drh [Tue, 16 Jun 2026 13:43:08 +0000 (13:43 +0000)]
Limit VIEW recursion depth to SQLITE_LIMIT_EXPR_DEPTH to prevent
static overflow in malicious schemas with tens of thousands of
levels of recursive views.
[bugs:/info/2026-06-16T04:21:51Z|Bug 2026-06-16T04:21:51Z]
dan [Tue, 16 Jun 2026 11:53:19 +0000 (11:53 +0000)]
Fix instances of potential buffer overflow caused by loading the contents of a stat4 table with an absurd number of samples in a 32-bit build. Bug [bugs:/info/2026-06-16T11:30:52Z | 2026-06-16T11:30:52Z].
drh [Tue, 16 Jun 2026 09:53:23 +0000 (09:53 +0000)]
Fix a possible call to memcpy() with a NULL source pointer when the size
parameter is zero (which is technically undefined behavior but in practice
is completely harmless) in the sha1_query() extension function.
[bugs:/info/2026-06-16T07:42:23Z|Bug 2026-06-16T07:42:23Z].
dan [Mon, 15 Jun 2026 17:27:05 +0000 (17:27 +0000)]
Speed up SQL aggregate functions percentile() and median() by using quickselect to find the required values instead of fully sorting the array of values with quicksort.
drh [Mon, 15 Jun 2026 17:14:12 +0000 (17:14 +0000)]
New Windows makefile targets for common EXEs that omit the ".exe" suffix, so
that when muscle memory kicks in and we type "make sqlite3" on windows, it
still works.
drh [Mon, 15 Jun 2026 16:45:35 +0000 (16:45 +0000)]
Enhance SQLITE_LIMIT_TRIGGER_DEPTH so that it also limits a chain of
distinct triggers during code generation.
[bugs:/info/2026-06-15T06:44:07Z|Bug 2026-06-15T06:44:07Z].
dan [Mon, 15 Jun 2026 15:38:16 +0000 (15:38 +0000)]
Fix a problem sometimes causing an UPSERT to incorrectly convert an excluded.* column from type REAL to INT in cases where doing so does not cause data loss. Bug [bugs:/info/2026-06-15T09:08:12Z | 2026-06-15T09:08:12Z].
drh [Mon, 15 Jun 2026 15:27:26 +0000 (15:27 +0000)]
Improvements to handling of inequality constraints on generate_series().value
against very large floating-point values.
[bugs:/info/2026-06-15T04:37:48Z|Bug 2026-06-15T04:37:48Z].
drh [Mon, 15 Jun 2026 14:16:13 +0000 (14:16 +0000)]
Better behavior for generate_series() in cases where constraints involve
floating point number that are near the minimum and maximum 64-bit integer
values.
dan [Mon, 15 Jun 2026 13:39:20 +0000 (13:39 +0000)]
Avoid a possible buffer overrun in 32-bit builds of fts5 that could occur when processing corrupt records. Bug [bugs:/info/2026-06-14T12:21:15Z | 2026-06-14T12:21:15Z].
stephan [Mon, 15 Jun 2026 12:36:24 +0000 (12:36 +0000)]
Revert the native impl of kvvfs's xOpen() (as distinct from the JS impl which the wasm build uses) to the historical db name restrictions of 'local' or 'session', failing with SQLITE_CANTOPEN if passed another name. [ec866b04d088e53b] overhauled support for kvvfs db names in JS but it turns out that the native impl still relies on those names in order to match journals to databases. Correct a related too-lenient assert() in the WASM pieces.
dan [Mon, 15 Jun 2026 11:47:52 +0000 (11:47 +0000)]
Fix a problem that could cause fts5 to return incorrect answers when performing prefix queries on tokens with synonyms. Bug [bugs:/info/2026-06-14T11:11:06Z | 2026-06-14T11:11:06Z].
dan [Mon, 15 Jun 2026 11:03:13 +0000 (11:03 +0000)]
Regardless of whether the platform is 32 or 64-bits, Use 64-bit arithmetic to calculate buffer sizes in the fts3_snippet(). Bug [bugs:/info/2026-06-14T09:19:52Z | 2026-06-14T09:19:52Z].
drh [Mon, 15 Jun 2026 10:13:31 +0000 (10:13 +0000)]
Fix rounding behavior in the decimal extension when all leading digits
are 9 and there is not fractional component.
[bugs:/info/2026-06-15T03:49:42Z|Bug 2026-06-15T03:49:42Z].
drh [Sun, 14 Jun 2026 20:10:28 +0000 (20:10 +0000)]
Do not allow ridiculous "columns=N" values in the (unused) csv virtual
table in the extensions folder.
[bugs:/info/2026-06-14T15:22:47Z|Bug 2026-06-14T15:22:47Z]
drh [Sat, 13 Jun 2026 18:04:18 +0000 (18:04 +0000)]
Make the --header option to the CLI sticky, so that it does not get
turned off by subsequence --csv or similar mode change options.
