database/sqlite
1
0
Fork 0
mirror of https://github.com/sqlite/sqlite.git synced 2025-08-05 15:55:57 +03:00
Code Activity

Ensure that super-journal and other journal filenames passed by SQLite to an sqlite3_vfs.xOpen() implementation may be safely passed to sqlite3_uri_parameter() and similar functions.

Browse Source 
FossilOrigin-Name: 6a28713d59cde0882c3508160347c2ea18c7c4e9bfd1b053103af2d5e12a144c
This commit is contained in:
dan
2020-11-24 16:44:09 +00:00
parent ef5b2d27b7
commit 2e3cb1382f
3 changed files with 20 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/pager.c
View File

@@ -2486,6 +2486,7 @@ static int pager_delsuper(Pager *pPager, const char *zSuper){
i64 nSuperJournal; /* Size of super-journal file */
char *zJournal; /* Pointer to one journal within MJ file */
char *zSuperPtr; /* Space to hold super-journal filename */
char *zFree = 0; /* Free this buffer */
int nSuperPtr; /* Amount of space allocated to zSuperPtr[] */
/* Allocate space for both the pJournal and pSuper file descriptors.
@@ -2510,7 +2511,9 @@ static int pager_delsuper(Pager *pPager, const char *zSuper){
rc = sqlite3OsFileSize(pSuper, &nSuperJournal);
if( rc!=SQLITE_OK ) goto delsuper_out;
nSuperPtr = pVfs->mxPathname+1;
zSuperJournal = sqlite3Malloc(nSuperJournal + nSuperPtr + 2);
zFree = sqlite3Malloc(4 + nSuperJournal + nSuperPtr + 2);
zFree[0] = zFree[1] = zFree[2] = zFree[3] = 0;
zSuperJournal = &zFree[4];
if( !zSuperJournal ){
rc = SQLITE_NOMEM_BKPT;
goto delsuper_out;
@@ -2562,7 +2565,7 @@ static int pager_delsuper(Pager *pPager, const char *zSuper){
rc = sqlite3OsDelete(pVfs, zSuper, 0);
delsuper_out:
sqlite3_free(zSuperJournal);
sqlite3_free(zFree);
if( pSuper ){
sqlite3OsClose(pSuper);
assert( !isOpen(pJournal) );
@@ -2900,7 +2903,11 @@ end_playback:
pPager->changeCountDone = pPager->tempFile;
if( rc==SQLITE_OK ){
zSuper = pPager->pTmpSpace;
/* Leave 4 bytes of space before the super-journal filename in memory.
** This is because it may end up being passed to sqlite3OsOpen(), in
** which case it requires 4 0x00 bytes in memory immediately before
** the filename. */
zSuper = &pPager->pTmpSpace[4];
rc = readSuperJournal(pPager->jfd, zSuper, pPager->pVfs->mxPathname+1);
testcase( rc!=SQLITE_OK );
}
@@ -2917,6 +2924,8 @@ end_playback:
/* If there was a super-journal and this routine will return success,
** see if it is possible to delete the super-journal.
*/
assert( zSuper==&pPager->pTmpSpace[4] );
memset(&zSuper[-4], 0, 4);
rc = pager_delsuper(pPager, zSuper);
testcase( rc!=SQLITE_OK );
}