Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Prevent reading out of bounds in sqlite4_num_from_text. Parsing 'in' (prefix of 'inf') with byte count 2 triggered the bug. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | num_work |
| Files: | files | file ages | folders |
| SHA1: |
408475b607266eb7f0f3f5b246415fd7 |
| User & Date: | peterreid 2013-02-09 05:31:23 |
Context
|
2013-02-09
| ||
| 05:32 | Create sqlite4_num_from_int64. check-in: 2552bc97ef user: peterreid tags: num_work | |
| 05:31 | Prevent reading out of bounds in sqlite4_num_from_text. Parsing 'in' (prefix of 'inf') with byte count 2 triggered the bug. check-in: 408475b607 user: peterreid tags: num_work | |
| 05:29 | Create sqlite4_num_isnan. check-in: cc1dc90b47 user: peterreid tags: num_work | |
Changes
Changes to src/math.c.
326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 |
i = incr;
}else if( zIn[0]=='+' ){
i = incr;
}else{
i = 0;
}
if( nIn<=0 ) goto not_a_valid_number;
if( nIn>=incr*2
&& ((c=zIn[i])=='i' || c=='I')
&& ((c=zIn[i+incr])=='n' || c=='N')
&& ((c=zIn[i+incr*2])=='f' || c=='F')
){
r.e = SQLITE4_MX_EXP+1;
r.m = nIn<=i+incr*3 || zIn[i+incr*3]==0;
return r;
|
| |
326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 |
i = incr;
}else if( zIn[0]=='+' ){
i = incr;
}else{
i = 0;
}
if( nIn<=0 ) goto not_a_valid_number;
if( nIn>=incr*3
&& ((c=zIn[i])=='i' || c=='I')
&& ((c=zIn[i+incr])=='n' || c=='N')
&& ((c=zIn[i+incr*2])=='f' || c=='F')
){
r.e = SQLITE4_MX_EXP+1;
r.m = nIn<=i+incr*3 || zIn[i+incr*3]==0;
return r;
|