From: drh <>
Date: Tue, 16 Jun 2026 09:53:23 +0000 (+0000)
Subject: Fix a possible call to memcpy() with a NULL source pointer when the size
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=09c84c70ee2e5355b6bca3085b7a6c616909b197;p=thirdparty%2Fsqlite.git

Fix a possible call to memcpy() with a NULL source pointer when the size
parameter is zero (which is technically undefined behavior but in practice
is completely harmless) in the sha1_query() extension function.
[bugs:/info/2026-06-16T07:42:23Z|Bug 2026-06-16T07:42:23Z].

FossilOrigin-Name: 2063926473adaf9619ca10fd47b273ef59b1f77136836d575e5db3cfd68987da
---

diff --git a/ext/misc/sha1.c b/ext/misc/sha1.c
index 058130d042..0ec5b772e5 100644
--- a/ext/misc/sha1.c
+++ b/ext/misc/sha1.c
@@ -175,7 +175,7 @@ static void hash_step(
   }else{
     i = 0;
   }
-  (void)memcpy(&p->buffer[j], &data[i], len - i);
+  if( len-i>0 ) (void)memcpy(&p->buffer[j], &data[i], len - i);
 }
 
 /* Compute a string using sqlite3_vsnprintf() and hash it */
diff --git a/manifest b/manifest
index d12756cbcb..9568cfbdb5 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Consistent\serror\smessages\sfor\sexcess\strigger\snesting.
-D 2026-06-15T17:39:46.895
+C Fix\sa\spossible\scall\sto\smemcpy()\swith\sa\sNULL\ssource\spointer\swhen\sthe\ssize\nparameter\sis\szero\s(which\sis\stechnically\sundefined\sbehavior\sbut\sin\spractice\nis\scompletely\sharmless)\sin\sthe\ssha1_query()\sextension\sfunction.\n[bugs:/info/2026-06-16T07:42:23Z|Bug\s2026-06-16T07:42:23Z].
+D 2026-06-16T09:53:23.490
 F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
@@ -396,7 +396,7 @@ F ext/misc/regexp.c 378e6e84516952a4b9f3f4df88927f20e6538e2609f55b773ed78899dab8
 F ext/misc/remember.c add730f0f7e7436cd15ea3fd6a90fd83c3f706ab44169f7f048438b7d6baa69c
 F ext/misc/rot13.c 51ac5f51e9d5fd811db58a9c23c628ad5f333c173f1fc53c8491a3603d38556c
 F ext/misc/series.c 8612317330587e4cfeb0ae7ffe2f06fe86e66f94a0f5bbb80d8fb46f89e9f0ad
-F ext/misc/sha1.c 9a11826db885e8afd997c0a1b28bb799a43e462ef770ac33f19e744887c9c6fa
+F ext/misc/sha1.c eed0ad67ad7c69798278183a74523d95623d4864821a3f4dd82b234568e307c1
 F ext/misc/shathree.c fd22d70620f86a0467acfdd3acd8435d5cb54eb1e2d9ff36ae44e389826993df
 F ext/misc/showauth.c 732578f0fe4ce42d577e1c86dc89dd14a006ab52
 F ext/misc/spellfix.c e9e951f9712b6c302e4ee84f5db5a7b18daab87aa229867c66f34684d2dfbb40
@@ -2208,8 +2208,8 @@ F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee
 F tool/warnings.sh a554d13f6e5cf3760f041b87939e3d616ec6961859c3245e8ef701d1eafc2ca2
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
 F tool/winmain.c 00c8fb88e365c9017db14c73d3c78af62194d9644feaf60e220ab0f411f3604c
-P 0796d337f6a0ef02a460a24eadda20e33e8fb9ec64b696ae1addee69c1bfddeb
-R 8fa73c86489622ce5799f785acd13531
+P 4fb9f2ffb4b45d81c70f561f45cf29a0d5872a612b948882c4a2a14629bcbe28
+R 131fbfc59e0518eae71ac3d214fd0023
 U drh
-Z cc9ff32c4fe583768a909a4387445a80
+Z 3b644da4acf48000c8d0a6ef5a87c17a
 # Remove this line to create a well-formed Fossil manifest.
diff --git a/manifest.uuid b/manifest.uuid
index 7b6385e292..97fa0c6263 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-4fb9f2ffb4b45d81c70f561f45cf29a0d5872a612b948882c4a2a14629bcbe28
+2063926473adaf9619ca10fd47b273ef59b1f77136836d575e5db3cfd68987da