From: stephan <stephan@noemail.net>
Date: Tue, 1 Jul 2025 21:06:58 +0000 (+0000)
Subject: Have sqlite3_value/column_text/blob_v2() return MISUSE for a NULL input object or... 
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7f030542c3fccd8c1b936886dd6676c1cdd0822a;p=thirdparty%2Fsqlite.git

Have sqlite3_value/column_text/blob_v2() return MISUSE for a NULL input object or output target only if SQLITE_ENABLE_API_ARMOR is in effect, for consistency with their sibling APIs.

FossilOrigin-Name: 6290a8eaddd97acd02ee417e28c2815e5f3af67acdfc1d97a2cd88b0aee823c0
---

diff --git a/ext/wasm/tester1.c-pp.js b/ext/wasm/tester1.c-pp.js
index 50bf279b61..90e79931d4 100644
--- a/ext/wasm/tester1.c-pp.js
+++ b/ext/wasm/tester1.c-pp.js
@@ -3415,6 +3415,9 @@ globalThis.sqlite3InitModule = sqlite3InitModule;
         checkRc('SQLITE_OK', "column null pnOut",
                 capi.sqlite3_column_text_v2(q, 1, ppOut, 0, 0));
 
+        /* The MISUSE returns only apply because we build with
+           SQLITE_ENABLE_API_ARMOR. Without API_ARMOR, these result in
+           null pointer dereferences. */
         checkRc('SQLITE_MISUSE', "value null ppOut",
                 capi.sqlite3_value_text_v2(sv, 0, pnOut, 0));
         checkRc('SQLITE_MISUSE', "value null arg0",
diff --git a/manifest b/manifest
index af8afe7914..aff2543887 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Have\ssqlite3_value/column_text/blob_v2()\sunconditionally\sreturn\sMISUSE\sfor\sa\sNULL\sinput\sobject\sor\soutput\starget,\srather\sthan\sonly\swhen\sAPI_ARMOR\sis\sin\seffect.\sThis\sis\sdebatable.
-D 2025-07-01T20:56:49.962
+C Have\ssqlite3_value/column_text/blob_v2()\sreturn\sMISUSE\sfor\sa\sNULL\sinput\sobject\sor\soutput\starget\sonly\sif\sSQLITE_ENABLE_API_ARMOR\sis\sin\seffect,\sfor\sconsistency\swith\stheir\ssibling\sAPIs.
+D 2025-07-01T21:06:58.257
 F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
@@ -698,7 +698,7 @@ F ext/wasm/test-opfs-vfs.html 1f2d672f3f3fce810dfd48a8d56914aba22e45c6834e262555
 F ext/wasm/test-opfs-vfs.js 1618670e466f424aa289859fe0ec8ded223e42e9e69b5c851f809baaaca1a00c
 F ext/wasm/tester1-worker.html ebc4b820a128963afce328ecf63ab200bd923309eb939f4110510ab449e9814c
 F ext/wasm/tester1.c-pp.html 1c1bc78b858af2019e663b1a31e76657b73dc24bede28ca92fbe917c3a972af2
-F ext/wasm/tester1.c-pp.js 80f70bf0f6fcf9d49ab0edbba430c27dc2a6cdd1d8f718732c71fc131d686aee
+F ext/wasm/tester1.c-pp.js 43e1971f905bbb1bf2a13a80fbde41e579d051d2e008cfff1d0208e8aa48442c
 F ext/wasm/tests/opfs/concurrency/index.html 657578a6e9ce1e9b8be951549ed93a6a471f4520a99e5b545928668f4285fb5e
 F ext/wasm/tests/opfs/concurrency/test.js d08889a5bb6e61937d0b8cbb78c9efbefbf65ad09f510589c779b7cc6a803a88
 F ext/wasm/tests/opfs/concurrency/worker.js 0a8c1a3e6ebb38aabbee24f122693f1fb29d599948915c76906681bb7da1d3d2
@@ -787,7 +787,7 @@ F src/resolve.c d40fe18d7c2fd0339f5846ffcf7d6809866e380acdf14c76fb2af87e9fe13f64
 F src/rowset.c 8432130e6c344b3401a8874c3cb49fefe6873fec593294de077afea2dce5ec97
 F src/select.c 882d739e0d5e6c7a8b46a3cca3ada37fe1a56301f1360d6b141312c666bbe482
 F src/shell.c.in 4f14a1f5196b6006abc8e73cc8fd6c1a62cf940396f8ba909d6711f35f074bb6
-F src/sqlite.h.in a7eadf009abe0ed994b1a73dde800a5708ca25ee17d145bbe18f0a800321dc1e
+F src/sqlite.h.in e3301b5f2e2d9b50160c9f185a4dfd7c5e44abb754e8bd837a96a6678b5f91be
 F src/sqlite3.rc 015537e6ac1eec6c7050e17b616c2ffe6f70fca241835a84a4f0d5937383c479
 F src/sqlite3ext.h 0bfd049bb2088cc44c2ad54f2079d1c6e43091a4e1ce8868779b75f6c1484f1e
 F src/sqliteInt.h 21c089759415895c86220d35c22cd17fdc6ca27653e1ec0c744d1e6808d0545a
@@ -855,7 +855,7 @@ F src/vacuum.c 1bacdd0a81d2b5dc1c508fbf0d938c89fa78dd8d5b46ec92686d44030d4f4789
 F src/vdbe.c 7e29623ca387880b8893e69135a0ff240c3dcaf0710f7a46a5f95b062cf93883
