Do not allow the local_getline() function in the CLI to allocate more

memory than can be counted using a 32-bit integer, thus limiting the
length of an input line to about one gigabyte.
[forum:/forumpost/c83b9affa2|Forum post c83b9affa2].

FossilOrigin-Name: 0f31711591c56f3896fb6f092752fb82c4ea646bf8e5838dfbe55302994ea091

diff --git a/manifest b/manifest
index f013a47248334863a4adaa6ac7c58cba41f9a619..df22ac8076386a0f5596e0083f865b2996e04cce 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Add\s"PRAGMA\swal_checkpoint\s=\snoop"\sand\sSQLITE_CHECKPOINT_NOOP.\sTo\srequest\sa\scheckpoint\sthat\scheckpoints\szero\sframes.
-D 2025-09-08T15:15:24.745
+C Do\snot\sallow\sthe\slocal_getline()\sfunction\sin\sthe\sCLI\sto\sallocate\smore\nmemory\sthan\scan\sbe\scounted\susing\sa\s32-bit\sinteger,\sthus\slimiting\sthe\nlength\sof\san\sinput\sline\sto\sabout\sone\sgigabyte.\n[forum:/forumpost/c83b9affa2|Forum\spost\sc83b9affa2].
+D 2025-09-09T10:28:06.692
 F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
@@ -742,7 +742,7 @@ F src/random.c 606b00941a1d7dd09c381d3279a058d771f406c5213c9932bbd93d5587be4b9c
 F src/resolve.c f8d1d011aba0964ff1bdccd049d4d2c2fec217efd90d202a4bb775e926b2c25d
 F src/rowset.c 8432130e6c344b3401a8874c3cb49fefe6873fec593294de077afea2dce5ec97
 F src/select.c b95181711d59c36d9789e67f76c4cfec64b99f9629a50be5e6566e117b87d957
-F src/shell.c.in 51c8452b3e6b9a0dfa3df853dd16f147e5e4ae2002deb775cf8a2fccf01c3c6c
+F src/shell.c.in 7f768dd5330d3ee76dbe1e662e66288350ec609a767f95f54ae81a5ae29e8834
 F src/sqlite.h.in 79dd3963888543f3120536608bf51024c93c7eb163a255098ffd569710189781
 F src/sqlite3.rc 015537e6ac1eec6c7050e17b616c2ffe6f70fca241835a84a4f0d5937383c479
 F src/sqlite3ext.h 0bfd049bb2088cc44c2ad54f2079d1c6e43091a4e1ce8868779b75f6c1484f1e
@@ -2174,8 +2174,8 @@ F tool/version-info.c 3b36468a90faf1bbd59c65fd0eb66522d9f941eedd364fabccd7227350
 F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee87c1b31a7
 F tool/warnings.sh 1ad0169b022b280bcaaf94a7fa231591be96b514230ab5c98fbf15cd7df842dd
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
-P d7b2fb5363203f475887f277aed4a91e5a83440c169a86b3bf1e4fdf130bbaed 3bac76a86baae830d4fdc9e4055470d84549fde56b4cf217ebd96cb486554461
-R 2812d107bd7816cef0e6e9da5e6ce373
-U dan
-Z 8032dd3d169dd71c128be64fd4083e19
+P 4384ad8918801780f2660817dead919020423eb94aa880fff9b04f2d5f5d932f
+R 3b3a3ca2d8f4756b389edcf626eb6983
+U drh
+Z 26ebd0e9d41736761228599c89751b0d
 # Remove this line to create a well-formed Fossil manifest.

diff --git a/manifest.uuid b/manifest.uuid
index 96f56b5ce3f40fcadffa3bb05fa6454dc15c89bb..71ee003fd5d9e1a285db77639bcae88bf794da82 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-4384ad8918801780f2660817dead919020423eb94aa880fff9b04f2d5f5d932f
+0f31711591c56f3896fb6f092752fb82c4ea646bf8e5838dfbe55302994ea091

diff --git a/src/shell.c.in b/src/shell.c.in
index f408304a9250901a4649ebe3a2d2b4726bba144c..ebd6cad4206b4ec9272ea27d8ac62028588377dc 100644 (file)
--- a/src/shell.c.in
+++ b/src/shell.c.in
@@ -950,7 +950,7 @@ static FILE * openChrSource(const char *zFile){
 ** This routine reads a line of text from FILE in, stores
 ** the text in memory obtained from malloc() and returns a pointer
 ** to the text.  NULL is returned at end of file, or if malloc()
-** fails.
+** fails, or if the length of the line is longer than about a gigabyte.
 **
 ** If zLine is not NULL then it is a malloced buffer returned from
 ** a previous call to this routine that may be reused.
@@ -961,6 +961,10 @@ static char *local_getline(char *zLine, FILE *in){
 
   while( 1 ){
     if( n+100>nLine ){
+      if( nLine>=1073741773 ){
+        free(zLine);
+        return 0;
+      }
       nLine = nLine*2 + 100;
       zLine = realloc(zLine, nLine);
       shell_check_oom(zLine);