/ Check-in [3a16ddf9]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Ensure that UTF16 strings are properly zero-terminated before returning them in an sqlite3_value_text16() request, even if the string is invalid UTF16 because it was formed from an arbitrary and/or odd-length BLOB.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 3a16ddf91f0c9c516a7fc2a9d4a4f69a8326f9b8ea66421e9ef1a2d663687b70
User & Date: drh 2019-05-03 19:34:41
References
2019-05-16
01:22
Make sure the OP_Concat opcode always correctly zero-terminates a UTF16 string, even if the input strings are ill-formed. This is a followup to check-in [3a16ddf91f0c9c516a7] that fixes a case the previous check-in missed. Also add assert()s to prove correct zero termination. check-in: d612fb78 user: drh tags: trunk
Context
2019-05-04
01:41
In the sqlite3_value or Mem object, make the MEM_IntReal type completely independent from MEM_Int and MEM_Real. This helps avoid problems when inserting non-float values into a "REAL" column. check-in: 5a8a23ee user: drh tags: trunk
2019-05-03
19:34
Ensure that UTF16 strings are properly zero-terminated before returning them in an sqlite3_value_text16() request, even if the string is invalid UTF16 because it was formed from an arbitrary and/or odd-length BLOB. check-in: 3a16ddf9 user: drh tags: trunk
18:50
Fix a memory-leak/segfault caused by using OP_OpenDup and OP_OpenEphemeral on the same VM cursor. check-in: a9b90aa1 user: dan tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/vdbemem.c.

   266    266     pMem->flags &= (MEM_Null|MEM_Int|MEM_Real|MEM_IntReal);
   267    267     return SQLITE_OK;
   268    268   }
   269    269   
   270    270   /*
   271    271   ** It is already known that pMem contains an unterminated string.
   272    272   ** Add the zero terminator.
          273  +**
          274  +** Three bytes of zero are added.  In this way, there is guaranteed
          275  +** to be a double-zero byte at an even byte boundary in order to
          276  +** terminate a UTF16 string, even if the initial size of the buffer
          277  +** is an odd number of bytes.
   273    278   */
   274    279   static SQLITE_NOINLINE int vdbeMemAddTerminator(Mem *pMem){
   275         -  if( sqlite3VdbeMemGrow(pMem, pMem->n+2, 1) ){
          280  +  if( sqlite3VdbeMemGrow(pMem, pMem->n+3, 1) ){
   276    281       return SQLITE_NOMEM_BKPT;
   277    282     }
   278    283     pMem->z[pMem->n] = 0;
   279    284     pMem->z[pMem->n+1] = 0;
          285  +  pMem->z[pMem->n+2] = 0;
   280    286     pMem->flags |= MEM_Term;
   281    287     return SQLITE_OK;
   282    288   }
   283    289   
   284    290   /*
   285    291   ** Change pMem so that its MEM_Str or MEM_Blob value is stored in
   286    292   ** MEM.zMalloc, where it can be safely written.
................................................................................
   346    352       return SQLITE_OK;   /* Nothing to do */
   347    353     }else{
   348    354       return vdbeMemAddTerminator(pMem);
   349    355     }
   350    356   }
   351    357   
   352    358   /*
   353         -** Add MEM_Str to the set of representations for the given Mem.  Numbers
   354         -** are converted using sqlite3_snprintf().  Converting a BLOB to a string
   355         -** is a no-op.
          359  +** Add MEM_Str to the set of representations for the given Mem.  This
          360  +** routine is only called if pMem is a number of some kind, not a NULL
          361  +** or a BLOB.
   356    362   **
   357    363   ** Existing representations MEM_Int and MEM_Real are invalidated if
   358    364   ** bForce is true but are retained if bForce is false.
   359    365   **
   360    366   ** A MEM_Null value will never be passed to this function. This function is
   361    367   ** used for converting values to text for returning to the user (i.e. via
   362    368   ** sqlite3_value_text()), or for ensuring that values to be used as btree