From 2087fa2d97f3d64af22b80ff1c8118051ad1778f Mon Sep 17 00:00:00 2001
From: drh <>
Date: Thu, 4 Dec 2025 20:22:36 +0000
Subject: [PATCH] Make the shell_exec() routine in the CLI robust against NULL
 SQL text. Fix harmless compiler warnings in ext/misc/zipfile.c.

FossilOrigin-Name: 2ecba7dfd10c7d6a7a34b0ec01a387c9f1426c0504c8f20edc03e29bb9aa93c3
---
 ext/misc/zipfile.c |  3 ++-
 manifest           | 16 ++++++++--------
 manifest.uuid      |  2 +-
 src/shell.c.in     |  2 +-
 4 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/ext/misc/zipfile.c b/ext/misc/zipfile.c
index 58cfba658a..de401b89ec 100644
--- a/ext/misc/zipfile.c
+++ b/ext/misc/zipfile.c
@@ -900,11 +900,12 @@ static int zipfileGetEntry(
         rc = zipfileReadData(pFile, aRead, szFix, pNew->cds.iOffset, pzErr);
       }else{
         aRead = (u8*)&aBlob[pNew->cds.iOffset];
-        if( (pNew->cds.iOffset + ZIPFILE_LFH_FIXED_SZ)>nBlob ){
+        if( (pNew->cds.iOffset + ZIPFILE_LFH_FIXED_SZ)>(unsigned)nBlob ){
           rc = zipfileCorrupt(pzErr);
         }
       }
 
+      memset(&lfh, 0, sizeof(lfh));
       if( rc==SQLITE_OK ) rc = zipfileReadLFH(aRead, &lfh);
       if( rc==SQLITE_OK ){
         pNew->iDataOff =  pNew->cds.iOffset + ZIPFILE_LFH_FIXED_SZ;
diff --git a/manifest b/manifest
index e0c233ddc1..e46e839980 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Limit\scompile\stime\svalue\sSQLITE_MAX_SQL_LENGTH\sto\s1024\sless\sthan\s2^31,\sor\s2147482624.\sThis\sis\sto\savoid\shaving\sto\sdeal\swith\sedge\scases\srelated\sto\s32-bit\sinteger\soverflow\sthat\scan\sonly\soccur\sin\scustom\sbuilds.
-D 2025-12-04T16:44:11.298
+C Make\sthe\sshell_exec()\sroutine\sin\sthe\sCLI\srobust\sagainst\sNULL\sSQL\stext.\nFix\sharmless\scompiler\swarnings\sin\sext/misc/zipfile.c.
+D 2025-12-04T20:22:36.336
 F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
@@ -414,7 +414,7 @@ F ext/misc/vtablog.c 2d04386c2f5a3bb93bc9ae978f0b7dcd5a264e126abd640dd6d82aa9067
 F ext/misc/vtshim.c e5bce24ab8c532f4fdc600148718fe1802cb6ed57417f1c1032d8961f72b0e8f
 F ext/misc/wholenumber.c 0fa0c082676b7868bf2fa918e911133f2b349bcdceabd1198bba5f65b4fc0668
 F ext/misc/windirent.h 02211ce51f3034c675f2dbf4d228194d51b3ee05734678bad5106fff6292e60c
-F ext/misc/zipfile.c 09e6e3a3ff40a99677de3c0bc6569bd5f4709b1844ac3d1c1452a456c5a62f1c
+F ext/misc/zipfile.c 9981cda2f5d08ff01f33c2e4cea82df75f83a4c0fdcbc5dce67e0f775b770fb1
 F ext/misc/zorder.c bddff2e1b9661a90c95c2a9a9c7ecd8908afab5763256294dd12d609d4664eee
 F ext/qrf/README.md 86fc5c3c5e3eddbe54fc1235cbdc52b8c2c0732791d224345c3014cd45c4c0e7
 F ext/qrf/dev-notes.md e68a6d91ce4c7eb296ef2daadc2bb79c95c317ad15b9fafe40850c67b29c2430
@@ -737,7 +737,7 @@ F src/random.c 606b00941a1d7dd09c381d3279a058d771f406c5213c9932bbd93d5587be4b9c
 F src/resolve.c 8d53771eb51a4ab5f970150c3a70969d8db79cd04a8774c2d296bbcf471a0dd0
 F src/rowset.c 8432130e6c344b3401a8874c3cb49fefe6873fec593294de077afea2dce5ec97
 F src/select.c 344518c1bba9c4636bf651b7642304abd2e7075ba35feb4bae42a51e5efe991f
-F src/shell.c.in 62b286951404fd72c116bb3b96b5ee9330de4dc4c8753ca33967ca1a47b3b972
+F src/shell.c.in a4a05fcc14c5e84867b3a2bb04cc1d53cb924b810ad72976157861a5d5f1a76b
 F src/sqlite.h.in 706cacea5308b0244fb6cec92e08310fb427a125375c64137cc1f878ae4cf5c0
 F src/sqlite3.rc 015537e6ac1eec6c7050e17b616c2ffe6f70fca241835a84a4f0d5937383c479
 F src/sqlite3ext.h 5d5330f5f8461f5ce74960436ddcfa53ecd09c2b8b23901e22ae38aec3243998
@@ -2184,8 +2184,8 @@ F tool/version-info.c 33d0390ef484b3b1cb685d59362be891ea162123cea181cb8e6d2cf6dd
 F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee87c1b31a7
 F tool/warnings.sh d924598cf2f55a4ecbc2aeb055c10bd5f48114793e7ba25f9585435da29e7e98
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
-P 307a500aa6a1f3ac8b154d2e981bb30c90236be26a8c9a8f318d5982c62440dd
-R 1901d2d7906ab24deca78086256a7fb1
-U dan
-Z 8a6f9d64c3e534e1ce9c8fde1cff2900
+P d73364555d213e443d8400ed69b134006f4e2fe0054d74fe0828ff01effe5cd2
+R c59a03fa78282f99ec46da47260a006f
+U drh
+Z 6f7b8b99cea200503a2d25a0683cc9c3
 # Remove this line to create a well-formed Fossil manifest.
diff --git a/manifest.uuid b/manifest.uuid
index 1f6d3e51cc..90a6dc42b5 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-d73364555d213e443d8400ed69b134006f4e2fe0054d74fe0828ff01effe5cd2
+2ecba7dfd10c7d6a7a34b0ec01a387c9f1426c0504c8f20edc03e29bb9aa93c3
diff --git a/src/shell.c.in b/src/shell.c.in
index 0ff7135757..27ed68bd9b 100644
--- a/src/shell.c.in
+++ b/src/shell.c.in
@@ -3220,7 +3220,7 @@ static int shell_exec(
   }
 #endif
 
-  while( zSql[0] && (SQLITE_OK == rc) ){
+  while( zSql && zSql[0] && (SQLITE_OK == rc) ){
     static const char *zStmtSql;
     rc = sqlite3_prepare_v2(db, zSql, -1, &pStmt, &zLeftover);
     if( SQLITE_OK != rc ){
-- 
2.47.3