From: drh <drh@noemail.net>
Date: Fri, 1 Mar 2013 01:07:17 +0000 (+0000)
Subject: Always use strncmp() rather than memcmp() when comparing strings where one
X-Git-Tag: version-3.7.16~26
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=503a686e09ce03995eef5d9a95ef217532575be5;p=thirdparty%2Fsqlite.git

Always use strncmp() rather than memcmp() when comparing strings where one
or other string might be less than the length parameter, since optimized
versions of memcmp() might read past the first difference and in so doing
generate an access violation.

FossilOrigin-Name: d73435587ba7459e2e2c32980d0e17abdeceb4bc
---

diff --git a/manifest b/manifest
index ca40b04498..740d228bb9 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C In\sthe\sincrvacuum3\stest,\sadd\smissing\scall\sto\sthe\sTcl\sclose\scommand.
-D 2013-02-26T18:54:18.663
+C Always\suse\sstrncmp()\srather\sthan\smemcmp()\swhen\scomparing\sstrings\swhere\sone\nor\sother\sstring\smight\sbe\sless\sthan\sthe\slength\sparameter,\ssince\soptimized\nversions\sof\smemcmp()\smight\sread\spast\sthe\sfirst\sdifference\sand\sin\sso\sdoing\ngenerate\san\saccess\sviolation.
+D 2013-03-01T01:07:17.783
 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
 F Makefile.in a48faa9e7dd7d556d84f5456eabe5825dd8a6282
 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
@@ -115,7 +115,7 @@ F sqlite.pc.in 42b7bf0d02e08b9e77734a47798d1a55a9e0716b
 F sqlite3.1 6be1ad09113570e1fc8dcaff84c9b0b337db5ffc
 F sqlite3.pc.in ae6f59a76e862f5c561eb32a380228a02afc3cad
 F src/alter.c f8db986c03eb0bfb221523fc9bbb9d0b70de3168
-F src/analyze.c 7553068d21e32a57fc33ab6b2393fc8c1ba41410
+F src/analyze.c d5f895810e8ff9737c9ec7b76abc3dcff5860335
 F src/attach.c ea5247f240e2c08afd608e9beb380814b86655e1
 F src/auth.c 523da7fb4979469955d822ff9298352d6b31de34
 F src/backup.c b2cac9f7993f3f9588827b824b1501d0c820fa68
@@ -124,13 +124,13 @@ F src/btmutex.c 976f45a12e37293e32cae0281b15a21d48a8aaa7
 F src/btree.c cbad71970cfadfa342fc137ca5e319f98b2d0da1
 F src/btree.h 3ad7964d6c5b1c7bff569aab6adfa075f8bf06cd
 F src/btreeInt.h eecc84f02375b2bb7a44abbcbbe3747dde73edb2
-F src/build.c 73ca65f32938e4e0d94e831b61b5749b211b79be
+F src/build.c 375e5df716e03b9343c5e1211be3b24e6d6dff05
 F src/callback.c d7e46f40c3cf53c43550b7da7a1d0479910b62cc
 F src/complete.c dc1d136c0feee03c2f7550bafc0d29075e36deac
 F src/ctime.c 72a70dcfda75d3a1f81041ce4573e7afddcd8e4e
 F src/date.c 067a81c9942c497aafd2c260e13add8a7d0c7dd4
 F src/delete.c 9b8d308979114991e5dc7cee958316e07186941d
-F src/expr.c f6c20285bd36e87ec47f4d840e90a32755e2a90c
+F src/expr.c a23b4aac2a455b2e76b55bef5dcfbe62b665375c
 F src/fault.c 160a0c015b6c2629d3899ed2daf63d75754a32bb
 F src/fkey.c e16942bd5c8a868ac53287886464a5ed0e72b179
 F src/func.c cac45cca7bbe29bbefef46116174e89e1284763b
@@ -160,7 +160,7 @@ F src/notify.c 976dd0f6171d4588e89e874fcc765e92914b6d30
 F src/os.c e1acdc09ff3ac2412945cca9766e2dcf4675f31c
 F src/os.h 027491c77d2404c0a678bb3fb06286f331eb9b57
 F src/os_common.h 92815ed65f805560b66166e3583470ff94478f04
-F src/os_unix.c dfdc04b126f7b05dcb2e2cc5c1262f98acbb49d9
+F src/os_unix.c 8964f621aaab1f2c9804fbbff4450d9811ef5548
 F src/os_win.c eabd00b813577d36bd66271cb08dd64ea0589dac
 F src/pager.c 0dbf5ff5d5d7d3a21fcab82e9e4d129b6fe6314f
 F src/pager.h 1109a06578ec5574dc2c74cf8d9f69daf36fe3e0
@@ -216,13 +216,13 @@ F src/test_mutex.c a6bd7b9cf6e19d989e31392b06ac8d189f0d573e
 F src/test_onefile.c 0396f220561f3b4eedc450cef26d40c593c69a25
 F src/test_osinst.c 90a845c8183013d80eccb1f29e8805608516edba
 F src/test_pcache.c a5cd24730cb43c5b18629043314548c9169abb00
-F src/test_quota.c 0e0e2e3bf6766b101ecccd8c042b66e44e9be8f5
+F src/test_quota.c 1ec82e02fd3643899e9a5de9684515e84641c91f
 F src/test_quota.h 8761e463b25e75ebc078bd67d70e39b9c817a0cb
-F src/test_regexp.c 58e0349f155bc307dfa209df4b03add0a7749866
+F src/test_regexp.c 08748a68ddb3b29329dbdade5ede849a749f0c07
