Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Fix buffer overread when parsing a UTF16 exponent |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
9e61c90be48664843144ba1f07933735 |
User & Date: | peterreid 2013-10-25 02:37:10 |
Context
2013-10-25
| ||
20:20 | Add start of checkpointing code to btree. check-in: 29373a8844 user: dan tags: trunk | |
02:37 | Fix buffer overread when parsing a UTF16 exponent check-in: 9e61c90be4 user: peterreid tags: trunk | |
01:33 | Fix parsing UTF16 nums with multi-digit exponents check-in: 667cfd8694 user: peterreid tags: trunk | |
Changes
Changes to src/math.c.
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
...
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
|
/* ** Convert text into a number and return that number. ** ** When converting from UTF16, this routine only looks at the ** least significant byte of each character. It is assumed that ** the most significant byte of every character in the string ** is 0. If that assumption is violated, then this routine can ** yield an anomolous result. ** ** Conversion stops at the first \000 character. At most nIn bytes ** of zIn are examined. Or if nIn is negative, up to a billion bytes ** are scanned, which we assume is more than will be found in any valid ** numeric string. ** ** If the value does not contain a decimal point or exponent, and is ................................................................................ /* Permit only a single radix in each number */ if( seenRadix ) goto finished; seenRadix = 1; bReal = 1; }else if( c=='e' || c=='E' ){ int f = (flags & (SQLITE4_PREFIX_ONLY|SQLITE4_IGNORE_WHITESPACE)); if( incr==2 ) f |= SQLITE4_UTF16LE; sqlite4_num exp; exp = sqlite4_num_from_text(&zIn[i+incr], nIn-i-incr, f, 0); if( sqlite4_num_isnan(exp) ) goto finished; if( exp.e || exp.m>999 ) goto finished; bReal = 1; r.e += (int)(exp.m) * (exp.sign ? -1 : 1); i = nIn; break; }else{ |
|
>
>
>
>
|
|
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
...
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
|
/* ** Convert text into a number and return that number. ** ** When converting from UTF16, this routine only looks at the ** least significant byte of each character. It is assumed that ** the most significant byte of every character in the string ** is 0. If that assumption is violated, then this routine can ** yield an anomalous result. If the most significant byte of ** the final character is beyond the nIn examined bytes, then ** it is treated as 0. ** ** Conversion stops at the first \000 character. At most nIn bytes ** of zIn are examined. Or if nIn is negative, up to a billion bytes ** are scanned, which we assume is more than will be found in any valid ** numeric string. ** ** If the value does not contain a decimal point or exponent, and is ................................................................................ /* Permit only a single radix in each number */ if( seenRadix ) goto finished; seenRadix = 1; bReal = 1; }else if( c=='e' || c=='E' ){ int f = (flags & (SQLITE4_PREFIX_ONLY|SQLITE4_IGNORE_WHITESPACE)); if( incr==2 ) f |= SQLITE4_UTF16LE; i += incr; if( i>=nIn ) goto finished; sqlite4_num exp; exp = sqlite4_num_from_text(&zIn[i], nIn-i, f, 0); if( sqlite4_num_isnan(exp) ) goto finished; if( exp.e || exp.m>999 ) goto finished; bReal = 1; r.e += (int)(exp.m) * (exp.sign ? -1 : 1); i = nIn; break; }else{ |
Changes to test/num.test.
223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 |
#-------------------------------------------------------------------------
# Test from UTF16BE text
#
foreach {tn in len out} {
0 274 -1 274
1 3e+484 -1 3e+484
} {
do_test num-9.3.$tn {
sqlite4_num_to_text [sqlite4_num_from_text $in $len b]
} $out
}
#-------------------------------------------------------------------------
# Test from UTF16LE text
#
foreach {tn in len out} {
0 4639 -1 4639
1 5e+388 -1 5e+388
} {
do_test num-9.3.$tn {
sqlite4_num_to_text [sqlite4_num_from_text $in $len l]
} $out
}
foreach {tn in out} {
0 50 50
1 -94 -94
|
> > > > > > > > | |
223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 |
#------------------------------------------------------------------------- # Test from UTF16BE text # foreach {tn in len out} { 0 274 -1 274 1 3e+484 -1 3e+484 2 2e1 3 2 3 2e1 4 2 4 2e1 5 2 5 2e1 6 20 } { do_test num-9.3.$tn { sqlite4_num_to_text [sqlite4_num_from_text $in $len b] } $out } #------------------------------------------------------------------------- # Test from UTF16LE text # foreach {tn in len out} { 0 4639 -1 4639 1 5e+388 -1 5e+388 2 2e1 3 2 3 2e1 4 2 4 2e1 5 20 5 2e1 6 20 } { do_test num-9.4.$tn { sqlite4_num_to_text [sqlite4_num_from_text $in $len l] } $out } foreach {tn in out} { 0 50 50 1 -94 -94 |