stephan [Mon, 15 Jun 2026 12:22:06 +0000 (12:22 +0000)]
Revert the native impl of kvvfs's xOpen() (as distinct from the JS impl which the wasm build uses) to the historical db name restrictions of 'local' or 'session', failing with SQLITE_CANTOPEN if passed another name. [ec866b04d088e53b] overhauled support for kvvfs db names in JS but it turns out that the native impl still relies on those names in order to match journals to databases. Correct a related too-lenient assert() in the WASM pieces.
dan [Mon, 15 Jun 2026 11:47:52 +0000 (11:47 +0000)]
Fix a problem that could cause fts5 to return incorrect answers when performing prefix queries on tokens with synonyms. Bug [bugs:/info/2026-06-14T11:11:06Z | 2026-06-14T11:11:06Z].
dan [Mon, 15 Jun 2026 11:03:13 +0000 (11:03 +0000)]
Regardless of whether the platform is 32 or 64-bits, Use 64-bit arithmetic to calculate buffer sizes in the fts3_snippet(). Bug [bugs:/info/2026-06-14T09:19:52Z | 2026-06-14T09:19:52Z].
drh [Mon, 15 Jun 2026 10:13:31 +0000 (10:13 +0000)]
Fix rounding behavior in the decimal extension when all leading digits
are 9 and there is not fractional component.
[bugs:/info/2026-06-15T03:49:42Z|Bug 2026-06-15T03:49:42Z].
drh [Sun, 14 Jun 2026 20:10:28 +0000 (20:10 +0000)]
Do not allow ridiculous "columns=N" values in the (unused) csv virtual
table in the extensions folder.
[bugs:/info/2026-06-14T15:22:47Z|Bug 2026-06-14T15:22:47Z]
drh [Sat, 13 Jun 2026 18:04:18 +0000 (18:04 +0000)]
Make the --header option to the CLI sticky, so that it does not get
turned off by subsequence --csv or similar mode change options.
[bugs:/info/2026-06-13T11:49:18Z|Bug 2026-06-13T11:49:18Z]
dan [Fri, 12 Jun 2026 18:35:24 +0000 (18:35 +0000)]
When reading a super-journal name from a journal file, allocate a new buffer rather than using Pager.pTmpSpace. This prevents a buffer overrun that could occur when using a VFS with a large sqlite3_vfs.mxPathname value with a database with a small page size.
drh [Fri, 12 Jun 2026 16:26:39 +0000 (16:26 +0000)]
Do not use shared locks on SHM files when the filename is a long DOS-device
path. Only used shared locks for UNC paths. Do not confuse the
long-DOS-device syntax with UNC paths.
dan [Fri, 12 Jun 2026 15:36:26 +0000 (15:36 +0000)]
Fix a buffer overwrite in fts3 that could occur while processing NEAR queries against corrupt records. Bug [bugs:/info/2026-06-11T23:11:26Z | 2026-06-11T23:11:26Z].
dan [Fri, 12 Jun 2026 11:24:30 +0000 (11:24 +0000)]
Fix a signed integer overflow that could occur in fts3 when processing corrupt database records. Bug [bugs:/info/2026-06-11T23:12:25Z | 2026-06-11T23:12:25Z].
dan [Wed, 10 Jun 2026 20:10:19 +0000 (20:10 +0000)]
When reading a super-journal name from a journal file, allocate a new buffer rather than using Pager.pTmpSpace. This prevents a buffer overrun that could occur when using a VFS with a large sqlite3_vfs.mxPathname value with a database with a small page size.
dan [Wed, 10 Jun 2026 16:51:20 +0000 (16:51 +0000)]
Fix a signed-integer overflow in fts5 that might occur when dealing with strategicly corrupted records. Bug [bugs:/info/2026-06-10T03:56:42Z | 2026-06-10T03:56:42Z].
drh [Wed, 10 Jun 2026 10:40:29 +0000 (10:40 +0000)]
Detect an OOM condition in the realpath() function of the fileio.c extension
and cause that function to return NULL. To Do: we should go back in and
fix realpath() to raise an SQLITE_NOMEM error on OOM rather than returning
NULL. But we will delay that, in as much as OOMs are all but impossible
on modern OSes.
