Enhance the "weekday N" modifier for date/time functions such that if
the argument is negative, it move the date backwards in time to the
matching weekday, rather than forwards.
drh [Sun, 28 Jun 2026 19:05:29 +0000 (19:05 +0000)]
Mark shadow tables when registering a new virtual table that already exists
after the schema has loaded. Test cases in TH3.
[bugs:/info/2026-06-26T12:45:51Z|Bug 2026-06-26T12:45:51Z].
drh [Sun, 28 Jun 2026 00:21:50 +0000 (00:21 +0000)]
Check for oversized iTermOff in fs5SegIterNextInit() and trigger a
corruption error if detected.
[bugs:/info/2026-06-27T18:46:54Z|Bug 2026-06-27T18:46:54Z]
drh [Sat, 27 Jun 2026 23:04:36 +0000 (23:04 +0000)]
Do not allow an integer overflow to bypass a leaf-term bound check
in the integrity-check function of FTS5.
[bugs:/info/2026-06-27T18:47:28Z|Bug 2026-06-27T18:47:28Z]
drh [Sat, 27 Jun 2026 20:30:17 +0000 (20:30 +0000)]
In the amatch.c and fuzzer.c extensions (both of which are experimental,
for testing purposes only, and are not part of any deliverable) treat
NULL inputs as empty strings.
[bugs:/info/2026-06-27T19:32:29Z|Bug 2026-06-27T19:32:29Z].
dan [Fri, 26 Jun 2026 19:31:46 +0000 (19:31 +0000)]
Fix a harmless "jump or move depends on uninitialised value" warning that could occur when using a virtual table as the RHS of an outer join within a trigger.
drh [Fri, 26 Jun 2026 15:27:30 +0000 (15:27 +0000)]
Enhance the documentation on sqlite3_set_authorizer() to make it clear
that the authorizer callback is not invoked for elements of an expression
in a generated column.
[bugs:/info/2026-06-26T12:42:48Z|Bugs 2026-06-26T12:42:48Z].
drh [Fri, 26 Jun 2026 13:00:38 +0000 (13:00 +0000)]
Fix the (non-deliverable, testing-use-only) closure extension so that it
parses quoted instantiation arguments correctly.
[bugs:/info/2026-06-26T10:06:27Z|Bug 2026-06-26T10:06:27Z]
dan [Fri, 26 Jun 2026 11:36:54 +0000 (11:36 +0000)]
Fix the size of an allocation in fts3 to take into account that when merging a phrase doclist, each entry may grow by up to 1 byte if the rhs position of the merged lists is stored. Bug [bugs:/info/2026-06-26T08:08:39Z | 2026-06-26T08:08:39Z].
drh [Fri, 26 Jun 2026 09:55:59 +0000 (09:55 +0000)]
Improved detection of corrupt freelist chains on btree pages.
Plus, add assert()s to verify that the min-heap does not overflow
inside of PRAGMA integrity_check.
dan [Thu, 25 Jun 2026 17:07:53 +0000 (17:07 +0000)]
Have API functions sqlite3_serialize, sqlite3_limit, sqlite3_busy_timeout, sqlite3_error_offset, sqlite3_db_name, sqlite3_get_autocommit, sqlite3_errcode, sqlite3_total_changes64, sqlite3_changes64, sqlite3_last_insert_rowid and sqlite3_expired take and hold the database mutex while running.
dan [Thu, 25 Jun 2026 16:24:06 +0000 (16:24 +0000)]
Also have functions sqlite3_db_name(), sqlite3_get_autocommit(), sqlite3_extended_errcode(), sqlite3_errcode(), sqlite3_total_changes64(), sqlite3_changese64(), sqlite3_last_insert_rowid() and sqlite3_expired() take the database mutex.
drh [Thu, 25 Jun 2026 15:17:15 +0000 (15:17 +0000)]
Change the undocumented and unsupported sqlite_log() SQL function so that
it is marked as unsafe and direct-only.
[bugs:/info/3311f8d5b8|Bug 2026-06-25T10:19:43Z].
drh [Thu, 25 Jun 2026 14:48:09 +0000 (14:48 +0000)]
Improve the sqlite3_str_vappendf() routine for additional robustness in the
face of over-sized inputs.
Probable fix for [bugs:/info/2026-06-25T11:29:23Z|Bug 2026-06-25T11:29:23Z].
dan [Wed, 24 Jun 2026 19:28:55 +0000 (19:28 +0000)]
When rolling back a journal that contains a super-journal pointer, only attempt to unlink the super-journal if (a) the filename looks like one that SQLite might have generated, and (b) the super-journal contains the name of the journal being rolled back. This is to limit the extent to which SQLite can be caused to delete arbitrary files by supplying it with a crafted hot-journal. Report [bugs:/info/2026-06-24T14:18:00Z | 2026-06-24T14:18:00Z].
drh [Wed, 24 Jun 2026 18:50:44 +0000 (18:50 +0000)]
Check for cells that extend of the end of a page when searching indexes.
