From 50b6568454237ede6e88fb2ef6df30bf2e7df842 Mon Sep 17 00:00:00 2001 From: drh Date: Tue, 17 Feb 2009 18:37:28 +0000 Subject: [PATCH] Add tests to double-check that nothing within SQLite ever tries to allocate amounts of memory that are close to the maximum signed integer, leading to an integer overflow within malloc(). This is not currently a problem. The extra tests just insure it never becomes a problem. (CVS 6298) FossilOrigin-Name: f6ba7bb9152cffc9f67dfa7de12e36a3244b7e03 --- manifest | 14 +++++++------- manifest.uuid | 2 +- src/malloc.c | 15 ++++++++++++--- 3 files changed, 20 insertions(+), 11 deletions(-) diff --git a/manifest b/manifest index dc1e1b59c3..45c3e9c226 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Initialize\san\suninitialized\sbuffer\sto\ssilence\sa\svalgrind\swarning\sduring\sa\sVACUUM\soperation.\s(CVS\s6297) -D 2009-02-17T17:56:30 +C Add\stests\sto\sdouble-check\sthat\snothing\swithin\sSQLite\sever\stries\sto\sallocate\namounts\sof\smemory\sthat\sare\sclose\sto\sthe\smaximum\ssigned\sinteger,\sleading\sto\nan\sinteger\soverflow\swithin\smalloc().\s\sThis\sis\snot\scurrently\sa\sproblem.\nThe\sextra\stests\sjust\sinsure\sit\snever\sbecomes\sa\sproblem.\s(CVS\s6298) +D 2009-02-17T18:37:29 F Makefile.arm-wince-mingw32ce-gcc fcd5e9cd67fe88836360bb4f9ef4cb7f8e2fb5a0 F Makefile.in c7a5a30fb6852bd7839b1024e1661da8549878ee F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654 @@ -124,7 +124,7 @@ F src/journal.c e00df0c0da8413ab6e1bb7d7cab5665d4a9000d0 F src/legacy.c 8b3b95d48d202614946d7ce7256e7ba898905c3b F src/loadext.c 3f96631089fc4f3871a67f02f2e4fc7ea4d51edc F src/main.c 4912460dab29e4d37e4ba1d78320c6a77bb95ad8 -F src/malloc.c 836bc7ead9b255a61d56d5589b24e1dad6704604 +F src/malloc.c 552d993ee414ead65cafcaa636e22c84085999cb F src/mem0.c f2f84062d1f35814d6535c9f9e33de3bfb3b132c F src/mem1.c 3bfb39e4f60b0179713a7c087b2d4f0dc205735f F src/mem2.c 6f46eef2c2cce452ae38f5b98c2632712e858bc9 @@ -701,7 +701,7 @@ F tool/speedtest16.c c8a9c793df96db7e4933f0852abb7a03d48f2e81 F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224 F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e -P 79431c58d964d6057c7f42f7c1df74f3df4493eb -R d18eb83f62823b052c9f91def439d0bf -U danielk1977 -Z 202aeb49d99b1391c07f283d43f19e14 +P 8c61968b33dd753618589cb3f859984223161d64 +R 793a2b2b9355549182d95e51bb87d221 +U drh +Z f91927cefb8ab6069f07082e6447fa2b diff --git a/manifest.uuid b/manifest.uuid index 0a8c99ed87..9712a50eef 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -8c61968b33dd753618589cb3f859984223161d64 \ No newline at end of file +f6ba7bb9152cffc9f67dfa7de12e36a3244b7e03 \ No newline at end of file diff --git a/src/malloc.c b/src/malloc.c index d9c036da66..468e057a84 100644 --- a/src/malloc.c +++ b/src/malloc.c @@ -12,7 +12,7 @@ ** ** Memory allocation functions used throughout sqlite. ** -** $Id: malloc.c,v 1.55 2009/02/17 16:29:11 danielk1977 Exp $ +** $Id: malloc.c,v 1.56 2009/02/17 18:37:29 drh Exp $ */ #include "sqliteInt.h" #include @@ -266,7 +266,15 @@ static int mallocWithAlarm(int n, void **pp){ */ void *sqlite3Malloc(int n){ void *p; - if( n<=0 ){ + if( n<=0 || NEVER(n>=0x7fffff00) ){ + /* The NEVER(n>=0x7fffff00) term is added out of paranoia. We want to make + ** absolutely sure that there is nothing within SQLite that can cause a + ** memory allocation of a number of bytes which is near the maximum signed + ** integer value and thus cause an integer overflow inside of the xMalloc() + ** implementation. The n>=0x7fffff00 gives us 255 bytes of headroom. The + ** test should never be true because SQLITE_MAX_LENGTH should be much + ** less than 0x7fffff00 and it should catch large memory allocations + ** before they reach this point. */ p = 0; }else if( sqlite3GlobalConfig.bMemstat ){ sqlite3_mutex_enter(mem0.mutex); @@ -555,7 +563,8 @@ void *sqlite3Realloc(void *pOld, int nBytes){ if( pOld==0 ){ return sqlite3Malloc(nBytes); } - if( nBytes<=0 ){ + if( nBytes<=0 || NEVER(nBytes>=0x7fffff00) ){ + /* The NEVER(...) term is explained in comments on sqlite3Malloc() */ sqlite3_free(pOld); return 0; } -- 2.47.2