[bug:/info/2026-06-10T07:46:32Z|Bug 2026-06-10T07:46:32Z].
drh [Wed, 10 Jun 2026 10:13:11 +0000 (10:13 +0000)]
Fix a possible signed integer overflow in the RBU extension given a
maliciously crafted delta.
[bugs:/info/2026-06-10T06:41:54Z|Bug 2026-06-10T06:41:54Z].
drh [Wed, 10 Jun 2026 09:51:33 +0000 (09:51 +0000)]
Harden code that processes Fossil Deltas against OOM and maliciously
malformed delta blobs.
[bugs:/info/2026-06-10T07:01:00Z|Bug 2026-06-10T07:01:00Z] and
[bugs:/info/2026-06-10T07:06:43Z|Bug 2026-06-10T07:06:43Z].
dan [Tue, 9 Jun 2026 10:43:37 +0000 (10:43 +0000)]
Avoid a possible integer overflow when fts5 tokenizes a very large document. Only possible with non-standard builds that use large values of SQLITE_MAX_LENGTH. Bug [bugs:/info/2026-06-09T05:27:16Z | 2026-06-09T05:27:16Z].
drh [Tue, 9 Jun 2026 10:16:40 +0000 (10:16 +0000)]
Change loop counter variables from int to i64 to avoid a potential
integer overflow inside an assert() statement when SQLite is compiled
with SQLITE_DEBUG and an extra-large SQLITE_MAX_LENGTH. Does not
affect production builds.
[bugs:/info/2026-06-09T08:53:14Z|Bug 2026-06-09T08:53:14Z].
dan [Mon, 8 Jun 2026 11:24:05 +0000 (11:24 +0000)]
Clamp the nToken parameter to the fts5 snippet() function between 0 and 64. It has always been documented this way, but not previously implemented. Report [bugs:/info/2026-06-08T08:29:00Z | 2026-06-08T08:29:00Z].
drh [Thu, 4 Jun 2026 16:56:11 +0000 (16:56 +0000)]
Disable the vector-IN-SELECT optimization if the number of columns is so
large that it would cause the WhereTerm.nChild column to wrap.
[bugs:/info/2026-06-04T10:00:49Z|Bug 2026-06-04T10:00:49Z].
dan [Thu, 4 Jun 2026 11:48:18 +0000 (11:48 +0000)]
Fix a crash that could be caused by configuring the pager-cache with a bulk allocation too small to fit even one page. Bug [bugs:/info/2026-06-04T07:03:12Z | 2026-06-04T07:03:12Z].
dan [Thu, 4 Jun 2026 11:19:43 +0000 (11:19 +0000)]
Fix problems with expressions like "(?,?,?) IN (SELECT c,b,a FROM ...)" when there is an index on columns "c", "b" and "a", but not in that order. Bug [bugs:/info/2026-06-04T07:02:53Z | 2026-06-04T07:02:53Z].
drh [Thu, 4 Jun 2026 11:18:11 +0000 (11:18 +0000)]
Clearly mark the ext/misc/wholenumber.c extension as "testing and
debugging use only". Fix a potential integer overflow that can occur
if the above warning is ignored.
[bugs:/info/2026-06-04T09:40:28Z|Bug 2026-06-04T09:40:28Z].
dan [Wed, 3 Jun 2026 17:21:12 +0000 (17:21 +0000)]
Update the utf-8 decoder in the ICU extension to treat invalid sequences as codepoint 0xFFFD, matching the core. Report [bugs:/info/2026-06-03T04:04:46Z | 2026-06-03T04:04:46Z].
dan [Wed, 3 Jun 2026 16:46:15 +0000 (16:46 +0000)]
Fix a faulty assert() in rtree that could fire when processing an unusually large record. Bug [bugs:/info/2026-06-03T14:44:46Z | 2026-06-03T14:44:46Z].
drh [Wed, 3 Jun 2026 16:21:17 +0000 (16:21 +0000)]
Use tail recursion on the larger of the two partitions when doing a
quicksort as part of the implementation of the median() function,
to avoid excess stack usage on pathological inputs.
[bugs:/info/2026-06-03T07:26:42Z|Bug 2026-06-03T07:26:42Z].
dan [Wed, 3 Jun 2026 15:29:59 +0000 (15:29 +0000)]
Fix an integer overflow problem in fts3 that could lead to a buffer overwrite on platforms where size_t is 32-bits. Bug [bugs:/info/2026-06-03T04:28:51Z | 2026-06-03T04:28:51Z].
drh [Wed, 3 Jun 2026 10:55:08 +0000 (10:55 +0000)]
Make the (unused, untested, and unsupported) ext/misc/compress.c routines
responsive to OOM conditions.
