dan [Thu, 25 Jun 2026 16:24:06 +0000 (16:24 +0000)]
Also have functions sqlite3_db_name(), sqlite3_get_autocommit(), sqlite3_extended_errcode(), sqlite3_errcode(), sqlite3_total_changes64(), sqlite3_changese64(), sqlite3_last_insert_rowid() and sqlite3_expired() take the database mutex.
drh [Thu, 25 Jun 2026 15:17:15 +0000 (15:17 +0000)]
Change the undocumented and unsupported sqlite_log() SQL function so that
it is marked as unsafe and direct-only.
[bugs:/info/3311f8d5b8|Bug 2026-06-25T10:19:43Z].
drh [Thu, 25 Jun 2026 14:48:09 +0000 (14:48 +0000)]
Improve the sqlite3_str_vappendf() routine for additional robustness in the
face of over-sized inputs.
Probable fix for [bugs:/info/2026-06-25T11:29:23Z|Bug 2026-06-25T11:29:23Z].
dan [Wed, 24 Jun 2026 19:28:55 +0000 (19:28 +0000)]
When rolling back a journal that contains a super-journal pointer, only attempt to unlink the super-journal if (a) the filename looks like one that SQLite might have generated, and (b) the super-journal contains the name of the journal being rolled back. This is to limit the extent to which SQLite can be caused to delete arbitrary files by supplying it with a crafted hot-journal. Report [bugs:/info/2026-06-24T14:18:00Z | 2026-06-24T14:18:00Z].
drh [Wed, 24 Jun 2026 18:50:44 +0000 (18:50 +0000)]
Check for cells that extend of the end of a page when searching indexes.
This is a work-in-progress.
This check-in includes four NEVER() and ALWAYS() macros for which simple
test cases are needed.
dan [Wed, 24 Jun 2026 17:14:57 +0000 (17:14 +0000)]
When rolling back a journal that contains a super-journal pointer, only attempt to unlink the super-journal if the filename looks like one that SQLite might have generated. This is to limit the extent to which SQLite can be caused to delete arbitrary files by supplying it with a crafted hot-journal. Bug [bugs:/info/2026-06-24T14:18:00Z | 2026-06-24T14:18:00Z].
drh [Wed, 24 Jun 2026 13:46:37 +0000 (13:46 +0000)]
Fix a comment in os_kv.c so that it does not match "###" and thus does
not cause false-positives when searching the output of gcov. No
changes to code.
drh [Wed, 24 Jun 2026 13:45:04 +0000 (13:45 +0000)]
Fix the sqlite3ParseUri() for improved defenses against ridiculously long
URI inputs causing integer overflow problems.
[bugs:/info/2026-06-24T11:46:39Z|Bug 2026-06-24T11:46:39Z].
dan [Wed, 24 Jun 2026 13:42:39 +0000 (13:42 +0000)]
Revert the fixes to backup in [1f940357f7] and [e5db80350c] and instead fix the problem reported by forum post [forum:15d82885e2 | 15d82885e2] (that a call to sqlite3_deserialize() after sqlite3_backup_init() but before the first call to sqlite3_backup_step() on the destination db of a backup could cause a crash) by deferring caching the pointer to the destination Btree until after it is locked. This addresses bug [bugs:/info/2026-06-24T08:41:13Z | 2026-06-24T08:41:13Z].
drh [Wed, 24 Jun 2026 12:40:26 +0000 (12:40 +0000)]
Defend against integer overflow on oversized string inputs to
sqlite3_mprintf() and similar C-language interfaces when using
the "%!.*s" conversion. The problem is not reachable from SQL
due to string length restrictions in SQL. C-code is required.
[bugs:/info/2026-06-24T11:57:36Z|Bug 2026-06-24T11:57:36Z].
drh [Wed, 24 Jun 2026 12:22:22 +0000 (12:22 +0000)]
Update documentation to explain that a odd nByte parameter to
sqlite3_prepare16() is undefined behavior. In addition, always round
down the nByte parameter to an even number so that it in fact harmless
to give it an odd nByte value.
