From: drh <>
Date: Sun, 1 Mar 2026 22:36:02 +0000 (+0000)
Subject: Fix an OOB read in the incremental integrity-check extension.
X-Git-Tag: version-3.52.0~19
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e293b2d835c0de26d2326377539b294c682a5235;p=thirdparty%2Fsqlite.git

Fix an OOB read in the incremental integrity-check extension.

FossilOrigin-Name: abecc8e388e294311aa0b572e0a984b8ddad2afbf829c1246e1682fa549c8fac
---

diff --git a/ext/intck/sqlite3intck.c b/ext/intck/sqlite3intck.c
index 5f645fae6e..e3fef77637 100644
--- a/ext/intck/sqlite3intck.c
+++ b/ext/intck/sqlite3intck.c
@@ -319,7 +319,7 @@ static int intckGetToken(const char *z){
   char c = z[0];
   int iRet = 1;
   if( c=='\'' || c=='"' || c=='`' ){
-    while( 1 ){
+    while( z[iRet] ){
       if( z[iRet]==c ){
         iRet++;
         if( z[iRet]!=c ) break;
diff --git a/manifest b/manifest
index 51a63a8cf2..7fbf9ca49a 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Simplified\srounding\slogic\sin\ssqlite3Fp10Convert2().
-D 2026-03-01T20:22:08.292
+C Fix\san\sOOB\sread\sin\sthe\sincremental\sintegrity-check\sextension.
+D 2026-03-01T22:36:02.371
 F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
@@ -285,7 +285,7 @@ F ext/intck/intck_common.tcl a61fd2697ae55b0a3d89847ca0b590c6e0d8ff64bebb70920d9
 F ext/intck/intckbusy.test d5ed4ef85a4b1dc1dee2484bd14a4bb68529659cca743327df0c775f005fa387
 F ext/intck/intckcorrupt.test f6c302792326fb3db9dcfc70b554c55369bc4b52882eaaf039cfe0b74c821029
 F ext/intck/intckfault.test cff3f75dff74abb3edfcb13f6aa53f6436746ab64b09fe5e2028f051e985efab
-F ext/intck/sqlite3intck.c b1c8a86f90fc00741d13314db9c58f7e2f92d1d19c5ad1c6904ec83a6bbd5c96
+F ext/intck/sqlite3intck.c 3c4a166645a1624731f63acd342e24e81e4ffd497116d94a427d72e6cc6caa69
 F ext/intck/sqlite3intck.h 2b40c38e7063ab822c974c0bd4aed97dabb579ccfe2e180a4639bb3bbef0f1c9
 F ext/intck/test_intck.c 4f9eaadaedccb9df1d26ba41116a0a8e5b0c5556dc3098c8ff68633adcccdea8
 F ext/jni/GNUmakefile 8a94e3a1953b88cf117fb2a5380480feada8b4f5316f02572cab425030a720b4
@@ -1315,6 +1315,7 @@ F test/insertfault.test ac63d14ea3b49c573673a572f4014b9117383a03e497c58f308b5c77
 F test/instr.test 67ba309e9697c24a304e98a7c8f372456177dd4e32237d2a305e1e05f7bb79c2
 F test/instrfault.test 95e28efade652e6d51ae11b377088fe523a581a07ec428009e152a4dd0e0f44c
 F test/intarray.test bb976b0b3df0ebb6a2eddfb61768280440e672beba5460ed49679ea984ccf440
+F test/intck01.sql f2d88bf41cdd64f2ed8c3d4f357cf520f017aa2986999ab9a62eb6506ef18106
 F test/interrupt.test ac1ef50ec9ab8e4f0e17c47629f82539d4b22558904e321ed5abea2e6187da7a
 F test/interrupt2.test e4408ca770a6feafbadb0801e54a0dcd1a8d108d
 F test/intpkey.test 7d54711acf553cdd641a40e9c6cfc2bf1a76070074940c1b126442517054320f
@@ -1629,7 +1630,7 @@ F test/shell7.test 43fd8e511c533bab5232e95c7b4be93b243451709e89582600d4b6e67693d
 F test/shell8.test 38c9e4d7e85d2a3ecfacaa9f6cda4f7a81bf4fffb5f3f37f9cd76827c6883192
 F test/shell9.test 8742a5b390cdcef6369f5aa223e415aa4255a4129ef249b177887dc635a87209
 F test/shellA.test 05cdaafa1f79913654487ce3aefa038d4106245d58f52e02faf506140a76d480
-F test/shellB.test b2afd5c28aba750c066996a082210d6a4fcab8fd042cad076d9c1023164af9b1
+F test/shellB.test 1f0a95bf8c7047a385f54b69b272887e1efeb3d8f34e6f09ed2f865083bbfc3e
 F test/shmlock.test 9f1f729a7fe2c46c88b156af819ac9b72c0714ac6f7246638a73c5752b5fd13c
 F test/shortread1.test bb591ef20f0fd9ed26d0d12e80eee6d7ac8897a3
 F test/show_speedtest1_rtree.tcl 32e6c5f073d7426148a6936a0408f4b5b169aba5
@@ -2195,8 +2196,8 @@ F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee
 F tool/warnings.sh d924598cf2f55a4ecbc2aeb055c10bd5f48114793e7ba25f9585435da29e7e98
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
 F tool/winmain.c 00c8fb88e365c9017db14c73d3c78af62194d9644feaf60e220ab0f411f3604c
-P 21c8fc7100e23b632b77934cbbafb98dfd3e6e73bab702446ef6345b378c9d36
-R af3efb8f8f323da927b8fb2503c5d89e
+P 8ac63ebc5c04ba555bbf0d878a70e25deba5fcc75ff44c464600b92c27e5dcb0
+R 3fa7dbd1f9c7e7bf7f235a0b6a9eb234
 U drh
-Z 73d1b37c301d10277342aa84d5761b61
+Z 3bb8f45dd6d08d23bece1f3ddd3cf2c3
 # Remove this line to create a well-formed Fossil manifest.
diff --git a/manifest.uuid b/manifest.uuid
index df2b0bf426..84929cd5ee 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-8ac63ebc5c04ba555bbf0d878a70e25deba5fcc75ff44c464600b92c27e5dcb0
+abecc8e388e294311aa0b572e0a984b8ddad2afbf829c1246e1682fa549c8fac
diff --git a/test/intck01.sql b/test/intck01.sql
new file mode 100644
index 0000000000..b1996aeeb9
--- /dev/null
+++ b/test/intck01.sql
@@ -0,0 +1,23 @@
+#!sqlite3
+#
+# 2026-03-01
+#
+# The author disclaims copyright to this source code.  In place of
+# a legal notice, here is a blessing:
+#
+#    May you do good and not evil.
+#    May you find forgiveness for yourself and forgive others.
+#    May you share freely, never taking more than you give.
+#
+#***********************************************************************
+#
+# Bug report sqlite.org/forum/forumpost/efc9bc9cb3
+#
+.testcase 100
+.mode quote
+.intck 1
+SELECT parse_create_index('CREATE IDEX i ON t("x',0);
+.check <<END
+1 steps, 0 errors
+NULL
+END
diff --git a/test/shellB.test b/test/shellB.test
index 9d7485402a..7260875950 100644
--- a/test/shellB.test
+++ b/test/shellB.test
@@ -47,5 +47,6 @@ do_clitest dotcmd01.sql
 ifcapable vtab {
   do_clitest import01.sql
 }
+do_clitest intck01.sql
 
 finish_test