Add NULL checks on all sqlite3_vfs_find(0) calls. This is not strictly

necessary. There are no vulnerabilities here. However, adding these checks avoids unnecessary static analyzer complaints. [forum:/forumpost/ce1193be15|Forum post ce1193be15]. FossilOrigin-Name: 272a15b9f418fb0b31a9808f7c42c20cf52318035ff98935d8e8519634357e8d
2025-11-11 01:42:22 +03:00 · 2021-06-15 15:15:40 +00:00
parent 972da42749
commit a959bf5311
13 changed files with 37 additions and 25 deletions
--- a/src/random.c
+++ b/src/random.c
@@ -76,11 +76,16 @@ void sqlite3_randomness(int N, void *pBuf){
  ** number generator) not as an encryption device.
  */
  if( !wsdPrng.isInit ){
+    sqlite3_vfs *pVfs = sqlite3_vfs_find(0);
    int i;
    char k[256];
    wsdPrng.j = 0;
    wsdPrng.i = 0;
-    sqlite3OsRandomness(sqlite3_vfs_find(0), 256, k);
+    if( NEVER(pVfs==0) ){
+      memset(k, 0, sizeof(k));
+    }else{
+      sqlite3OsRandomness(pVfs, 256, k);
+    }
    for(i=0; i<256; i++){
      wsdPrng.s[i] = (u8)i;
    }