Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Prevent reading out of bounds in sqlite4_num_from_text. Parsing 'in' (prefix of 'inf') with byte count 2 triggered the bug.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | num_work
Files: files | file ages | folders
SHA1: 408475b607266eb7f0f3f5b246415fd7376f41a7
User & Date: peterreid 2013-02-09 05:31:23.829
Context
2013-02-09
05:32
Create sqlite4_num_from_int64. check-in: 2552bc97ef user: peterreid tags: num_work
05:31
Prevent reading out of bounds in sqlite4_num_from_text. Parsing 'in' (prefix of 'inf') with byte count 2 triggered the bug. check-in: 408475b607 user: peterreid tags: num_work
05:29
Create sqlite4_num_isnan. check-in: cc1dc90b47 user: peterreid tags: num_work
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/math.c. 
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340

    i = incr;
  }else if( zIn[0]=='+' ){
    i = incr;
  }else{
    i = 0;
  }
  if( nIn<=0 ) goto not_a_valid_number;
  if( nIn>=incr*2
   && ((c=zIn[i])=='i' || c=='I')
   && ((c=zIn[i+incr])=='n' || c=='N')
   && ((c=zIn[i+incr*2])=='f' || c=='F')
  ){
    r.e = SQLITE4_MX_EXP+1;
    r.m = nIn<=i+incr*3 || zIn[i+incr*3]==0;
    return r;








|








326
327
328
329
330
331
332
333
334
335
336
337
338
339
340

    i = incr;
  }else if( zIn[0]=='+' ){
    i = incr;
  }else{
    i = 0;
  }
  if( nIn<=0 ) goto not_a_valid_number;
  if( nIn>=incr*3
   && ((c=zIn[i])=='i' || c=='I')
   && ((c=zIn[i+incr])=='n' || c=='N')
   && ((c=zIn[i+incr*2])=='f' || c=='F')
  ){
    r.e = SQLITE4_MX_EXP+1;
    r.m = nIn<=i+incr*3 || zIn[i+incr*3]==0;
    return r;