[bugs:/info/2026-06-13T11:49:18Z|Bug 2026-06-13T11:49:18Z]
dan [Fri, 12 Jun 2026 18:35:24 +0000 (18:35 +0000)]
When reading a super-journal name from a journal file, allocate a new buffer rather than using Pager.pTmpSpace. This prevents a buffer overrun that could occur when using a VFS with a large sqlite3_vfs.mxPathname value with a database with a small page size.
drh [Fri, 12 Jun 2026 16:26:39 +0000 (16:26 +0000)]
Do not use shared locks on SHM files when the filename is a long DOS-device
path. Only used shared locks for UNC paths. Do not confuse the
long-DOS-device syntax with UNC paths.
dan [Fri, 12 Jun 2026 15:36:26 +0000 (15:36 +0000)]
Fix a buffer overwrite in fts3 that could occur while processing NEAR queries against corrupt records. Bug [bugs:/info/2026-06-11T23:11:26Z | 2026-06-11T23:11:26Z].
dan [Fri, 12 Jun 2026 11:24:30 +0000 (11:24 +0000)]
Fix a signed integer overflow that could occur in fts3 when processing corrupt database records. Bug [bugs:/info/2026-06-11T23:12:25Z | 2026-06-11T23:12:25Z].
dan [Wed, 10 Jun 2026 20:10:19 +0000 (20:10 +0000)]
When reading a super-journal name from a journal file, allocate a new buffer rather than using Pager.pTmpSpace. This prevents a buffer overrun that could occur when using a VFS with a large sqlite3_vfs.mxPathname value with a database with a small page size.
dan [Wed, 10 Jun 2026 16:51:20 +0000 (16:51 +0000)]
Fix a signed-integer overflow in fts5 that might occur when dealing with strategicly corrupted records. Bug [bugs:/info/2026-06-10T03:56:42Z | 2026-06-10T03:56:42Z].
drh [Wed, 10 Jun 2026 10:40:29 +0000 (10:40 +0000)]
Detect an OOM condition in the realpath() function of the fileio.c extension
and cause that function to return NULL. To Do: we should go back in and
fix realpath() to raise an SQLITE_NOMEM error on OOM rather than returning
NULL. But we will delay that, in as much as OOMs are all but impossible
on modern OSes.
[bug:/info/2026-06-10T07:46:32Z|Bug 2026-06-10T07:46:32Z].
drh [Wed, 10 Jun 2026 10:13:11 +0000 (10:13 +0000)]
Fix a possible signed integer overflow in the RBU extension given a
maliciously crafted delta.
[bugs:/info/2026-06-10T06:41:54Z|Bug 2026-06-10T06:41:54Z].
drh [Wed, 10 Jun 2026 09:51:33 +0000 (09:51 +0000)]
Harden code that processes Fossil Deltas against OOM and maliciously
malformed delta blobs.
[bugs:/info/2026-06-10T07:01:00Z|Bug 2026-06-10T07:01:00Z] and
[bugs:/info/2026-06-10T07:06:43Z|Bug 2026-06-10T07:06:43Z].
dan [Tue, 9 Jun 2026 10:43:37 +0000 (10:43 +0000)]
Avoid a possible integer overflow when fts5 tokenizes a very large document. Only possible with non-standard builds that use large values of SQLITE_MAX_LENGTH. Bug [bugs:/info/2026-06-09T05:27:16Z | 2026-06-09T05:27:16Z].
drh [Tue, 9 Jun 2026 10:16:40 +0000 (10:16 +0000)]
Change loop counter variables from int to i64 to avoid a potential
integer overflow inside an assert() statement when SQLite is compiled
with SQLITE_DEBUG and an extra-large SQLITE_MAX_LENGTH. Does not
affect production builds.
[bugs:/info/2026-06-09T08:53:14Z|Bug 2026-06-09T08:53:14Z].
dan [Mon, 8 Jun 2026 11:24:05 +0000 (11:24 +0000)]
Clamp the nToken parameter to the fts5 snippet() function between 0 and 64. It has always been documented this way, but not previously implemented. Report [bugs:/info/2026-06-08T08:29:00Z | 2026-06-08T08:29:00Z].
drh [Thu, 4 Jun 2026 16:56:11 +0000 (16:56 +0000)]
Disable the vector-IN-SELECT optimization if the number of columns is so
large that it would cause the WhereTerm.nChild column to wrap.
[bugs:/info/2026-06-04T10:00:49Z|Bug 2026-06-04T10:00:49Z].
dan [Thu, 4 Jun 2026 11:48:18 +0000 (11:48 +0000)]
Fix a crash that could be caused by configuring the pager-cache with a bulk allocation too small to fit even one page. Bug [bugs:/info/2026-06-04T07:03:12Z | 2026-06-04T07:03:12Z].
dan [Thu, 4 Jun 2026 11:19:43 +0000 (11:19 +0000)]
Fix problems with expressions like "(?,?,?) IN (SELECT c,b,a FROM ...)" when there is an index on columns "c", "b" and "a", but not in that order. Bug [bugs:/info/2026-06-04T07:02:53Z | 2026-06-04T07:02:53Z].
drh [Thu, 4 Jun 2026 11:18:11 +0000 (11:18 +0000)]
Clearly mark the ext/misc/wholenumber.c extension as "testing and
debugging use only". Fix a potential integer overflow that can occur
if the above warning is ignored.