[bugs:/info/2026-06-24T11:25:24Z|Bug 2026-06-24T11:25:24Z].
dan [Wed, 24 Jun 2026 11:50:08 +0000 (11:50 +0000)]
Revert the fixes to backup in [1f940357f7] and [e5db80350c] and instead fix the problem reported by forum post [forum:15d82885e2 | 15d82885e2] (that a call to sqlite3_deserialize() after sqlite3_backup_init() but before the first call to sqlite3_backup_step() on the destination db of a backup could cause a crash) by deferring caching the pointer to the destination Btree until after it is locked. This addresses bug [bugs:/info/2026-06-24T08:41:13Z | 2026-06-24T08:41:13Z].
stephan [Wed, 24 Jun 2026 10:22:36 +0000 (10:22 +0000)]
Swap two lines to get the amalgamation building again with SQLITE_OMIT_FLOATING_POINT, noting that neither the shell nor the canonical library build with that flag. Reported in [forum:8c3df4da0d|forum post 2026-06-24T07:21:05Z].
dan [Tue, 23 Jun 2026 20:12:17 +0000 (20:12 +0000)]
Merge the fixes for the use-after-free problem caused by executing an ATTACH when a backup operation was active, and for the OOB read in the unused spellfix1 extension.
drh [Tue, 23 Jun 2026 19:28:14 +0000 (19:28 +0000)]
Fix an OOB read on the unused spellfix1 extension. The OOB read is
one byte prior to the start of an allocation, which is almost always
harmless. [bugs:/info/2026-06-23T18:48:40Z|Bug 2026-06-23T18:48:40Z].
dan [Tue, 23 Jun 2026 19:14:44 +0000 (19:14 +0000)]
Avoid a use-after-free problem that could occur if ATTACH statements are executed while a backup operation is active. Bug [bugs:/info/2026-06-23T15:46:48Z | 2026-06-23T15:46:48Z].
drh [Tue, 23 Jun 2026 19:08:18 +0000 (19:08 +0000)]
Do not allow internal-use-only functions to be coded, anywhere, unless
inside of a nested parse (which is the case for ALTER TABLE) or if
the appropriate test-control is activated.
[bugs:/info/2026-06-23T15:49:27Z|Bug 2026-06-23T15:49:27Z].
stephan [Tue, 23 Jun 2026 13:26:35 +0000 (13:26 +0000)]
Improve robustness against corrupt kvvfs journal files. Addresses bug report [bugs:f4d88886e6|2026-06-23T06:51:34Z] and the first follow-up report in that thread.
dan [Tue, 23 Jun 2026 11:14:45 +0000 (11:14 +0000)]
Fix a NULL pointer dereference that could occur in the unionvtab virtual table if the configuration SQL returned an SQL NULL value in place of a table name. Bug [bugs:/info/2026-06-23T05:32:49Z | 2026-06-23T05:32:49Z].
drh [Tue, 23 Jun 2026 11:09:55 +0000 (11:09 +0000)]
Fix a NULL pointer dereference that can occur when misusing a extension
virtual table that was created for testing purposes.
[bugs:/info/2026-06-23T05:32:49Z|Bug 2026-06-23T05:32:49Z]
drh [Tue, 23 Jun 2026 10:51:24 +0000 (10:51 +0000)]
Fix an OOB read in the next_char() function of the
"spellfix" extension. The spellfix extension is not a deliverable.
[bugs:/info/2026-06-23T05:41:00Z|Bug 2026-06-23T05:41:00Z]
drh [Tue, 23 Jun 2026 10:23:08 +0000 (10:23 +0000)]
Fix dequoting error on the instantiation parameters of the
non-deliverable extension virtual table "fuzzer.
