Improve detection of out-of-range parameters in sqlite3_stmt_status() for

author dan <dan@noemail.net>

Wed, 14 Mar 2018 08:27:39 +0000 (08:27 +0000)

committer dan <dan@noemail.net>

Wed, 14 Mar 2018 08:27:39 +0000 (08:27 +0000)
author dan <dan@noemail.net>
Wed, 14 Mar 2018 08:27:39 +0000 (08:27 +0000)
committer dan <dan@noemail.net>
Wed, 14 Mar 2018 08:27:39 +0000 (08:27 +0000)
diff --git a/manifest b/manifest

index 6228a1957810188494989b7e2ac447f7577096a5..9a05c02d0e28fd23fd4b3967be969e5a9d05ad15 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Fix\sa\stypo\scausing\sSQLITE_LOG_CACHE_SPILL\sbuilds\sto\sfail.
-D 2018-03-12T21:09:16.462
+C Improve\sdetection\sof\sout-of-range\sparameters\sin\ssqlite3_stmt_status()\sfor\nSQLITE_ENABLE_API_ARMOR\sbuilds.
+D 2018-03-14T08:27:39.022
  F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
  F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
  F Makefile.in 7016fc56c6b9bfe5daac4f34be8be38d8c0b5fab79ccbfb764d3b23bf1c6fff3
@@ -561,7 +561,7 @@ F src/vacuum.c 762ee9bbf8733d87d8cd06f58d950e881982e416f8c767334a40ffd341b6bff5
  F src/vdbe.c 88d8e0797bf49624d056014f34f302a7370cc119915cc0ece8f2b7bf5e7c30fb
  F src/vdbe.h 134beb7a12a6213c00eba58febaede33447cc4441bc568a0d9c144b33fc3720a
  F src/vdbeInt.h 95f7adfdc5c8f1353321f55a6c5ec00a90877e3b85af5159e393afb41ff54110
-F src/vdbeapi.c fea41171884a4de119f8b10ab514c788674eeeb7f27218bb6d008e1310bfd07f
+F src/vdbeapi.c 29d2baf9c1233131ec467d7bed1b7c8a03c27579048d768c4b04acf427838858
  F src/vdbeaux.c 2756ac68ac259c416554100598fc291870063288cd7e1af22847f57b3e130e56
  F src/vdbeblob.c f5c70f973ea3a9e915d1693278a5f890dc78594300cf4d54e64f2b0917c94191
  F src/vdbemem.c 414e28d3a7e2a8bee2bb247de115dcbc68e3cbac284d5862d077002f7a93bce1
@@ -741,7 +741,7 @@ F test/date.test 9b73bbeb1b82d9c1f44dec5cf563bf7da58d2373
  F test/date2.test 74c234bece1b016e94dd4ef9c8cc7a199a8806c0e2291cab7ba64bace6350b10
  F test/dbfuzz.c 73047c920d6210e5912c87cdffd9a1c281d4252e
  F test/dbpage.test dbf50a4d361f9e45a979432c727506065113124478a7d2db12074fa655e65d6c
-F test/dbstatus.test 73149851b3aff14fc6db478e58f9083a66422cf5
+F test/dbstatus.test 76e317d26476ffba00faa724f383b97e6f9b7d037270fc924f15b6cd4d0bd99d
  F test/dbstatus2.test e93ab03bfae6d62d4d935f20de928c19ca0ed0ab
  F test/default.test 0cb49b1c315a0d81c81d775e407f66906a2a604d
  F test/delete.test acc38fca8ee4851467705b1c2cfea64cd26667e5
@@ -1712,7 +1712,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
  F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
  F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
  F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 61eeb48f03f8a9a32330a5cae4387bb4e5618078cf669a5831910f99126900ec
-R cc8ceb6c97c49d267aa8c6c8a3936381
+P 0171d4a71ca7911a9fd409a42eeed0eda4521b6e48df5cd058364c0a736313b7
+R a2badd15fc27350d38828fa175bb36a1
  U dan
-Z 467f1d68de166a5be6bc42e03b4e2dce
+Z 1e5c4dfa2e88b466a3e12b606bfaedf6
diff --git a/manifest.uuid b/manifest.uuid