[bugs:/info/2026-06-04T09:40:28Z|Bug 2026-06-04T09:40:28Z].
dan [Wed, 3 Jun 2026 17:21:12 +0000 (17:21 +0000)]
Update the utf-8 decoder in the ICU extension to treat invalid sequences as codepoint 0xFFFD, matching the core. Report [bugs:/info/2026-06-03T04:04:46Z | 2026-06-03T04:04:46Z].
dan [Wed, 3 Jun 2026 16:46:15 +0000 (16:46 +0000)]
Fix a faulty assert() in rtree that could fire when processing an unusually large record. Bug [bugs:/info/2026-06-03T14:44:46Z | 2026-06-03T14:44:46Z].
drh [Wed, 3 Jun 2026 16:21:17 +0000 (16:21 +0000)]
Use tail recursion on the larger of the two partitions when doing a
quicksort as part of the implementation of the median() function,
to avoid excess stack usage on pathological inputs.
[bugs:/info/2026-06-03T07:26:42Z|Bug 2026-06-03T07:26:42Z].
dan [Wed, 3 Jun 2026 15:29:59 +0000 (15:29 +0000)]
Fix an integer overflow problem in fts3 that could lead to a buffer overwrite on platforms where size_t is 32-bits. Bug [bugs:/info/2026-06-03T04:28:51Z | 2026-06-03T04:28:51Z].
drh [Wed, 3 Jun 2026 10:55:08 +0000 (10:55 +0000)]
Make the (unused, untested, and unsupported) ext/misc/compress.c routines
responsive to OOM conditions.
[bugs:/info/2026-06-03T08:28:36Z|Bug 2026-06-03T08:28:36Z].
drh [Tue, 2 Jun 2026 10:08:30 +0000 (10:08 +0000)]
Fix the CLI so that it works when compiled using STDCALL on
Microsoft x86. Change should not affect other platforms.
[forum:/info/2026-06-02T09:44:12Z|Forum 2026-06-02T09:44:12Z].
dan [Mon, 1 Jun 2026 16:20:40 +0000 (16:20 +0000)]
For expressions of the form "(x, y...) IN (SELECT a, b ...)" where the result is not true, consider the collation sequences of columns "a" and "b" when determinining if the result should be false or NULL. Bug report [bugs:/info/0785f45e67 | 2026-05-31T02:10:44Z].
stephan [Mon, 1 Jun 2026 13:14:48 +0000 (13:14 +0000)]
Remove the data type ANY added to the shell's CSV exports in [aff74e71ea734e1a], as discussed in [forum:2ea4c50f69fc9829|forum post 2026-06-01T12:01:59Z].
drh [Mon, 1 Jun 2026 12:36:28 +0000 (12:36 +0000)]
Do not allow the argument to a table-valued function to reference a table
to its right, even if the SELECT is inside a common table expression.
This is a replacement for the fix at [3c0a277e6741c722]. Fix
for multiple dbsqlfuzz reports and probably also a fix
for [bugs:/info/b6c6fad96c|Bug 2026-06-01T07:23:11Z].
drh [Mon, 1 Jun 2026 10:53:28 +0000 (10:53 +0000)]
Extra defenses against integer overflows in the untested, unused, and
unsupported transliterate() SQL extension function found in the
ext/misc/spellfix.c extension.
[bugs:/info/2026-06-01T10:34:57Z|Bug 2026-06-01T10:34:57Z].
drh [Sun, 31 May 2026 15:49:57 +0000 (15:49 +0000)]
Fix the zipfile extension so that ZIP archives containing files whose names
contain embedded \000 bytes do not cause problems.
[bugs:/info/2026-05-31T11:43:05Z|Bug 2026-05-31T11:43:05Z].
drh [Sun, 31 May 2026 09:18:31 +0000 (09:18 +0000)]
Fix the format() SQL function so that it reports TOOBIG and NOMEM errors.
Fix a possible integer overflow on %#Q formatting.
[bugs:/info/2026-05-31T02:00:07Z|Bug 2026-05-31T02:00:07Z].
drh [Sat, 30 May 2026 13:23:25 +0000 (13:23 +0000)]
Add a test to ensure an application does not try to create a geopoly
virtual table with too many columns.
[bugs:/info/2026-05-30T12:47:27Z|Bug 2026-05-30T12:47:27Z].
drh [Sat, 30 May 2026 10:24:03 +0000 (10:24 +0000)]
Harden the diskused.c extension against NULL pointer deferences that
might have previously occurred when given a corrupt database file.
[bug:/info/2026-05-30T07:08:55Z|Bug 2026-05-30T07:08:55Z].
drh [Fri, 29 May 2026 14:57:38 +0000 (14:57 +0000)]
Rename the ext/misc/analyze.c extension to ext/misc/diskused.c, to avoid
confusion with the src/analyze.c file. The function is now called
"diskused(X)" instead of "analyze(X)". The CLI command is renamed
from ".dbstat" to ".diskused".
projects / thirdparty / sqlite.git / log
