SQLite

Check-in [0e4e7a05]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a buffer overread in the sessions extension that could occur when processing a corrupt changeset.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 0e4e7a05c4204b47a324d67e18e76d2a98e26b2723d19d5c655ec9fd2e41f4b7
User & Date: dan 2023-09-07 13:53:09
Context
2023-09-07
16:53
Enhance the ./configure script and its associated Makefile.in so that the --with-linenoise=DIR argument cause the linenoise command-line editing library located in directory DIR to be linked with the sqlite3 CLI. (check-in: 6c7822b5 user: drh tags: trunk)
14:04
Fix a buffer overread in the sessions extension that could occur when processing a corrupt changeset. (check-in: 6009c871 user: drh tags: branch-3.43)
13:53
Fix a buffer overread in the sessions extension that could occur when processing a corrupt changeset. (check-in: 0e4e7a05 user: dan tags: trunk)
13:48
Fix a harmless compiler warning in the sqldiff.c utility. (check-in: e6390a65 user: drh tags: trunk)
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to ext/session/sqlite3session.c. 

3232
3233
3234
3235
3236
3237
3238



3239
3240
3241
3242
3243
3244
3245
3246
3247

3248
3249
3250
3251
3252
3253
3254

            u8 enc = (eType==SQLITE_TEXT ? SQLITE_UTF8 : 0);
            rc = sessionValueSetStr(apOut[i],&pIn->aData[pIn->iNext],nByte,enc);
            pIn->iNext += nByte;
          }
        }
      }
      if( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT ){



        sqlite3_int64 v = sessionGetI64(aVal);
        if( eType==SQLITE_INTEGER ){
          sqlite3VdbeMemSetInt64(apOut[i], v);
        }else{
          double d;
          memcpy(&d, &v, 8);
          sqlite3VdbeMemSetDouble(apOut[i], d);
        }
        pIn->iNext += 8;

      }
    }
  }

  return rc;
}









>
>
>
|
|
|
|
|
|
|
|
|
>








3232
3233
3234
3235
3236
3237
3238
3239
3240
3241
3242
3243
3244
3245
3246
3247
3248
3249
3250
3251
3252
3253
3254
3255
3256
3257
3258

            u8 enc = (eType==SQLITE_TEXT ? SQLITE_UTF8 : 0);
            rc = sessionValueSetStr(apOut[i],&pIn->aData[pIn->iNext],nByte,enc);
            pIn->iNext += nByte;
          }
        }
      }
      if( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT ){
        if( (pIn->nData-pIn->iNext)<8 ){
          rc = SQLITE_CORRUPT_BKPT;
        }else{
          sqlite3_int64 v = sessionGetI64(aVal);
          if( eType==SQLITE_INTEGER ){
            sqlite3VdbeMemSetInt64(apOut[i], v);
          }else{
            double d;
            memcpy(&d, &v, 8);
            sqlite3VdbeMemSetDouble(apOut[i], d);
          }
          pIn->iNext += 8;
        }
      }
    }
  }

  return rc;
}

Changes to test/testrunner_data.tcl. 

94
95
96
97
98
99
100
101



102
103
104
105
106
107
108

  #
  set build(All-Debug) {
    --enable-debug --enable-all
  }
  set build(All-O0) {
    -O0 --enable-all
  }
  set build(All-Sanitize) { --enable-all -fsanitize=address,undefined }




  set build(Sanitize) {
    CC=clang -fsanitize=address,undefined
    -DSQLITE_ENABLE_STAT4
    -DCONFIG_SLOWDOWN_FACTOR=5.0
    --enable-debug
    --enable-all








|
>
>
>








94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111

  #
  set build(All-Debug) {
    --enable-debug --enable-all
  }
  set build(All-O0) {
    -O0 --enable-all
  }
  set build(All-Sanitize) { 
    -DSQLITE_OMIT_LOOKASIDE=1
    --enable-all -fsanitize=address,undefined 
  }

  set build(Sanitize) {
    CC=clang -fsanitize=address,undefined
    -DSQLITE_ENABLE_STAT4
    -DCONFIG_SLOWDOWN_FACTOR=5.0
    --enable-debug
    --enable-all