From: drh <>
Date: Wed, 18 Dec 2024 20:29:29 +0000 (+0000)
Subject: Fix possible integer oveflow in the second and third argument to substr().
X-Git-Tag: major-relase~60
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b097ef29d12788153f7381bb5598430d6028d7f7;p=thirdparty%2Fsqlite.git

Fix possible integer oveflow in the second and third argument to substr().

FossilOrigin-Name: b04b4006f38f83d36eaf43c4bace7d53866b02b45e0ddcf1704266fed3bfc11c
---

diff --git a/manifest b/manifest
index b48881d98e..266012a6f8 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Avoid\s32-bit\sroundoff\serror\son\sthe\ssecond\sargument\sto\sround().\n[forum:/forumpost/170aeab92a|Forum\spost\s170aeab92a].
-D 2024-12-18T18:29:19.106
+C Fix\spossible\sinteger\soveflow\sin\sthe\ssecond\sand\sthird\sargument\sto\ssubstr().
+D 2024-12-18T20:29:29.783
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md e108e1e69ae8e8a59e93c455654b8ac9356a11720d3345df2a4743e9590fb20d
@@ -730,7 +730,7 @@ F src/delete.c 03a77ba20e54f0f42ebd8eddf15411ed6bdb06a2c472ac4b6b336521bf7cea42
 F src/expr.c 3329173aacc6c37da3971b6253827799b32e301673be00126df8271bf018e15f
 F src/fault.c 460f3e55994363812d9d60844b2a6de88826e007
 F src/fkey.c 928ed2517e8732113d2b9821aa37af639688d752f4ea9ac6e0e393d713eeb76f
-F src/func.c 33d06376d6fed6dfce22deb475f99317b0b76694e688f06e9fce9480ff44a5c9
+F src/func.c 92f1c5a5116fd96e009f1a6ae59c15ee571985f75cbcddab0ba10f84035a2805
 F src/global.c a19e4b1ca1335f560e9560e590fc13081e21f670643367f99cb9e8f9dc7d615b
 F src/hash.c 9ee4269fb1d6632a6fecfb9479c93a1f29271bddbbaf215dd60420bcb80c7220
 F src/hash.h 3340ab6e1d13e725571d7cee6d3e3135f0779a7d8e76a9ce0a85971fa3953c51
@@ -1258,7 +1258,7 @@ F test/fts4umlaut.test fcaca4471de7e78c9d1f7e8976e3e8704d7d8ad979d57a739d00f3f75
 F test/fts4unicode.test 82a9c16b68ba2f358a856226bb2ee02f81583797bc4744061c54401bf1a0f4c9
 F test/fts4upfrom.test f25835162c989dffd5e2ef91ec24c4848cc9973093e2d492d1c7b32afac1b49d
 F test/full.test 6b3c8fb43c6beab6b95438c1675374b95fab245d
-F test/func.test 4b8d5e7f1356ca42084e56e6c6f28f9e380db727756fb40dc319107c7632b157
+F test/func.test 59ae5fbfc2d5d565e3475824b25df2acc6f1b728d1a8d8e3e719ce64c494f69d
 F test/func2.test 69f6ae3751b4ec765bdc3b803c0a255aa0f693f28f44805bef03e6b4a3fd242f
 F test/func3.test 600a632c305a88f3946d38f9a51efe145c989b2e13bd2b2a488db47fe76bab6a
 F test/func4.test a02e695f62beb31cb092dccf6873ff97543407fff97a5f3ec4da70b5b337bc84
@@ -2202,8 +2202,8 @@ F tool/version-info.c 3b36468a90faf1bbd59c65fd0eb66522d9f941eedd364fabccd7227350
 F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee87c1b31a7
 F tool/warnings.sh 49a486c5069de041aedcbde4de178293e0463ae9918ecad7539eedf0ec77a139
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
-P 0ce42fa586049e8864c5fd1a1d8703722f8549ba0a20ca748b887b7975ba9eb7
-R fec4eb95d4677d8b995343c16db49fdb
+P a9759fc78d6cb0df7c81f20c2c5c358729e571ebee50ee2b1441a15239d0b4b6
+R 0e55189459a80d645412fd9406897915
 U drh
-Z 79885f3615d84c43267a5b2a5adaf77f
+Z ddc339cbca9c68ef9d9f1e1df3d93e64
 # Remove this line to create a well-formed Fossil manifest.
diff --git a/manifest.uuid b/manifest.uuid
index 9781afa1e5..3e1bf40a1b 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-a9759fc78d6cb0df7c81f20c2c5c358729e571ebee50ee2b1441a15239d0b4b6
+b04b4006f38f83d36eaf43c4bace7d53866b02b45e0ddcf1704266fed3bfc11c
diff --git a/src/func.c b/src/func.c
index 00dad97e43..e4c628047d 100644
--- a/src/func.c
+++ b/src/func.c
@@ -363,7 +363,7 @@ static void substrFunc(
     return;
   }
   p0type = sqlite3_value_type(argv[0]);
-  p1 = sqlite3_value_int(argv[1]);
+  p1 = sqlite3_value_int64(argv[1]);
   if( p0type==SQLITE_BLOB ){
     len = sqlite3_value_bytes(argv[0]);
     z = sqlite3_value_blob(argv[0]);
@@ -388,7 +388,7 @@ static void substrFunc(
   if( p1==0 ) p1 = 1; /* <rdar://problem/6778339> */
 #endif
   if( argc==3 ){
-    p2 = sqlite3_value_int(argv[2]);
+    p2 = sqlite3_value_int64(argv[2]);
     if( p2<0 ){
       p2 = -p2;
       negP2 = 1;
diff --git a/test/func.test b/test/func.test
index b8a2cd6659..2b25c94340 100644
--- a/test/func.test
+++ b/test/func.test
@@ -117,6 +117,12 @@ do_test func-2.9 {
 do_test func-2.10 {
   execsql {SELECT substr(a,2,2) FROM t2}
 } {{} {} 45 {} 78}
+do_test func-2.11 {
+  execsql {SELECT substr('abcdefg',0x100000001,2)}
+} {{}}
+do_test func-2.12 {
+  execsql {SELECT substr('abcdefg',1,0x100000002)}
+} {abcdefg}
 
 # Only do the following tests if TCL has UTF-8 capabilities
 #