From: drh <>
Date: Fri, 26 Jun 2026 13:41:07 +0000 (+0000)
Subject: Fix unbounded whitespace skip in the decimal extension.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0a54af99a1b5a7dad31d1112cdd847ff3d53c9f4;p=thirdparty%2Fsqlite.git

Fix unbounded whitespace skip in the decimal extension.
[bugs:/info/2026-06-26T10:06:54Z|Bugs 2026-06-26T10:06:54Z]

FossilOrigin-Name: 71d4cfe5a34cf8485ab2e5abe670381cd068f013233d98c44355a6bcdfcbbbb0
---

diff --git a/ext/misc/decimal.c b/ext/misc/decimal.c
index 478eb2f937..322fc427cf 100644
--- a/ext/misc/decimal.c
+++ b/ext/misc/decimal.c
@@ -67,6 +67,9 @@ static void decimal_free(Decimal *p){
 /*
 ** Allocate a new Decimal object initialized to the text in zIn[].
 ** Return NULL if any kind of error occurs.
+**
+** Note that zIn[] is not necessarily zero-terminated.  Always
+** respect the boundary imposed by the n argument.
 */
 static Decimal *decimalNewFromText(const char *zIn, int n){
   Decimal *p = 0;
@@ -84,11 +87,11 @@ static Decimal *decimalNewFromText(const char *zIn, int n){
   p->nFrac = 0;
   p->a = sqlite3_malloc64( n+1 );
   if( p->a==0 ) goto new_from_text_failed;
-  for(i=0; IsSpace(zIn[i]); i++){}
-  if( zIn[i]=='-' ){
+  for(i=0; i<n && IsSpace(zIn[i]); i++){}
+  if( i<n && zIn[i]=='-' ){
     p->sign = 1;
     i++;
-  }else if( zIn[i]=='+' ){
+  }else if( i<n && zIn[i]=='+' ){
     i++;
   }
   while( i<n && zIn[i]=='0' ) i++;
diff --git a/manifest b/manifest
index 2ba867835c..db4e308c3f 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Extra\smargin\sto\sprevent\squeue\soverflow\sin\sthe\sRTree\sextension.\n[bugs:/info/2026-06-26T12:15:33Z|Bug\s2026-06-26T12:15:33Z]
-D 2026-06-26T13:21:00.825
+C Fix\sunbounded\swhitespace\sskip\sin\sthe\sdecimal\sextension.\n[bugs:/info/2026-06-26T10:06:54Z|Bugs\s2026-06-26T10:06:54Z]
+D 2026-06-26T13:41:07.923
 F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
@@ -373,7 +373,7 @@ F ext/misc/completion.c 3f5db28e88c3313103b2dd86d910a2944fd500c46754e473493968ce
 F ext/misc/compress.c 5cc142aa82d1589a31c384657d0418c0eb0871348a2201e5dca32d24a0dd6654
 F ext/misc/csv.c 5ca451b9ce77322c4ce8476766e7ed18160e5c8b19e7cab76e13006d631b9e8f
 F ext/misc/dbdump.c 678f1b9ae2317b4473f65d03132a2482c3f4b08920799ed80feedd2941a06680
-F ext/misc/decimal.c 7b32d10364a1b958f49d800ddca59692d6ac6aec0dd4974ab3c1734bd6dfecda
+F ext/misc/decimal.c 0e5504e949c45df8cc69e3754bfa4f35cb341f7c055e74187693cc1f2c33afbd
 F ext/misc/diskused.c 0ef61ab38a877430e104d24c6d55f172634563f584bb08af2f33eaa04acaf5eb
 F ext/misc/eval.c 04bc9aada78c888394204b4ed996ab834b99726fb59603b0ee3ed6e049755dc1
 F ext/misc/explain.c 04c9270fd8cf93a9bceb12d2f5f67e3f09a4e58b3e0efe14d24531444d2fffdf
@@ -1049,7 +1049,7 @@ F test/dbpage.test 2e3a50548edea551ef974b8f121f975852de9c5b16cb3284ac4bf2c9f2ed5
 F test/dbpagefault.test ea39de2ca86041a9c6df1135645180a76d0a8da93ac159e2fafe38e39636530b
 F test/dbstatus.test 4a4221a883025ffd39696b3d1b3910b928fb097d77e671351acb35f3aed42759
 F test/dbstatus2.test a36518c0f0951d8fd5a3dc36f99948ad1af93fb7fc0d2e03e5bb5a643186cf52
-F test/decimal.test e5a85d6b81313fa50a4361b041a8702c99eca2ff7ad147ea6e2525132550cb19
+F test/decimal.test f1975a3fbfeb9e00c7b2024ba2282a9868e09ecba94c88dcae2aac07ae29967b
 F test/default.test c7124864cded213a3f118bc7e2e26f34b7c36dfa26cf6945cc8b7f5db1191277
 F test/delete.test 2686e1c98d552ef37d79ad55b17b93fe96fad9737786917ce3839767f734c48f
 F test/delete2.test 3a03f2cca1f9a67ec469915cb8babd6485db43fa
@@ -2208,8 +2208,8 @@ F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee
 F tool/warnings.sh a554d13f6e5cf3760f041b87939e3d616ec6961859c3245e8ef701d1eafc2ca2
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
 F tool/winmain.c 00c8fb88e365c9017db14c73d3c78af62194d9644feaf60e220ab0f411f3604c
-P 11ffa3bfba77b9f3a8c4903d496f63ee26c9873f735d254f35111eecf91228be
-R 4542e960ba4dca317d6ccd49980ac84e
+P de40bfb6b39f3252d1dc2dccc04439ac7b40c1331ded60473950cb4b96fc85f7
+R 0c7001d33dac5133c3f448d465512f11
 U drh
-Z 9ae4b6a558ef46143ea53e359ed5c73f
+Z 73ffd9666efc62a72dcb4e7b3152cab3
 # Remove this line to create a well-formed Fossil manifest.
diff --git a/manifest.uuid b/manifest.uuid
index 52d95aa1c3..62f4263160 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-de40bfb6b39f3252d1dc2dccc04439ac7b40c1331ded60473950cb4b96fc85f7
+71d4cfe5a34cf8485ab2e5abe670381cd068f013233d98c44355a6bcdfcbbbb0
diff --git a/test/decimal.test b/test/decimal.test
index 89456bf919..5174039399 100644
--- a/test/decimal.test
+++ b/test/decimal.test
@@ -243,5 +243,17 @@ do_execsql_test 8000 {
   SELECT decimal('999.999',3);
 } {1000.000}
 
+# Bug 2026-06-26T10:06:54Z
+#
+reset_db
+load_static_extension db decimal
+do_execsql_test 8100 {
+  PRAGMA cache_size=10;
+  PRAGMA page_size=512;
+  CREATE TABLE t(x TEXT, pad TEXT);
+  WITH RECURSIVE c(n) AS (VALUES(1) UNION ALL SELECT n+1 FROM c WHERE n<5000)
+    INSERT INTO t SELECT printf('%*s', 8, ''), randomblob(2000) FROM c;
+  SELECT count(*) FROM (SELECT x FROM t ORDER BY x COLLATE decimal);
+} {5000}
 
 finish_test