Take care to avoid a buffer over-read when adding a KEYINFO structure

author drh <drh@noemail.net>

Fri, 2 Apr 2010 12:55:38 +0000 (12:55 +0000)

committer drh <drh@noemail.net>

Fri, 2 Apr 2010 12:55:38 +0000 (12:55 +0000)
author drh <drh@noemail.net>
Fri, 2 Apr 2010 12:55:38 +0000 (12:55 +0000)
committer drh <drh@noemail.net>
Fri, 2 Apr 2010 12:55:38 +0000 (12:55 +0000)
diff --git a/manifest b/manifest

index 0d1ea240687de4eaabde2837bcf8175d9ecd4129..c090dd4e4194d2b9f1244eefdf16e625ea275d9f 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,8 +1,8 @@
  -----BEGIN PGP SIGNED MESSAGE-----
  Hash: SHA1
  
-C If\sthe\ssize\sof\sthe\sdatabase\saccording\sto\sthe\sheader\sis\slarger\sthan\sthe\s\nactual\sdatabase\sfile\ssize,\sreport\sthat\sthe\sdatabase\sis\scorrupt.
-D 2010-04-02T12:46:46
+C Take\scare\sto\savoid\sa\sbuffer\sover-read\swhen\sadding\sa\sKEYINFO\sstructure\s\nto\sthe\sP4\sparameter\sof\san\sopcode.
+D 2010-04-02T12:55:39
  F Makefile.arm-wince-mingw32ce-gcc fcd5e9cd67fe88836360bb4f9ef4cb7f8e2fb5a0
  F Makefile.in 4f2f967b7e58a35bb74fb7ec8ae90e0f4ca7868b
  F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654
@@ -218,7 +218,7 @@ F src/vdbe.c 760a0857cdcc000759bd3a5b8e2907dd351072bc
  F src/vdbe.h 471f6a3dcec4817ca33596fe7f6654d56c0e75f3
  F src/vdbeInt.h ae1e6ba0dd3fb4a886898d2829d748be701b01f8
  F src/vdbeapi.c 74c25680046a116b24b95393914d3669c23305dc
-F src/vdbeaux.c 863cd854d343e3e71622f20e5066d3007f9216c5
+F src/vdbeaux.c 3028b2d50df39697e21263685349b5ff1333a29b
  F src/vdbeblob.c 5327132a42a91e8b7acfb60b9d2c3b1c5c863e0e
  F src/vdbemem.c 2a82f455f6ca6f78b59fb312f96054c04ae0ead1
  F src/vdbetrace.c 864cef96919323482ebd9986f2132435115e9cc2
@@ -797,14 +797,14 @@ F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff
  F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224
  F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e
  F tool/vdbe-compress.tcl d70ea6d8a19e3571d7ab8c9b75cba86d1173ff0f
-P b04a45ea9714e7a35372b5d6a58868b307d10502
-R 06ecba5df1d5408ada18a2d2a32d9a06
+P 8eb1f2443f2712920452b7ed3fb835c7f3221191
+R 7b23fa04681509f7f03c180e2cb207ef
  U drh
-Z 62a18eff5162d3c5f6dbbcc5b8811101
+Z be5a4dabda99980b85561772989aa01d
  -----BEGIN PGP SIGNATURE-----
  Version: GnuPG v1.4.6 (GNU/Linux)
  
-iD8DBQFLtec5oxKgR168RlERAtopAKCCfpIK0uzxHa5hP0afNalmHZOLEACeI23I
-DZeffigSN9kUTWYrQA9NS9w=
-=ul9b
+iD8DBQFLtelOoxKgR168RlERAgU6AJ0QBxber/Z+M94ECEzPsGlPVSdrvwCeNxOo
+XLX0wypT7RatZGUdGUJO7Dk=
+=S/qb
  -----END PGP SIGNATURE-----
diff --git a/manifest.uuid b/manifest.uuid

index c6306c66a0b393b796226ba1d17512293434a046..d79f09e192c29eb8dba4ab9630c209ca4e48a688 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-8eb1f2443f2712920452b7ed3fb835c7f3221191
-\ No newline at end of file
+937b931a7cdad6874638158ed6a9ab6356b0bd0c
+\ No newline at end of file
diff --git a/src/vdbeaux.c b/src/vdbeaux.c

index b6b5a7b9334e18f36627c9ed469aa8253fd8388f..a5746f869a36f10845bd7f163c983a38b95959c7 100644 (file)
--- a/src/vdbeaux.c
+++ b/src/vdbeaux.c
@@ -743,7 +743,7 @@ void sqlite3VdbeChangeP4(Vdbe *p, int addr, const char *zP4, int n){
      pOp->p4.pKeyInfo = pKeyInfo;
      if( pKeyInfo ){
        u8 *aSortOrder;
-      memcpy((char*)pKeyInfo, zP4, nByte);
+      memcpy((char*)pKeyInfo, zP4, nByte - nField);
        aSortOrder = pKeyInfo->aSortOrder;
        if( aSortOrder ){
          pKeyInfo->aSortOrder = (unsigned char*)&pKeyInfo->aColl[nField];
author	drh <drh@noemail.net>
	Fri, 2 Apr 2010 12:55:38 +0000 (12:55 +0000)
committer	drh <drh@noemail.net>
	Fri, 2 Apr 2010 12:55:38 +0000 (12:55 +0000)
manifest		patch \| blob \| blame \| history
manifest.uuid		patch \| blob \| blame \| history
src/vdbeaux.c		patch \| blob \| blame \| history