Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Ensure that the replace() SQL function always returns a TEXT value even when its first argument is numeric and its second argument is an empty string. Fix for the issue reported by forum post 3776b48e71. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
01868ebcd25fadb2034da234c0636e82 |
| User & Date: | drh 2024-01-20 13:18:22 |
Context
|
2024-03-06
| ||
| 20:52 | Ensure that the replace() SQL function always returns a TEXT value even when its first argument is numeric and its second argument is an empty string. Fix for the issue reported by forum post 3776b48e71. (check-in: a7c98c8f user: mistachkin tags: branch-3.45) | |
|
2024-01-20
| ||
| 15:13 | When doing a text-affinity comparison between two values where one or both have both a text and a numeric type, make sure the numeric type does not confuse the answer. This is a deeper fix to the problem observed by forum pose 3776b48e71. The problem bisects to [25f2246be404f38b] on 2014-08-24, prior to version 3.8.7. (check-in: 709841f8 user: drh tags: trunk) | |
| 13:18 | Ensure that the replace() SQL function always returns a TEXT value even when its first argument is numeric and its second argument is an empty string. Fix for the issue reported by forum post 3776b48e71. (check-in: 01868ebc user: drh tags: trunk) | |
| 12:13 | When backing out a character in a constructed string in JSON, first make sure the string has not been reset by on OOM. dbsqlfuzz 2fffbea91a5376526ea118d4fe4188c8dd35e317. (check-in: 666690eb user: drh tags: trunk) | |
Changes
Changes to src/func.c.
| ︙ | ︙ | |||
1405 1406 1407 1408 1409 1410 1411 |
if( zPattern==0 ){
assert( sqlite3_value_type(argv[1])==SQLITE_NULL
|| sqlite3_context_db_handle(context)->mallocFailed );
return;
}
if( zPattern[0]==0 ){
assert( sqlite3_value_type(argv[1])!=SQLITE_NULL );
| | | 1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 |
if( zPattern==0 ){
assert( sqlite3_value_type(argv[1])==SQLITE_NULL
|| sqlite3_context_db_handle(context)->mallocFailed );
return;
}
if( zPattern[0]==0 ){
assert( sqlite3_value_type(argv[1])!=SQLITE_NULL );
sqlite3_result_text(context, (const char*)zStr, nStr, SQLITE_TRANSIENT);
return;
}
nPattern = sqlite3_value_bytes(argv[1]);
assert( zPattern==sqlite3_value_text(argv[1]) ); /* No encoding change */
zRep = sqlite3_value_text(argv[2]);
if( zRep==0 ) return;
nRep = sqlite3_value_bytes(argv[2]);
|
| ︙ | ︙ |
Changes to test/func.test.
| ︙ | ︙ | |||
1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 |
}
} {{This is the larger-main test string}}
do_test func-21.8 {
execsql {
SELECT replace('aaaaaaa', 'a', '0123456789');
}
} {0123456789012345678901234567890123456789012345678901234567890123456789}
ifcapable tclvar {
do_test func-21.9 {
# Attempt to exploit a buffer-overflow that at one time existed
# in the REPLACE function.
set ::str "[string repeat A 29998]CC[string repeat A 35537]"
set ::rep [string repeat B 65536]
| > > > | 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 |
}
} {{This is the larger-main test string}}
do_test func-21.8 {
execsql {
SELECT replace('aaaaaaa', 'a', '0123456789');
}
} {0123456789012345678901234567890123456789012345678901234567890123456789}
do_execsql_test func-21.9 {
SELECT typeof(replace(1,'',0));
} {text}
ifcapable tclvar {
do_test func-21.9 {
# Attempt to exploit a buffer-overflow that at one time existed
# in the REPLACE function.
set ::str "[string repeat A 29998]CC[string repeat A 35537]"
set ::rep [string repeat B 65536]
|
| ︙ | ︙ |