This is a work-in-progress.
This check-in includes four NEVER() and ALWAYS() macros for which simple
test cases are needed.
dan [Wed, 24 Jun 2026 17:14:57 +0000 (17:14 +0000)]
When rolling back a journal that contains a super-journal pointer, only attempt to unlink the super-journal if the filename looks like one that SQLite might have generated. This is to limit the extent to which SQLite can be caused to delete arbitrary files by supplying it with a crafted hot-journal. Bug [bugs:/info/2026-06-24T14:18:00Z | 2026-06-24T14:18:00Z].
drh [Wed, 24 Jun 2026 13:46:37 +0000 (13:46 +0000)]
Fix a comment in os_kv.c so that it does not match "###" and thus does
not cause false-positives when searching the output of gcov. No
changes to code.
drh [Wed, 24 Jun 2026 13:45:04 +0000 (13:45 +0000)]
Fix the sqlite3ParseUri() for improved defenses against ridiculously long
URI inputs causing integer overflow problems.
[bugs:/info/2026-06-24T11:46:39Z|Bug 2026-06-24T11:46:39Z].
dan [Wed, 24 Jun 2026 13:42:39 +0000 (13:42 +0000)]
Revert the fixes to backup in [1f940357f7] and [e5db80350c] and instead fix the problem reported by forum post [forum:15d82885e2 | 15d82885e2] (that a call to sqlite3_deserialize() after sqlite3_backup_init() but before the first call to sqlite3_backup_step() on the destination db of a backup could cause a crash) by deferring caching the pointer to the destination Btree until after it is locked. This addresses bug [bugs:/info/2026-06-24T08:41:13Z | 2026-06-24T08:41:13Z].
drh [Wed, 24 Jun 2026 12:40:26 +0000 (12:40 +0000)]
Defend against integer overflow on oversized string inputs to
sqlite3_mprintf() and similar C-language interfaces when using
the "%!.*s" conversion. The problem is not reachable from SQL
due to string length restrictions in SQL. C-code is required.
[bugs:/info/2026-06-24T11:57:36Z|Bug 2026-06-24T11:57:36Z].
drh [Wed, 24 Jun 2026 12:22:22 +0000 (12:22 +0000)]
Update documentation to explain that a odd nByte parameter to
sqlite3_prepare16() is undefined behavior. In addition, always round
down the nByte parameter to an even number so that it in fact harmless
to give it an odd nByte value.
[bugs:/info/2026-06-24T11:25:24Z|Bug 2026-06-24T11:25:24Z].
dan [Wed, 24 Jun 2026 11:50:08 +0000 (11:50 +0000)]
Revert the fixes to backup in [1f940357f7] and [e5db80350c] and instead fix the problem reported by forum post [forum:15d82885e2 | 15d82885e2] (that a call to sqlite3_deserialize() after sqlite3_backup_init() but before the first call to sqlite3_backup_step() on the destination db of a backup could cause a crash) by deferring caching the pointer to the destination Btree until after it is locked. This addresses bug [bugs:/info/2026-06-24T08:41:13Z | 2026-06-24T08:41:13Z].
stephan [Wed, 24 Jun 2026 10:22:36 +0000 (10:22 +0000)]
Swap two lines to get the amalgamation building again with SQLITE_OMIT_FLOATING_POINT, noting that neither the shell nor the canonical library build with that flag. Reported in [forum:8c3df4da0d|forum post 2026-06-24T07:21:05Z].
dan [Tue, 23 Jun 2026 20:12:17 +0000 (20:12 +0000)]
Merge the fixes for the use-after-free problem caused by executing an ATTACH when a backup operation was active, and for the OOB read in the unused spellfix1 extension.
drh [Tue, 23 Jun 2026 19:28:14 +0000 (19:28 +0000)]
Fix an OOB read on the unused spellfix1 extension. The OOB read is
one byte prior to the start of an allocation, which is almost always
harmless. [bugs:/info/2026-06-23T18:48:40Z|Bug 2026-06-23T18:48:40Z].
dan [Tue, 23 Jun 2026 19:14:44 +0000 (19:14 +0000)]
Avoid a use-after-free problem that could occur if ATTACH statements are executed while a backup operation is active. Bug [bugs:/info/2026-06-23T15:46:48Z | 2026-06-23T15:46:48Z].
drh [Tue, 23 Jun 2026 19:08:18 +0000 (19:08 +0000)]
Do not allow internal-use-only functions to be coded, anywhere, unless
inside of a nested parse (which is the case for ALTER TABLE) or if
the appropriate test-control is activated.
