database/sqlite
1
0
Fork 0
mirror of https://github.com/sqlite/sqlite.git synced 2025-08-08 14:02:16 +03:00
Code Activity

Detect oversized strings in the OP_String opcode even if the P4 argument

Browse Source 
is originally UTF8 and has to be converted to UTF16 to match the database
file and that conversion causes the string to become shorter and cross
below SQLITE_LIMIT_LENGTH threshold.  This might fix an OSSFuzz problem
that we have been so far unable to reproduce.

FossilOrigin-Name: c13d563925db12bc2c91ff9432050261e5bd39d960e2739777a66bf804df2e31
This commit is contained in:
drh
2019-02-21 16:41:34 +00:00
parent 6a1bfc9a6d
commit dbdddc99d8
3 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/vdbe.c
View File

@@ -1102,6 +1102,7 @@ case OP_String8: { /* same as TK_STRING, out2 */
if( encoding!=SQLITE_UTF8 ){
rc = sqlite3VdbeMemSetStr(pOut, pOp->p4.z, -1, SQLITE_UTF8, SQLITE_STATIC);
assert( rc==SQLITE_OK || rc==SQLITE_TOOBIG );
if( rc ) goto too_big;
if( SQLITE_OK!=sqlite3VdbeChangeEncoding(pOut, encoding) ) goto no_mem;
assert( pOut->szMalloc>0 && pOut->zMalloc==pOut->z );
assert( VdbeMemDynamic(pOut)==0 );
@@ -1114,7 +1115,6 @@ case OP_String8: { /* same as TK_STRING, out2 */
pOp->p4.z = pOut->z;
pOp->p1 = pOut->n;
}
testcase( rc==SQLITE_TOOBIG );
#endif
if( pOp->p1>db->aLimit[SQLITE_LIMIT_LENGTH] ){
goto too_big;