[bugs:/info/2026-06-23T05:51:36Z|Bug 2026-06-23T05:51:36Z].
stephan [Sun, 21 Jun 2026 11:38:05 +0000 (11:38 +0000)]
Correct test from [96a48a15760a] - that journal was indeed corrupt, but not in the intended manner. Add a verification that the bad journal gets replaced after a write.
stephan [Sun, 21 Jun 2026 08:38:07 +0000 (08:38 +0000)]
Fix a result value semantics bug which broke application of a journal in kvvfs. Fix a memory-reset bug in hypothetical non-WASM builds of kvvfs. Bug report [bugs:7fcd3ea30fa4fcfc|2026-06-20T18:22:59Z], and this resolves the journaling issue mentioned in the parent post.
stephan [Sat, 20 Jun 2026 11:07:04 +0000 (11:07 +0000)]
Correct misuse of a loop control variable in writing of a kvvfs journal. Bug report [bugs:20e208fe17|2026-06-20T08:49:41Z]. Remove a snippet of dead code in the JS kvvfs side.
drh [Fri, 19 Jun 2026 16:55:08 +0000 (16:55 +0000)]
Fix the format() SQL function so that it returns an empty string not a
NULL if the first argument is an empty string.
[bugs:/info/2026-06-19T16:40:04Z|Bug 2026-06-19T16:40:04Z]
dan [Fri, 19 Jun 2026 11:14:16 +0000 (11:14 +0000)]
Fix an fts5 problem causing attempts to create locale=1 tables with more than 115 columns to fail. Bug [bugs:/info/2026-06-19T05:19:08Z | 2026-06-19T05:19:08Z].
drh [Wed, 17 Jun 2026 13:31:01 +0000 (13:31 +0000)]
Fix the OR-to-IN optimization so that it works in cases where there are
conflicting collation sequences on the equality constraints within the OR.
[bugs:/info/2026-06-17T05:04:48Z|Bug 2026-06-17T05:04:48Z].
drh [Tue, 16 Jun 2026 13:43:08 +0000 (13:43 +0000)]
Limit VIEW recursion depth to SQLITE_LIMIT_EXPR_DEPTH to prevent
static overflow in malicious schemas with tens of thousands of
levels of recursive views.
[bugs:/info/2026-06-16T04:21:51Z|Bug 2026-06-16T04:21:51Z]
dan [Tue, 16 Jun 2026 11:53:19 +0000 (11:53 +0000)]
Fix instances of potential buffer overflow caused by loading the contents of a stat4 table with an absurd number of samples in a 32-bit build. Bug [bugs:/info/2026-06-16T11:30:52Z | 2026-06-16T11:30:52Z].
drh [Tue, 16 Jun 2026 09:53:23 +0000 (09:53 +0000)]
Fix a possible call to memcpy() with a NULL source pointer when the size
parameter is zero (which is technically undefined behavior but in practice
is completely harmless) in the sha1_query() extension function.
[bugs:/info/2026-06-16T07:42:23Z|Bug 2026-06-16T07:42:23Z].
dan [Mon, 15 Jun 2026 17:27:05 +0000 (17:27 +0000)]
Speed up SQL aggregate functions percentile() and median() by using quickselect to find the required values instead of fully sorting the array of values with quicksort.
drh [Mon, 15 Jun 2026 17:14:12 +0000 (17:14 +0000)]
New Windows makefile targets for common EXEs that omit the ".exe" suffix, so
that when muscle memory kicks in and we type "make sqlite3" on windows, it
still works.
drh [Mon, 15 Jun 2026 16:45:35 +0000 (16:45 +0000)]
Enhance SQLITE_LIMIT_TRIGGER_DEPTH so that it also limits a chain of
distinct triggers during code generation.
[bugs:/info/2026-06-15T06:44:07Z|Bug 2026-06-15T06:44:07Z].
dan [Mon, 15 Jun 2026 15:38:16 +0000 (15:38 +0000)]
Fix a problem sometimes causing an UPSERT to incorrectly convert an excluded.* column from type REAL to INT in cases where doing so does not cause data loss. Bug [bugs:/info/2026-06-15T09:08:12Z | 2026-06-15T09:08:12Z].
drh [Mon, 15 Jun 2026 15:27:26 +0000 (15:27 +0000)]
Improvements to handling of inequality constraints on generate_series().value
against very large floating-point values.
