From 18070e08c5ec5048335df96e36019a6c778091e6 Mon Sep 17 00:00:00 2001 From: drh Date: Fri, 22 May 2015 23:17:28 +0000 Subject: [PATCH] Fix incorrect validation of the size of the BLOB returned by a geometry function on the RHS of a MATCH operator in RTree. The old code worked for 64-bit systems (by chance) but fails on 32-bit. FossilOrigin-Name: 10cc44f5a63e6cadf6940bb7310a177ee7fa6ee2 --- ext/rtree/rtree.c | 4 +--- manifest | 13 ++++++------- manifest.uuid | 2 +- 3 files changed, 8 insertions(+), 11 deletions(-) diff --git a/ext/rtree/rtree.c b/ext/rtree/rtree.c index 3521352b78..4e473a22c2 100644 --- a/ext/rtree/rtree.c +++ b/ext/rtree/rtree.c @@ -1483,9 +1483,7 @@ static int deserializeGeometry(sqlite3_value *pValue, RtreeConstraint *pCons){ /* Check that the blob is roughly the right size. */ nBlob = sqlite3_value_bytes(pValue); - if( nBlob<(int)sizeof(RtreeMatchArg) - || ((nBlob-sizeof(RtreeMatchArg))%sizeof(RtreeDValue))!=0 - ){ + if( nBlob<(int)sizeof(RtreeMatchArg) ){ return SQLITE_ERROR; } diff --git a/manifest b/manifest index 4f499d8cf9..cc487cf384 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Add\sthe\ssqlite3_value_dup()\sand\ssqlite3_value_free()\sinterfaces.\s\nUse\sthese\sinterfaces\sto\senhance\sR-Tree\sto\sadd\sthe\nsqlite3_rtree_query_info.apSqlParam\sfield. -D 2015-05-22T21:12:59.931 +C Fix\sincorrect\svalidation\sof\sthe\ssize\sof\sthe\sBLOB\sreturned\sby\sa\sgeometry\nfunction\son\sthe\sRHS\sof\sa\sMATCH\soperator\sin\sRTree.\s\sThe\sold\scode\sworked\sfor\n64-bit\ssystems\s(by\schance)\sbut\sfails\son\s32-bit. +D 2015-05-22T23:17:28.381 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f F Makefile.in 0a6ae26396ec696221021780dffbb894ff3cead7 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23 @@ -143,7 +143,7 @@ F ext/ota/sqlite3ota.c 2246b779f46ab20d5e7876f5b96c378c601d20f4 F ext/ota/sqlite3ota.h 00028de37eede471ff1947d455cc3f33d3a911c6 F ext/ota/test_ota.c a876f88550d7d59a3ef62d4c1a5c04c4c2f1ebe1 F ext/rtree/README 6315c0d73ebf0ec40dedb5aa0e942bc8b54e3761 -F ext/rtree/rtree.c 00c953695d8ae174c0f2947795e1e8a17ebb50cb +F ext/rtree/rtree.c 0f9b595bd0debcbedf1d7a63d0e0678d619e6c9c F ext/rtree/rtree.h 834dbcb82dc85b2481cde6a07cdadfddc99e9b9e F ext/rtree/rtree1.test 541bbcab74613907fea08b2ecdcdd5b7aa724cc9 F ext/rtree/rtree2.test acbb3a4ce0f4fbc2c304d2b4b784cfa161856bba @@ -1278,8 +1278,7 @@ F tool/vdbe_profile.tcl 67746953071a9f8f2f668b73fe899074e2c6d8c1 F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4 F tool/warnings.sh 0abfd78ceb09b7f7c27c688c8e3fe93268a13b32 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f -P b9727e6bbfc3c62c601227e86e62f2f39792fd1d f332ffc39b7a17fd6254d8dc699293a57a508ba0 -R 45d42bfafc5b3542d7e7526b77707d5f -T +closed f332ffc39b7a17fd6254d8dc699293a57a508ba0 +P c1814242e6ce035d486cfbad5a1f4b49aa8898f3 +R f01355780527736c645fe9d48d526152 U drh -Z 2115a6dbeb76c1fe460ac17d9b6aaa11 +Z c568275ed97c21c4c01709075e3bc4ce diff --git a/manifest.uuid b/manifest.uuid index b0343b532d..5d4569be1b 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -c1814242e6ce035d486cfbad5a1f4b49aa8898f3 \ No newline at end of file +10cc44f5a63e6cadf6940bb7310a177ee7fa6ee2 \ No newline at end of file