/ Check-in [89b0ee33]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix an almost entirely harmless buffer overread in the sessions module.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | permutations-fix
Files: files | file ages | folders
SHA1: 89b0ee3351381f7bc666cb206f77a56f2e0d4a0e
User & Date: dan 2016-04-29 10:13:22
Context
2016-04-29
11:33
Modify the permutations.test script so as to set any permutation specific configuration values before running each individual test script. Fix a mostly harmless buffer overread in the sessions module. check-in: 4cbd5024 user: dan tags: trunk
10:13
Fix an almost entirely harmless buffer overread in the sessions module. Closed-Leaf check-in: 89b0ee33 user: dan tags: permutations-fix
2016-04-28
14:59
Merge latest changes from trunk with this branch. check-in: 45467ee4 user: dan tags: permutations-fix
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to ext/session/sqlite3session.c.

588
589
590
591
592
593
594

595
596
597
598
599
600



601
602

603
604
605
606
607
608
609
  u8 *aRight                      /* Change record */
){
  u8 *a1 = aLeft;                 /* Cursor to iterate through aLeft */
  u8 *a2 = aRight;                /* Cursor to iterate through aRight */
  int iCol;                       /* Used to iterate through table columns */

  for(iCol=0; iCol<pTab->nCol; iCol++){

    int n1 = sessionSerialLen(a1);
    int n2 = sessionSerialLen(a2);

    if( pTab->abPK[iCol] && (n1!=n2 || memcmp(a1, a2, n1)) ){
      return 0;
    }



    if( pTab->abPK[iCol] || bLeftPkOnly==0 ) a1 += n1;
    if( pTab->abPK[iCol] || bRightPkOnly==0 ) a2 += n2;

  }

  return 1;
}

/*
** Arguments aLeft and aRight both point to buffers containing change







>
|
|

|
|
|
>
>
>
|
|
>







588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
  u8 *aRight                      /* Change record */
){
  u8 *a1 = aLeft;                 /* Cursor to iterate through aLeft */
  u8 *a2 = aRight;                /* Cursor to iterate through aRight */
  int iCol;                       /* Used to iterate through table columns */

  for(iCol=0; iCol<pTab->nCol; iCol++){
    if( pTab->abPK[iCol] ){
      int n1 = sessionSerialLen(a1);
      int n2 = sessionSerialLen(a2);

      if( pTab->abPK[iCol] && (n1!=n2 || memcmp(a1, a2, n1)) ){
        return 0;
      }
      a1 += n1;
      a2 += n2;
    }else{
      if( bLeftPkOnly==0 ) a1 += sessionSerialLen(a1);
      if( bRightPkOnly==0 ) a2 += sessionSerialLen(a2);
    }
  }

  return 1;
}

/*
** Arguments aLeft and aRight both point to buffers containing change