From 23496702622549d23f22639b7e2f5c47cfeba9a6 Mon Sep 17 00:00:00 2001
From: dan <dan@noemail.net>
Date: Tue, 26 Jan 2016 13:56:42 +0000
Subject: [PATCH] Ensure that unixFullpathname() always nul-terminates its
 output buffer, even when returning an error.

FossilOrigin-Name: 4a4385564dd3887a7953820b60c99d6ce289f96a
---
 manifest          | 16 ++++++++--------
 manifest.uuid     |  2 +-
 src/os_unix.c     | 31 +++++++++++++++++++------------
 test/symlink.test |  1 -
 4 files changed, 28 insertions(+), 22 deletions(-)

diff --git a/manifest b/manifest
index ea40dd333f..2765e104fb 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Remove\san\sunused\svariable.
-D 2016-01-26T00:12:42.634
+C Ensure\sthat\sunixFullpathname()\salways\snul-terminates\sits\soutput\sbuffer,\seven\swhen\sreturning\san\serror.
+D 2016-01-26T13:56:42.494
 F Makefile.in 027c1603f255390c43a426671055a31c0a65fdb4
 F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434
 F Makefile.msc 1708a78eda223b6daa302b140037fcc214a779f9
@@ -329,7 +329,7 @@ F src/os.c 8fd25588eeba74068d41102d26810e216999b6c8
 F src/os.h 3e57a24e2794a94d3cf2342c6d9a884888cd96bf
 F src/os_common.h abdb9a191a367793268fe553d25bab894e986a0e
 F src/os_setup.h c9d4553b5aaa6f73391448b265b89bed0b890faa
-F src/os_unix.c e9e1e6a49892a76fe1fd167b1d475eeddaf1ccb3
+F src/os_unix.c 5bb20172d0c9a6afcfa829a88c406970593c848d
 F src/os_win.c 386fba30419e8458b13209781c2af5590eab2811
 F src/os_win.h eb7a47aa17b26b77eb97e4823f20a00b8bda12ca
 F src/pager.c 2916c66aee50f69d9ec56a7619b62d9c6a3bee61
@@ -1061,7 +1061,7 @@ F test/subselect.test d24fd8757daf97dafd2e889c73ea4c4272dcf4e4
 F test/substr.test 18f57c4ca8a598805c4d64e304c418734d843c1a
 F test/subtype1.test 7fe09496352f97053af1437150751be2d0a0cae8
 F test/superlock.test 1cde669f68d2dd37d6c9bd35eee1d95491ae3fc2
-F test/symlink.test 511db82662446bb0d3619002422760ef8e4b1122
+F test/symlink.test c9ebe7330d228249e447038276bfc8a7b22f4849
 F test/sync.test a34cd43e98b7fb84eabbf38f7ed8f7349b3f3d85
 F test/syscall.test f59ba4e25f7ba4a4c031026cc2ef8b6e4b4c639c
 F test/sysfault.test c9f2b0d8d677558f74de750c75e12a5454719d04
@@ -1419,7 +1419,7 @@ F tool/vdbe_profile.tcl 246d0da094856d72d2c12efec03250d71639d19f
 F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
 F tool/warnings.sh 48bd54594752d5be3337f12c72f28d2080cb630b
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
-P 8a6e4147a680ad6c5fdd588468b6daac82349d2c
-R d2cf53f7b50c768b631d5f18bba143b9
-U drh
-Z 592370e14c792642f017f87ac074cb77
+P 1c2656c1d37906230edc142d3a4253b16b6e925f
+R 6c0824142ba46339a29c32338146479b
+U dan
+Z e95289d1bfc22539e02b85ec76fd69c7
diff --git a/manifest.uuid b/manifest.uuid
index 78b51cd18f..72144560be 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-1c2656c1d37906230edc142d3a4253b16b6e925f
\ No newline at end of file
+4a4385564dd3887a7953820b60c99d6ce289f96a
\ No newline at end of file
diff --git a/src/os_unix.c b/src/os_unix.c
index cdbcd2c8e0..81422f215d 100644
--- a/src/os_unix.c
+++ b/src/os_unix.c
@@ -5955,7 +5955,12 @@ static int mkFullPathname(
     iOff = sqlite3Strlen30(zOut);
     zOut[iOff++] = '/';
   }
-  if( (iOff+nPath+1)>nOut ) return SQLITE_CANTOPEN_BKPT;
+  if( (iOff+nPath+1)>nOut ){
+    /* SQLite assumes that xFullPathname() nul-terminates the output buffer
+    ** even if it returns an error.  */
+    zOut[iOff] = '\0';
+    return SQLITE_CANTOPEN_BKPT;
+  }
   sqlite3_snprintf(nOut-iOff, &zOut[iOff], "%s", zPath);
   return SQLITE_OK;
 }
@@ -6020,15 +6025,17 @@ static int unixFullPathname(
         nByte = osReadlink(zIn, zDel, nOut-1);
         if( nByte<0 ){
           rc = unixLogError(SQLITE_CANTOPEN_BKPT, "readlink", zIn);
-        }else if( zDel[0]!='/' ){
-          int n;
-          for(n = sqlite3Strlen30(zIn); n>0 && zIn[n-1]!='/'; n--);
-          if( nByte+n+1>nOut ){
-            rc = SQLITE_CANTOPEN_BKPT;
-          }else{
-            memmove(&zDel[n], zDel, nByte+1);
-            memcpy(zDel, zIn, n);
-            nByte += n;
+        }else{
+          if( zDel[0]!='/' ){
+            int n;
+            for(n = sqlite3Strlen30(zIn); n>0 && zIn[n-1]!='/'; n--);
+            if( nByte+n+1>nOut ){
+              rc = SQLITE_CANTOPEN_BKPT;
+            }else{
+              memmove(&zDel[n], zDel, nByte+1);
+              memcpy(zDel, zIn, n);
+              nByte += n;
+            }
           }
           zDel[nByte] = '\0';
         }
@@ -6037,8 +6044,8 @@ static int unixFullPathname(
       zIn = zDel;
     }
 
-    if( rc==SQLITE_OK ){
-      assert( zIn!=zOut || zIn[0]=='/' );
+    assert( rc!=SQLITE_OK || zIn!=zOut || zIn[0]=='/' );
+    if( rc==SQLITE_OK && zIn!=zOut ){
       rc = mkFullPathname(zIn, zOut, nOut);
     }
     if( bLink==0 ) break;
diff --git a/test/symlink.test b/test/symlink.test
index e9e5f3c305..949102cf8a 100644
--- a/test/symlink.test
+++ b/test/symlink.test
@@ -181,7 +181,6 @@ do_test 4.4.0 {
 } {}
 do_test 4.4.1 {
   db close
-  breakpoint
   sqlite3 db w/test.db
   db eval { SELECT * FROM t1 }
 } {hello world}
-- 
2.47.2