From 52fc849a3c623da3ff5f3a1499bb9fadd9b14f95 Mon Sep 17 00:00:00 2001
From: drh <drh@noemail.net>
Date: Thu, 23 Feb 2006 21:43:55 +0000
Subject: [PATCH] Detect integer overflow in the abs() function.  The random()
 function now provides 64 bits of randomness instead of just 32.  Fix bugs in
 testing logic of test4.c. (CVS 3108)

FossilOrigin-Name: 942c509595a2a300e798e6b048ad7fc3bc54af43
---
 manifest       | 16 ++++++++--------
 manifest.uuid  |  2 +-
 src/func.c     | 16 +++++++++++-----
 src/test4.c    |  6 +++---
 test/func.test | 16 +++++++++++++++-
 5 files changed, 38 insertions(+), 18 deletions(-)

diff --git a/manifest b/manifest
index ee460e510a..20eea4f7b8 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C New\scompile-time\soption\sSQLITE_SECURE_DELETE\stakes\scare\sto\soverwrite\sdeleted\sdata\swith\szeros.\s(CVS\s3107)
-D 2006-02-22T03:08:33
+C Detect\sinteger\soverflow\sin\sthe\sabs()\sfunction.\s\sThe\srandom()\sfunction\nnow\sprovides\s64\sbits\sof\srandomness\sinstead\sof\sjust\s32.\s\sFix\sbugs\sin\ntesting\slogic\sof\stest4.c.\s(CVS\s3108)
+D 2006-02-23T21:43:56
 F Makefile.in 5d8dff443383918b700e495de42ec65bc1c8865b
 F Makefile.linux-gcc 74ba0eadf88748a9ce3fd03d2a3ede2e6715baec
 F README 9c4e2d6706bdcc3efdd773ce752a8cdab4f90028
@@ -43,7 +43,7 @@ F src/date.c cd2bd5d1ebc6fa12d6312f69789ae5b0a2766f2e
 F src/delete.c ca404d5fd5f678e32f2f46377ad802cd0219aa99
 F src/experimental.c 1b2d1a6cd62ecc39610e97670332ca073c50792b
 F src/expr.c 9c957fabf95ef62288151eecd5c490a629470666
-F src/func.c aa62ef0f5b7d2907ea7e34a33402409f1a8806eb
+F src/func.c b1919255cef5580ac1fcd555ee9bb96974bde64d
 F src/hash.c 449f3d6620193aa557f5d86cbc5cc6b87702b185
 F src/hash.h 1b3f7e2609141fd571f62199fc38687d262e9564
 F src/insert.c 67b3dc11831c58d8703eb502355ad3704ee18f66
@@ -76,7 +76,7 @@ F src/tclsqlite.c d9c26374b52cd47233ae0620d0a858a59b601f89
 F src/test1.c 9d299609a0ce35157fe15cdf8b4c663db5d40386
 F src/test2.c ca74a1d8aeb7d9606e8f6b762c5daf85c1a3f92b
 F src/test3.c 86e99724ee898b119ed575ef9f98618afe7e5e5d
-F src/test4.c ff4e9406b3d2809966d8f0e82468ac5508be9f56
+F src/test4.c 8b784cd82de158a2317cb4ac4bc86f91ad315e25
 F src/test5.c 7162f8526affb771c4ed256826eee7bb9eca265f
 F src/test6.c 60a02961ceb7b3edc25f5dc5c1ac2556622a76de
 F src/test7.c d28d3e62f9594923648fc6a8fb030eba36564ba1
@@ -165,7 +165,7 @@ F test/enc3.test 890508efff6677345e93bf2a8adb0489b30df030
 F test/expr.test 4e65cade931e14a0194eee41e33707e7af5f397a
 F test/fkey1.test 153004438d51e6769fb1ce165f6313972d6263ce
 F test/format4.test 9f31d41d4f926cab97b2ebe6be00a6ab12dece87
-F test/func.test 1dbd4a4bb250b6e481a1b70e2d40a8836c886cfb
+F test/func.test 9fdc0a5ba9435dc7700cb81dbc46ee2459fb21e4
 F test/hook.test 7e7645fd9a033f79cce8fdff151e32715e7ec50a
 F test/in.test 40feeebc7e38576255051aad428322be1545e0f1
 F test/index.test c478459611ded74745fee57f99f424da8a5f5fbd
@@ -354,7 +354,7 @@ F www/tclsqlite.tcl bb0d1357328a42b1993d78573e587c6dcbc964b9
 F www/vdbe.tcl 87a31ace769f20d3627a64fa1fade7fed47b90d0
 F www/version3.tcl a99cf5f6d8bd4d5537584a2b342f0fb9fa601d8b
 F www/whentouse.tcl 97e2b5cd296f7d8057e11f44427dea8a4c2db513
-P f8173e6aea8e90f64f5907f3f7ff4f34281f40da
-R 9d6c9e65820f501eb557494790540e66
+P 614fac906807b8c75e04effc01666874d13ce636
+R f5403923a4dc3e33ec17bd28655d7e3e
 U drh
-Z 6bba2fc0555872ca4ae957a6ce0a202d
+Z a926d16e02bacd004ff1a77e6671add9
diff --git a/manifest.uuid b/manifest.uuid
index ec836b6ee4..5b67994cb1 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-614fac906807b8c75e04effc01666874d13ce636
\ No newline at end of file
+942c509595a2a300e798e6b048ad7fc3bc54af43
\ No newline at end of file
diff --git a/src/func.c b/src/func.c
index 6d1195961c..be3fc943e1 100644
--- a/src/func.c
+++ b/src/func.c
@@ -16,7 +16,7 @@
 ** sqliteRegisterBuildinFunctions() found at the bottom of the file.
 ** All other code has file scope.
 **
-** $Id: func.c,v 1.122 2006/02/11 17:34:00 drh Exp $
+** $Id: func.c,v 1.123 2006/02/23 21:43:56 drh Exp $
 */
 #include "sqliteInt.h"
 #include <ctype.h>
@@ -121,7 +121,13 @@ static void absFunc(sqlite3_context *context, int argc, sqlite3_value **argv){
   switch( sqlite3_value_type(argv[0]) ){
     case SQLITE_INTEGER: {
       i64 iVal = sqlite3_value_int64(argv[0]);
-      if( iVal<0 ) iVal = iVal * -1;
+      if( iVal<0 ){
+        if( (iVal<<1)==0 ){
+          sqlite3_result_error(context, "integer overflow", -1);
+          return;
+        }
+        iVal = -iVal;
+      } 
       sqlite3_result_int64(context, iVal);
       break;
     }
@@ -131,7 +137,7 @@ static void absFunc(sqlite3_context *context, int argc, sqlite3_value **argv){
     }
     default: {
       double rVal = sqlite3_value_double(argv[0]);
-      if( rVal<0 ) rVal = rVal * -1.0;
+      if( rVal<0 ) rVal = -rVal;
       sqlite3_result_double(context, rVal);
       break;
     }
@@ -258,9 +264,9 @@ static void randomFunc(
   int argc,
   sqlite3_value **argv
 ){
-  int r;
+  sqlite_int64 r;
   sqlite3Randomness(sizeof(r), &r);
-  sqlite3_result_int(context, r);
+  sqlite3_result_int64(context, r);
 }
 
