From 14faa061fd4815f6f8f63bc4d00889b676c85c20 Mon Sep 17 00:00:00 2001 From: dan Date: Fri, 29 Apr 2016 10:13:22 +0000 Subject: [PATCH] Fix an almost entirely harmless buffer overread in the sessions module. FossilOrigin-Name: 89b0ee3351381f7bc666cb206f77a56f2e0d4a0e --- ext/session/sqlite3session.c | 17 +++++++++++------ manifest | 12 ++++++------ manifest.uuid | 2 +- 3 files changed, 18 insertions(+), 13 deletions(-) diff --git a/ext/session/sqlite3session.c b/ext/session/sqlite3session.c index b058d357e2..e333dffcc7 100644 --- a/ext/session/sqlite3session.c +++ b/ext/session/sqlite3session.c @@ -592,14 +592,19 @@ static int sessionChangeEqual( int iCol; /* Used to iterate through table columns */ for(iCol=0; iColnCol; iCol++){ - int n1 = sessionSerialLen(a1); - int n2 = sessionSerialLen(a2); + if( pTab->abPK[iCol] ){ + int n1 = sessionSerialLen(a1); + int n2 = sessionSerialLen(a2); - if( pTab->abPK[iCol] && (n1!=n2 || memcmp(a1, a2, n1)) ){ - return 0; + if( pTab->abPK[iCol] && (n1!=n2 || memcmp(a1, a2, n1)) ){ + return 0; + } + a1 += n1; + a2 += n2; + }else{ + if( bLeftPkOnly==0 ) a1 += sessionSerialLen(a1); + if( bRightPkOnly==0 ) a2 += sessionSerialLen(a2); } - if( pTab->abPK[iCol] || bLeftPkOnly==0 ) a1 += n1; - if( pTab->abPK[iCol] || bRightPkOnly==0 ) a2 += n2; } return 1; diff --git a/manifest b/manifest index 61077e7077..77d5df7f09 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Merge\slatest\schanges\sfrom\strunk\swith\sthis\sbranch. -D 2016-04-28T14:59:05.489 +C Fix\san\salmost\sentirely\sharmless\sbuffer\soverread\sin\sthe\ssessions\smodule. +D 2016-04-29T10:13:22.999 F Makefile.in 9e816d0323e418fbc0f8b2c05fc14e0b3763d9e8 F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434 F Makefile.msc 71b8b16cf9393f68e2e2035486ca104872558836 @@ -293,7 +293,7 @@ F ext/session/sessionG.test 01ef705096a9d3984eebdcca79807a211dee1b60 F ext/session/session_common.tcl a1293167d14774b5e728836720497f40fe4ea596 F ext/session/sessionfault.test da273f2712b6411e85e71465a1733b8501dbf6f7 F ext/session/sessionfault2.test 04aa0bc9aa70ea43d8de82c4f648db4de1e990b0 -F ext/session/sqlite3session.c beb300cd1b5c5054062c8e6e807b10475e363410 +F ext/session/sqlite3session.c beb43b6b888801bb006320bc236baa95f4cc32ae F ext/session/sqlite3session.h 64e9e7f185725ef43b97f4a9a0c0df0669844f1d F ext/session/test_session.c 464f2c8bf502795d95969387eb8e93f68c513c15 F ext/userauth/sqlite3userauth.h 19cb6f0e31316d0ee4afdfb7a85ef9da3333a220 @@ -1484,7 +1484,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 5973d3bf2e5aa979ccc9a4a3a0eb08b67098b499 33e627472780b872716c504f2d585cc057c390a5 -R 66281bc4e8738b7ab348496eadeeb2b1 +P 45467ee49872f495d5276cf830f10c3cf4ac8e3c +R 50a6a2b7911c16c6704703bf8b17ce71 U dan -Z 4d2c4cbb1442cfb28a5ae33052756c7a +Z da972510c8d8b75cf481b4f80618fa01 diff --git a/manifest.uuid b/manifest.uuid index b1984ea171..f4d85f9254 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -45467ee49872f495d5276cf830f10c3cf4ac8e3c \ No newline at end of file +89b0ee3351381f7bc666cb206f77a56f2e0d4a0e \ No newline at end of file -- 2.39.5