Fix the use of an uninitialized value that occurs when doing a json_insert()

of a string value that contains embedded U+0000 characters. FossilOrigin-Name: fc5ee9e51ad4556af526a6cefca5ae5a3b1b7affc4edf09832491d6b4f4ba366
2025-11-09 14:21:03 +03:00 · 2023-10-11 17:21:16 +00:00
parent 86db4555ca
commit 7d1c9da62d
4 changed files with 15 additions and 10 deletions
--- a/src/json.c
+++ b/src/json.c
@@ -4756,11 +4756,13 @@ static void jsonReplaceNode(
         break;
      }
      if( sqlite3_value_subtype(pValue)!=JSON_SUBTYPE ){
-        char *zCopy = sqlite3DbStrDup(0, z);
+        char *zCopy = sqlite3_malloc64( n+1 );
        int k;
        if( zCopy ){
+          memcpy(zCopy, z, n);
+          zCopy[n] = 0;
          jsonParseAddCleanup(p, sqlite3_free, zCopy);
-       }else{
+        }else{
          p->oom = 1;
          sqlite3_result_error_nomem(pCtx);
        }