From: dan Date: Sat, 25 Apr 2026 14:00:29 +0000 (+0000) Subject: Fix a single-byte OOB read that could occur in the session module when concatenating... X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=e2dbd0a5780158724e0ab4a34cae759f2e0fde1c;p=thirdparty%2Fsqlite.git Fix a single-byte OOB read that could occur in the session module when concatenating patchsets. FossilOrigin-Name: 60d7cd625a6160ba1bc60fd00fab2e91e0deff42034c6864107c19330b35ea7a --- diff --git a/ext/session/sqlite3session.c b/ext/session/sqlite3session.c index 427a5a5915..b37a91071b 100644 --- a/ext/session/sqlite3session.c +++ b/ext/session/sqlite3session.c @@ -665,17 +665,17 @@ static unsigned int sessionChangeHash( u8 *a = aRecord; /* Used to iterate through change record */ for(i=0; inCol; i++){ - int eType = *a; int isPK = pTab->abPK[i]; if( bPkOnly && isPK==0 ) continue; - assert( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT - || eType==SQLITE_TEXT || eType==SQLITE_BLOB - || eType==SQLITE_NULL || eType==0 - ); - if( isPK ){ - a++; + int eType = *a++; + + assert( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT + || eType==SQLITE_TEXT || eType==SQLITE_BLOB + || eType==SQLITE_NULL || eType==0 + ); + h = sessionHashAppendType(h, eType); if( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT ){ h = sessionHashAppendI64(h, sessionGetI64(a)); diff --git a/manifest b/manifest index 708b554f36..5a29906efe 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Minor\scode\ssimplification\sin\sthe\sCLI. -D 2026-04-25T10:45:17.725 +C Fix\sa\ssingle-byte\sOOB\sread\sthat\scould\soccur\sin\sthe\ssession\smodule\swhen\sconcatenating\spatchsets. +D 2026-04-25T14:00:29.685 F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea @@ -572,7 +572,7 @@ F ext/session/sessionrowid.test 85187c2f1b38861a5844868126f69f9ec62223a03449a98a F ext/session/sessionsize.test 8fcf4685993c3dbaa46a24183940ab9f5aa9ed0d23e5fb63bfffbdb56134b795 F ext/session/sessionstat1.test 5e718d5888c0c49bbb33a7a4f816366db85f59f6a4f97544a806421b85dc2dec F ext/session/sessionwor.test 6fd9a2256442cebde5b2284936ae9e0d54bde692d0f5fd009ecef8511f4cf3fc -F ext/session/sqlite3session.c 871d8a4574bfc682ca0816efb55c85c5fea048e0becf9367a4b271d6a4474b2f +F ext/session/sqlite3session.c 48b5585ea444c9646294d86f16ad3efa28dd19632dd3e295557c1ab40c447a4c F ext/session/sqlite3session.h 063e7bf7be2fff874456f452a224b5b3013b25682d108933b0351c93a1279b9c F ext/session/test_session.c 2a02a68b522e2f3d4a64b2a4733af54b0f3e500769aeccd5bcbdd440103db069 F ext/wasm/GNUmakefile 68c750f173106d9d63f12c1edf1256c6f4bad9894b155da5db64322f4912de4b @@ -2203,8 +2203,8 @@ F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee F tool/warnings.sh a554d13f6e5cf3760f041b87939e3d616ec6961859c3245e8ef701d1eafc2ca2 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f F tool/winmain.c 00c8fb88e365c9017db14c73d3c78af62194d9644feaf60e220ab0f411f3604c -P 4a5cac1d00e1fa287ab8ce3437c0152a9f362d72bdb9976889c93f6368b3fd66 -R 54dd7b78242779e894b6624461f247f2 -U drh -Z f75c7b9141c88c54596f2cf13247113b +P 59795c71e5745e8a27dc596b9f1fc8f137df58a6ec8d8d0dab2b31cf8562796d +R 3c4f1d363927c77a0338b43645f8f815 +U dan +Z 2cd3a403c782b9b8555876358ed7ac46 # Remove this line to create a well-formed Fossil manifest. diff --git a/manifest.uuid b/manifest.uuid index a656f3feb1..f06ec78053 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -59795c71e5745e8a27dc596b9f1fc8f137df58a6ec8d8d0dab2b31cf8562796d +60d7cd625a6160ba1bc60fd00fab2e91e0deff42034c6864107c19330b35ea7a