database/sqlite
1
0
Fork 0
mirror of https://github.com/sqlite/sqlite.git synced 2025-11-11 01:42:22 +03:00
Code Activity

Fix potential 32-bit integer overflow problems on the offset and length

Browse Source 
parameters to sqlite3_blob_read() and sqlite3_blob_write().  For
sqlite3_blob_open(), make sure the *ppBlob return parameter is zeroed if
the interface fails with SQLITE_MISUSE.

FossilOrigin-Name: 5df02f50f8348dfde4fc15126abc7b7ef7803e69
This commit is contained in:
drh
2015-02-07 15:16:35 +00:00
parent 0e55db1cd8
commit d10d18da5f
4 changed files with 38 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/vdbeblob.c
View File

@@ -154,12 +154,17 @@ int sqlite3_blob_open(
Incrblob *pBlob = 0;
#ifdef SQLITE_ENABLE_API_ARMOR
if( !sqlite3SafetyCheckOk(db) || ppBlob==0 || zTable==0 ){
if( ppBlob==0 ){
return SQLITE_MISUSE_BKPT;
}
#endif
*ppBlob = 0;
#ifdef SQLITE_ENABLE_API_ARMOR
if( !sqlite3SafetyCheckOk(db) || zTable==0 ){
return SQLITE_MISUSE_BKPT;
}
#endif
flags = !!flags; /* flags = (flags ? 1 : 0); */
*ppBlob = 0;
sqlite3_mutex_enter(db->mutex);
@@ -373,7 +378,7 @@ static int blobReadWrite(
sqlite3_mutex_enter(db->mutex);
v = (Vdbe*)p->pStmt;
if( n<0 || iOffset<0 || (iOffset+n)>p->nByte ){
if( n<0 || iOffset<0 || ((sqlite3_int64)iOffset+n)>p->nByte ){
/* Request is out of range. Return a transient error. */
rc = SQLITE_ERROR;
}else if( v==0 ){