/ Check-in [c13d5639]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Detect oversized strings in the OP_String opcode even if the P4 argument is originally UTF8 and has to be converted to UTF16 to match the database file and that conversion causes the string to become shorter and cross below SQLITE_LIMIT_LENGTH threshold. This might fix an OSSFuzz problem that we have been so far unable to reproduce.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256:c13d563925db12bc2c91ff9432050261e5bd39d960e2739777a66bf804df2e31
User & Date: drh 2019-02-21 16:41:34
Context
2019-02-22
15:42
Modify sqlite3_str_finish() and sqlite3VMPrintf() so that they always return NULL on any OOM or SQLITE_LIMIT_LENGTH error. check-in: e7144ffd user: drh tags: trunk
2019-02-21
18:11
Fix OOM handling in sqlite3NestedParse(). Leaf check-in: e6e9dd5c user: dan tags: nested-parse-oom
16:41
Detect oversized strings in the OP_String opcode even if the P4 argument is originally UTF8 and has to be converted to UTF16 to match the database file and that conversion causes the string to become shorter and cross below SQLITE_LIMIT_LENGTH threshold. This might fix an OSSFuzz problem that we have been so far unable to reproduce. check-in: c13d5639 user: drh tags: trunk
2019-02-20
19:20
Changes to the unix VFS that allegedly enable it to build of Fuchsia. We have no way of testing this. check-in: be21a641 user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/vdbe.c.

  1098   1098     pOp->opcode = OP_String;
  1099   1099     pOp->p1 = sqlite3Strlen30(pOp->p4.z);
  1100   1100   
  1101   1101   #ifndef SQLITE_OMIT_UTF16
  1102   1102     if( encoding!=SQLITE_UTF8 ){
  1103   1103       rc = sqlite3VdbeMemSetStr(pOut, pOp->p4.z, -1, SQLITE_UTF8, SQLITE_STATIC);
  1104   1104       assert( rc==SQLITE_OK || rc==SQLITE_TOOBIG );
         1105  +    if( rc ) goto too_big;
  1105   1106       if( SQLITE_OK!=sqlite3VdbeChangeEncoding(pOut, encoding) ) goto no_mem;
  1106   1107       assert( pOut->szMalloc>0 && pOut->zMalloc==pOut->z );
  1107   1108       assert( VdbeMemDynamic(pOut)==0 );
  1108   1109       pOut->szMalloc = 0;
  1109   1110       pOut->flags |= MEM_Static;
  1110   1111       if( pOp->p4type==P4_DYNAMIC ){
  1111   1112         sqlite3DbFree(db, pOp->p4.z);
  1112   1113       }
  1113   1114       pOp->p4type = P4_DYNAMIC;
  1114   1115       pOp->p4.z = pOut->z;
  1115   1116       pOp->p1 = pOut->n;
  1116   1117     }
  1117         -  testcase( rc==SQLITE_TOOBIG );
  1118   1118   #endif
  1119   1119     if( pOp->p1>db->aLimit[SQLITE_LIMIT_LENGTH] ){
  1120   1120       goto too_big;
  1121   1121     }
  1122   1122     assert( rc==SQLITE_OK );
  1123   1123     /* Fall through to the next case, OP_String */
  1124   1124   }