Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Fix buffer overread when parsing a UTF16 exponent |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
9e61c90be48664843144ba1f07933735 |
User & Date: | peterreid 2013-10-25 02:37:10.823 |
Context
2013-10-25
| ||
20:20 | Add start of checkpointing code to btree. check-in: 29373a8844 user: dan tags: trunk | |
02:37 | Fix buffer overread when parsing a UTF16 exponent check-in: 9e61c90be4 user: peterreid tags: trunk | |
01:33 | Fix parsing UTF16 nums with multi-digit exponents check-in: 667cfd8694 user: peterreid tags: trunk | |
Changes
Changes to src/math.c.
︙ | ︙ | |||
299 300 301 302 303 304 305 | /* ** Convert text into a number and return that number. ** ** When converting from UTF16, this routine only looks at the ** least significant byte of each character. It is assumed that ** the most significant byte of every character in the string ** is 0. If that assumption is violated, then this routine can | | > > | 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 | /* ** Convert text into a number and return that number. ** ** When converting from UTF16, this routine only looks at the ** least significant byte of each character. It is assumed that ** the most significant byte of every character in the string ** is 0. If that assumption is violated, then this routine can ** yield an anomalous result. If the most significant byte of ** the final character is beyond the nIn examined bytes, then ** it is treated as 0. ** ** Conversion stops at the first \000 character. At most nIn bytes ** of zIn are examined. Or if nIn is negative, up to a billion bytes ** are scanned, which we assume is more than will be found in any valid ** numeric string. ** ** If the value does not contain a decimal point or exponent, and is |
︙ | ︙ | |||
418 419 420 421 422 423 424 425 | /* Permit only a single radix in each number */ if( seenRadix ) goto finished; seenRadix = 1; bReal = 1; }else if( c=='e' || c=='E' ){ int f = (flags & (SQLITE4_PREFIX_ONLY|SQLITE4_IGNORE_WHITESPACE)); if( incr==2 ) f |= SQLITE4_UTF16LE; sqlite4_num exp; | > > | | 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 | /* Permit only a single radix in each number */ if( seenRadix ) goto finished; seenRadix = 1; bReal = 1; }else if( c=='e' || c=='E' ){ int f = (flags & (SQLITE4_PREFIX_ONLY|SQLITE4_IGNORE_WHITESPACE)); if( incr==2 ) f |= SQLITE4_UTF16LE; i += incr; if( i>=nIn ) goto finished; sqlite4_num exp; exp = sqlite4_num_from_text(&zIn[i], nIn-i, f, 0); if( sqlite4_num_isnan(exp) ) goto finished; if( exp.e || exp.m>999 ) goto finished; bReal = 1; r.e += (int)(exp.m) * (exp.sign ? -1 : 1); i = nIn; break; }else{ |
︙ | ︙ |
Changes to test/num.test.
︙ | ︙ | |||
223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 | #------------------------------------------------------------------------- # Test from UTF16BE text # foreach {tn in len out} { 0 274 -1 274 1 3e+484 -1 3e+484 } { do_test num-9.3.$tn { sqlite4_num_to_text [sqlite4_num_from_text $in $len b] } $out } #------------------------------------------------------------------------- # Test from UTF16LE text # foreach {tn in len out} { 0 4639 -1 4639 1 5e+388 -1 5e+388 } { | > > > > > > > > | | 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 | #------------------------------------------------------------------------- # Test from UTF16BE text # foreach {tn in len out} { 0 274 -1 274 1 3e+484 -1 3e+484 2 2e1 3 2 3 2e1 4 2 4 2e1 5 2 5 2e1 6 20 } { do_test num-9.3.$tn { sqlite4_num_to_text [sqlite4_num_from_text $in $len b] } $out } #------------------------------------------------------------------------- # Test from UTF16LE text # foreach {tn in len out} { 0 4639 -1 4639 1 5e+388 -1 5e+388 2 2e1 3 2 3 2e1 4 2 4 2e1 5 20 5 2e1 6 20 } { do_test num-9.4.$tn { sqlite4_num_to_text [sqlite4_num_from_text $in $len l] } $out } foreach {tn in out} { 0 50 50 1 -94 -94 |
︙ | ︙ |