SQLite

Check-in [075003930d]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a one-byte buffer overread that may follow a syntax error while preparing an SQL statement.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | test-using-fuzzcheck
Files: files | file ages | folders
SHA1: 075003930da98419f671b7833a5850693529fb62
User & Date: dan 2015-05-26 18:58:57.869
Context
2015-05-26
19:01
Merge accidental fork. (Closed-Leaf check-in: e85628e34a user: dan tags: test-using-fuzzcheck)
18:58
Fix a one-byte buffer overread that may follow a syntax error while preparing an SQL statement. (check-in: 075003930d user: dan tags: test-using-fuzzcheck)
18:15
The "make fuzztest" target now uses fuzzcheck instead of fuzzershell. (check-in: 4a5f6f1f01 user: drh tags: test-using-fuzzcheck)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/tokenize.c. 
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460

        }
        break;
      }
    }
  }
abort_parse:
  assert( nErr==0 );
  if( zSql[i]==0 && pParse->rc==SQLITE_OK && db->mallocFailed==0 ){
    if( lastTokenParsed!=TK_SEMI ){
      sqlite3Parser(pEngine, TK_SEMI, pParse->sLastToken, pParse);
      pParse->zTail = &zSql[i];
    }
    if( pParse->rc==SQLITE_OK && db->mallocFailed==0 ){
      sqlite3Parser(pEngine, 0, pParse->sLastToken, pParse);
    }








|








446
447
448
449
450
451
452
453
454
455
456
457
458
459
460

        }
        break;
      }
    }
  }
abort_parse:
  assert( nErr==0 );
  if( pParse->rc==SQLITE_OK && db->mallocFailed==0 && zSql[i]==0 ){
    if( lastTokenParsed!=TK_SEMI ){
      sqlite3Parser(pEngine, TK_SEMI, pParse->sLastToken, pParse);
      pParse->zTail = &zSql[i];
    }
    if( pParse->rc==SQLITE_OK && db->mallocFailed==0 ){
      sqlite3Parser(pEngine, 0, pParse->sLastToken, pParse);
    }
Changes to test/misc1.test. 
689
690
691
692
693
694
695








696

  UPDATE sqlite_master SET sql='CREATE table y(a TEXT, a TEXT)';
  BEGIN;
  CREATE TABLE t2(y);
  ROLLBACK;
  DROP TABLE IF EXISTS t;
} {0 {}}









finish_test








>
>
>
>
>
>
>
>


689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704

  UPDATE sqlite_master SET sql='CREATE table y(a TEXT, a TEXT)';
  BEGIN;
  CREATE TABLE t2(y);
  ROLLBACK;
  DROP TABLE IF EXISTS t;
} {0 {}}


# At one point, running this would read one byte passed the end of a 
# buffer, upsetting valgrind.
#
do_test misc1-24.0 {
  list [catch { sqlite3_prepare_v2 db ! -1 dummy } msg] $msg
} {1 {(1) unrecognized token: "!}}

finish_test