From: dan Date: Wed, 20 May 2015 19:53:17 +0000 (+0000) Subject: Detect and report oversized records constructed from multiple zeroblobs. Cherrypick... X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3cff2bc65e679e9eb5739c7c3825241f4245725d;p=thirdparty%2Fsqlite.git Detect and report oversized records constructed from multiple zeroblobs. Cherrypick of [9e139afd9211]. FossilOrigin-Name: 4a08f6b8bb0d4f5e565fd05a48d0b1af04b9eb2d --- diff --git a/manifest b/manifest index c74e75ed94..19e087117d 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Do\snot\sallow\svirtual\stable\sconstructors\sto\sbe\scalled\srecursively.\sCherrypick\sof\s[0a72726da215] -D 2015-05-20T19:50:57.913 +C Detect\sand\sreport\soversized\srecords\sconstructed\sfrom\smultiple\szeroblobs.\sCherrypick\sof\s[9e139afd9211]. +D 2015-05-20T19:53:17.165 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f F Makefile.in 5eb79e334a5de69c87740edd56af6527dd219308 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23 @@ -283,7 +283,7 @@ F src/update.c ea336ce7b8b3fc5e316ba8f082e6445babf81059 F src/utf.c a0314e637768a030e6e84a957d0c4f6ba910cc05 F src/util.c 3076bdd51cdbf60a6e2e57fada745be37133c73e F src/vacuum.c 3728d74919d4fb1356f9e9a13e27773db60b7179 -F src/vdbe.c 9326966931c8227d6b463e25c43ac4941522c4ca +F src/vdbe.c d48406347c284767935c9f8bac6f799f2c5b2558 F src/vdbe.h c63fad052c9e7388d551e556e119c0bcf6bebdf8 F src/vdbeInt.h f5513f2b5ac1e2c5128996c7ea23add256a301df F src/vdbeapi.c 24e40422382beb774daab11fe9fe9d37e8a04949 @@ -1133,7 +1133,7 @@ F test/without_rowid3.test eac3d5c8a1924725b58503a368f2cbd24fd6c8a0 F test/without_rowid4.test 4e08bcbaee0399f35d58b5581881e7a6243d458a F test/without_rowid5.test b4a639a367f04d382d20e8f44fc1be4f2d57d107 F test/wordcount.c 9915e06cb33d8ca8109b8700791afe80d305afda -F test/zeroblob.test caaecfb4f908f7bc086ed238668049f96774d688 +F test/zeroblob.test fb3c0e4ab172d386954deda24c03f500e121d80d F test/zerodamage.test cf6748bad89553cc1632be51a6f54e487e4039ac F tool/build-all-msvc.bat a0534c971b86fe95f1983f445db5b896d3394818 x F tool/build-shell.sh 950f47c6174f1eea171319438b93ba67ff5bf367 @@ -1186,8 +1186,8 @@ F tool/vdbe_profile.tcl 67746953071a9f8f2f668b73fe899074e2c6d8c1 F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4 F tool/warnings.sh 0abfd78ceb09b7f7c27c688c8e3fe93268a13b32 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f -P b330c7ff6fd1230cde2c246ba0f9d81f056ea61f -Q +0a72726da21581ab16cb3e964bd825b8f2e931e4 -R 7854d9795f43d69006b5074f7b0af8e5 +P 023a29baf0de7e4d2e7a7b5bc184bbad6eb34b8d +Q +9e139afd92116ebc593114ed63b57c8f469653f6 +R 3ff98e73d4f5cf4e3414b23e36825367 U dan -Z 13ca4c0d3ce46f357af6c683f6dac961 +Z 02291f8fc5c2aa03372282523cfd6f55 diff --git a/manifest.uuid b/manifest.uuid index 232f1b09ac..fca245ae5d 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -023a29baf0de7e4d2e7a7b5bc184bbad6eb34b8d \ No newline at end of file +4a08f6b8bb0d4f5e565fd05a48d0b1af04b9eb2d \ No newline at end of file diff --git a/src/vdbe.c b/src/vdbe.c index 9f40993d24..db4bedd9ef 100644 --- a/src/vdbe.c +++ b/src/vdbe.c @@ -2620,7 +2620,7 @@ case OP_MakeRecord: { u64 nData; /* Number of bytes of data space */ int nHdr; /* Number of bytes of header space */ i64 nByte; /* Data space required for this record */ - int nZero; /* Number of zero bytes at the end of the record */ + i64 nZero; /* Number of zero bytes at the end of the record */ int nVarint; /* Number of bytes in a varint */ u32 serial_type; /* Type field */ Mem *pData0; /* First field to be combined into the record */ @@ -2709,7 +2709,7 @@ case OP_MakeRecord: { if( nVarintdb->aLimit[SQLITE_LIMIT_LENGTH] ){ + if( nByte+nZero>db->aLimit[SQLITE_LIMIT_LENGTH] ){ goto too_big; } diff --git a/test/zeroblob.test b/test/zeroblob.test index f4a1950836..e70fd0b748 100644 --- a/test/zeroblob.test +++ b/test/zeroblob.test @@ -255,5 +255,14 @@ do_test zeroblob-9.8 { db eval {SELECT zeroblob(2) IN (zeroblob(2))} } {1} +# Oversized zeroblob records +# +do_test zeroblob-10.1 { + db eval { + CREATE TABLE t10(a,b,c); + } + catchsql {INSERT INTO t10 VALUES(zeroblob(1e9),zeroblob(1e9),zeroblob(1e9))} +} {1 {string or blob too big}} + finish_test