From: stephan Date: Tue, 25 Nov 2025 03:09:45 +0000 (+0000) Subject: Disallow a filename of '-journal' for db files in kvvfs, as that name has a special... X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c14460f4660a525705795a70a85af3a0f5a00b28;p=thirdparty%2Fsqlite.git Disallow a filename of '-journal' for db files in kvvfs, as that name has a special meaning there. FossilOrigin-Name: 357cc42633efb85c3ca9bc3d6d46430e1ecaf2825e6bdd7d7b4e0f6865d0b599 --- diff --git a/ext/wasm/api/sqlite3-vfs-kvvfs.c-pp.js b/ext/wasm/api/sqlite3-vfs-kvvfs.c-pp.js index 21d1425089..cc64f1b588 100644 --- a/ext/wasm/api/sqlite3-vfs-kvvfs.c-pp.js +++ b/ext/wasm/api/sqlite3-vfs-kvvfs.c-pp.js @@ -115,12 +115,18 @@ globalThis.sqlite3ApiBootstrap.initializers.push(function(sqlite3){ Implementation of JS's Storage interface for use as backing store of the kvvfs. Storage is a native class and its constructor cannot be legally called from JS, making it impossible to - directly subclass Storage. This class implements the Storage - interface, however, to make it a drop-in replacement for + directly subclass Storage. This class implements (only) the + Storage interface, however, to make it a drop-in replacement for localStorage/sessionStorage. This impl simply proxies a plain, prototype-less Object, suitable for JSON-ing. + + Design note: Storage has a bit of an odd iteration-related + interface as does not (AFAIK) specify specific behavior regarding + modification during traversal. Because of that, this class does + some seemingly unnecessary things with its #keys member, deleting + and recreating it whenever a property index might be invalidated. */ class KVVfsStorage { #map; @@ -163,7 +169,8 @@ globalThis.sqlite3ApiBootstrap.initializers.push(function(sqlite3){ } }/*KVVfsStorage*/; - /** True if v is one of the special persistant Storage objects. */ + /** True if v is the name of one of the special persistant Storage + objects. */ const kvvfsIsPersistentName = (v)=>'local'===v || 'session'===v; /** @@ -171,8 +178,9 @@ globalThis.sqlite3ApiBootstrap.initializers.push(function(sqlite3){ db name. This key is redundant in JS but it's how kvvfs works (it saves each key to a separate file, so needs a distinct namespace per data source name). We retain this prefix in 'local' and - 'session' storage for backwards compatibility but elide them from - "v2" storage, where they're superfluous. + 'session' storage for backwards compatibility and so that they + can co-exist with client data in their storage, but we elide them + from "v2" storage, where they're superfluous. */ const kvvfsKeyPrefix = (v)=>kvvfsIsPersistentName(v) ? 'kvvfs-'+v+'-' : ''; @@ -220,7 +228,6 @@ globalThis.sqlite3ApiBootstrap.initializers.push(function(sqlite3){ files: [] }); - /** Map of JS-stringified KVVfsFile::zClass names to reference-counted Storage objects. These objects are created in @@ -599,10 +606,17 @@ globalThis.sqlite3ApiBootstrap.initializers.push(function(sqlite3){ "Illegal character ("+ch+"d) in storage name."); } } + const jzClass = wasm.cstrToJs(zName); + if( (flags & (capi.SQLITE_OPEN_MAIN_DB + | capi.SQLITE_OPEN_TEMP_DB + | capi.SQLITE_OPEN_TRANSIENT_DB)) + && cache.rxJournalSuffix.test(jzClass) ){ + util.toss3(capi.SQLITE_ERROR, + "DB files may not have a '-journal' suffix."); + } const rc = originalMethods.vfs.xOpen(pProtoVfs, zName, pProtoFile, flags, pOutFlags); if( rc ) return rc; - const jzClass = wasm.cstrToJs(zName); let deleteAt0 = false; if(n && wasm.isPtr(zName)){ if(capi.sqlite3_uri_boolean(zName, "delete-on-close", 0)){ diff --git a/manifest b/manifest index 11ba504a42..8b843f7dce 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Add\sxGetLastError()\sto\skvvfs\sbut\sit\sdoes\snot\sappear\sto\sbe\scalled\sfor\sxOpen()\sfailures. -D 2025-11-25T02:08:49.217 +C Disallow\sa\sfilename\sof\s'-journal'\sfor\sdb\sfiles\sin\skvvfs,\sas\sthat\sname\shas\sa\sspecial\smeaning\sthere. +D 2025-11-25T03:09:45.693 F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea @@ -600,7 +600,7 @@ F ext/wasm/api/sqlite3-api-worker1.c-pp.js 1041dd645e8e821c082b628cd8d9acf70c667 F ext/wasm/api/sqlite3-license-version-header.js 0c807a421f0187e778dc1078f10d2994b915123c1223fe752b60afdcd1263f89 F ext/wasm/api/sqlite3-opfs-async-proxy.js 9654b565b346dc609b75d15337f20acfa7af7d9d558da1afeb9b6d8eaa404966 F ext/wasm/api/sqlite3-vfs-helper.c-pp.js 3f828cc66758acb40e9c5b4dcfd87fd478a14c8fb7f0630264e6c7fa0e57515d -F ext/wasm/api/sqlite3-vfs-kvvfs.c-pp.js 7d2164cda7bf60b36ecfc7449941304e51c83f3f1316330ead8ce289e73e55c3 +F ext/wasm/api/sqlite3-vfs-kvvfs.c-pp.js 1be3e7c0d3ddfec5222b5d541338e76f5a96983c215ea777645c6670482dc786 F ext/wasm/api/sqlite3-vfs-opfs-sahpool.c-pp.js a2eea6442556867b589e04107796c6e1d04a472219529eeb45b7cd221d7d048b F ext/wasm/api/sqlite3-vfs-opfs.c-pp.js 88ce2078267a2d1af57525a32d896295f4a8db7664de0e17e82dc9ff006ed8d3 F ext/wasm/api/sqlite3-vtab-helper.c-pp.js 9097074724172e31e56ce20ccd7482259cf72a76124213cbc9469d757676da86 @@ -2178,8 +2178,8 @@ F tool/version-info.c 33d0390ef484b3b1cb685d59362be891ea162123cea181cb8e6d2cf6dd F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee87c1b31a7 F tool/warnings.sh d924598cf2f55a4ecbc2aeb055c10bd5f48114793e7ba25f9585435da29e7e98 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f -P 256c1dd2c367dbc3b3df5028f2004bb1126851109efc71a1699f60f493514fcb -R a5c65bf09dd877f8372e302b549b77a5 +P 7e7944f00792c5e7a9ea013f9c5d1f6bb6313070de20ec4ce262ff0b430f9801 +R 729aff900dd4a4d5d58bb57157ac4b16 U stephan -Z 4c042414806a8452b832f74ca1c4f2f7 +Z ec285b1ffd095292cac3ba6f520e43f2 # Remove this line to create a well-formed Fossil manifest. diff --git a/manifest.uuid b/manifest.uuid index 3bd21c69c3..8423a72ecb 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -7e7944f00792c5e7a9ea013f9c5d1f6bb6313070de20ec4ce262ff0b430f9801 +357cc42633efb85c3ca9bc3d6d46430e1ecaf2825e6bdd7d7b4e0f6865d0b599