From: drh Date: Fri, 2 Apr 2010 12:55:38 +0000 (+0000) Subject: Take care to avoid a buffer over-read when adding a KEYINFO structure X-Git-Tag: version-3.7.2~495 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a378c566d2a0614b4c1a23ea71e4f51c8bed08fe;p=thirdparty%2Fsqlite.git Take care to avoid a buffer over-read when adding a KEYINFO structure to the P4 parameter of an opcode. FossilOrigin-Name: 937b931a7cdad6874638158ed6a9ab6356b0bd0c --- diff --git a/manifest b/manifest index 0d1ea24068..c090dd4e41 100644 --- a/manifest +++ b/manifest @@ -1,8 +1,8 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -C If\sthe\ssize\sof\sthe\sdatabase\saccording\sto\sthe\sheader\sis\slarger\sthan\sthe\s\nactual\sdatabase\sfile\ssize,\sreport\sthat\sthe\sdatabase\sis\scorrupt. -D 2010-04-02T12:46:46 +C Take\scare\sto\savoid\sa\sbuffer\sover-read\swhen\sadding\sa\sKEYINFO\sstructure\s\nto\sthe\sP4\sparameter\sof\san\sopcode. +D 2010-04-02T12:55:39 F Makefile.arm-wince-mingw32ce-gcc fcd5e9cd67fe88836360bb4f9ef4cb7f8e2fb5a0 F Makefile.in 4f2f967b7e58a35bb74fb7ec8ae90e0f4ca7868b F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654 @@ -218,7 +218,7 @@ F src/vdbe.c 760a0857cdcc000759bd3a5b8e2907dd351072bc F src/vdbe.h 471f6a3dcec4817ca33596fe7f6654d56c0e75f3 F src/vdbeInt.h ae1e6ba0dd3fb4a886898d2829d748be701b01f8 F src/vdbeapi.c 74c25680046a116b24b95393914d3669c23305dc -F src/vdbeaux.c 863cd854d343e3e71622f20e5066d3007f9216c5 +F src/vdbeaux.c 3028b2d50df39697e21263685349b5ff1333a29b F src/vdbeblob.c 5327132a42a91e8b7acfb60b9d2c3b1c5c863e0e F src/vdbemem.c 2a82f455f6ca6f78b59fb312f96054c04ae0ead1 F src/vdbetrace.c 864cef96919323482ebd9986f2132435115e9cc2 @@ -797,14 +797,14 @@ F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224 F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e F tool/vdbe-compress.tcl d70ea6d8a19e3571d7ab8c9b75cba86d1173ff0f -P b04a45ea9714e7a35372b5d6a58868b307d10502 -R 06ecba5df1d5408ada18a2d2a32d9a06 +P 8eb1f2443f2712920452b7ed3fb835c7f3221191 +R 7b23fa04681509f7f03c180e2cb207ef U drh -Z 62a18eff5162d3c5f6dbbcc5b8811101 +Z be5a4dabda99980b85561772989aa01d -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) -iD8DBQFLtec5oxKgR168RlERAtopAKCCfpIK0uzxHa5hP0afNalmHZOLEACeI23I -DZeffigSN9kUTWYrQA9NS9w= -=ul9b +iD8DBQFLtelOoxKgR168RlERAgU6AJ0QBxber/Z+M94ECEzPsGlPVSdrvwCeNxOo +XLX0wypT7RatZGUdGUJO7Dk= +=S/qb -----END PGP SIGNATURE----- diff --git a/manifest.uuid b/manifest.uuid index c6306c66a0..d79f09e192 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -8eb1f2443f2712920452b7ed3fb835c7f3221191 \ No newline at end of file +937b931a7cdad6874638158ed6a9ab6356b0bd0c \ No newline at end of file diff --git a/src/vdbeaux.c b/src/vdbeaux.c index b6b5a7b933..a5746f869a 100644 --- a/src/vdbeaux.c +++ b/src/vdbeaux.c @@ -743,7 +743,7 @@ void sqlite3VdbeChangeP4(Vdbe *p, int addr, const char *zP4, int n){ pOp->p4.pKeyInfo = pKeyInfo; if( pKeyInfo ){ u8 *aSortOrder; - memcpy((char*)pKeyInfo, zP4, nByte); + memcpy((char*)pKeyInfo, zP4, nByte - nField); aSortOrder = pKeyInfo->aSortOrder; if( aSortOrder ){ pKeyInfo->aSortOrder = (unsigned char*)&pKeyInfo->aColl[nField];