Fix a buffer overread in the sessions extension that could occur when processing a corrupt changeset.

FossilOrigin-Name: 0e4e7a05c4204b47a324d67e18e76d2a98e26b2723d19d5c655ec9fd2e41f4b7

ext/session/sqlite3session.c

@@ -3236,6 +3236,9 @@ static int sessionReadRecord(
         }
       }
       if( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT ){
+        if( (pIn->nData-pIn->iNext)<8 ){
+          rc = SQLITE_CORRUPT_BKPT;
+        }else{
           sqlite3_int64 v = sessionGetI64(aVal);
           if( eType==SQLITE_INTEGER ){
             sqlite3VdbeMemSetInt64(apOut[i], v);
@@ -3248,6 +3251,7 @@ static int sessionReadRecord(
         }
       }
     }
+  }
 
   return rc;
 }

manifest

@@ -1,5 +1,5 @@
-C Fix\sa\sharmless\scompiler\swarning\sin\sthe\ssqldiff.c\sutility.
-D 2023-09-07T13:48:42.668
+C Fix\sa\sbuffer\soverread\sin\sthe\ssessions\sextension\sthat\scould\soccur\swhen\sprocessing\sa\scorrupt\schangeset.
+D 2023-09-07T13:53:09.308
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -539,7 +539,7 @@ F ext/session/sessionrowid.test 85187c2f1b38861a5844868126f69f9ec62223a03449a98a
 F ext/session/sessionsize.test 8fcf4685993c3dbaa46a24183940ab9f5aa9ed0d23e5fb63bfffbdb56134b795
 F ext/session/sessionstat1.test b039e38e2ba83767b464baf39b297cc0b1cc6f3292255cb467ea7e12d0d0280c
 F ext/session/sessionwor.test 6fd9a2256442cebde5b2284936ae9e0d54bde692d0f5fd009ecef8511f4cf3fc
-F ext/session/sqlite3session.c 1971b61ca45babf0d9e4bb669a65b0903135e9828af2fcd4f0c8f1b7acf36b6f
+F ext/session/sqlite3session.c 0fe9107318140cefa1b50f2e1e0f330ab359022599e5976820db349f33efae11
 F ext/session/sqlite3session.h 653e9d49c4edae231df8a4c8d69c2145195aedb32462d4b44229dbee7d2680fb
 F ext/session/test_session.c 5285482f83cd92b4c1fe12fcf88210566a18312f4f2aa110f6399dae46aeccbb
 F ext/userauth/sqlite3userauth.h 7f3ea8c4686db8e40b0a0e7a8e0b00fac13aa7a3
@@ -1628,7 +1628,7 @@ F test/temptable3.test d11a0974e52b347e45ee54ef1923c91ed91e4637
 F test/temptrigger.test 38f0ca479b1822d3117069e014daabcaacefffcc
 F test/tester.tcl 68454ef88508c196d19e8694daa27bff7107a91857799eaa12f417188ae53ede
 F test/testrunner.tcl c88eae7d8ba9825d09f080ee2aa98b8e65c381bb56b4d427fb492625d2d4c36b
-F test/testrunner_data.tcl 05f2eafd9bcf0aafcc2b747b751f81c5b958e7dc286d108ad81d40b984ff60b3
+F test/testrunner_data.tcl 09d8b7e146fd2ee06889816a8b98a37febd64bd6ddc678793a1a379ce4600780
 F test/thread001.test a0985c117eab62c0c65526e9fa5d1360dd1cac5b03bde223902763274ce21899
 F test/thread002.test c24c83408e35ba5a952a3638b7ac03ccdf1ce4409289c54a050ac4c5f1de7502
 F test/thread003.test ee4c9efc3b86a6a2767516a37bd64251272560a7
@@ -2117,8 +2117,8 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 06e4af492d669bb45c00b1b876cd82ec8813ac9ed580eb1dddd18147f7fbe7f6
-R 51b77d4c13ce48eec1373cb1dcf2da40
-U drh
-Z 55bcffdbe138a6ad1eea2c89ede2eca7
+P e6390a656713b855258277b65066d2a701cedd05981f1672c9acc2d6dc37d032
+R 67fc353237e5b15307355853fe063af0
+U dan
+Z 760958aee9a8711fd0070b262a3dedde
 # Remove this line to create a well-formed Fossil manifest.

manifest.uuid

@@ -1 +1 @@
-e6390a656713b855258277b65066d2a701cedd05981f1672c9acc2d6dc37d032
+0e4e7a05c4204b47a324d67e18e76d2a98e26b2723d19d5c655ec9fd2e41f4b7

test/testrunner_data.tcl

@@ -98,7 +98,10 @@ namespace eval trd {
   set build(All-O0) {
     -O0 --enable-all
   }
-  set build(All-Sanitize) { --enable-all -fsanitize=address,undefined }
+  set build(All-Sanitize) { 
+    -DSQLITE_OMIT_LOOKASIDE=1
+    --enable-all -fsanitize=address,undefined 
+  }
 
   set build(Sanitize) {
     CC=clang -fsanitize=address,undefined