]> git.ipfire.org Git - thirdparty/sqlite.git/commitdiff
projects / thirdparty / sqlite.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d58b463)
Prevent integer overflow in the ICU extension.
authordrh <>
Tue, 19 May 2026 18:56:11 +0000 (18:56 +0000)
committerdrh <>
Tue, 19 May 2026 18:56:11 +0000 (18:56 +0000)
[bugs:/forumpost/844bdd7d5c|Bug report 844bdd7d5c].

FossilOrigin-Name: c20cb75ca07d0553d7a847c65a40efb2e5c587579ec32b02121a8963c70db12f

ext/icu/icu.c patch | blob | blame | history
manifest patch | blob | blame | history
manifest.uuid patch | blob | blame | history

diff --git a/ext/icu/icu.c b/ext/icu/icu.c
index 50110072b5fd705136f275522b087de898ed7d18..080ef7bfda2ad609fc8da7b35961d0923b928b95 100644 (file)
--- a/ext/icu/icu.c
+++ b/ext/icu/icu.c
@@ -362,7 +362,7 @@ static void icuCaseFunc16(sqlite3_context *p, int nArg, sqlite3_value **apArg){
   const UChar *zInput;            /* Pointer to input string */
   UChar *zOutput = 0;             /* Pointer to output buffer */
   int nInput;                     /* Size of utf-16 input string in bytes */
-  int nOut;                       /* Size of output buffer in bytes */
+  sqlite3_int64 nOut;             /* Size of output buffer in bytes */
   int cnt;
   int bToUpper;                   /* True for toupper(), false for tolower() */
   UErrorCode status;
@@ -385,7 +385,7 @@ static void icuCaseFunc16(sqlite3_context *p, int nArg, sqlite3_value **apArg){
   }
 
   for(cnt=0; cnt<2; cnt++){
-    UChar *zNew = sqlite3_realloc(zOutput, nOut);
+    UChar *zNew = sqlite3_realloc64(zOutput, nOut);
     if( zNew==0 ){
       sqlite3_free(zOutput);
       sqlite3_result_error_nomem(p);
@@ -394,9 +394,9 @@ static void icuCaseFunc16(sqlite3_context *p, int nArg, sqlite3_value **apArg){
     zOutput = zNew;
     status = U_ZERO_ERROR;
     if( bToUpper ){
-      nOut = 2*u_strToUpper(zOutput,nOut/2,zInput,nInput/2,zLocale,&status);
+      nOut = 2LL*u_strToUpper(zOutput,nOut/2,zInput,nInput/2,zLocale,&status);
     }else{
-      nOut = 2*u_strToLower(zOutput,nOut/2,zInput,nInput/2,zLocale,&status);
+      nOut = 2LL*u_strToLower(zOutput,nOut/2,zInput,nInput/2,zLocale,&status);
     }
 
     if( U_SUCCESS(status) ){
diff --git a/manifest b/manifest
index 551a2d1a20bac6a3294adacd71c9fe6943130765..2597956a0ec46502dc3888420ed6d03de14e760b 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Fix\san\sassertion\sfault\sthat\scan\soccur\sin\sRTree\sgiven\sa\scarefully\ncorrupted\sdatabase.\n[bugs:/forumpost/2026-05-18T06:46:01Z|Bug\sreport\s2026-05-18T06:46:01Z].
-D 2026-05-19T18:45:05.537
+C Prevent\sinteger\soverflow\sin\sthe\sICU\sextension.\n[bugs:/forumpost/844bdd7d5c|Bug\sreport\s844bdd7d5c].
+D 2026-05-19T18:56:11.055
 F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
@@ -279,7 +279,7 @@ F ext/fts5/tool/loadfts5.tcl 95b03429ee6b138645703c6ca192c3ac96eaf093
 F ext/fts5/tool/mkfts5c.tcl 135b9e160f8e10211c10c5873d5e8c3eaebd3da9ec56a12ae4db157d4738ffe4
 F ext/fts5/tool/showfts5.tcl d54da0e067306663e2d5d523965ca487698e722c
 F ext/icu/README.txt 1f8d76e10d2385fc77914a14ccd99acfbaf68111dfcf26a360ad9063787f57fb
-F ext/icu/icu.c 9837f4611915baad1edbe38222f3ee7d1b5e118ab16fec9ba603720f72c78b2a
+F ext/icu/icu.c 535d0d61f109e760a56e1afc450414ebfb0e2d594e2233b30315b815e3433ac2
 F ext/icu/sqliteicu.h fa373836ed5a1ee7478bdf8a1650689294e41d0c89c1daab26e9ae78a32075a8
 F ext/intck/intck1.test 53d885075abeb45aeb1eeffeaa8560b329060835ade4af5c44cf5fcb581c1e63
 F ext/intck/intck2.test a29343a8e65c5c3400e10747f394924f3df95a5b2de94f46e9b5c9b97f5e7339
@@ -2205,8 +2205,8 @@ F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee
 F tool/warnings.sh a554d13f6e5cf3760f041b87939e3d616ec6961859c3245e8ef701d1eafc2ca2
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
 F tool/winmain.c 00c8fb88e365c9017db14c73d3c78af62194d9644feaf60e220ab0f411f3604c
-P 4d8c3a2919dc942a0a044ec7582a688e0f93e91f4a465bb94390fbe3ad1b50b4
-R de6885248d73ae4c4f72cf1bd72de051
+P 7cf841f3613c8302a419638bdec83b1b9799f00cfedbfe40dca0a1a005c196b5
+R c09ea06136ac3cac53ec6500866ca74e
 U drh
-Z 06d0676a46a703e62cc9d2319d678a43
+Z 6b7926c233703a2415b0bb403daa663f
 # Remove this line to create a well-formed Fossil manifest.
diff --git a/manifest.uuid b/manifest.uuid
index 936563b42ecb8204cbf0087501cec6ed8d6addc3..49b58717eb8650dca13c2b47a083bc222b940e58 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-7cf841f3613c8302a419638bdec83b1b9799f00cfedbfe40dca0a1a005c196b5
+c20cb75ca07d0553d7a847c65a40efb2e5c587579ec32b02121a8963c70db12f
Mirror of https://github.com/sqlite/sqlite.git