes to test/printf.test.
︙ | ︙ | |||
536 537 538 539 540 541 542 | sqlite3_mprintf_double {abc: %d %d (%1.1e) :xyz} 1 1 1.0e-20 } {abc: 1 1 (1.0e-20) :xyz} do_test printf-2.1.2.9 { sqlite3_mprintf_double {abc: %d %d (%1.1g) :xyz} 1 1 1.0e-20 } {abc: 1 1 (1e-20) :xyz} do_test printf-2.1.2.10 { sqlite3_mprintf_double {abc: %*.*f} 2000000000 1000000000 1.0e-20 | | | 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 | sqlite3_mprintf_double {abc: %d %d (%1.1e) :xyz} 1 1 1.0e-20 } {abc: 1 1 (1.0e-20) :xyz} do_test printf-2.1.2.9 { sqlite3_mprintf_double {abc: %d %d (%1.1g) :xyz} 1 1 1.0e-20 } {abc: 1 1 (1e-20) :xyz} do_test printf-2.1.2.10 { sqlite3_mprintf_double {abc: %*.*f} 2000000000 1000000000 1.0e-20 } {} do_test printf-2.1.3.1 { sqlite3_mprintf_double {abc: (%*.*f) :xyz} 1 1 1.0 } {abc: (1.0) :xyz} do_test printf-2.1.3.2 { sqlite3_mprintf_double {abc: (%*.*e) :xyz} 1 1 1.0 } {abc: (1.0e+00) :xyz} do_test printf-2.1.3.3 { |
︙ | ︙ |