From: drh <> Date: Fri, 26 Nov 2021 17:10:18 +0000 (+0000) Subject: Improved defenses against integer overflow when computing the size of a X-Git-Tag: version-3.37.0~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=913306a53aaf1e10163c8e8181d0826397fc2d42;p=thirdparty%2Fsqlite.git Improved defenses against integer overflow when computing the size of a memory allocations. No bugs were fixed here. But perhaps future bugs will be prevented. FossilOrigin-Name: eb878c01f317f09e8ef6b1bd2ec8d6d5cd6ce0bdfe9da7fa7d92d2047cc9d9e4 --- diff --git a/ext/fts5/fts5_index.c b/ext/fts5/fts5_index.c index 046ec7bcd1..54efb340c3 100644 --- a/ext/fts5/fts5_index.c +++ b/ext/fts5/fts5_index.c @@ -850,7 +850,7 @@ int sqlite3Fts5StructureTest(Fts5Index *p, void *pStruct){ static void fts5StructureMakeWritable(int *pRc, Fts5Structure **pp){ Fts5Structure *p = *pp; if( *pRc==SQLITE_OK && p->nRef>1 ){ - int nByte = sizeof(Fts5Structure)+(p->nLevel-1)*sizeof(Fts5StructureLevel); + i64 nByte = sizeof(Fts5Structure)+(p->nLevel-1)*sizeof(Fts5StructureLevel); Fts5Structure *pNew; pNew = (Fts5Structure*)sqlite3Fts5MallocZero(pRc, nByte); if( pNew ){ diff --git a/ext/fts5/fts5_vocab.c b/ext/fts5/fts5_vocab.c index 148af565e1..18774c4e4a 100644 --- a/ext/fts5/fts5_vocab.c +++ b/ext/fts5/fts5_vocab.c @@ -374,7 +374,7 @@ static int fts5VocabOpenMethod( } if( rc==SQLITE_OK ){ - int nByte = pFts5->pConfig->nCol * sizeof(i64)*2 + sizeof(Fts5VocabCursor); + i64 nByte = pFts5->pConfig->nCol * sizeof(i64)*2 + sizeof(Fts5VocabCursor); pCsr = (Fts5VocabCursor*)sqlite3Fts5MallocZero(&rc, nByte); } diff --git a/manifest b/manifest index c582b63837..9e795e46db 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Fixes\sto\sinternal\scomments.\s\sNo\schanges\sto\scode\sor\sdocumentation. -D 2021-11-26T15:08:55.132 +C Improved\sdefenses\sagainst\sinteger\soverflow\swhen\scomputing\sthe\ssize\sof\sa\nmemory\sallocations.\s\sNo\sbugs\swere\sfixed\shere.\s\sBut\sperhaps\sfuture\sbugs\swill\nbe\sprevented. +D 2021-11-26T17:10:18.515 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -119,7 +119,7 @@ F ext/fts5/fts5_buffer.c 3001fbabb585d6de52947b44b455235072b741038391f830d6b7292 F ext/fts5/fts5_config.c 501e7d3566bc92766b0e11c0109a7c5a6146bc41144195459af5422f6c2078aa F ext/fts5/fts5_expr.c fcd0770d53028c2b53a15d0f53bf6d0e01b1bf3dd97630b9fedf0801f03aa3ec F ext/fts5/fts5_hash.c d4fb70940359f2120ccd1de7ffe64cc3efe65de9e8995b822cd536ff64c96982 -F ext/fts5/fts5_index.c 037b12ca0a29761b3308f2b8e3505edec8c2b8e178577d96ee88b6a1e27e2a00 +F ext/fts5/fts5_index.c a3ada4897c3b14b8a15a8695d2cb3a46b5761137aae0964fc44efe96a877ddd0 F ext/fts5/fts5_main.c 7c6092a53e6802962fa07b0fad3e61cb077b6c98b74b727d8d44ac2cf63bd914 F ext/fts5/fts5_storage.c 76c6085239eb44424004c022e9da17a5ecd5aaec859fba90ad47d3b08f4c8082 F ext/fts5/fts5_tcl.c b1445cbe69908c411df8084a10b2485500ac70a9c747cdc8cda175a3da59d8ae @@ -128,7 +128,7 @@ F ext/fts5/fts5_test_tok.c a2bed8edb25f6432e8cdb62aad5916935c19dba8dac2b8324950c F ext/fts5/fts5_tokenize.c 