Fix a buffer overflow bug in a recent check-in, reported by unsolicted

author drh <>

Wed, 8 Apr 2026 17:00:33 +0000 (17:00 +0000)

committer drh <>

Wed, 8 Apr 2026 17:00:33 +0000 (17:00 +0000)
author drh <>
Wed, 8 Apr 2026 17:00:33 +0000 (17:00 +0000)
committer drh <>
Wed, 8 Apr 2026 17:00:33 +0000 (17:00 +0000)
diff --git a/manifest b/manifest

index aa86baff50e9e3cc153d2c004875ac329cb63ef9..8346aba359849d5af2018051edaea6983a4067f0 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Fix\sa\sfew\sdoc\stypos\sand\sinconsistencies.\sNo\scode\schanges.
-D 2026-04-07T15:54:35.800
+C Fix\sa\sbuffer\soverflow\sbug\sin\sa\srecent\scheck-in,\sreported\sby\sunsolicted\nemail\sfrom\sOpenAI/Codex.
+D 2026-04-08T17:00:33.995
  F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x
  F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
  F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
@@ -730,7 +730,7 @@ F src/pcache.h 092b758d2c5e4dabb30eae46d8dfad77c0f70b16bf3ff1943f7a232b0fe0d4ba
  F src/pcache1.c 131ca0daf4e66b4608d2945ae76d6ed90de3f60539afbd5ef9ec65667a5f2fcd
  F src/pragma.c 789ef67117b74b5be0a2db6681f7f0c55e6913791b9da309aefd280de2c8a74d
  F src/prepare.c f6a6e28a281bd1d1da12f47d370a81af46159b40f73bf7fa0b276b664f9c8b7d
-F src/printf.c 9abec48ffb0fc1aac72a461e2ca456b5284a39c84cddc932c86822311e059882
+F src/printf.c 41fb76fcb5ed7e16aaddc659d3b23891abebea45549fe125fc2e6ec380cc7175
  F src/random.c 606b00941a1d7dd09c381d3279a058d771f406c5213c9932bbd93d5587be4b9c
  F src/resolve.c 928ff887f2a7c64275182060d94d06fdddbe32226c569781cf7e7edc6f58d7fd
  F src/rowset.c 8432130e6c344b3401a8874c3cb49fefe6873fec593294de077afea2dce5ec97
@@ -1514,7 +1514,7 @@ F test/pragma5.test 7b33fc43e2e41abf17f35fb73f71b49671a380ea92a6c94b6ce530a25f8d
  F test/pragma6.test c5ec577ba087954b4dfa619a3cbe97b155b60a0af487527abe89b10fc17e6512
  F test/pragmafault.test 275edaf3161771d37de60e5c2b412627ac94cef11739236bec12ed1258b240f8
  F test/prefixes.test b524a1c44bffec225b9aec98bd728480352aa8532ac4c15771fb85e8beef65d9
-F test/printf.test 685fec5a0c5af2490ab0632775a301554361d674211d690f5bee0a97b05333de
+F test/printf.test bcb093ef5cbd17e2d94d93d62045ee61ed0f465c1ca123f284774e474e73a9ea
  F test/printf2.test 3f55c1871a5a65507416076f6eb97e738d5210aeda7595a74ee895f2224cce60
  F test/progress.test ebab27f670bd0d4eb9d20d49cef96e68141d92fb
  F test/ptrchng.test ef1aa72d6cf35a2bbd0869a649b744e9d84977fc
@@ -2197,8 +2197,8 @@ F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee
  F tool/warnings.sh a554d13f6e5cf3760f041b87939e3d616ec6961859c3245e8ef701d1eafc2ca2
  F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
  F tool/winmain.c 00c8fb88e365c9017db14c73d3c78af62194d9644feaf60e220ab0f411f3604c
-P 4a36454904e1c5e7d25406713ab0125f11df66eabe0d378edcb837ef8dedc981
-R 16f1b21b4cb5faffe725c6e07d5c25a3
-U stephan
-Z 22c44324ea68c832a57d85b95caa6e8a
+P 025abd4cf409fb9938e116289f23dc5bcd6d14feb46066221e691b146ee9b354
+R 7600f47bef4b02dcc59e25059aaa900d
+U drh
+Z c818e025424851b4793e1d43a62d77e7
  # Remove this line to create a well-formed Fossil manifest.
diff --git a/manifest.uuid b/manifest.uuid

index 832bf071a8d96f4b825ea244f6261cca2445debe..9731891d07e68adc1a38313ac830e956cb1d4115 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-025abd4cf409fb9938e116289f23dc5bcd6d14feb46066221e691b146ee9b354
+be891a137af15897691250324e4d3d9c96f0c5fb414bca27d0c3bfdd3012a8a2
diff --git a/src/printf.c b/src/printf.c

index 257fcb3757cd9ca64d7be33c0775d45017245dd1..c9fc1a72c0a9221c6004a0ccac9d259037261d20 100644 (file)
--- a/src/printf.c
+++ b/src/printf.c
@@ -621,7 +621,7 @@ void sqlite3_str_vappendf(
            e2 = s.iDP - 1;
          }
  
-        szBufNeeded = MAX(e2,0)+(i64)precision+(i64)width+8;
+        szBufNeeded = MAX(e2,0)+(i64)precision+(i64)width+10;
          if( cThousand && e2>0 ) szBufNeeded += (e2+2)/3;
          if( sqlite3StrAccumEnlargeIfNeeded(pAccum, szBufNeeded) ){
            width = length = 0;
diff --git a/test/printf.test b/test/printf.test

index cc439e617210ef4f64cb210e016fc609ab5eb1fd..1f8ab25a59a585084a5763a4483235f2be0c60dc 100644 (file)
--- a/test/printf.test
+++ b/test/printf.test
@@ -3823,6 +3823,11 @@ do_execsql_test printf-17.11 {
    SELECT format('%.30f',1.0000000000000000076e-50);
  } 0.000000000000000000000000000000
  
+# Reported by OpenAI Codex Security on 2026-04-08
+do_execsql_test printf-17.12 {
+  SELECT format('%!.0e',-1e100);
+} -1.0e+100
+
  #-------------------------------------------------------------------------
  # dbsqlfuzz ad651aad4bb2100f3a724129a555d8d773366d46
  #
author	drh <>
	Wed, 8 Apr 2026 17:00:33 +0000 (17:00 +0000)
committer	drh <>
	Wed, 8 Apr 2026 17:00:33 +0000 (17:00 +0000)
manifest		patch \| blob \| blame \| history
manifest.uuid		patch \| blob \| blame \| history
src/printf.c		patch \| blob \| blame \| history
test/printf.test		patch \| blob \| blame \| history