Detect oversized strings in the OP_String opcode even if the P4 argument

is originally UTF8 and has to be converted to UTF16 to match the database
file and that conversion causes the string to become shorter and cross
below SQLITE_LIMIT_LENGTH threshold.  This might fix an OSSFuzz problem
that we have been so far unable to reproduce.

FossilOrigin-Name: c13d563925db12bc2c91ff9432050261e5bd39d960e2739777a66bf804df2e31

diff --git a/manifest b/manifest
index 20f026f9912d1821975d47a657915a015ef17bc2..ea467fade7ad7c7983311584fb6445ee2d15d968 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Changes\sto\sthe\sunix\sVFS\sthat\sallegedly\senable\sit\sto\sbuild\sof\sFuchsia.\nWe\shave\sno\sway\sof\stesting\sthis.
-D 2019-02-20T19:20:16.043
+C Detect\soversized\sstrings\sin\sthe\sOP_String\sopcode\seven\sif\sthe\sP4\sargument\nis\soriginally\sUTF8\sand\shas\sto\sbe\sconverted\sto\sUTF16\sto\smatch\sthe\sdatabase\nfile\sand\sthat\sconversion\scauses\sthe\sstring\sto\sbecome\sshorter\sand\scross\nbelow\sSQLITE_LIMIT_LENGTH\sthreshold.\s\sThis\smight\sfix\san\sOSSFuzz\sproblem\nthat\swe\shave\sbeen\sso\sfar\sunable\sto\sreproduce.
+D 2019-02-21T16:41:34.321
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F Makefile.in 178d8eb6840771149cee40b322d1b3be30d330198c522c903c1b66fb5a1bfca4
@@ -586,7 +586,7 @@ F src/upsert.c 0dd81b40206841814d46942a7337786932475f085716042d0cb2fc7791bf8ca4
 F src/utf.c 810fbfebe12359f10bc2a011520a6e10879ab2a163bcb26c74768eab82ea62a5
 F src/util.c 82a2e3f691a3b654be872e305dab1f455e565dedf5e6a90c818c1ab307c00432
 F src/vacuum.c a9f389f41556c0ec310bc9169dc9476603c30a0a913ad92bfbc75c86886967ca
-F src/vdbe.c f11f5b935d0858ffeb3b2f0f50d9f4c368b8100c2ae6761178828e2aa38b63f2
+F src/vdbe.c c2ebe27a1e4176f5e4b48269917b7a3df096b125d3c407da90e769a9fe4e406e
 F src/vdbe.h 712bca562eaed1c25506b9faf9680bdc75fc42e2f4a1cd518d883fa79c7a4237
 F src/vdbeInt.h a76d5eed62c76bcd8de7afd3147fac1bc40c5a870582664bcd7d071ef437c37f
 F src/vdbeapi.c cde63790c9d18ba5941d52c9f49e1a862cf6503141d5b9c112a05eb0adbf30a9
@@ -1805,7 +1805,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P af84774d1eebcfe6a61b564b4edf280ad3c3a93f39b7f70b6fcc56f7bbdfb9eb
-R a6f27facbdb7dc40d5575aa8c5ace55a
+P be21a6416d47ff7db995006a0422b745044d9b8bb5bad3c53342aa6e2e524771
+R c5273df2e86448fbe31848ca521a60a4
 U drh
-Z ca0997b8ac8e61eb0d0c0b024412021b
+Z 34aa1885dbc38a0426f19597b6e0799d

diff --git a/manifest.uuid b/manifest.uuid
index 82410f900a9f8b7b725efd7afc7a97e8234787fc..a0f17d4ac043831c31eb932aebfe22cf826c255c 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-be21a6416d47ff7db995006a0422b745044d9b8bb5bad3c53342aa6e2e524771
\ No newline at end of file
+c13d563925db12bc2c91ff9432050261e5bd39d960e2739777a66bf804df2e31
\ No newline at end of file

diff --git a/src/vdbe.c b/src/vdbe.c
index e536238524035be4e960c90589ac4f8074a6da40..5085273bc740c241e80cbe409c067b88ab61c7ce 100644 (file)
--- a/src/vdbe.c
+++ b/src/vdbe.c
@@ -1102,6 +1102,7 @@ case OP_String8: {         /* same as TK_STRING, out2 */
   if( encoding!=SQLITE_UTF8 ){
     rc = sqlite3VdbeMemSetStr(pOut, pOp->p4.z, -1, SQLITE_UTF8, SQLITE_STATIC);
     assert( rc==SQLITE_OK || rc==SQLITE_TOOBIG );
+    if( rc ) goto too_big;
     if( SQLITE_OK!=sqlite3VdbeChangeEncoding(pOut, encoding) ) goto no_mem;
     assert( pOut->szMalloc>0 && pOut->zMalloc==pOut->z );
     assert( VdbeMemDynamic(pOut)==0 );
@@ -1114,7 +1115,6 @@ case OP_String8: {         /* same as TK_STRING, out2 */
     pOp->p4.z = pOut->z;
     pOp->p1 = pOut->n;
   }
-  testcase( rc==SQLITE_TOOBIG );
 #endif
   if( pOp->p1>db->aLimit[SQLITE_LIMIT_LENGTH] ){
     goto too_big;