 F src/test_rtree.c aba603c949766c4193f1068b91c787f57274e0d9
 F src/test_schema.c 8c06ef9ddb240c7a0fcd31bc221a6a2aade58bf0
 F src/test_server.c 2f99eb2837dfa06a4aacf24af24c6affdf66a84f
-F src/test_spellfix.c 83abe9d8c364cdd5f93bc06eaf40a349ebbf6c5c
+F src/test_spellfix.c 56dfa6d583ac34f61af0834d7b58d674e7e18e13
 F src/test_sqllog.c 8acb843ddb9928dea8962e31bb09f421a72ffccb
 F src/test_stat.c d1569c7a4839f13e80187e2c26b2ab4da2d03935
 F src/test_superlock.c 2b97936ca127d13962c3605dbc9a4ef269c424cd
@@ -242,7 +242,7 @@ F src/vacuum.c 2727bdd08847fcb6b2d2da6d14f018910e8645d3
 F src/vdbe.c 292f8f7ced59c29c63fe17830cbe5f5a0230cdf0
 F src/vdbe.h b52887278cb173e66188da84dfab216bea61119d
 F src/vdbeInt.h 396bb03eec560f768d1b86092b00f46c25575d3b
-F src/vdbeapi.c 4c2418161cf45392ba76a7ca92f9a5f06b96f89c
+F src/vdbeapi.c 9616986209cc77822aa9f7d91cf9e6880516d557
 F src/vdbeaux.c 735a6905df302a7f3c715a82bd3af06dc7d74ef2
 F src/vdbeblob.c 32f2a4899d67f69634ea4dd93e3f651936d732cb
 F src/vdbemem.c cb55e84b8e2c15704968ee05f0fae25883299b74
@@ -1036,7 +1036,7 @@ F tool/vdbe-compress.tcl f12c884766bd14277f4fcedcae07078011717381
 F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
 F tool/warnings.sh fbc018d67fd7395f440c28f33ef0f94420226381
 F tool/win/sqlite.vsix 97894c2790eda7b5bce3cc79cb2a8ec2fde9b3ac
-P c2d5a23b1ab39918e97c596cf75c42f86a5fe2b7
-R 687a470b4afc6de785d4ede326493d08
-U mistachkin
-Z 915aa22c53fd0f2da96b96267104ce14
+P cd8067238439638bcfd3966d55d2a3990f36d702
+R 5a3dd033106407aa4f07779dd0d49c1d
+U drh
+Z dd2b43e4a7c5d5f8a543e6614ead6c72
diff --git a/manifest.uuid b/manifest.uuid
index 2106d91ee2..e255598aac 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-cd8067238439638bcfd3966d55d2a3990f36d702
\ No newline at end of file
+d73435587ba7459e2e2c32980d0e17abdeceb4bc
\ No newline at end of file
diff --git a/src/analyze.c b/src/analyze.c
index 632fdc1ac1..9a3e9597db 100644
--- a/src/analyze.c
+++ b/src/analyze.c
@@ -473,7 +473,7 @@ static void analyzeOneTable(
     /* Do not gather statistics on views or virtual tables */
     return;
   }
-  if( memcmp(pTab->zName, "sqlite_", 7)==0 ){
+  if( sqlite3_strnicmp(pTab->zName, "sqlite_", 7)==0 ){
     /* Do not gather statistics on system tables */
     return;
   }
@@ -883,7 +883,7 @@ static int analysisLoader(void *pData, int argc, char **argv, char **NotUsed){
     if( pIndex==0 ) break;
     pIndex->aiRowEst[i] = v;
     if( *z==' ' ) z++;
-    if( memcmp(z, "unordered", 10)==0 ){
+    if( strcmp(z, "unordered")==0 ){
       pIndex->bUnordered = 1;
       break;
     }
diff --git a/src/build.c b/src/build.c
index 4ce65a43d7..5d063f0726 100644
--- a/src/build.c
+++ b/src/build.c
@@ -2594,7 +2594,7 @@ Index *sqlite3CreateIndex(
   assert( pTab!=0 );
   assert( pParse->nErr==0 );
   if( sqlite3StrNICmp(pTab->zName, "sqlite_", 7)==0 
-       && memcmp(&pTab->zName[7],"altertab_",9)!=0 ){
+       && sqlite3StrNICmp(&pTab->zName[7],"altertab_",9)!=0 ){
     sqlite3ErrorMsg(pParse, "table %s may not be indexed", pTab->zName);
     goto exit_create_index;
   }
diff --git a/src/expr.c b/src/expr.c
index 5de468e211..4f38ab0a46 100644
--- a/src/expr.c
+++ b/src/expr.c
@@ -638,7 +638,7 @@ void sqlite3ExprAssignVarNumber(Parse *pParse, Expr *pExpr){
       */
       ynVar i;
       for(i=0; i<pParse->nzVar; i++){
-        if( pParse->azVar[i] && memcmp(pParse->azVar[i],z,n+1)==0 ){
+        if( pParse->azVar[i] && strcmp(pParse->azVar[i],z)==0 ){
           pExpr->iColumn = x = (ynVar)i+1;
           break;
         }
diff --git a/src/os_unix.c b/src/os_unix.c
index dc13be186e..fca2f703df 100644
--- a/src/os_unix.c
+++ b/src/os_unix.c
@@ -4752,7 +4752,7 @@ static int fillInUnixFile(
                            "psow", SQLITE_POWERSAFE_OVERWRITE) ){
     pNew->ctrlFlags |= UNIXFILE_PSOW;
   }
-  if( memcmp(pVfs->zName,"unix-excl",10)==0 ){
+  if( strcmp(pVfs->zName,"unix-excl")==0 ){
     pNew->ctrlFlags |= UNIXFILE_EXCL;
   }
 
