dan [Wed, 10 Jun 2026 20:10:19 +0000 (20:10 +0000)]
When reading a super-journal name from a journal file, allocate a new buffer rather than using Pager.pTmpSpace. This prevents a buffer overrun that could occur when using a VFS with a large sqlite3_vfs.mxPathname value with a database with a small page size.
dan [Wed, 10 Jun 2026 16:51:20 +0000 (16:51 +0000)]
Fix a signed-integer overflow in fts5 that might occur when dealing with strategicly corrupted records. Bug [bugs:/info/2026-06-10T03:56:42Z | 2026-06-10T03:56:42Z].
drh [Wed, 10 Jun 2026 10:40:29 +0000 (10:40 +0000)]
Detect an OOM condition in the realpath() function of the fileio.c extension
and cause that function to return NULL. To Do: we should go back in and
fix realpath() to raise an SQLITE_NOMEM error on OOM rather than returning
NULL. But we will delay that, in as much as OOMs are all but impossible
on modern OSes.
[bug:/info/2026-06-10T07:46:32Z|Bug 2026-06-10T07:46:32Z].
drh [Wed, 10 Jun 2026 10:13:11 +0000 (10:13 +0000)]
Fix a possible signed integer overflow in the RBU extension given a
maliciously crafted delta.
[bugs:/info/2026-06-10T06:41:54Z|Bug 2026-06-10T06:41:54Z].
drh [Wed, 10 Jun 2026 09:51:33 +0000 (09:51 +0000)]
Harden code that processes Fossil Deltas against OOM and maliciously
malformed delta blobs.
[bugs:/info/2026-06-10T07:01:00Z|Bug 2026-06-10T07:01:00Z] and
[bugs:/info/2026-06-10T07:06:43Z|Bug 2026-06-10T07:06:43Z].
dan [Tue, 9 Jun 2026 10:43:37 +0000 (10:43 +0000)]
Avoid a possible integer overflow when fts5 tokenizes a very large document. Only possible with non-standard builds that use large values of SQLITE_MAX_LENGTH. Bug [bugs:/info/2026-06-09T05:27:16Z | 2026-06-09T05:27:16Z].
drh [Tue, 9 Jun 2026 10:16:40 +0000 (10:16 +0000)]
Change loop counter variables from int to i64 to avoid a potential
integer overflow inside an assert() statement when SQLite is compiled
with SQLITE_DEBUG and an extra-large SQLITE_MAX_LENGTH. Does not
affect production builds.
[bugs:/info/2026-06-09T08:53:14Z|Bug 2026-06-09T08:53:14Z].
dan [Mon, 8 Jun 2026 11:24:05 +0000 (11:24 +0000)]
Clamp the nToken parameter to the fts5 snippet() function between 0 and 64. It has always been documented this way, but not previously implemented. Report [bugs:/info/2026-06-08T08:29:00Z | 2026-06-08T08:29:00Z].
drh [Thu, 4 Jun 2026 16:56:11 +0000 (16:56 +0000)]
Disable the vector-IN-SELECT optimization if the number of columns is so
large that it would cause the WhereTerm.nChild column to wrap.
[bugs:/info/2026-06-04T10:00:49Z|Bug 2026-06-04T10:00:49Z].
dan [Thu, 4 Jun 2026 11:48:18 +0000 (11:48 +0000)]
Fix a crash that could be caused by configuring the pager-cache with a bulk allocation too small to fit even one page. Bug [bugs:/info/2026-06-04T07:03:12Z | 2026-06-04T07:03:12Z].
dan [Thu, 4 Jun 2026 11:19:43 +0000 (11:19 +0000)]
Fix problems with expressions like "(?,?,?) IN (SELECT c,b,a FROM ...)" when there is an index on columns "c", "b" and "a", but not in that order. Bug [bugs:/info/2026-06-04T07:02:53Z | 2026-06-04T07:02:53Z].
drh [Thu, 4 Jun 2026 11:18:11 +0000 (11:18 +0000)]
Clearly mark the ext/misc/wholenumber.c extension as "testing and
debugging use only". Fix a potential integer overflow that can occur
if the above warning is ignored.
