/ Check-in [6ef1f662]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Add new defenses against misuse of the C API. Ticket #870. (CVS 1906)
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:6ef1f662d71c75bdb7f61b2fff03f5b1b41e5586
User & Date: drh 2004-08-28 14:49:47
Context
2004-08-28
16:19
Add the sqlite3_libversion() API (ticket #834). Fix the build scripts to correctly build the shared libraries with version 8.4 of Tcl. (CVS 1908) check-in: 6db26a19 user: drh tags: trunk
14:49
Add new defenses against misuse of the C API. Ticket #870. (CVS 1906) check-in: 6ef1f662 user: drh tags: trunk
01:12
Add sqlite_temp_directory to the windows driver. (CVS 1905) check-in: f5b0e5b0 user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Show Whitespace Changes Patch

Changes to src/main.c.

    10     10   **
    11     11   *************************************************************************
    12     12   ** Main file for the SQLite library.  The routines in this file
    13     13   ** implement the programmer interface to the library.  Routines in
    14     14   ** other files are for internal use by SQLite and should not be
    15     15   ** accessed by users of the library.
    16     16   **
    17         -** $Id: main.c,v 1.253 2004/08/21 17:54:45 drh Exp $
           17  +** $Id: main.c,v 1.254 2004/08/28 14:49:47 drh Exp $
    18     18   */
    19     19   #include "sqliteInt.h"
    20     20   #include "os.h"
    21     21   #include <ctype.h>
    22     22   
    23     23   /*
    24     24   ** The following constant value is used by the SQLITE_BIGENDIAN and
................................................................................
  1236   1236   ** success/failure code that describes the result of executing the virtual
  1237   1237   ** machine.
  1238   1238   **
  1239   1239   ** This routine sets the error code and string returned by
  1240   1240   ** sqlite3_errcode(), sqlite3_errmsg() and sqlite3_errmsg16().
  1241   1241   */
  1242   1242   int sqlite3_finalize(sqlite3_stmt *pStmt){
  1243         -  return pStmt ? sqlite3VdbeFinalize((Vdbe*)pStmt) : SQLITE_OK;
         1243  +  int rc;
         1244  +  if( pStmt==0 ){
         1245  +    rc = SQLITE_OK;
         1246  +  }else{
         1247  +    rc = sqlite3VdbeFinalize((Vdbe*)pStmt);
         1248  +  }
         1249  +  return rc;
  1244   1250   }
  1245   1251   
  1246   1252   /*
  1247   1253   ** Terminate the current execution of an SQL statement and reset it
  1248   1254   ** back to its starting state so that it can be reused. A success code from
  1249   1255   ** the prior execution is returned.
  1250   1256   **
  1251   1257   ** This routine sets the error code and string returned by
  1252   1258   ** sqlite3_errcode(), sqlite3_errmsg() and sqlite3_errmsg16().
  1253   1259   */
  1254   1260   int sqlite3_reset(sqlite3_stmt *pStmt){
  1255         -  int rc = sqlite3VdbeReset((Vdbe*)pStmt);
         1261  +  int rc;
         1262  +  if( pStmt==0 ){
         1263  +    rc = SQLITE_OK;
         1264  +  }else{
         1265  +    rc = sqlite3VdbeReset((Vdbe*)pStmt);
  1256   1266     sqlite3VdbeMakeReady((Vdbe*)pStmt, -1, 0, 0, 0);
         1267  +  }
  1257   1268     return rc;
  1258   1269   }
  1259   1270   
  1260   1271   /*
  1261   1272   ** Register a new collation sequence with the database handle db.
  1262   1273   */
  1263   1274   int sqlite3_create_collation(

Changes to src/vdbeapi.c.

   134    134   ** statement is completely executed or an error occurs.
   135    135   */
   136    136   int sqlite3_step(sqlite3_stmt *pStmt){
   137    137     Vdbe *p = (Vdbe*)pStmt;
   138    138     sqlite *db;
   139    139     int rc;
   140    140   
   141         -  if( p->magic!=VDBE_MAGIC_RUN ){
          141  +  if( p==0 || p->magic!=VDBE_MAGIC_RUN ){
   142    142       return SQLITE_MISUSE;
   143    143     }
   144    144     if( p->aborted ){
   145    145       return SQLITE_ABORT;
   146    146     }
   147    147     db = p->db;
   148    148     if( sqlite3SafetyOn(db) ){
................................................................................
   258    258   }
   259    259   
   260    260   /*
   261    261   ** Return the number of columns in the result set for the statement pStmt.
   262    262   */
   263    263   int sqlite3_column_count(sqlite3_stmt *pStmt){
   264    264     Vdbe *pVm = (Vdbe *)pStmt;
   265         -  return pVm->nResColumn;
          265  +  return pVm ? pVm->nResColumn : 0;
   266    266   }
   267    267   
   268    268   /*
   269    269   ** Return the number of values available from the current row of the
   270    270   ** currently executing statement pStmt.
   271    271   */
   272    272   int sqlite3_data_count(sqlite3_stmt *pStmt){
   273    273     Vdbe *pVm = (Vdbe *)pStmt;
   274         -  if( !pVm->resOnStack ) return 0;
          274  +  if( pVm==0 || !pVm->resOnStack ) return 0;
   275    275     return pVm->nResColumn;
   276    276   }
   277    277   
   278    278   
   279    279   /*
   280    280   ** Check to see if column iCol of the given statement is valid.  If
   281    281   ** it is, return a pointer to the Mem for the value of that column.
................................................................................
   401    401   ** out of range, then SQLITE_RANGE is returned. Othewise SQLITE_OK.
   402    402   **
   403    403   ** The error code stored in database p->db is overwritten with the return
   404    404   ** value in any case.
   405    405   */
   406    406   static int vdbeUnbind(Vdbe *p, int i){
   407    407     Mem *pVar;
   408         -  if( p->magic!=VDBE_MAGIC_RUN || p->pc>=0 ){
          408  +  if( p==0 || p->magic!=VDBE_MAGIC_RUN || p->pc>=0 ){
   409    409       sqlite3Error(p->db, SQLITE_MISUSE, 0);
   410    410       return SQLITE_MISUSE;
   411    411     }
   412    412     if( i<1 || i>p->nVar ){
   413    413       sqlite3Error(p->db, SQLITE_RANGE, 0);
   414    414       return SQLITE_RANGE;
   415    415     }