From: dan Date: Thu, 25 Sep 2025 11:10:55 +0000 (+0000) Subject: Avoid an integer overflow in the shell tool when outputing hex dumps of blobs greater... X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=31efe5a0f2f80a263457a1fc6524783c0c45769b;p=thirdparty%2Fsqlite.git Avoid an integer overflow in the shell tool when outputing hex dumps of blobs greater than 1GB in size. FossilOrigin-Name: 4a1bb874f12adda26e91970b64e700cb904c126412989be4debac9a5647d6f69 --- diff --git a/manifest b/manifest index eabeb1cd47..b119e537bd 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Convert\sthe\sShellText\sobject\sin\sthe\sCLI\sto\suse\ssqlite3_malloc64()\srather\sthan\nplain\smalloc().\s\sAvoid\sunnecessary\squoting\sof\stable\snames\sin\s.dump\soutput\nand\ssimilar.\s\sImproved\sdetection\sof\sOOM\sin\sset_table_name(). -D 2025-09-25T10:55:54.033 +C Avoid\san\sinteger\soverflow\sin\sthe\sshell\stool\swhen\soutputing\shex\sdumps\sof\sblobs\sgreater\sthan\s1GB\sin\ssize. +D 2025-09-25T11:10:55.626 F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea @@ -743,7 +743,7 @@ F src/random.c 606b00941a1d7dd09c381d3279a058d771f406c5213c9932bbd93d5587be4b9c F src/resolve.c f8d1d011aba0964ff1bdccd049d4d2c2fec217efd90d202a4bb775e926b2c25d F src/rowset.c 8432130e6c344b3401a8874c3cb49fefe6873fec593294de077afea2dce5ec97 F src/select.c b95181711d59c36d9789e67f76c4cfec64b99f9629a50be5e6566e117b87d957 -F src/shell.c.in b779751a12934f3daa37b52c8bd0078ad3325b5a62dc112fc7e6182b8cf1a87e +F src/shell.c.in 175630658a5fce0277cddf4991c56931ed061b3af36061be3e56ef113588452f F src/sqlite.h.in 5732519a2acb09066032ceac21f25996eb3f28f807a4468e30633c7c70faae1c F src/sqlite3.rc 015537e6ac1eec6c7050e17b616c2ffe6f70fca241835a84a4f0d5937383c479 F src/sqlite3ext.h 3f0c4ed6934e7309a61c6f3c30f70a30a5b869f785bb3d9f721a36c5e4359126 @@ -2175,8 +2175,8 @@ F tool/version-info.c 3b36468a90faf1bbd59c65fd0eb66522d9f941eedd364fabccd7227350 F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee87c1b31a7 F tool/warnings.sh 1ad0169b022b280bcaaf94a7fa231591be96b514230ab5c98fbf15cd7df842dd F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f -P 39925489b347ec3126389c6dba1ee719373e50c6cea6944384a212c3a3e163d2 -R 1afaff7fd16338dd1366664f6ded10b5 -U drh -Z 9dfc09b0c748f430ec90bad59c91d7c8 +P 6ce4f6dc15a575c318669051fe6590ad114b52ff3f3e260cdf7accccdd922d63 +R a1ddb6405e4d3db885209b345b84b884 +U dan +Z afd7b5825497122e60d96f69e82a9f3f # Remove this line to create a well-formed Fossil manifest. diff --git a/manifest.uuid b/manifest.uuid index 2a269929e2..65fc6d7aa5 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -6ce4f6dc15a575c318669051fe6590ad114b52ff3f3e260cdf7accccdd922d63 +4a1bb874f12adda26e91970b64e700cb904c126412989be4debac9a5647d6f69 diff --git a/src/shell.c.in b/src/shell.c.in index c14d77d181..fc315d07e5 100644 --- a/src/shell.c.in +++ b/src/shell.c.in @@ -1935,7 +1935,7 @@ static void output_hex_blob(FILE *out, const void *pBlob, int nBlob){ int i; unsigned char *aBlob = (unsigned char*)pBlob; - char *zStr = sqlite3_malloc(nBlob*2 + 1); + char *zStr = sqlite3_malloc64((i64)nBlob*2 + 1); shell_check_oom(zStr); for(i=0; i