database/sqlite
1
0
Fork 0
mirror of https://github.com/sqlite/sqlite.git synced 2025-07-30 19:03:16 +03:00
Code Activity

Fix another crash in the sessions module triggered by malformed input.

Browse Source 
FossilOrigin-Name: 7e70c9b86af557e86152748ddf1da467e62817b35df1da0d7d3b67941b198897
This commit is contained in:
dan
2018-03-05 21:17:20 +00:00
parent ad7fd5d096
commit 6344edda80
4 changed files with 18 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ext/session/session4.test
View File

@ -129,6 +129,7 @@ foreach {tn blob} {
53 540101743400120003001200010000000000000002120002400C000000000000500401000000743100170001000002400C00000000000050040110000074310017000000000000050100000000000000030100000003001700010000666F7572 53 540101743400120003001200010000000000000002120002400C000000000000500401000000743100170001000002400C00000000000050040110000074310017000000000000050100000000000000030100000003001700010000666F7572
54 540101743400120003001200010000000000000002120002400C000000000002120002400C00000000000050040100000074310017FF0050040100000074310017FF7F00000000000000050100000000000000030100000003001700010000666F7572 54 540101743400120003001200010000000000000002120002400C000000000002120002400C00000000000050040100000074310017FF0050040100000074310017FF7F00000000000000050100000000000000030100000003001700010000666F7572
55 540101743400120003001200010000000000000002120002400C00000000000050040100000074310017000100010080000001000000020003010100000300170100000003001700010000666F7572 55 540101743400120003001200010000000000000002120002400C00000000000050040100000074310017000100010080000001000000020003010100000300170100000003001700010000666F7572
56 5487ffffff7f
} { } {
do_test 2.$tn { do_test 2.$tn {
set changeset [binary decode hex $blob] set changeset [binary decode hex $blob]

9
ext/session/sqlite3session.c
View File

@ -2786,7 +2786,14 @@ static int sessionChangesetBufferTblhdr(SessionInput *pIn, int *pnByte){
rc = sessionInputBuffer(pIn, 9); rc = sessionInputBuffer(pIn, 9);
if( rc==SQLITE_OK ){ if( rc==SQLITE_OK ){
nRead += sessionVarintGet(&pIn->aData[pIn->iNext + nRead], &nCol); nRead += sessionVarintGet(&pIn->aData[pIn->iNext + nRead], &nCol);
if( nCol<0 ){ /* The hard upper limit for the number of columns in an SQLite
** database table is, according to sqliteLimit.h, 32676. So
** consider any table-header that purports to have more than 65536
** columns to be corrupt. This is convenient because otherwise,
** if the (nCol>65536) condition below were omitted, a sufficiently
** large value for nCol may cause nRead to wrap around and become
** negative. Leading to a crash. */
if( nCol<0 || nCol>65536 ){
rc = SQLITE_CORRUPT_BKPT; rc = SQLITE_CORRUPT_BKPT;
}else{ }else{
rc = sessionInputBuffer(pIn, nRead+nCol+100); rc = sessionInputBuffer(pIn, nRead+nCol+100);