 /*
diff --git a/src/test4.c b/src/test4.c
index 250da9b13c..4336e3ff5c 100644
--- a/src/test4.c
+++ b/src/test4.c
@@ -11,7 +11,7 @@
 *************************************************************************
 ** Code for testing the the SQLite library in a multithreaded environment.
 **
-** $Id: test4.c,v 1.16 2006/01/20 17:56:33 drh Exp $
+** $Id: test4.c,v 1.17 2006/02/23 21:43:56 drh Exp $
 */
 #include "sqliteInt.h"
 #include "tcl.h"
@@ -645,7 +645,7 @@ static int tcl_thread_db_get(
   thread_wait(&threadset[i]);
   sqlite3TestMakePointerStr(interp, zBuf, threadset[i].db);
   threadset[i].db = 0;
-  Tcl_SetResult(interp, zBuf, 0);
+  Tcl_AppendResult(interp, zBuf, (char*)0);
   return TCL_OK;
 }
 
@@ -678,7 +678,7 @@ static int tcl_thread_stmt_get(
   thread_wait(&threadset[i]);
   sqlite3TestMakePointerStr(interp, zBuf, threadset[i].pStmt);
   threadset[i].pStmt = 0;
-  Tcl_SetResult(interp, zBuf, 0);
+  Tcl_AppendResult(interp, zBuf, (char*)0);
   return TCL_OK;
 }
 
diff --git a/test/func.test b/test/func.test
index 95a99d0e54..79e6e43067 100644
--- a/test/func.test
+++ b/test/func.test
@@ -11,7 +11,7 @@
 # This file implements regression tests for SQLite library.  The
 # focus of this file is testing built-in functions.
 #
-# $Id: func.test,v 1.48 2006/02/11 17:34:01 drh Exp $
+# $Id: func.test,v 1.49 2006/02/23 21:43:56 drh Exp $
 
 set testdir [file dirname $argv0]
 source $testdir/tester.tcl
@@ -622,5 +622,19 @@ do_test func-18.22 {
   }
 } {0 1}
 
+# Integer overflow on abs()
+#
+do_test func-18.31 {
+  catchsql {
+    SELECT abs(-9223372036854775807);
+  }
+} {0 9223372036854775807}
+do_test func-18.32 {
+  catchsql {
+    SELECT abs(-9223372036854775807-1);
+  }
+} {1 {integer overflow}}
+
+
 
 finish_test