/ Check-in [89b0ee33]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix an almost entirely harmless buffer overread in the sessions module.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | permutations-fix
Files: files | file ages | folders
SHA1: 89b0ee3351381f7bc666cb206f77a56f2e0d4a0e
User & Date: dan 2016-04-29 10:13:22
Context
2016-04-29
11:33
Modify the permutations.test script so as to set any permutation specific configuration values before running each individual test script. Fix a mostly harmless buffer overread in the sessions module. check-in: 4cbd5024 user: dan tags: trunk
10:13
Fix an almost entirely harmless buffer overread in the sessions module. Closed-Leaf check-in: 89b0ee33 user: dan tags: permutations-fix
2016-04-28
14:59
Merge latest changes from trunk with this branch. check-in: 45467ee4 user: dan tags: permutations-fix
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to ext/session/sqlite3session.c.

   588    588     u8 *aRight                      /* Change record */
   589    589   ){
   590    590     u8 *a1 = aLeft;                 /* Cursor to iterate through aLeft */
   591    591     u8 *a2 = aRight;                /* Cursor to iterate through aRight */
   592    592     int iCol;                       /* Used to iterate through table columns */
   593    593   
   594    594     for(iCol=0; iCol<pTab->nCol; iCol++){
   595         -    int n1 = sessionSerialLen(a1);
   596         -    int n2 = sessionSerialLen(a2);
          595  +    if( pTab->abPK[iCol] ){
          596  +      int n1 = sessionSerialLen(a1);
          597  +      int n2 = sessionSerialLen(a2);
   597    598   
   598         -    if( pTab->abPK[iCol] && (n1!=n2 || memcmp(a1, a2, n1)) ){
   599         -      return 0;
          599  +      if( pTab->abPK[iCol] && (n1!=n2 || memcmp(a1, a2, n1)) ){
          600  +        return 0;
          601  +      }
          602  +      a1 += n1;
          603  +      a2 += n2;
          604  +    }else{
          605  +      if( bLeftPkOnly==0 ) a1 += sessionSerialLen(a1);
          606  +      if( bRightPkOnly==0 ) a2 += sessionSerialLen(a2);
   600    607       }
   601         -    if( pTab->abPK[iCol] || bLeftPkOnly==0 ) a1 += n1;
   602         -    if( pTab->abPK[iCol] || bRightPkOnly==0 ) a2 += n2;
   603    608     }
   604    609   
   605    610     return 1;
   606    611   }
   607    612   
   608    613   /*
   609    614   ** Arguments aLeft and aRight both point to buffers containing change