[bugs:/info/2026-06-23T15:49:27Z|Bug 2026-06-23T15:49:27Z].
stephan [Tue, 23 Jun 2026 13:26:35 +0000 (13:26 +0000)]
Improve robustness against corrupt kvvfs journal files. Addresses bug report [bugs:f4d88886e6|2026-06-23T06:51:34Z] and the first follow-up report in that thread.
dan [Tue, 23 Jun 2026 11:14:45 +0000 (11:14 +0000)]
Fix a NULL pointer dereference that could occur in the unionvtab virtual table if the configuration SQL returned an SQL NULL value in place of a table name. Bug [bugs:/info/2026-06-23T05:32:49Z | 2026-06-23T05:32:49Z].
drh [Tue, 23 Jun 2026 11:09:55 +0000 (11:09 +0000)]
Fix a NULL pointer dereference that can occur when misusing a extension
virtual table that was created for testing purposes.
[bugs:/info/2026-06-23T05:32:49Z|Bug 2026-06-23T05:32:49Z]
drh [Tue, 23 Jun 2026 10:51:24 +0000 (10:51 +0000)]
Fix an OOB read in the next_char() function of the
"spellfix" extension. The spellfix extension is not a deliverable.
[bugs:/info/2026-06-23T05:41:00Z|Bug 2026-06-23T05:41:00Z]
drh [Tue, 23 Jun 2026 10:23:08 +0000 (10:23 +0000)]
Fix dequoting error on the instantiation parameters of the
non-deliverable extension virtual table "fuzzer.
[bugs:/info/2026-06-23T05:51:36Z|Bug 2026-06-23T05:51:36Z].
stephan [Sun, 21 Jun 2026 11:38:05 +0000 (11:38 +0000)]
Correct test from [96a48a15760a] - that journal was indeed corrupt, but not in the intended manner. Add a verification that the bad journal gets replaced after a write.
stephan [Sun, 21 Jun 2026 08:38:07 +0000 (08:38 +0000)]
Fix a result value semantics bug which broke application of a journal in kvvfs. Fix a memory-reset bug in hypothetical non-WASM builds of kvvfs. Bug report [bugs:7fcd3ea30fa4fcfc|2026-06-20T18:22:59Z], and this resolves the journaling issue mentioned in the parent post.
stephan [Sat, 20 Jun 2026 11:07:04 +0000 (11:07 +0000)]
Correct misuse of a loop control variable in writing of a kvvfs journal. Bug report [bugs:20e208fe17|2026-06-20T08:49:41Z]. Remove a snippet of dead code in the JS kvvfs side.
drh [Fri, 19 Jun 2026 16:55:08 +0000 (16:55 +0000)]
Fix the format() SQL function so that it returns an empty string not a
NULL if the first argument is an empty string.
[bugs:/info/2026-06-19T16:40:04Z|Bug 2026-06-19T16:40:04Z]
dan [Fri, 19 Jun 2026 11:14:16 +0000 (11:14 +0000)]
Fix an fts5 problem causing attempts to create locale=1 tables with more than 115 columns to fail. Bug [bugs:/info/2026-06-19T05:19:08Z | 2026-06-19T05:19:08Z].
drh [Wed, 17 Jun 2026 13:31:01 +0000 (13:31 +0000)]
Fix the OR-to-IN optimization so that it works in cases where there are
conflicting collation sequences on the equality constraints within the OR.
[bugs:/info/2026-06-17T05:04:48Z|Bug 2026-06-17T05:04:48Z].
drh [Tue, 16 Jun 2026 13:43:08 +0000 (13:43 +0000)]
Limit VIEW recursion depth to SQLITE_LIMIT_EXPR_DEPTH to prevent
static overflow in malicious schemas with tens of thousands of
levels of recursive views.
[bugs:/info/2026-06-16T04:21:51Z|Bug 2026-06-16T04:21:51Z]
dan [Tue, 16 Jun 2026 11:53:19 +0000 (11:53 +0000)]
Fix instances of potential buffer overflow caused by loading the contents of a stat4 table with an absurd number of samples in a 32-bit build. Bug [bugs:/info/2026-06-16T11:30:52Z | 2026-06-16T11:30:52Z].
drh [Tue, 16 Jun 2026 09:53:23 +0000 (09:53 +0000)]
Fix a possible call to memcpy() with a NULL source pointer when the size
parameter is zero (which is technically undefined behavior but in practice
is completely harmless) in the sha1_query() extension function.
[bugs:/info/2026-06-16T07:42:23Z|Bug 2026-06-16T07:42:23Z].
dan [Mon, 15 Jun 2026 17:27:05 +0000 (17:27 +0000)]
Speed up SQL aggregate functions percentile() and median() by using quickselect to find the required values instead of fully sorting the array of values with quicksort.
drh [Mon, 15 Jun 2026 17:14:12 +0000 (17:14 +0000)]
New Windows makefile targets for common EXEs that omit the ".exe" suffix, so
that when muscle memory kicks in and we type "make sqlite3" on windows, it
still works.