Fix a single-byte OOB read that could occur in the session module when concatenating...

FossilOrigin-Name: 60d7cd625a6160ba1bc60fd00fab2e91e0deff42034c6864107c19330b35ea7a

diff --git a/ext/session/sqlite3session.c b/ext/session/sqlite3session.c
index 427a5a5915cb5c278a60cedab9dc916a077fa8ba..b37a91071ba1bfa3046145b1ff598d3fbad38717 100644 (file)
--- a/ext/session/sqlite3session.c
+++ b/ext/session/sqlite3session.c
@@ -665,17 +665,17 @@ static unsigned int sessionChangeHash(
   u8 *a = aRecord;                /* Used to iterate through change record */
 
   for(i=0; i<pTab->nCol; i++){
-    int eType = *a;
     int isPK = pTab->abPK[i];
     if( bPkOnly && isPK==0 ) continue;
 
-    assert( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT 
-         || eType==SQLITE_TEXT || eType==SQLITE_BLOB 
-         || eType==SQLITE_NULL || eType==0 
-    );
-
     if( isPK ){
-      a++;
+      int eType = *a++;
+
+      assert( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT 
+           || eType==SQLITE_TEXT || eType==SQLITE_BLOB 
+           || eType==SQLITE_NULL || eType==0 
+      );
+
       h = sessionHashAppendType(h, eType);
       if( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT ){
         h = sessionHashAppendI64(h, sessionGetI64(a));

diff --git a/manifest b/manifest
index 708b554f367506498f3759a8193194e3ae018b83..5a29906efed01475d74622fc44d8a6a237bc88ec 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Minor\scode\ssimplification\sin\sthe\sCLI.
-D 2026-04-25T10:45:17.725
+C Fix\sa\ssingle-byte\sOOB\sread\sthat\scould\soccur\sin\sthe\ssession\smodule\swhen\sconcatenating\spatchsets.
+D 2026-04-25T14:00:29.685
 F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
@@ -572,7 +572,7 @@ F ext/session/sessionrowid.test 85187c2f1b38861a5844868126f69f9ec62223a03449a98a
 F ext/session/sessionsize.test 8fcf4685993c3dbaa46a24183940ab9f5aa9ed0d23e5fb63bfffbdb56134b795
 F ext/session/sessionstat1.test 5e718d5888c0c49bbb33a7a4f816366db85f59f6a4f97544a806421b85dc2dec
 F ext/session/sessionwor.test 6fd9a2256442cebde5b2284936ae9e0d54bde692d0f5fd009ecef8511f4cf3fc
-F ext/session/sqlite3session.c 871d8a4574bfc682ca0816efb55c85c5fea048e0becf9367a4b271d6a4474b2f
+F ext/session/sqlite3session.c 48b5585ea444c9646294d86f16ad3efa28dd19632dd3e295557c1ab40c447a4c
 F ext/session/sqlite3session.h 063e7bf7be2fff874456f452a224b5b3013b25682d108933b0351c93a1279b9c
 F ext/session/test_session.c 2a02a68b522e2f3d4a64b2a4733af54b0f3e500769aeccd5bcbdd440103db069
 F ext/wasm/GNUmakefile 68c750f173106d9d63f12c1edf1256c6f4bad9894b155da5db64322f4912de4b
@@ -2203,8 +2203,8 @@ F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee
 F tool/warnings.sh a554d13f6e5cf3760f041b87939e3d616ec6961859c3245e8ef701d1eafc2ca2
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
 F tool/winmain.c 00c8fb88e365c9017db14c73d3c78af62194d9644feaf60e220ab0f411f3604c
-P 4a5cac1d00e1fa287ab8ce3437c0152a9f362d72bdb9976889c93f6368b3fd66
-R 54dd7b78242779e894b6624461f247f2
-U drh
-Z f75c7b9141c88c54596f2cf13247113b
+P 59795c71e5745e8a27dc596b9f1fc8f137df58a6ec8d8d0dab2b31cf8562796d
+R 3c4f1d363927c77a0338b43645f8f815
+U dan
+Z 2cd3a403c782b9b8555876358ed7ac46
 # Remove this line to create a well-formed Fossil manifest.

diff --git a/manifest.uuid b/manifest.uuid
index a656f3feb1deef5f7012383b438616d733ff14ec..f06ec78053f6b031e696f2010c64fd3944107f02 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-59795c71e5745e8a27dc596b9f1fc8f137df58a6ec8d8d0dab2b31cf8562796d
+60d7cd625a6160ba1bc60fd00fab2e91e0deff42034c6864107c19330b35ea7a