Fix the use of an uninitialized value that occurs when doing a json_insert()

of a string value that contains embedded U+0000 characters. FossilOrigin-Name: d3c0cbb90966316be9cd25e3edb501da42731e8a83c13227b90ce17d3975a2c3
2025-11-11 01:42:22 +03:00 · 2023-10-11 17:24:31 +00:00
parent 582d65cce3
commit ac4aea5102
4 changed files with 17 additions and 11 deletions
--- a/src/json.c
+++ b/src/json.c
@@ -2843,11 +2843,13 @@ static void jsonReplaceNode(
         break;
      }
      if( sqlite3_value_subtype(pValue)!=JSON_SUBTYPE ){
-        char *zCopy = sqlite3DbStrDup(0, z);
+        char *zCopy = sqlite3_malloc64( n+1 );
        int k;
        if( zCopy ){
+          memcpy(zCopy, z, n);
+          zCopy[n] = 0;
          jsonParseAddCleanup(p, sqlite3_free, zCopy);
-       }else{
+        }else{
          p->oom = 1;
          sqlite3_result_error_nomem(pCtx);
        }