Improve the defenses against bad pathnames input into the findCreateFileMode()

function of os_unix.c in order to quiet static-analyzer warnings. There are no demonstrated problems in the prior code, but this change makes the code easier to prove correct and more robust against future changes. FossilOrigin-Name: a9cda38997a692e25d2fe994a9a3fb9472c00ba04323c82e706fdb1112d4244e
2025-11-12 13:01:09 +03:00 · 2022-03-09 12:20:40 +00:00
parent 32135d7e0a
commit 577f0a1e45
3 changed files with 21 additions and 18 deletions
--- a/src/os_unix.c
+++ b/src/os_unix.c
@@ -6011,20 +6011,23 @@ static int findCreateFileMode(
    **
    ** where NN is a decimal number. The NN naming schemes are 
    ** used by the test_multiplex.c module.
+    **
+    ** In normal operation, the journal file name will always contain
+    ** a '-' character.  However in 8+3 filename mode, or if a corrupt
+    ** rollback journal specifies a super-journal with a goofy name, then
+    ** the '-' might be missing or the '-' might be the first character in
+    ** the filename.  In that case, just return SQLITE_OK with *pMode==0.
    */
-    nDb = sqlite3Strlen30(zPath) - 1; 
-    while( zPath[nDb]!='-' ){
-      /* In normal operation, the journal file name will always contain
-      ** a '-' character.  However in 8+3 filename mode, or if a corrupt
-      ** rollback journal specifies a super-journal with a goofy name, then
-      ** the '-' might be missing. */
-      if( nDb==0 || zPath[nDb]=='.' ) return SQLITE_OK;
+    nDb = sqlite3Strlen30(zPath) - 1;
+    while( nDb>0 && zPath[nDb]!='.' ){
+      if( zPath[nDb]=='-' ){
+        memcpy(zDb, zPath, nDb);
+        zDb[nDb] = '\0';
+        rc = getFileMode(zDb, pMode, pUid, pGid);
+        break;
+      }
      nDb--;
    }
-    memcpy(zDb, zPath, nDb);
-    zDb[nDb] = '\0';
-
-    rc = getFileMode(zDb, pMode, pUid, pGid);
  }else if( flags & SQLITE_OPEN_DELETEONCLOSE ){
    *pMode = 0600;
  }else if( flags & SQLITE_OPEN_URI ){