From: drh <> Date: Mon, 15 Jun 2026 01:24:06 +0000 (+0000) Subject: Prevent array overflow when decoding a corrupted value from the X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;p=thirdparty%2Fsqlite.git Prevent array overflow when decoding a corrupted value from the underlying key/value store. [bugs:/info/2026-06-14T21:58:12Z|Bug 2026-06-14T21:58:12Z] FossilOrigin-Name: 732c8f81b5a914831c36610ddaed3da15a7f9fdbf54f44872e181b941368d702 --- diff --git a/manifest b/manifest index 86d7454ef6..97d995f906 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Remove\sthe\sunused,\suntested,\sexperiemental\s"blobio.c"\sextension,\sto\navoid\sconfusing\sAIs.\n[bugs:/info/2026-06-14T15:12:50Z|Bug\s2026-06-14T15:12:50Z] -D 2026-06-14T22:01:56.449 +C Prevent\sarray\soverflow\swhen\sdecoding\sa\scorrupted\svalue\sfrom\sthe\nunderlying\skey/value\sstore.\n[bugs:/info/2026-06-14T21:58:12Z|Bug\s2026-06-14T21:58:12Z] +D 2026-06-15T01:24:06.637 F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea @@ -720,7 +720,7 @@ F src/notify.c 57c2d1a2805d6dee32acd5d250d928ab94e02d76369ae057dee7d445fd64e878 F src/os.c 509452169d5ea739723e213b8e2481cf0e587f0e88579a912d200db5269f5f6d F src/os.h 1ff5ae51d339d0e30d8a9d814f4b8f8e448169304d83a7ed9db66a65732f3e63 F src/os_common.h 6c0eb8dd40ef3e12fe585a13e709710267a258e2c8dd1c40b1948a1d14582e06 -F src/os_kv.c e7d96727db5b67e39d590a68cc61c86daf4c093c36c011a09ebfb521182ec28d +F src/os_kv.c c1b82b64d8ef86026a08f78212a5c2ed30000752d36399d5dc1701ab1c2ea5bf F src/os_setup.h 8efc64eda6a6c2f221387eefc2e7e45fd5a3d5c8337a7a83519ba4fbd2957ae2 F src/os_unix.c 83759942d1ea8d59daed50901c123016f845fada74caf3496b8a2537c9a08838 F src/os_win.c 68b1c31693a5aeeb8126f618c95f7b53fb39e254836f9a95fbf2733461a7e01d @@ -2208,8 +2208,8 @@ F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee F tool/warnings.sh a554d13f6e5cf3760f041b87939e3d616ec6961859c3245e8ef701d1eafc2ca2 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f F tool/winmain.c 00c8fb88e365c9017db14c73d3c78af62194d9644feaf60e220ab0f411f3604c -P ecae4a2ddf103fe575c6864d201e83a9bb084b511685397db41b3349c91b38e6 -R 71f2f2cdfd58b7b9bd4dddcf7958dc0a +P 45918d5e97a0c29c6fa03d09ac8e131dcca3bf4268bf4f5c46c221b1f900651a +R c29c588740a2631ad1bc25a4ad218786 U drh -Z 195d510236f803534616a27485b6d62b +Z 39884f3f5805fec2ff2a29be0fdee4e7 # Remove this line to create a well-formed Fossil manifest. diff --git a/manifest.uuid b/manifest.uuid index 07a0e88f2e..5ea2113a99 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -45918d5e97a0c29c6fa03d09ac8e131dcca3bf4268bf4f5c46c221b1f900651a +732c8f81b5a914831c36610ddaed3da15a7f9fdbf54f44872e181b941368d702 diff --git a/src/os_kv.c b/src/os_kv.c index 1fd1c8e8ce..c5d4aecbad 100644 --- a/src/os_kv.c +++ b/src/os_kv.c @@ -13,6 +13,22 @@ ** This file contains an experimental VFS layer that operates on a ** Key/Value storage engine where both keys and values must be pure ** text. +** +** DEBUG AND TEST +** +** For testing on Unix, compile using: +** +** make clean sqlite3d CFLAGS='-DSQLITE_OS_KV_OPTIONAL' +** +** Then start up a shell using something like: +** +** ./sqlite3d 'file:dbname?vfs=kvvfs' +** +** Each K/V entry is stored in a separate file in the working +** directory that has a name like "kvvfs-dbname-*". Due to limitations +** on the key size, the name of the database must be very short - just +** a few characters. If the database name is too long, the VFS will +** malfunction and you will get SQLITE_CORRUPT errors. */ #include #if SQLITE_OS_KV || (SQLITE_OS_UNIX && defined(SQLITE_OS_KV_OPTIONAL)) @@ -465,12 +481,14 @@ int kvvfsDecode(const char *a, char *aOut, int nOut){ memset(&aOut[j], 0, n); j += n; if( c==0 || mult==1 ) break; /* progress stalled if mult==1 */ - }else{ + }else if( j