5e251efb0f1af99a25ed50010ba6b1ad1250aca5921af1988fdcabe5ebc3cb43 F ext/fts5/fts5_unicode2.c eca63dbc797f8ff0572e97caf4631389c0ab900d6364861b915bdd4735973f00 F ext/fts5/fts5_varint.c e64d2113f6e1bfee0032972cffc1207b77af63319746951bf1d09885d1dadf80 -F ext/fts5/fts5_vocab.c 925a05c891edf6abd0ac4fdf4dc998c4c13bf6612d0b6c4102157bc459c0c86b +F ext/fts5/fts5_vocab.c 12138e84616b56218532e3e8feb1d3e0e7ae845e33408dbe911df520424dc9d6 F ext/fts5/fts5parse.y eb526940f892ade5693f22ffd6c4f2702543a9059942772526eac1fde256bb05 F ext/fts5/mkportersteps.tcl 5acf962d2e0074f701620bb5308155fa1e4a63ba F ext/fts5/test/fts5_common.tcl b01c584144b5064f30e6c648145a2dd6bc440841 @@ -494,7 +494,7 @@ F src/btmutex.c 8acc2f464ee76324bf13310df5692a262b801808984c1b79defb2503bbafadb6 F src/btree.c 13b965a0f3cd57221e3b4e61e24452ec264a5b163de347b03b5039ddcd95cd54 F src/btree.h 74d64b8f28cfa4a894d14d4ed64fa432cd697b98b61708d4351482ae15913e22 F src/btreeInt.h ee9348c4cb9077243b049edc93a82c1f32ca48baeabf2140d41362b9f9139ff7 -F src/build.c 1b41a6417e5bb260a5988588764863229905b07b3e9a47878030a1c92d49010f +F src/build.c c46bd4f5a69f398410c4472f7c1c4291fb8078d2c9758a2dad5916edd1d30ecc F src/callback.c 106b585da1edd57d75fa579d823a5218e0bf37f191dbf7417eeb4a8a9a267dbc F src/complete.c a3634ab1e687055cd002e11b8f43eb75c17da23e F src/ctime.c 8159d5f706551861c18ec6c8f6bdf105e15ea00367f05d9ab65d31a1077facc1 @@ -502,7 +502,7 @@ F src/date.c fa928630fecf1d436cdc7a7a5c950c781709023ca782c21b7a43cc7361a9451e F src/dbpage.c 8a01e865bf8bc6d7b1844b4314443a6436c07c3efe1d488ed89e81719047833a F src/dbstat.c 861e08690fcb0f2ee1165eff0060ea8d4f3e2ea10f80dab7d32ad70443a6ff2d F src/delete.c 0c151975fa99560767d7747f9b60543d0093d9f8b89f13d2d6058e9c83ad19e7 -F src/expr.c 89c4a225af2ccf5e7f1d53a70170c405036c63cc55130467e013ec9553261cb1 +F src/expr.c 4b6dfb224b6234ff4f529023993b503048e1b045ff49cbb911e7d28a28cca795 F src/fault.c 460f3e55994363812d9d60844b2a6de88826e007 F src/fkey.c 187b67af20c5795953a592832c5d985e4313fe503ebd8f95e3e9e9ad5a730bb5 F src/func.c 1cfb09d7ffca81238eccefdb0293e1f5b7cfebbd1816dfad5ec6024742a7496b @@ -550,7 +550,7 @@ F src/printf.c 5901672228f305f7d493cbc4e7d76a61a5caecdbc1cd06b1f9ec42ea4265cf8d F src/random.c 097dc8b31b8fba5a9aca1697aeb9fd82078ec91be734c16bffda620ced7ab83c F src/resolve.c 4a1db4aadd802683db40ca2dbbb268187bd195f10cbdb7206dbd8ac988795571 F src/rowset.c ba9515a922af32abe1f7d39406b9d35730ed65efab9443dc5702693b60854c92 -F src/select.c 335db0c2e009ca251fd5647e1d4769da2bb1bca899e3efcd31ad9e14b8ae9de8 +F src/select.c a7a3d9f54eb24821ec5f67f2e5589b68a5d42d46fc5849d7376886777d93a85a F src/shell.c.in 975f268ef261773fcbed1e519dfa10c4f33e8b1cffc12120563e61857fff07c6 F src/sqlite.h.in 5cd209ac7dc4180f0e19292846f40440b8488015849ca0110c70b906b57d68f0 F src/sqlite3.rc 5121c9e10c3964d5755191c80dd1180c122fc3a8 @@ -1933,7 +1933,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 654e6cf8ab493d48b1827bb8100d4e4366a8e889e647c233a9b1b1278a7133d0 -R 6abd755098d90c827f7d464c64811c8f +P 1489b196ce82cddf7360aff6c89219ca25e666187f0f5ff6419ba3b504cdef8d +R c3e7cad31e108fbcd57f75061231ef74 