Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Prevent reading out of bounds in sqlite4_num_from_text. Parsing 'in' (prefix of 'inf') with byte count 2 triggered the bug. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | num_work |
Files: | files | file ages | folders |
SHA1: |
408475b607266eb7f0f3f5b246415fd7 |
User & Date: | peterreid 2013-02-09 05:31:23.829 |
Context
2013-02-09
| ||
05:32 | Create sqlite4_num_from_int64. check-in: 2552bc97ef user: peterreid tags: num_work | |
05:31 | Prevent reading out of bounds in sqlite4_num_from_text. Parsing 'in' (prefix of 'inf') with byte count 2 triggered the bug. check-in: 408475b607 user: peterreid tags: num_work | |
05:29 | Create sqlite4_num_isnan. check-in: cc1dc90b47 user: peterreid tags: num_work | |
Changes
Changes to src/math.c.
︙ | ︙ | |||
326 327 328 329 330 331 332 | i = incr; }else if( zIn[0]=='+' ){ i = incr; }else{ i = 0; } if( nIn<=0 ) goto not_a_valid_number; | | | 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 | i = incr; }else if( zIn[0]=='+' ){ i = incr; }else{ i = 0; } if( nIn<=0 ) goto not_a_valid_number; if( nIn>=incr*3 && ((c=zIn[i])=='i' || c=='I') && ((c=zIn[i+incr])=='n' || c=='N') && ((c=zIn[i+incr*2])=='f' || c=='F') ){ r.e = SQLITE4_MX_EXP+1; r.m = nIn<=i+incr*3 || zIn[i+incr*3]==0; return r; |
︙ | ︙ |