SQLite

Check-in [3a16ddf91f]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Ensure that UTF16 strings are properly zero-terminated before returning them in an sqlite3_value_text16() request, even if the string is invalid UTF16 because it was formed from an arbitrary and/or odd-length BLOB.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 3a16ddf91f0c9c516a7fc2a9d4a4f69a8326f9b8ea66421e9ef1a2d663687b70
User & Date: drh 2019-05-03 19:34:41.227
References
2019-05-16
01:22
Make sure the OP_Concat opcode always correctly zero-terminates a UTF16 string, even if the input strings are ill-formed. This is a followup to check-in [3a16ddf91f0c9c516a7] that fixes a case the previous check-in missed. Also add assert()s to prove correct zero termination. (check-in: d612fb7873 user: drh tags: trunk)
Context
2019-05-04
01:41
In the sqlite3_value or Mem object, make the MEM_IntReal type completely independent from MEM_Int and MEM_Real. This helps avoid problems when inserting non-float values into a "REAL" column. (check-in: 5a8a23ee5f user: drh tags: trunk)
2019-05-03
19:34
Ensure that UTF16 strings are properly zero-terminated before returning them in an sqlite3_value_text16() request, even if the string is invalid UTF16 because it was formed from an arbitrary and/or odd-length BLOB. (check-in: 3a16ddf91f user: drh tags: trunk)
18:50
Fix a memory-leak/segfault caused by using OP_OpenDup and OP_OpenEphemeral on the same VM cursor. (check-in: a9b90aa12e user: dan tags: trunk)
Changes
Side-by-Side Diff Ignore Whitespace Patch
Changes to src/vdbemem.c. 
266
267
268
269
270
271
272





273
274
275

276
277
278
279

280
281
282
283
284
285
286

266
267
268
269
270
271
272
273
274
275
276
277
278
279

280
281
282
283
284
285
286
287
288
289
290
291
292








+
+
+
+
+


-
+




+








  pMem->flags &= (MEM_Null|MEM_Int|MEM_Real|MEM_IntReal);
  return SQLITE_OK;
}

/*
** It is already known that pMem contains an unterminated string.
** Add the zero terminator.
**
** Three bytes of zero are added.  In this way, there is guaranteed
** to be a double-zero byte at an even byte boundary in order to
** terminate a UTF16 string, even if the initial size of the buffer
** is an odd number of bytes.
*/
static SQLITE_NOINLINE int vdbeMemAddTerminator(Mem *pMem){
  if( sqlite3VdbeMemGrow(pMem, pMem->n+2, 1) ){
  if( sqlite3VdbeMemGrow(pMem, pMem->n+3, 1) ){
    return SQLITE_NOMEM_BKPT;
  }
  pMem->z[pMem->n] = 0;
  pMem->z[pMem->n+1] = 0;
  pMem->z[pMem->n+2] = 0;
  pMem->flags |= MEM_Term;
  return SQLITE_OK;
}

/*
** Change pMem so that its MEM_Str or MEM_Blob value is stored in
** MEM.zMalloc, where it can be safely written.

346
347
348
349
350
351
352
353
354
355



356
357
358
359
360
361
362

352
353
354
355
356
357
358



359
360
361
362
363
364
365
366
367
368








-
-
-
+
+
+








    return SQLITE_OK;   /* Nothing to do */
  }else{
    return vdbeMemAddTerminator(pMem);
  }
}

/*
** Add MEM_Str to the set of representations for the given Mem.  Numbers
** are converted using sqlite3_snprintf().  Converting a BLOB to a string
** is a no-op.
** Add MEM_Str to the set of representations for the given Mem.  This
** routine is only called if pMem is a number of some kind, not a NULL
** or a BLOB.
**
** Existing representations MEM_Int and MEM_Real are invalidated if
** bForce is true but are retained if bForce is false.
**
** A MEM_Null value will never be passed to this function. This function is
** used for converting values to text for returning to the user (i.e. via
** sqlite3_value_text()), or for ensuring that values to be used as btree