Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Fix the instr() SQL function so that it makes a copy of its argument before changing the datatype, since the datatype affects processing. Also fix the sqlite3_value_text() routine so that it always works even for values obtained form sqlite3_value_dup(). Ticket [587791f92620090e] |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
3fb40f518086c1e8d11eb1f4134e9654 |
| User & Date: | drh 2019-09-17 03:16:29 |
References
|
2019-09-18
| ||
| 11:16 | Fix an OOB read in the INSTR() function introduced yesterday by check-in [3fb40f518086c1e8] and detected by OSSFuzz. The test case is in TH3. (check-in: d49047c1 user: drh tags: trunk) | |
Context
|
2019-09-17
| ||
| 13:30 | Test cases for ticket [587791f92620090e] (check-in: ca0e3a83 user: drh tags: trunk) | |
| 03:16 | Fix the instr() SQL function so that it makes a copy of its argument before changing the datatype, since the datatype affects processing. Also fix the sqlite3_value_text() routine so that it always works even for values obtained form sqlite3_value_dup(). Ticket [587791f92620090e] (check-in: 3fb40f51 user: drh tags: trunk) | |
|
2019-09-16
| ||
| 20:16 | Improved type information display when tracing VDBE execution. (check-in: ee83d8e3 user: drh tags: trunk) | |
Changes
Changes to src/func.c.
| ︙ | ︙ | |||
199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 |
const unsigned char *zNeedle;
int nHaystack;
int nNeedle;
int typeHaystack, typeNeedle;
int N = 1;
int isText;
unsigned char firstChar;
UNUSED_PARAMETER(argc);
typeHaystack = sqlite3_value_type(argv[0]);
typeNeedle = sqlite3_value_type(argv[1]);
if( typeHaystack==SQLITE_NULL || typeNeedle==SQLITE_NULL ) return;
nHaystack = sqlite3_value_bytes(argv[0]);
nNeedle = sqlite3_value_bytes(argv[1]);
if( nNeedle>0 ){
if( typeHaystack==SQLITE_BLOB && typeNeedle==SQLITE_BLOB ){
zHaystack = sqlite3_value_blob(argv[0]);
zNeedle = sqlite3_value_blob(argv[1]);
isText = 0;
| > > | > > > > > > | > > > > > > | 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 |
const unsigned char *zNeedle;
int nHaystack;
int nNeedle;
int typeHaystack, typeNeedle;
int N = 1;
int isText;
unsigned char firstChar;
sqlite3_value *pC1 = 0;
sqlite3_value *pC2 = 0;
UNUSED_PARAMETER(argc);
typeHaystack = sqlite3_value_type(argv[0]);
typeNeedle = sqlite3_value_type(argv[1]);
if( typeHaystack==SQLITE_NULL || typeNeedle==SQLITE_NULL ) return;
nHaystack = sqlite3_value_bytes(argv[0]);
nNeedle = sqlite3_value_bytes(argv[1]);
if( nNeedle>0 ){
if( typeHaystack==SQLITE_BLOB && typeNeedle==SQLITE_BLOB ){
zHaystack = sqlite3_value_blob(argv[0]);
zNeedle = sqlite3_value_blob(argv[1]);
isText = 0;
}else if( typeHaystack!=SQLITE_BLOB && typeNeedle!=SQLITE_BLOB ){
zHaystack = sqlite3_value_text(argv[0]);
zNeedle = sqlite3_value_text(argv[1]);
isText = 1;
}else{
pC1 = sqlite3_value_dup(argv[0]);
zHaystack = sqlite3_value_text(pC1);
pC2 = sqlite3_value_dup(argv[1]);
zNeedle = sqlite3_value_text(pC2);
isText = 1;
}
if( zNeedle==0 || (nHaystack && zHaystack==0) ){
sqlite3_result_error_nomem(context);
goto endInstr;
}
firstChar = zNeedle[0];
while( nNeedle<=nHaystack
&& (zHaystack[0]!=firstChar || memcmp(zHaystack, zNeedle, nNeedle)!=0)
){
N++;
do{
nHaystack--;
zHaystack++;
}while( isText && (zHaystack[0]&0xc0)==0x80 );
}
if( nNeedle>nHaystack ) N = 0;
}
sqlite3_result_int(context, N);
endInstr:
sqlite3_value_free(pC1);
sqlite3_value_free(pC2);
}
/*
** Implementation of the printf() function.
*/
static void printfFunc(
sqlite3_context *context,
|
| ︙ | ︙ |
Changes to src/vdbemem.c.
| ︙ | ︙ | |||
228 229 230 231 232 233 234 |
** contain a valid string or blob value. */
assert( bPreserve==0 || pMem->flags&(MEM_Blob|MEM_Str) );
testcase( bPreserve && pMem->z==0 );
assert( pMem->szMalloc==0
|| pMem->szMalloc==sqlite3DbMallocSize(pMem->db, pMem->zMalloc) );
if( pMem->szMalloc>0 && bPreserve && pMem->z==pMem->zMalloc ){
| > | > > > > > | 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 |
** contain a valid string or blob value. */
assert( bPreserve==0 || pMem->flags&(MEM_Blob|MEM_Str) );
testcase( bPreserve && pMem->z==0 );
assert( pMem->szMalloc==0
|| pMem->szMalloc==sqlite3DbMallocSize(pMem->db, pMem->zMalloc) );
if( pMem->szMalloc>0 && bPreserve && pMem->z==pMem->zMalloc ){
if( pMem->db ){
pMem->z = pMem->zMalloc = sqlite3DbReallocOrFree(pMem->db, pMem->z, n);
}else{
pMem->zMalloc = sqlite3Realloc(pMem->z, n);
if( pMem->zMalloc==0 ) sqlite3_free(pMem->z);
pMem->z = pMem->zMalloc;
}
bPreserve = 0;
}else{
if( pMem->szMalloc>0 ) sqlite3DbFreeNN(pMem->db, pMem->zMalloc);
pMem->zMalloc = sqlite3DbMallocRaw(pMem->db, n);
}
if( pMem->zMalloc==0 ){
sqlite3VdbeMemSetNull(pMem);
|
| ︙ | ︙ |