SQLite4
Check-in [408475b607]
Not logged in

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Prevent reading out of bounds in sqlite4_num_from_text. Parsing 'in' (prefix of 'inf') with byte count 2 triggered the bug.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | num_work
Files: files | file ages | folders
SHA1: 408475b607266eb7f0f3f5b246415fd7376f41a7
User & Date: peterreid 2013-02-09 05:31:23
Context
2013-02-09
05:32
Create sqlite4_num_from_int64. check-in: 2552bc97ef user: peterreid tags: num_work
05:31
Prevent reading out of bounds in sqlite4_num_from_text. Parsing 'in' (prefix of 'inf') with byte count 2 triggered the bug. check-in: 408475b607 user: peterreid tags: num_work
05:29
Create sqlite4_num_isnan. check-in: cc1dc90b47 user: peterreid tags: num_work
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/math.c.

   326    326       i = incr;
   327    327     }else if( zIn[0]=='+' ){
   328    328       i = incr;
   329    329     }else{
   330    330       i = 0;
   331    331     }
   332    332     if( nIn<=0 ) goto not_a_valid_number;
   333         -  if( nIn>=incr*2
          333  +  if( nIn>=incr*3
   334    334      && ((c=zIn[i])=='i' || c=='I')
   335    335      && ((c=zIn[i+incr])=='n' || c=='N')
   336    336      && ((c=zIn[i+incr*2])=='f' || c=='F')
   337    337     ){
   338    338       r.e = SQLITE4_MX_EXP+1;
   339    339       r.m = nIn<=i+incr*3 || zIn[i+incr*3]==0;
   340    340       return r;