diff --git a/src/test_quota.c b/src/test_quota.c
index 166a512f18..58169e17cc 100644
--- a/src/test_quota.c
+++ b/src/test_quota.c
@@ -1295,7 +1295,7 @@ int sqlite3_quota_remove(const char *zFilename){
   if( pGroup ){
     for(pFile=pGroup->pFiles; pFile && rc==SQLITE_OK; pFile=pNextFile){
       pNextFile = pFile->pNext;
-      diff = memcmp(zFull, pFile->zFilename, nFull);
+      diff = strncmp(zFull, pFile->zFilename, nFull);
       if( diff==0 && ((c = pFile->zFilename[nFull])==0 || c=='/' || c=='\\') ){
         if( pFile->nRef ){
           pFile->deleteOnClose = 1;
diff --git a/src/test_regexp.c b/src/test_regexp.c
index 321417b882..2cebbea44a 100644
--- a/src/test_regexp.c
+++ b/src/test_regexp.c
@@ -194,7 +194,7 @@ int re_match(ReCompiled *pRe, const unsigned char *zIn, int nIn){
   if( pRe->nInit ){
     unsigned char x = pRe->zInit[0];
     while( in.i+pRe->nInit<=in.mx 
-        && (zIn[in.i]!=x || memcmp(zIn+in.i, pRe->zInit, pRe->nInit)!=0)
+        && (zIn[in.i]!=x || strncmp(zIn+in.i, pRe->zInit, pRe->nInit)!=0)
     ){
       in.i++;
     }
diff --git a/src/test_spellfix.c b/src/test_spellfix.c
index f294f48c61..16376244a3 100644
--- a/src/test_spellfix.c
+++ b/src/test_spellfix.c
@@ -744,22 +744,22 @@ static int utf8Len(unsigned char c, int N){
 }
 