[bugs:/info/2026-06-04T09:40:28Z|Bug 2026-06-04T09:40:28Z].
dan [Wed, 3 Jun 2026 17:21:12 +0000 (17:21 +0000)]
Update the utf-8 decoder in the ICU extension to treat invalid sequences as codepoint 0xFFFD, matching the core. Report [bugs:/info/2026-06-03T04:04:46Z | 2026-06-03T04:04:46Z].
dan [Wed, 3 Jun 2026 16:46:15 +0000 (16:46 +0000)]
Fix a faulty assert() in rtree that could fire when processing an unusually large record. Bug [bugs:/info/2026-06-03T14:44:46Z | 2026-06-03T14:44:46Z].
drh [Wed, 3 Jun 2026 16:21:17 +0000 (16:21 +0000)]
Use tail recursion on the larger of the two partitions when doing a
quicksort as part of the implementation of the median() function,
to avoid excess stack usage on pathological inputs.
[bugs:/info/2026-06-03T07:26:42Z|Bug 2026-06-03T07:26:42Z].
dan [Wed, 3 Jun 2026 15:29:59 +0000 (15:29 +0000)]
Fix an integer overflow problem in fts3 that could lead to a buffer overwrite on platforms where size_t is 32-bits. Bug [bugs:/info/2026-06-03T04:28:51Z | 2026-06-03T04:28:51Z].
drh [Wed, 3 Jun 2026 10:55:08 +0000 (10:55 +0000)]
Make the (unused, untested, and unsupported) ext/misc/compress.c routines
responsive to OOM conditions.
[bugs:/info/2026-06-03T08:28:36Z|Bug 2026-06-03T08:28:36Z].
drh [Tue, 2 Jun 2026 10:08:30 +0000 (10:08 +0000)]
Fix the CLI so that it works when compiled using STDCALL on
Microsoft x86. Change should not affect other platforms.
[forum:/info/2026-06-02T09:44:12Z|Forum 2026-06-02T09:44:12Z].
dan [Mon, 1 Jun 2026 16:20:40 +0000 (16:20 +0000)]
For expressions of the form "(x, y...) IN (SELECT a, b ...)" where the result is not true, consider the collation sequences of columns "a" and "b" when determinining if the result should be false or NULL. Bug report [bugs:/info/0785f45e67 | 2026-05-31T02:10:44Z].
stephan [Mon, 1 Jun 2026 13:14:48 +0000 (13:14 +0000)]
Remove the data type ANY added to the shell's CSV exports in [aff74e71ea734e1a], as discussed in [forum:2ea4c50f69fc9829|forum post 2026-06-01T12:01:59Z].
drh [Mon, 1 Jun 2026 12:36:28 +0000 (12:36 +0000)]
Do not allow the argument to a table-valued function to reference a table
to its right, even if the SELECT is inside a common table expression.
This is a replacement for the fix at [3c0a277e6741c722]. Fix
for multiple dbsqlfuzz reports and probably also a fix
for [bugs:/info/b6c6fad96c|Bug 2026-06-01T07:23:11Z].
drh [Mon, 1 Jun 2026 10:53:28 +0000 (10:53 +0000)]
Extra defenses against integer overflows in the untested, unused, and
unsupported transliterate() SQL extension function found in the
ext/misc/spellfix.c extension.
[bugs:/info/2026-06-01T10:34:57Z|Bug 2026-06-01T10:34:57Z].
drh [Sun, 31 May 2026 15:49:57 +0000 (15:49 +0000)]
Fix the zipfile extension so that ZIP archives containing files whose names
contain embedded \000 bytes do not cause problems.
[bugs:/info/2026-05-31T11:43:05Z|Bug 2026-05-31T11:43:05Z].
drh [Sun, 31 May 2026 09:18:31 +0000 (09:18 +0000)]
Fix the format() SQL function so that it reports TOOBIG and NOMEM errors.