16
manifest
View File

@ -1,5 +1,5 @@
C Improved\scommand-line\shelp\sfor\sthe\s-A\soption\son\sthe\sCLI. C Fix\sanother\scrash\sin\sthe\ssessions\smodule\striggered\sby\smalformed\sinput.
D 2018-03-05T20:21:50.703 D 2018-03-05T21:17:20.992
F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
F Makefile.in a2d2fb8d17c39ab5ec52beb27850b903949080848236923f436156b72a958737 F Makefile.in a2d2fb8d17c39ab5ec52beb27850b903949080848236923f436156b72a958737
@ -381,7 +381,7 @@ F ext/session/changeset.c 4ccbaa4531944c24584bf6a61ba3a39c62b6267a
F ext/session/session1.test 736d7ff178662f0b717c37f46531b84a5ce0210ccb0c4edf629c55dbcbbc3ea1 F ext/session/session1.test 736d7ff178662f0b717c37f46531b84a5ce0210ccb0c4edf629c55dbcbbc3ea1
F ext/session/session2.test 284de45abae4cc1082bc52012ee81521d5ac58e0 F ext/session/session2.test 284de45abae4cc1082bc52012ee81521d5ac58e0
F ext/session/session3.test ce9ce3dfa489473987f899e9f6a0f2db9bde3479 F ext/session/session3.test ce9ce3dfa489473987f899e9f6a0f2db9bde3479
F ext/session/session4.test efd7a46ed6a954d51ab00bdc4d656d2bc31e46be64393224cf6acf1319fbd32c F ext/session/session4.test 3eea8058643e5adbd3293a5c553255c35e774ed90e7cbec09c9b010d176ad396
F ext/session/session5.test 716bc6fafd625ce60dfa62ae128971628c1a1169 F ext/session/session5.test 716bc6fafd625ce60dfa62ae128971628c1a1169
F ext/session/session6.test 443789bc2fca12e4f7075cf692c60b8a2bea1a26 F ext/session/session6.test 443789bc2fca12e4f7075cf692c60b8a2bea1a26
F ext/session/session8.test 8e194b3f655d861ca36de5d4de53f702751bab3b F ext/session/session8.test 8e194b3f655d861ca36de5d4de53f702751bab3b
@ -402,7 +402,7 @@ F ext/session/sessionfault.test da273f2712b6411e85e71465a1733b8501dbf6f7
F ext/session/sessionfault2.test 04aa0bc9aa70ea43d8de82c4f648db4de1e990b0 F ext/session/sessionfault2.test 04aa0bc9aa70ea43d8de82c4f648db4de1e990b0
F ext/session/sessionstat1.test 41cd97c2e48619a41cdf8ae749e1b25f34719de638689221aa43971be693bf4e F ext/session/sessionstat1.test 41cd97c2e48619a41cdf8ae749e1b25f34719de638689221aa43971be693bf4e
F ext/session/sessionwor.test 2f3744236dc8b170a695b7d8ddc8c743c7e79fdc F ext/session/sessionwor.test 2f3744236dc8b170a695b7d8ddc8c743c7e79fdc
F ext/session/sqlite3session.c 0b7f1b8eb5b5a83fd96127b93139eadd2f2e2915c1eaceab4f5d771719c0c22f F ext/session/sqlite3session.c 9edfaaa74977ddecd7bbd94e8f844d9b0f6eec22d1d547e806361670db814c1e
F ext/session/sqlite3session.h 2e1584b030fbd841cefdce15ba984871978d305f586da2d1972f6e1958fa10b1 F ext/session/sqlite3session.h 2e1584b030fbd841cefdce15ba984871978d305f586da2d1972f6e1958fa10b1
F ext/session/test_session.c eb0bd6c1ea791c1d66ee4ef94c16500dad936386 F ext/session/test_session.c eb0bd6c1ea791c1d66ee4ef94c16500dad936386
F ext/userauth/sqlite3userauth.h 7f3ea8c4686db8e40b0a0e7a8e0b00fac13aa7a3 F ext/userauth/sqlite3userauth.h 7f3ea8c4686db8e40b0a0e7a8e0b00fac13aa7a3
@ -1708,7 +1708,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
P 9d8081fabc491ba75d26ea81b3548bd10aeeb3334b0ad1462d7ab656c8d7c35e P d937ac181c5c78b9e5068db4ff1dab6becdba8c22cd27a3cfa0d4c12da1ec7ad
R cf208e3188f8857ac2b128855f71c9f9 R 81faf4bc4e37be1b18b8f0d06bd24da5
U drh U dan
Z b77ef973214333cff99a9bfbab13dccb Z b0ded38a3d14d974acb7e101a7fd9d64

2
manifest.uuid
View File

@ -1 +1 @@
d937ac181c5c78b9e5068db4ff1dab6becdba8c22cd27a3cfa0d4c12da1ec7ad 7e70c9b86af557e86152748ddf1da467e62817b35df1da0d7d3b67941b198897