 /*
-** Return TRUE (non-zero) of the To side of the given cost matches
+** Return TRUE (non-zero) if the To side of the given cost matches
 ** the given string.
 */
 static int matchTo(EditDist3Cost *p, const char *z, int n){
   if( p->nTo>n ) return 0;
-  if( memcmp(p->a+p->nFrom, z, p->nTo)!=0 ) return 0;
+  if( strncmp(p->a+p->nFrom, z, p->nTo)!=0 ) return 0;
   return 1;
 }
 
 /*
-** Return TRUE (non-zero) of the To side of the given cost matches
+** Return TRUE (non-zero) if the From side of the given cost matches
 ** the given string.
 */
 static int matchFrom(EditDist3Cost *p, const char *z, int n){
   assert( p->nFrom<=n );
-  if( memcmp(p->a, z, p->nFrom)!=0 ) return 0;
+  if( strncmp(p->a, z, p->nFrom)!=0 ) return 0;
   return 1;
 }
 
@@ -1952,7 +1952,7 @@ static int spellfix1Init(
       );
     }
     for(i=3; rc==SQLITE_OK && i<argc; i++){
-      if( memcmp(argv[i],"edit_cost_table=",16)==0 && pNew->zCostTable==0 ){
+      if( strncmp(argv[i],"edit_cost_table=",16)==0 && pNew->zCostTable==0 ){
         pNew->zCostTable = spellfix1Dequote(&argv[i][16]);
         if( pNew->zCostTable==0 ) rc = SQLITE_NOMEM;
         continue;
@@ -2681,7 +2681,7 @@ static int spellfix1Update(
         p->pConfig3 = 0;
         return SQLITE_OK;
       }
-      if( memcmp(zCmd,"edit_cost_table=",16)==0 ){
+      if( strncmp(zCmd,"edit_cost_table=",16)==0 ){
         editDist3ConfigDelete(p->pConfig3);
         p->pConfig3 = 0;
         sqlite3_free(p->zCostTable);
diff --git a/src/vdbeapi.c b/src/vdbeapi.c
index b48826680a..ae3ce23902 100644
--- a/src/vdbeapi.c
+++ b/src/vdbeapi.c
@@ -1198,7 +1198,7 @@ int sqlite3VdbeParameterIndex(Vdbe *p, const char *zName, int nName){
   if( zName ){
     for(i=0; i<p->nzVar; i++){
       const char *z = p->azVar[i];
-      if( z && memcmp(z,zName,nName)==0 && z[nName]==0 ){
+      if( z && strncmp(z,zName,nName)==0 && z[nName]==0 ){
         return i+1;
       }
     }