From: dan Date: Tue, 23 Jun 2026 11:14:45 +0000 (+0000) Subject: Fix a NULL pointer dereference that could occur in the unionvtab virtual table if... X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=db6eeee50e24706093e3a266565983c21448ebae;p=thirdparty%2Fsqlite.git Fix a NULL pointer dereference that could occur in the unionvtab virtual table if the configuration SQL returned an SQL NULL value in place of a table name. Bug [bugs:/info/2026-06-23T05:32:49Z | 2026-06-23T05:32:49Z]. FossilOrigin-Name: 3a2163f9693086bc494ac899647f09467b1aba905f4db147910f203aaab724f0 --- diff --git a/ext/misc/unionvtab.c b/ext/misc/unionvtab.c index 506ad5ddba..2ef0170dd8 100644 --- a/ext/misc/unionvtab.c +++ b/ext/misc/unionvtab.c @@ -960,7 +960,7 @@ static int unionConnect( if( rc==SQLITE_OK ){ pSrc = &pTab->aSrc[pTab->nSrc++]; - pSrc->zTab = unionStrdup(&rc, zTab); + pSrc->zTab = unionStrdup(&rc, (zTab ? zTab : "")); pSrc->iMin = iMin; pSrc->iMax = iMax; if( bSwarm ){ diff --git a/manifest b/manifest index 4f82775bf8..397a147efc 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Fix\sa\sNULL\spointer\sdereference\sthat\scan\soccur\swhen\smisusing\sa\sextension\nvirtual\stable\sthat\swas\screated\sfor\stesting\spurposes.\n[bugs:/info/2026-06-23T05:32:49Z|Bug\s2026-06-23T05:32:49Z] -D 2026-06-23T11:09:55.328 +C Fix\sa\sNULL\spointer\sdereference\sthat\scould\soccur\sin\sthe\sunionvtab\svirtual\stable\sif\sthe\sconfiguration\sSQL\sreturned\san\sSQL\sNULL\svalue\sin\splace\sof\sa\stable\sname.\sBug\s[bugs:/info/2026-06-23T05:32:49Z\s|\s2026-06-23T05:32:49Z]. +D 2026-06-23T11:14:45.815 F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea @@ -409,7 +409,7 @@ F ext/misc/templatevtab.c f2771161158bb78a0bfeaed9b50a018a731c7566df6a67181df0ac F ext/misc/tmstmpvfs.c 240caad4441328dc52bd2871f48811db46dff858d5598030e389176837a2f4df F ext/misc/totype.c ba11aac3c0b52c685bd25aa4e0f80c41c624fb1cc5ab763250e09ddc762bc3a8 F ext/misc/uint.c 327afc166058acf566f33a15bf47c869d2d3564612644d9ff81a23efc8b36039 -F ext/misc/unionvtab.c 716d385256d5fb4beea31b0efede640807e423e85c9784d21d22f0cce010a785 +F ext/misc/unionvtab.c fe1011f185408b0afd1631fdce8090c4e69ff4eae10a760101e08b624f53bcb1 F ext/misc/urifuncs.c f71360d14fa9e7626b563f1f781c6148109462741c5235ac63ae0f8917b9c751 F ext/misc/uuid.c 37297e61935c2d0c425b742100f904d02c866fdeabe0427fe59aed1543e7c0ec F ext/misc/vfslog.c 3932ab932eeb2601dbc4447cb14d445aaa9fbe43b863ef5f014401c3420afd20 @@ -1926,7 +1926,7 @@ F test/unhex.test b7f1b806207cb77fa31c3e434fe92fba524464e3e9356809bfcc28f15af1a8 F test/unionall.test 04d30726c5056f84f92b3a12bf8d8a1dbbe807d1ddc8af95def09e6ef2dd91e3 F test/unionall2.test 71e8fa08d5699d50dc9f9dc0c9799c2e7a6bb7931a330d369307a4df7f157fa1 F test/unionallfault.test 652bfbb630e6c43135965dc1e8f0a9a791da83aec885d626a632fe1909c56f73 -F test/unionvtab.test e1704ab1b4c1bb3ffc9da4681f8e85a0b909fd80b937984fc94b27415ac8e5a4 +F test/unionvtab.test bc8f1d5807583dfc9b715da0d570766528fb5a878b0620e23af32a6b55cb437e F test/unionvtabfault.test e8759f3d14fb938ce9657e2342db34aeac0fb9bc1692b0d1ebb0069630151d06 F test/unique.test 93f8b2ef5ea51b9495f8d6493429b1fd0f465264 F test/unique2.test 3674e9f2a3f1fbbfd4772ac74b7a97090d0f77d2 @@ -2208,8 +2208,8 @@ F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee F tool/warnings.sh a554d13f6e5cf3760f041b87939e3d616ec6961859c3245e8ef701d1eafc2ca2 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f F tool/winmain.c 00c8fb88e365c9017db14c73d3c78af62194d9644feaf60e220ab0f411f3604c -P 6ede22e13f8e85c1a341c9a80a3be2f2677baee897c659af4ca43a04698e29a5 -R c9c65133b57bc4b1470ac5af3667f37d -U drh -Z f46b2d0dd12114c6a2d8461d8ab04c79 +P 256d5cd478b83b1371ce24c9702f732cddb4dd4e06c238fc1a1b853b02ffc1f1 +R 46c7bbb1691ef5b4f4f86cb6634d335b +U dan +Z 8b8a29392adc9b4f93ea8d4351255ebe # Remove this line to create a well-formed Fossil manifest. diff --git a/manifest.uuid b/manifest.uuid index 3ad331d48d..900002c140 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -256d5cd478b83b1371ce24c9702f732cddb4dd4e06c238fc1a1b853b02ffc1f1 +3a2163f9693086bc494ac899647f09467b1aba905f4db147910f203aaab724f0 diff --git a/test/unionvtab.test b/test/unionvtab.test index ac5ecb7abb..cfdbf6d4ee 100644 --- a/test/unionvtab.test +++ b/test/unionvtab.test @@ -454,4 +454,15 @@ do_execsql_test 5.4 { SELECT * FROM cc WHERE two LIKE '6' } {six 6} +#------------------------------------------------------------------- +reset_db +load_static_extension db unionvtab + +do_catchsql_test 6.0 { + CREATE VIRTUAL TABLE temp.t USING unionvtab('SELECT ''main'', ''xyz'', 1, 2'); +} {1 {no such rowid table: main.xyz}} +do_catchsql_test 6.1 { + CREATE VIRTUAL TABLE temp.t USING unionvtab('SELECT ''main'', NULL, 1, 2'); +} {1 {no such rowid table: main.}} + finish_test