index a718ce14606385201f92f2e3f2f41ecc20153472..a5dc53cc261ce0b138e1636f2f495b3bf09ef05b 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-0171d4a71ca7911a9fd409a42eeed0eda4521b6e48df5cd058364c0a736313b7
-\ No newline at end of file
+21ecbce1378f3cc4b1051628b8c1580bb807c8745a1f525bc089036af93a54af
+\ No newline at end of file
diff --git a/src/vdbeapi.c b/src/vdbeapi.c

index dd4a35200377b5e0d00fff88b6d1098e74d69c3e..2a6e1f8f0e0400ba8888016c0a6519bfed892e4d 100644 (file)
--- a/src/vdbeapi.c
+++ b/src/vdbeapi.c
@@ -1668,7 +1668,9 @@ int sqlite3_stmt_status(sqlite3_stmt *pStmt, int op, int resetFlag){
    Vdbe *pVdbe = (Vdbe*)pStmt;
    u32 v;
  #ifdef SQLITE_ENABLE_API_ARMOR
-  if( !pStmt ){
+  if( !pStmt 
+   || (op!=SQLITE_STMTSTATUS_MEMUSED && (op<0||op>=ArraySize(pVdbe->aCounter)))
+  ){
      (void)SQLITE_MISUSE_BKPT;
      return 0;
    }
diff --git a/test/dbstatus.test b/test/dbstatus.test

index 711d66ebb3f8eb693730ba46a993fb6634cde594..5c8f41d510ff934df263ebcec6343a16c0ad68fa 100644 (file)
--- a/test/dbstatus.test
+++ b/test/dbstatus.test
@@ -415,4 +415,42 @@ ifcapable shared_cache {
    }
  }
  
+#-------------------------------------------------------------------------
+# Test that passing an out-of-range value to sqlite3_stmt_status does
+# not cause a crash.
+reset_db
+do_execsql_test 5.0 {
+  CREATE TABLE t1(x, y);
+  INSERT INTO t1 VALUES(1, 2);
+  INSERT INTO t1 VALUES(3, 4);
+}
+
+do_test 5.1 {
+  set ::stmt [sqlite3_prepare db "SELECT * FROM t1" -1 dummy]
+  sqlite3_step $::stmt
+  sqlite3_step $::stmt
+  sqlite3_step $::stmt
+  sqlite3_reset $::stmt
+} {SQLITE_OK}
+
+do_test 5.2 { sqlite3_stmt_status $::stmt -1 0 } 0
+do_test 5.3 { sqlite3_stmt_status $::stmt  7 0 } 0
+do_test 5.4 { 
+  expr [sqlite3_stmt_status $::stmt 99 0]>0 
+} 1
+foreach {tn id res} {
+  1 SQLITE_STMTSTATUS_MEMUSED 1
+  2 SQLITE_STMTSTATUS_FULLSCAN_STEP 1
+  3 SQLITE_STMTSTATUS_SORT 0
+  4 SQLITE_STMTSTATUS_AUTOINDEX 0
+  5 SQLITE_STMTSTATUS_VM_STEP 1
+  6 SQLITE_STMTSTATUS_REPREPARE 0
+  7 SQLITE_STMTSTATUS_RUN 1
+} {
+if {$tn==2} breakpoint
+  do_test 5.5.$tn { expr [sqlite3_stmt_status $::stmt $id 0]>0 } $res
+}
+
+sqlite3_finalize $::stmt
  finish_test
+
author	dan <dan@noemail.net>
	Wed, 14 Mar 2018 08:27:39 +0000 (08:27 +0000)
committer	dan <dan@noemail.net>
	Wed, 14 Mar 2018 08:27:39 +0000 (08:27 +0000)
manifest		patch \| blob \| blame \| history
manifest.uuid		patch \| blob \| blame \| history
src/vdbeapi.c		patch \| blob \| blame \| history
test/dbstatus.test		patch \| blob \| blame \| history