U drh -Z 3a2155d677f9253d6797d37459c4bb61 +Z d9bca23ba48769924e0a60580792a369 diff --git a/manifest.uuid b/manifest.uuid index 8cdef58524..8403a70766 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -1489b196ce82cddf7360aff6c89219ca25e666187f0f5ff6419ba3b504cdef8d \ No newline at end of file +eb878c01f317f09e8ef6b1bd2ec8d6d5cd6ce0bdfe9da7fa7d92d2047cc9d9e4 \ No newline at end of file diff --git a/src/build.c b/src/build.c index d0630e1693..d53ff3b670 100644 --- a/src/build.c +++ b/src/build.c @@ -742,8 +742,8 @@ void sqlite3ColumnSetColl( Column *pCol, const char *zColl ){ - int nColl; - int n; + i64 nColl; + i64 n; char *zNew; assert( zColl!=0 ); n = sqlite3Strlen30(pCol->zCnName) + 1; @@ -1548,7 +1548,7 @@ void sqlite3AddColumn(Parse *pParse, Token sName, Token sType){ } } - z = sqlite3DbMallocRaw(db, sName.n + 1 + sType.n + (sType.n>0) ); + z = sqlite3DbMallocRaw(db, (i64)sName.n + 1 + (i64)sType.n + (sType.n>0) ); if( z==0 ) return; if( IN_RENAME_OBJECT ) sqlite3RenameTokenMap(pParse, (void*)z, &sName); memcpy(z, sName.z, sName.n); @@ -1562,7 +1562,7 @@ void sqlite3AddColumn(Parse *pParse, Token sName, Token sType){ return; } } - aNew = sqlite3DbRealloc(db,p->aCol,(p->nCol+1)*sizeof(p->aCol[0])); + aNew = sqlite3DbRealloc(db,p->aCol,((i64)p->nCol+1)*sizeof(p->aCol[0])); if( aNew==0 ){ sqlite3DbFree(db, z); return; @@ -3575,7 +3575,7 @@ void sqlite3CreateForeignKey( FKey *pFKey = 0; FKey *pNextTo; Table *p = pParse->pNewTable; - int nByte; + i64 nByte; int i; int nCol; char *z; diff --git a/src/expr.c b/src/expr.c index e41a4fd4e5..2a00748846 100644 --- a/src/expr.c +++ b/src/expr.c @@ -5888,7 +5888,7 @@ int sqlite3ExprCoveredByIndex( struct RefSrcList { sqlite3 *db; /* Database connection used for sqlite3DbRealloc() */ SrcList *pRef; /* Looking for references to these tables */ - int nExclude; /* Number of tables to exclude from the search */ + i64 nExclude; /* Number of tables to exclude from the search */ int *aiExclude; /* Cursor IDs for tables to exclude from the search */ }; @@ -5903,7 +5903,8 @@ struct RefSrcList { static int selectRefEnter(Walker *pWalker, Select *pSelect){ struct RefSrcList *p = pWalker->u.pRefSrcList; SrcList *pSrc = pSelect->pSrc; - int i, j, *piNew; + i64 i, j; + int *piNew; if( pSrc->nSrc==0 ) return WRC_Continue; j = p->nExclude; p->nExclude += pSrc->nSrc; diff --git a/src/select.c b/src/select.c index c6f1edb4d3..7f15c2acb2 100644 --- a/src/select.c +++ b/src/select.c @@ -2196,7 +2196,7 @@ void sqlite3SelectAddColumnTypeAndCollation( a = pSelect->pEList->a; for(i=0, pCol=pTab->aCol; inCol; i++, pCol++){ const char *zType; - int n, m; + i64 n, m; pTab->tabFlags |= (pCol->colFlags & COLFLAG_NOINSERT); p = a[i].pExpr; zType = columnType(&sNC, p, 0, 0, 0); @@ -4182,7 +4182,7 @@ static int flattenSubquery( if( pSrc->nSrc>1 ){ if( pParse->nSelect>500 ) return 0; - aCsrMap = sqlite3DbMallocZero(db, (pParse->nTab+1)*sizeof(int)); + aCsrMap = sqlite3DbMallocZero(db, ((i64)pParse->nTab+1)*sizeof(int)); if( aCsrMap ) aCsrMap[0] = pParse->nTab; } }