Prevent unsigned 32-bit integer overflow from leading to a buffer overread

author drh <drh@noemail.net>

Sat, 12 Jan 2019 21:30:26 +0000 (21:30 +0000)

committer drh <drh@noemail.net>

Sat, 12 Jan 2019 21:30:26 +0000 (21:30 +0000)
author drh <drh@noemail.net>
Sat, 12 Jan 2019 21:30:26 +0000 (21:30 +0000)
committer drh <drh@noemail.net>
Sat, 12 Jan 2019 21:30:26 +0000 (21:30 +0000)
diff --git a/manifest b/manifest

index dfed7550351a4d15de5d02603f6623bdf83c9fc5..284b6f827abe09a80842180af8d9c1f7b0cf130a 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Fix\sanother\sproblem\swith\shandling\scorrupt\srecords\sin\sfts5_decode().
-D 2019-01-12T20:55:36.227
+C Prevent\sunsigned\s32-bit\sinteger\soverflow\sfrom\sleading\sto\sa\sbuffer\soverread\ninside\sof\san\sassert().\s\sThe\sproblem\sfixed\shere\sis\sno\sreachable\sin\sproduction\ncode.
+D 2019-01-12T21:30:26.399
  F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
  F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
  F Makefile.in 45a3fef4d325ac0220c2172aeec4e4321da351f073f3b8e8ddea655f49ef6f2b
@@ -587,7 +587,7 @@ F src/vdbe.c 1919d490e97bfc59eab4d43444a53a6717d06137295ed684a25e5df7430d9974
  F src/vdbe.h 712bca562eaed1c25506b9faf9680bdc75fc42e2f4a1cd518d883fa79c7a4237
  F src/vdbeInt.h a76d5eed62c76bcd8de7afd3147fac1bc40c5a870582664bcd7d071ef437c37f
  F src/vdbeapi.c 57a2d794a8833f269b878dbc24e955369bdb379af6c4e93ebc5ce1a20fa3daf4
-F src/vdbeaux.c eb444562f0adbfb7e07b5a2a7ce4b21231c4c9d6d5b32411fcf806223b2bf6c5
+F src/vdbeaux.c 6e8cf4dd3cf095231af8ecf3c1b986f37e0bad9d7db255d53c1ea6766af7c986
  F src/vdbeblob.c f5c70f973ea3a9e915d1693278a5f890dc78594300cf4d54e64f2b0917c94191
  F src/vdbemem.c 7b3305bc4a5139f4536ac9b5f61da0f915e49d2e3fdfa87dfdfa9d7aba8bc1e9
  F src/vdbesort.c 90aad5a92608f2dd771c96749beabdb562c9d881131a860a7a5bccf66dc3be7f
@@ -1798,7 +1798,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
  F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
  F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
  F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P e35eb8776ed539afe1d5db099470ab1124d8dd2db73ee5db7c811f8df9a9576e
-R 10f763a13c1f98de996ba1b8ed3891ab
-U dan
-Z 8380d015f98fd49fe625440a5996cdb3
+P 726e398b9ddc15ea1b67c40e2a12ddf5d04428a866699588c5fa1af75af846e1
+R 8923f98ae861c2545d072606e0c54a90
+U drh
+Z 4318e33986f46462cf28ea3b5c858257
diff --git a/manifest.uuid b/manifest.uuid

index 28862124520baf2da73d4de54f5a33e08a05451c..7adf65b3f4e9f89a79c81c905502c87573e002db 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-726e398b9ddc15ea1b67c40e2a12ddf5d04428a866699588c5fa1af75af846e1
-\ No newline at end of file
+0f850a25d67a752fe1e9059c0c3f78e00c222113e556a7605fd3c50817b573cb
+\ No newline at end of file
diff --git a/src/vdbeaux.c b/src/vdbeaux.c

index 1125cfd1a366341598691134757ce80fffe69aad..1af8a6f111e774f0c2999c2b6b4a6ee24a1edc4b 100644 (file)
--- a/src/vdbeaux.c
+++ b/src/vdbeaux.c
@@ -3883,8 +3883,8 @@ static int vdbeRecordCompareDebug(
      ** Use that approximation to avoid the more expensive call to
      ** sqlite3VdbeSerialTypeLen() in the common case.
      */
-    if( d1+serial_type1+2>(u32)nKey1
-     && d1+sqlite3VdbeSerialTypeLen(serial_type1)>(u32)nKey1 
+    if( d1+(u64)serial_type1+2>(u64)nKey1
+     && d1+(u64)sqlite3VdbeSerialTypeLen(serial_type1)>(u64)nKey1 
      ){
        break;
      }
author	drh <drh@noemail.net>
	Sat, 12 Jan 2019 21:30:26 +0000 (21:30 +0000)
committer	drh <drh@noemail.net>
	Sat, 12 Jan 2019 21:30:26 +0000 (21:30 +0000)
manifest		patch \| blob \| blame \| history
manifest.uuid		patch \| blob \| blame \| history
src/vdbeaux.c		patch \| blob \| blame \| history