From: danielk1977 <danielk1977@noemail.net>
Date: Wed, 30 Apr 2008 08:56:10 +0000 (+0000)
Subject: Fix test for buffer overrun in unixGettempname(). Fix for #3091. (CVS 5069)
X-Git-Tag: version-3.6.10~1108
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f96d8aebf3fed09f19d467a7979edaeac7a0f346;p=thirdparty%2Fsqlite.git

Fix test for buffer overrun in unixGettempname(). Fix for #3091. (CVS 5069)

FossilOrigin-Name: fc0ca647bd1c7c953bb0f3eb7d3471572fd18c34
---

diff --git a/manifest b/manifest
index a72690a2e3..7f80690b72 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Zero\sthe\sper-pager\stemporary\sspace\sallocation\sto\savoid\swarnings\sfrom\nvalgrind.\s(CVS\s5068)
-D 2008-04-29T15:38:59
+C Fix\stest\sfor\sbuffer\soverrun\sin\sunixGettempname().\sFix\sfor\s#3091.\s(CVS\s5069)
+D 2008-04-30T08:56:10
 F Makefile.arm-wince-mingw32ce-gcc ac5f7b2cef0cd850d6f755ba6ee4ab961b1fadf7
 F Makefile.in 25b3282a4ac39388632c2fb0e044ff494d490952
 F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654
@@ -120,7 +120,7 @@ F src/os.c d811a3e1a152e03c98d3dd85f2b7aff0d7630cea
 F src/os.h 2ee8b0dec88f946c5371919ffa0f2fe4ac0de2e6
 F src/os_common.h e8b748b2f2ecc8a498e50bfe5d8721f189c19d2a
 F src/os_os2.c 41015b3fa91568761eb10cbf6ca27a0624ba0bda
-F src/os_unix.c fdec4e5ee5dd555a6ad4a69f38ab35f0788536b4
+F src/os_unix.c 8cf512c4321c3114f053dc9eaae394db2dc03ebe
 F src/os_win.c 3a60bddd07ea6f8adb2314dd5996ac97b988f403
 F src/pager.c 268be1208002fab9202b3f29b490ba35615a697d
 F src/pager.h 45ec2188593afd48a25c743529646771d75e83e4
@@ -633,7 +633,7 @@ F www/tclsqlite.tcl 8be95ee6dba05eabcd27a9d91331c803f2ce2130
 F www/vdbe.tcl 87a31ace769f20d3627a64fa1fade7fed47b90d0
 F www/version3.tcl 890248cf7b70e60c383b0e84d77d5132b3ead42b
 F www/whentouse.tcl fc46eae081251c3c181bd79c5faef8195d7991a5
-P 1f5b18419bb4e2552ac26593381e2eb866bb67fd
-R 6a7ccfeeb0015916b93125468973211a
-U drh
-Z 090b70d1bbb6df5e983e8c84abf88caa
+P f854ae576ee0b223b86a1169178fc4399e8d08ce
+R dc0d12af7248df7518eb5354b7eeb383
+U danielk1977
+Z 6533bd0cfc41b7cb37a38e5960f73499
diff --git a/manifest.uuid b/manifest.uuid
index bf0b6e6c41..fa37fc19d8 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-f854ae576ee0b223b86a1169178fc4399e8d08ce
\ No newline at end of file
+fc0ca647bd1c7c953bb0f3eb7d3471572fd18c34
\ No newline at end of file
diff --git a/src/os_unix.c b/src/os_unix.c
index 36a218c16e..ca1f20b999 100644
--- a/src/os_unix.c
+++ b/src/os_unix.c
@@ -2520,9 +2520,14 @@ static int unixGetTempname(sqlite3_vfs *pVfs, int nBuf, char *zBuf){
     zDir = azDirs[i];
     break;
   }
-  if( strlen(zDir) - sizeof(SQLITE_TEMP_FILE_PREFIX) - 17 <=0 ){
+
+  /* Check that the output buffer is large enough for the temporary file 
+  ** name. If it is not, return SQLITE_ERROR.
+  */
+  if( (strlen(zDir) + strlen(SQLITE_TEMP_FILE_PREFIX) + 17) >= nBuf ){
     return SQLITE_ERROR;
   }
+
   do{
     assert( pVfs->mxPathname==MAX_PATHNAME );
     sqlite3_snprintf(nBuf-17, zBuf, "%s/"SQLITE_TEMP_FILE_PREFIX, zDir);