 F src/vdbe.h 93761ed7c6b8bc19524912fd9b9b587d41bf4f1d0ade650a00dadc10518d8958
 F src/vdbeInt.h 0bc581a9763be385e3af715e8c0a503ba8422c2b7074922faf4bb0d6ae31b15e
-F src/vdbeapi.c 8507114873bd142f9ee7b0e1ecfe02c7d2275062bbb17b9998823045a86b2213
+F src/vdbeapi.c 3dac6a9561aec2c02f2b10493f7c9a940b8a3989aaf0739daf8881efbdb07028
 F src/vdbeaux.c fd2c6b19a8892c31a2adc719f156f313560f9cc490cdbd04ff08fdae5d7aedb7
 F src/vdbeblob.c b1b4032cac46b41e44b957c4d00aee9851f862dfd85ecb68116ba49884b03dfd
 F src/vdbemem.c 08633d0ac68585c83176bc9f336424d9e97fcb50827f71b3bce9746ad6950a56
@@ -2208,8 +2208,8 @@ F tool/version-info.c 3b36468a90faf1bbd59c65fd0eb66522d9f941eedd364fabccd7227350
 F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee87c1b31a7
 F tool/warnings.sh 1ad0169b022b280bcaaf94a7fa231591be96b514230ab5c98fbf15cd7df842dd
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
-P 97b06c4594dc3d056334dfba6f310fb6d058456adde6abacfef29f0244637d39
-R 6b6629f04e602234dd8ac3be91aa7341
+P c8edbfc7e8b57e7b1c9a4a5cdfdc00cd7216b6ccc36ff983f85ad94865f6288f
+R 138eac1c14c32444a14b6bb0beaf00e1
 U stephan
-Z 9fe6eb65e143d983313efbc0f20ad387
+Z 97018cf14ef415b3e72b4bbea656140c
 # Remove this line to create a well-formed Fossil manifest.
diff --git a/manifest.uuid b/manifest.uuid
index 20c1f9b3ad..b9bbe7c5fa 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-c8edbfc7e8b57e7b1c9a4a5cdfdc00cd7216b6ccc36ff983f85ad94865f6288f
+6290a8eaddd97acd02ee417e28c2815e5f3af67acdfc1d97a2cd88b0aee823c0
diff --git a/src/sqlite.h.in b/src/sqlite.h.in
index d4953d017b..2e2802e903 100644
--- a/src/sqlite.h.in
+++ b/src/sqlite.h.in
@@ -5298,9 +5298,9 @@ int sqlite3_data_count(sqlite3_stmt *pStmt);
 ** 5th argument is an integer pointer which, if not NULL, gets set to
 ** the [SQLITE_INTEGER | column's SQL type]. On success these
 ** interfaces return 0. On error they do not modify any of their
-** output pointers and return SQLITE_NOMEM on allocation error,
-** SQLITE_MISUSE if either their first or third arguments are NULL,
-** and SQLITE_RANGE if the given column index is out of range.
+** output pointers and return SQLITE_NOMEM on allocation error and
+** SQLITE_RANGE if the given column index is out of range. Results are
+** undefined if either of their 1st or 3rd arguments are NULL.
 **
 ** If the SQL statement does not currently point to a valid row, or if the
 ** column index is out of range, the result is undefined.
diff --git a/src/vdbeapi.c b/src/vdbeapi.c
index a1af6087bc..060b1a310b 100644
--- a/src/vdbeapi.c
+++ b/src/vdbeapi.c
@@ -194,7 +194,9 @@ const void *sqlite3_value_blob(sqlite3_value *pVal){
 int sqlite3_value_blob_v2(sqlite3_value *pVal, const void **pOut,
                           int *pnOut, int *pType){
   Mem *p = (Mem*)pVal;
+#ifdef SQLITE_ENABLE_API_ARMOR
   if( pVal==0 || pOut==0 ) return SQLITE_MISUSE_BKPT;
+#endif
   if( p->flags & (MEM_Blob|MEM_Str) ){
     if( ExpandBlob(p)!=SQLITE_OK ){
       assert( p->flags==MEM_Null && p->z==0 );
@@ -248,7 +250,9 @@ int sqlite3_value_text_v2(sqlite3_value *pVal,
                           const unsigned char **pOut,
                           int *pnOut, int *pType){
   int n = 0;
+#ifdef SQLITE_ENABLE_API_ARMOR
   if( pVal==0 || pOut==0 ) return SQLITE_MISUSE_BKPT;
+#endif
   return sqlite3ValueTextV2(pVal, SQLITE_UTF8, (const void **)pOut,
                             pnOut ? pnOut : &n, pType);
 }
@@ -1380,7 +1384,9 @@ static int columnMemV2(sqlite3_stmt *pStmt, int iCol, int bBlob,
   int rc = 0;
   Vdbe * const pVm = (Vdbe*)pStmt;
 
+#ifdef SQLITE_ENABLE_API_ARMOR
   if( pVm==0 || pOut==0 ) return SQLITE_MISUSE_BKPT;
+#endif
   assert( pVm->db );
   sqlite3_mutex_enter(pVm->db->mutex);
   if( pVm->pResultRow!=0 && iCol<pVm->nResColumn && iCol>=0 ){