[bugs:/info/2026-06-03T08:28:36Z|Bug 2026-06-03T08:28:36Z].
drh [Tue, 2 Jun 2026 10:08:30 +0000 (10:08 +0000)]
Fix the CLI so that it works when compiled using STDCALL on
Microsoft x86. Change should not affect other platforms.
[forum:/info/2026-06-02T09:44:12Z|Forum 2026-06-02T09:44:12Z].
dan [Mon, 1 Jun 2026 16:20:40 +0000 (16:20 +0000)]
For expressions of the form "(x, y...) IN (SELECT a, b ...)" where the result is not true, consider the collation sequences of columns "a" and "b" when determinining if the result should be false or NULL. Bug report [bugs:/info/0785f45e67 | 2026-05-31T02:10:44Z].
stephan [Mon, 1 Jun 2026 13:14:48 +0000 (13:14 +0000)]
Remove the data type ANY added to the shell's CSV exports in [aff74e71ea734e1a], as discussed in [forum:2ea4c50f69fc9829|forum post 2026-06-01T12:01:59Z].
drh [Mon, 1 Jun 2026 12:36:28 +0000 (12:36 +0000)]
Do not allow the argument to a table-valued function to reference a table
to its right, even if the SELECT is inside a common table expression.
This is a replacement for the fix at [3c0a277e6741c722]. Fix
for multiple dbsqlfuzz reports and probably also a fix
for [bugs:/info/b6c6fad96c|Bug 2026-06-01T07:23:11Z].
drh [Mon, 1 Jun 2026 10:53:28 +0000 (10:53 +0000)]
Extra defenses against integer overflows in the untested, unused, and
unsupported transliterate() SQL extension function found in the
ext/misc/spellfix.c extension.
[bugs:/info/2026-06-01T10:34:57Z|Bug 2026-06-01T10:34:57Z].
drh [Sun, 31 May 2026 15:49:57 +0000 (15:49 +0000)]
Fix the zipfile extension so that ZIP archives containing files whose names
contain embedded \000 bytes do not cause problems.
[bugs:/info/2026-05-31T11:43:05Z|Bug 2026-05-31T11:43:05Z].
drh [Sun, 31 May 2026 09:18:31 +0000 (09:18 +0000)]
Fix the format() SQL function so that it reports TOOBIG and NOMEM errors.
Fix a possible integer overflow on %#Q formatting.
[bugs:/info/2026-05-31T02:00:07Z|Bug 2026-05-31T02:00:07Z].
drh [Sat, 30 May 2026 13:23:25 +0000 (13:23 +0000)]
Add a test to ensure an application does not try to create a geopoly
virtual table with too many columns.
[bugs:/info/2026-05-30T12:47:27Z|Bug 2026-05-30T12:47:27Z].
drh [Sat, 30 May 2026 10:24:03 +0000 (10:24 +0000)]
Harden the diskused.c extension against NULL pointer deferences that
might have previously occurred when given a corrupt database file.
[bug:/info/2026-05-30T07:08:55Z|Bug 2026-05-30T07:08:55Z].
drh [Fri, 29 May 2026 14:57:38 +0000 (14:57 +0000)]
Rename the ext/misc/analyze.c extension to ext/misc/diskused.c, to avoid
confusion with the src/analyze.c file. The function is now called
"diskused(X)" instead of "analyze(X)". The CLI command is renamed
from ".dbstat" to ".diskused".
drh [Fri, 29 May 2026 12:23:38 +0000 (12:23 +0000)]
The -csv option to the CLI also sets "-limits off", for legacy
compatibility, and because that seems to make sense.
[forum:/info/2026-05-28T16:23:36Z|Forum thread 2026-05-28T16:23:36Z].
drh [Thu, 28 May 2026 11:16:55 +0000 (11:16 +0000)]
Fix an infinite loop that can occur in the unused, untested, and
unsupported ext/misc/btreeinfo.c extension if it is presented with
a corrupt database file.
[bugs:/forumpost/b43c44cc1c|Bug 2026-05-28T05:41:01Z].
projects / thirdparty / sqlite.git / log
