From: drh <> Date: Wed, 18 Mar 2026 14:47:20 +0000 (+0000) Subject: Take care not to overread the record header when decoding the record X-Git-Tag: major-release~74^2~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1539575e052602292205c46e10fe6b751acd3e6f;p=thirdparty%2Fsqlite.git Take care not to overread the record header when decoding the record in vdbeIsMatchingIndexKey(). FossilOrigin-Name: 3a275b5848767b61011b9d1d3d1a62328a80906386375d1b1e13fd92b6983e05 --- diff --git a/manifest b/manifest index 81d40b34b5..7a877174ab 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Pad\sthe\sallocation\sin\svdbeIsMatchingKey()\sa\slittle\sto\savoid\sundefined\sbehaviour\sif\sthe\srecord\sis\scorrupt\sand\sgetVarint32()\sreads\spast\sthe\send\sof\sit. -D 2026-03-18T14:01:21.766 +C Take\scare\snot\sto\soverread\sthe\srecord\sheader\swhen\sdecoding\sthe\srecord\nin\svdbeIsMatchingIndexKey(). +D 2026-03-18T14:47:20.951 F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea @@ -803,7 +803,7 @@ F src/vdbe.c efb45e9c234a85ccb3c515a1af93832530a480bbc0a940929bf156c174c1df64 F src/vdbe.h 70e862ac8a11b590f8c1eaac17a0078429d42bc4ea3f757a9af0f451dd966a71 F src/vdbeInt.h f7157f110f88f1d9d8338c292faf23a9129f6712563ade2b408537c95e17bdef F src/vdbeapi.c 6cdcbe5c7afa754c998e73d2d5d2805556268362914b952811bdfb9c78a37cf1 -F src/vdbeaux.c f64744dc2ed5f5154387549fbaaef94b701af53990e2d0efcb559176464b0625 +F src/vdbeaux.c 2cfb8fc61e3ae446c2bed2f4c44aebfb4f4bf5b406c4d40dc03a52a4d87304a7 F src/vdbeblob.c b3f0640db9642fbdc88bd6ebcc83d6009514cafc98f062f675f2c8d505d82692 F src/vdbemem.c 317ec5e870ddb16951b606c9fe8be22baef22ecbe46f58fdefc259662238afb7 F src/vdbesort.c b69220f4ea9ffea5fdef34d968c60305444eea909252a81933b54c296d9cca70 @@ -2194,8 +2194,8 @@ F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee F tool/warnings.sh d924598cf2f55a4ecbc2aeb055c10bd5f48114793e7ba25f9585435da29e7e98 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f F tool/winmain.c 00c8fb88e365c9017db14c73d3c78af62194d9644feaf60e220ab0f411f3604c -P efd9a7a6c862f778da9cd74e38f674e5d1094aa1c566ea3e68553e83f59502d3 -R 944bc9f722937cbb4104e48b78aa4901 -U dan -Z 314853e7091ee1fcae205f6db5503ae0 +P 9b0671a4f58098948d530f5e238b483a0e9f1309021aff0d6b5ea90e6c8f4e7b +R b8f2431a3170169ff614376e506c5e3a +U drh +Z 399fe0cc6e8662d24092a4f0c31f2585 # Remove this line to create a well-formed Fossil manifest. diff --git a/manifest.uuid b/manifest.uuid index d898c44e58..f7462d514a 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -9b0671a4f58098948d530f5e238b483a0e9f1309021aff0d6b5ea90e6c8f4e7b +3a275b5848767b61011b9d1d3d1a62328a80906386375d1b1e13fd92b6983e05 diff --git a/src/vdbeaux.c b/src/vdbeaux.c index 8e6f762df6..3e2540df1a 100644 --- a/src/vdbeaux.c +++ b/src/vdbeaux.c @@ -5488,6 +5488,10 @@ static int vdbeIsMatchingIndexKey( u32 iSerial = 0; int nSerial = 0; + if( idxHdr>=szHdr ){ + rc = SQLITE_CORRUPT_BKPT; + break; + } idxHdr += getVarint32(&aRec[idxHdr], iSerial); nSerial = sqlite3VdbeSerialTypeLen(iSerial); if( (idxRec+nSerial)>nRec ){