/ Check-in [4195a3f8]
Login
Home Timeline Branches

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix the isLikeOrGlob() routine in the WHERE clause processing logic so that it avoids signed/unsigned character comparisons, as that can lead to an incorrect answer if the ESCAPE clause is an invalid UTF8 string. Problem found by OSSFuzz.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 4195a3f8b5d2c2ec63771890c5aa7b5e2de60b9fa2273652730239b8577ae418
User & Date: drh 2018-08-09 21:45:45
Context
2018-08-13
11:32
Fix an incorrect comment on the unix-nolock VFS object. No functional code changes. (check-in: 90f7c193 user: drh tags: trunk)
2018-08-10
15:27
Merge latest trunk changes with this branch. (check-in: c355a837 user: dan tags: alter-table-rename-column)
2018-08-09
21:45
Fix the isLikeOrGlob() routine in the WHERE clause processing logic so that it avoids signed/unsigned character comparisons, as that can lead to an incorrect answer if the ESCAPE clause is an invalid UTF8 string. Problem found by OSSFuzz. (check-in: 4195a3f8 user: drh tags: trunk)
18:36
When a column must be a constant due to WHERE clause and the value of that column is being coded as a constant, make sure the affinity is correct. (check-in: 7404ea83 user: drh tags: trunk)
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/whereexpr.c. 

   190    190   static int isLikeOrGlob(
   191    191     Parse *pParse,    /* Parsing and code generating context */
   192    192     Expr *pExpr,      /* Test this expression */
   193    193     Expr **ppPrefix,  /* Pointer to TK_STRING expression with pattern prefix */
   194    194     int *pisComplete, /* True if the only wildcard is % in the last character */
   195    195     int *pnoCase      /* True if uppercase is equivalent to lowercase */
   196    196   ){
   197         -  const u8 *z = 0;         /* String on RHS of LIKE operator */
          197  +  const u8 *z = 0;           /* String on RHS of LIKE operator */
   198    198     Expr *pRight, *pLeft;      /* Right and left size of LIKE operator */
   199    199     ExprList *pList;           /* List of operands to the LIKE operator */
   200         -  int c;                     /* One character in z[] */
          200  +  u8 c;                      /* One character in z[] */
   201    201     int cnt;                   /* Number of non-wildcard prefix characters */
   202         -  char wc[4];                /* Wildcard characters */
          202  +  u8 wc[4];                  /* Wildcard characters */
   203    203     sqlite3 *db = pParse->db;  /* Database connection */
   204    204     sqlite3_value *pVal = 0;
   205    205     int op;                    /* Opcode of pRight */
   206    206     int rc;                    /* Result code to return */
   207    207   
   208         -  if( !sqlite3IsLikeFunction(db, pExpr, pnoCase, wc) ){
          208  +  if( !sqlite3IsLikeFunction(db, pExpr, pnoCase, (char*)wc) ){
   209    209       return 0;
   210    210     }
   211    211   #ifdef SQLITE_EBCDIC
   212    212     if( *pnoCase ) return 0;
   213    213   #endif
   214    214     pList = pExpr->x.pList;
   215    215     pLeft = pList->a[1].pExpr;

Changes to test/fuzzdata5.db. 

cannot compute difference between binary files

This page was generated in about 0.069s by Fossil 2.12 [fb77abd3b5] 2020-08-01 16:07:22