/ Check-in [6e59e903]
Login
SQLite training in Houston TX on 2019-11-05 (details)
Part of the 2019 Tcl Conference

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a crash that could follow an OOM condition in the instr() SQL function. Problem discovered by OSS-Fuzz.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 6e59e903e4e956617bddef0b94e5cae02d724ac8145940b57ab5b0f628759736
User & Date: dan 2017-03-16 12:11:07
Original Comment: Fix a crash that could follow an OOM condition in the instr() SQL function.
Context
2017-03-16
13:14
Fix a problem in the "showdb" utility that prevents it from correctly decoding cells with no content beyond the record header. check-in: eb7680a1 user: drh tags: trunk
12:11
Fix a crash that could follow an OOM condition in the instr() SQL function. Problem discovered by OSS-Fuzz. check-in: 6e59e903 user: dan tags: trunk
2017-03-15
20:27
Updates to README files under the ext/ hierarchy. No changes to code. check-in: 029bc5d2 user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/func.c.

200
201
202
203
204
205
206
207
208
209




210
211
212
213
214
215
216
  if( typeHaystack==SQLITE_NULL || typeNeedle==SQLITE_NULL ) return;
  nHaystack = sqlite3_value_bytes(argv[0]);
  nNeedle = sqlite3_value_bytes(argv[1]);
  if( nNeedle>0 ){
    if( typeHaystack==SQLITE_BLOB && typeNeedle==SQLITE_BLOB ){
      zHaystack = sqlite3_value_blob(argv[0]);
      zNeedle = sqlite3_value_blob(argv[1]);
      assert( zNeedle!=0 );
      assert( zHaystack!=0 || nHaystack==0 );
      isText = 0;




    }else{
      zHaystack = sqlite3_value_text(argv[0]);
      zNeedle = sqlite3_value_text(argv[1]);
      isText = 1;
      if( zHaystack==0 || zNeedle==0 ) return;
    }
    while( nNeedle<=nHaystack && memcmp(zHaystack, zNeedle, nNeedle)!=0 ){







<
<

>
>
>
>







200
201
202
203
204
205
206


207
208
209
210
211
212
213
214
215
216
217
218
  if( typeHaystack==SQLITE_NULL || typeNeedle==SQLITE_NULL ) return;
  nHaystack = sqlite3_value_bytes(argv[0]);
  nNeedle = sqlite3_value_bytes(argv[1]);
  if( nNeedle>0 ){
    if( typeHaystack==SQLITE_BLOB && typeNeedle==SQLITE_BLOB ){
      zHaystack = sqlite3_value_blob(argv[0]);
      zNeedle = sqlite3_value_blob(argv[1]);


      isText = 0;
      /* The following condition may be true if the arguments passed to this
      ** function are values returned by zeroblob() or similar and an OOM
      ** occurs while expanding the blob value.  */
      if( zNeedle==0 || (nHaystack && zHaystack==0) ) return;
    }else{
      zHaystack = sqlite3_value_text(argv[0]);
      zNeedle = sqlite3_value_text(argv[1]);
      isText = 1;
      if( zHaystack==0 || zNeedle==0 ) return;
    }
    while( nNeedle<=nHaystack && memcmp(zHaystack, zNeedle, nNeedle)!=0 ){

Changes to test/mallocM.test.

17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
















32
set testprefix mallocM

sqlite3_db_config_lookaside db 0 0 0

do_execsql_test 1.0 {
  CREATE TABLE t1(x);
}
do_faultsim_test 1 -faults oom-t* -body {
  execsql {
    SELECT 'abc' FROM ( SELECT 'xyz' FROM t1 WHERE (SELECT 1) )
  }
} -test {
  faultsim_test_result {0 {}}
}

















finish_test







|







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
set testprefix mallocM

sqlite3_db_config_lookaside db 0 0 0

do_execsql_test 1.0 {
  CREATE TABLE t1(x);
}
do_faultsim_test 1 -faults oom* -body {
  execsql {
    SELECT 'abc' FROM ( SELECT 'xyz' FROM t1 WHERE (SELECT 1) )
  }
} -test {
  faultsim_test_result {0 {}}
}

do_execsql_test 2.0.1 { SELECT instr(x'', x'') }         {1}
do_execsql_test 2.0.2 { SELECT instr(x'12345678', x'') } {1}
do_execsql_test 2.0.3 { SELECT instr(x'', x'1234') }     {0}

do_faultsim_test 2.1 -faults oom* -body {
  execsql { SELECT instr (x'00', zeroblob(1)) }
} -test {
  faultsim_test_result {0 1}
}

do_faultsim_test 2.2 -faults oom* -body {
  execsql { SELECT instr (zeroblob(1), x'00') }
} -test {
  faultsim_test_result {0 1}
}

finish_test