Fix a possible integer overflow on %#Q formatting.
[bugs:/info/2026-05-31T02:00:07Z|Bug 2026-05-31T02:00:07Z].
drh [Sat, 30 May 2026 13:23:25 +0000 (13:23 +0000)]
Add a test to ensure an application does not try to create a geopoly
virtual table with too many columns.
[bugs:/info/2026-05-30T12:47:27Z|Bug 2026-05-30T12:47:27Z].
drh [Sat, 30 May 2026 10:24:03 +0000 (10:24 +0000)]
Harden the diskused.c extension against NULL pointer deferences that
might have previously occurred when given a corrupt database file.
[bug:/info/2026-05-30T07:08:55Z|Bug 2026-05-30T07:08:55Z].
drh [Fri, 29 May 2026 14:57:38 +0000 (14:57 +0000)]
Rename the ext/misc/analyze.c extension to ext/misc/diskused.c, to avoid
confusion with the src/analyze.c file. The function is now called
"diskused(X)" instead of "analyze(X)". The CLI command is renamed
from ".dbstat" to ".diskused".
drh [Fri, 29 May 2026 12:23:38 +0000 (12:23 +0000)]
The -csv option to the CLI also sets "-limits off", for legacy
compatibility, and because that seems to make sense.
[forum:/info/2026-05-28T16:23:36Z|Forum thread 2026-05-28T16:23:36Z].
drh [Thu, 28 May 2026 11:16:55 +0000 (11:16 +0000)]
Fix an infinite loop that can occur in the unused, untested, and
unsupported ext/misc/btreeinfo.c extension if it is presented with
a corrupt database file.
[bugs:/forumpost/b43c44cc1c|Bug 2026-05-28T05:41:01Z].
dan [Fri, 22 May 2026 14:29:33 +0000 (14:29 +0000)]
Update the session module so that it can apply changesets containing two or more UPDATE changes that form a dependency loop - so that no single UPDATE can be applied independently without violating a constraint.
dan [Fri, 22 May 2026 14:22:14 +0000 (14:22 +0000)]
Add the SQLITE_CHANGESETAPPLY_NOUPDATELOOP option to the sqlite3_changeset_apply_v2/3() method. To disable the extra processing to commit changesets that swap two or more values subject to a UNIQUE constraint between rows.
drh [Thu, 21 May 2026 15:14:35 +0000 (15:14 +0000)]
Fix the VFSes so that there is no 32-bit integer overflow in the
xShmMap method if the WAL file size exceeds about 25 terabytes, or
if the header is corrupted to make SQLite think that the WAL file size
is that big.
[bugs:/info/2026-05-21T03:53:03Z|Bug 2026-05-21T03:53:03Z].
drh [Thu, 21 May 2026 13:37:15 +0000 (13:37 +0000)]
Limit the length of inputs to the spellfix1_editdist() extension
function (not part of the standard SQLite build and rarely used)
to 99999 characters, to avoid any possibility of integer overflow.
[bugs:/forumpost/5da728247a|Bug 5da728247a].
drh [Thu, 21 May 2026 13:03:18 +0000 (13:03 +0000)]
A join constraint is not an equivalence unless both operands have the
same collation.
[bugs:/info/2026-05-21T03:39:28Z|Bug 2026-05-21T03:39:28Z].
Error goes back to version 3.7.17, 13 years ago.
drh [Thu, 21 May 2026 12:04:20 +0000 (12:04 +0000)]
Enhance the xfer-optimization to verify access to the source table using
the authorizer, if an authorizer is registered.
[bugs:/info/2026-05-21T03:31:22Z|Bug 2026-05-21T03:31:22Z].
dan [Wed, 20 May 2026 11:41:24 +0000 (11:41 +0000)]
Avoid returning an SQLITE_SCHEMA error from within sqlite3session_diff() if the schema has been recently modified. First <a href=https://sqlite.org/bugs/forumpost/269f1e9cef>reported here</a>.
projects / thirdparty / sqlite.git / log