[bugs:/info/2026-06-15T04:37:48Z|Bug 2026-06-15T04:37:48Z].
drh [Mon, 15 Jun 2026 14:16:13 +0000 (14:16 +0000)]
Better behavior for generate_series() in cases where constraints involve
floating point number that are near the minimum and maximum 64-bit integer
values.
dan [Mon, 15 Jun 2026 13:39:20 +0000 (13:39 +0000)]
Avoid a possible buffer overrun in 32-bit builds of fts5 that could occur when processing corrupt records. Bug [bugs:/info/2026-06-14T12:21:15Z | 2026-06-14T12:21:15Z].
stephan [Mon, 15 Jun 2026 12:36:24 +0000 (12:36 +0000)]
Revert the native impl of kvvfs's xOpen() (as distinct from the JS impl which the wasm build uses) to the historical db name restrictions of 'local' or 'session', failing with SQLITE_CANTOPEN if passed another name. [ec866b04d088e53b] overhauled support for kvvfs db names in JS but it turns out that the native impl still relies on those names in order to match journals to databases. Correct a related too-lenient assert() in the WASM pieces.
dan [Mon, 15 Jun 2026 11:47:52 +0000 (11:47 +0000)]
Fix a problem that could cause fts5 to return incorrect answers when performing prefix queries on tokens with synonyms. Bug [bugs:/info/2026-06-14T11:11:06Z | 2026-06-14T11:11:06Z].
dan [Mon, 15 Jun 2026 11:03:13 +0000 (11:03 +0000)]
Regardless of whether the platform is 32 or 64-bits, Use 64-bit arithmetic to calculate buffer sizes in the fts3_snippet(). Bug [bugs:/info/2026-06-14T09:19:52Z | 2026-06-14T09:19:52Z].
drh [Mon, 15 Jun 2026 10:13:31 +0000 (10:13 +0000)]
Fix rounding behavior in the decimal extension when all leading digits
are 9 and there is not fractional component.
[bugs:/info/2026-06-15T03:49:42Z|Bug 2026-06-15T03:49:42Z].
drh [Sun, 14 Jun 2026 20:10:28 +0000 (20:10 +0000)]
Do not allow ridiculous "columns=N" values in the (unused) csv virtual
table in the extensions folder.
[bugs:/info/2026-06-14T15:22:47Z|Bug 2026-06-14T15:22:47Z]
drh [Sat, 13 Jun 2026 18:04:18 +0000 (18:04 +0000)]
Make the --header option to the CLI sticky, so that it does not get
turned off by subsequence --csv or similar mode change options.
[bugs:/info/2026-06-13T11:49:18Z|Bug 2026-06-13T11:49:18Z]
dan [Fri, 12 Jun 2026 18:35:24 +0000 (18:35 +0000)]
When reading a super-journal name from a journal file, allocate a new buffer rather than using Pager.pTmpSpace. This prevents a buffer overrun that could occur when using a VFS with a large sqlite3_vfs.mxPathname value with a database with a small page size.
drh [Fri, 12 Jun 2026 16:26:39 +0000 (16:26 +0000)]
Do not use shared locks on SHM files when the filename is a long DOS-device
path. Only used shared locks for UNC paths. Do not confuse the
long-DOS-device syntax with UNC paths.
dan [Fri, 12 Jun 2026 15:36:26 +0000 (15:36 +0000)]
Fix a buffer overwrite in fts3 that could occur while processing NEAR queries against corrupt records. Bug [bugs:/info/2026-06-11T23:11:26Z | 2026-06-11T23:11:26Z].
dan [Fri, 12 Jun 2026 11:24:30 +0000 (11:24 +0000)]
Fix a signed integer overflow that could occur in fts3 when processing corrupt database records. Bug [bugs:/info/2026-06-11T23:12:25Z | 2026-06-11T23:12:25Z].
projects / thirdparty / sqlite.git / log
