Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Fix potential 32-bit integer overflow problems on the offset and length parameters to sqlite3_blob_read() and sqlite3_blob_write(). For sqlite3_blob_open(), make sure the *ppBlob return parameter is zeroed if the interface fails with SQLITE_MISUSE. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
5df02f50f8348dfde4fc15126abc7b7e |
User & Date: | drh 2015-02-07 15:16:35.893 |
Context
2015-02-09
| ||
10:20 | Fix over-length source code lines in resolver.c. No logic changes. (check-in: c12edb8507 user: drh tags: trunk) | |
2015-02-07
| ||
15:30 | Merge increment blob I/O fixes from trunk. (check-in: 292cf68b4c user: drh tags: apple-osx) | |
15:16 | Fix potential 32-bit integer overflow problems on the offset and length parameters to sqlite3_blob_read() and sqlite3_blob_write(). For sqlite3_blob_open(), make sure the *ppBlob return parameter is zeroed if the interface fails with SQLITE_MISUSE. (check-in: 5df02f50f8 user: drh tags: trunk) | |
2015-02-06
| ||
14:51 | Change the name of ".info" to ".dbinfo" and add an optional second argument which is the ATTACH-ed DB about which information is provided. Provide ".indexes" as an alternative name to the legacy ".indices" command. (check-in: 0f65a7e2e0 user: drh tags: trunk) | |
Changes
Changes to src/vdbeblob.c.
︙ | ︙ | |||
150 151 152 153 154 155 156 | int rc = SQLITE_OK; char *zErr = 0; Table *pTab; Parse *pParse = 0; Incrblob *pBlob = 0; #ifdef SQLITE_ENABLE_API_ARMOR | > > > > > > | < | 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 | int rc = SQLITE_OK; char *zErr = 0; Table *pTab; Parse *pParse = 0; Incrblob *pBlob = 0; #ifdef SQLITE_ENABLE_API_ARMOR if( ppBlob==0 ){ return SQLITE_MISUSE_BKPT; } #endif *ppBlob = 0; #ifdef SQLITE_ENABLE_API_ARMOR if( !sqlite3SafetyCheckOk(db) || zTable==0 ){ return SQLITE_MISUSE_BKPT; } #endif flags = !!flags; /* flags = (flags ? 1 : 0); */ sqlite3_mutex_enter(db->mutex); pBlob = (Incrblob *)sqlite3DbMallocZero(db, sizeof(Incrblob)); if( !pBlob ) goto blob_open_out; pParse = sqlite3StackAllocRaw(db, sizeof(*pParse)); if( !pParse ) goto blob_open_out; |
︙ | ︙ | |||
369 370 371 372 373 374 375 | sqlite3 *db; if( p==0 ) return SQLITE_MISUSE_BKPT; db = p->db; sqlite3_mutex_enter(db->mutex); v = (Vdbe*)p->pStmt; | | | 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 | sqlite3 *db; if( p==0 ) return SQLITE_MISUSE_BKPT; db = p->db; sqlite3_mutex_enter(db->mutex); v = (Vdbe*)p->pStmt; if( n<0 || iOffset<0 || ((sqlite3_int64)iOffset+n)>p->nByte ){ /* Request is out of range. Return a transient error. */ rc = SQLITE_ERROR; }else if( v==0 ){ /* If there is no statement handle, then the blob-handle has ** already been invalidated. Return SQLITE_ABORT in this case. */ rc = SQLITE_ABORT; |
︙ | ︙ |
Changes to test/incrblob2.test.
︙ | ︙ | |||
319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 | close $rdHandle } {} do_test incrblob2-6.2 { set rdHandle [db incrblob -readonly t1 data 1] sqlite3_blob_read $rdHandle 0 2 } {AB} do_test incrblob2-6.3 { set wrHandle [db incrblob t1 data 1] sqlite3_blob_write $wrHandle 0 ZZZZZZZZZZ sqlite3_blob_read $rdHandle 2 4 } {ZZZZ} do_test incrblob2-6.4 { close $wrHandle close $rdHandle } {} sqlite3_memory_highwater 1 | > > > > > > > > > > > > > > > > > > > > > > | 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 | close $rdHandle } {} do_test incrblob2-6.2 { set rdHandle [db incrblob -readonly t1 data 1] sqlite3_blob_read $rdHandle 0 2 } {AB} do_test incrblob2-6.2b { set rc [catch { # Prior to 2015-02-07, the following caused a segfault due to # integer overflow. sqlite3_blob_read $rdHandle 2147483647 2147483647 } errmsg] lappend rc $errmsg } {1 SQLITE_ERROR} do_test incrblob2-6.3 { set wrHandle [db incrblob t1 data 1] sqlite3_blob_write $wrHandle 0 ZZZZZZZZZZ sqlite3_blob_read $rdHandle 2 4 } {ZZZZ} do_test incrblob2-6.3b { set rc [catch { # Prior to 2015-02-07, the following caused a segfault due to # integer overflow. sqlite3_blob_write $wrHandle 2147483647 YYYYYYYYYYYYYYYYYY } errmsg] lappend rc $errmsg } {1 SQLITE_ERROR} do_test incrblob2-6.3c { sqlite3_blob_read $rdHandle 2 4 } {ZZZZ} do_test incrblob2-6.4 { close $wrHandle close $rdHandle } {} sqlite3_memory_highwater 1 |
︙ | ︙ |