Handle a special case of a corrupt changeset in sqlite3changegroup_add().

FossilOrigin-Name: dceee93ab38a623a6c94658583ad6e012e141d5a4eaa91b074de06e175cb4175

diff --git a/ext/session/sessionC.test b/ext/session/sessionC.test
index afe9276083c71c8d72cd4618c1e9de01d96bb49c..79d4b6f6d833303cb7f65b4f391097b44a4a19da 100644 (file)
--- a/ext/session/sessionC.test
+++ b/ext/session/sessionC.test
@@ -259,6 +259,18 @@ foreach {tn type C2hex C3hex} {
   } {1 SQLITE_CORRUPT}
 }
 
+#-------------------------------------------------------------------------
+#
+reset_db
 
-finish_test
+set CSD 5402010074000900010000000000000001030441414141
+set CSI 5402010074001200010000000000000001063258585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858585858
 
+do_test 7.0 {
+  sqlite3changegroup grp
+  grp add [db one {SELECT unhex($CSD)}]
+  list [catch { grp add [db one {SELECT unhex($CSI)}] } msg] $msg
+} {1 SQLITE_CORRUPT}
+grp delete
+
+finish_test

diff --git a/ext/session/sqlite3session.c b/ext/session/sqlite3session.c
index cb5f4c1cc0b7069a393196697ef381406f5f8ff5..427a5a5915cb5c278a60cedab9dc916a077fa8ba 100644 (file)
--- a/ext/session/sqlite3session.c
+++ b/ext/session/sqlite3session.c
@@ -638,10 +638,11 @@ static int sessionSerialLen(const u8 *a){
   int n;
   assert( a!=0 );
   e = *a;
-  if( e==0 || e==0xFF ) return 1;
-  if( e==SQLITE_NULL ) return 1;
   if( e==SQLITE_INTEGER || e==SQLITE_FLOAT ) return 9;
-  return sessionVarintGet(&a[1], &n) + 1 + n;
+  if( e==SQLITE_TEXT || e==SQLITE_BLOB ){
+    return sessionVarintGet(&a[1], &n) + 1 + n;
+  }
+  return 1;
 }
 
 /*
@@ -3702,9 +3703,11 @@ static int sessionChangesetBufferRecord(
         rc = sessionInputBuffer(pIn, nByte);
       }else if( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT ){
         nByte += 8;
+      }else if( eType!=0 && eType!=SQLITE_NULL ){
+        rc = SQLITE_CORRUPT_BKPT;
       }
     }
-    if( (pIn->iNext+nByte)>pIn->nData ){
+    if( rc==SQLITE_OK && (pIn->iNext+nByte)>pIn->nData ){
       rc = SQLITE_CORRUPT_BKPT;
     }
   }

diff --git a/manifest b/manifest
index aebb7450f1ab077f01c3f23f81325636dd77b930..cbd505942aa92d412ceb05d057f8443e588575c5 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Handle\sthe\scase\swhere\sthe\sname\sof\sthe\sconstraint\sin\san\s"ALTER\sTABLE\sDROP\sCONSTRAINT"\scommand\sis\squoted.\s[forum:8bfbaec404\s|\sForum\spost\s8bfbaec404].
-D 2026-04-15T16:22:59.434
+C Handle\sa\sspecial\scase\sof\sa\scorrupt\schangeset\sin\ssqlite3changegroup_add().
+D 2026-04-15T17:13:42.199
 F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
@@ -540,7 +540,7 @@ F ext/session/session8.test 326f3273abf9d5d2d7d559eee8f5994c4ea74a5d935562454605
 F ext/session/session9.test 0c4a8fbe7a5031f50855f020f3408e1f07fd7859f1daa1629eadcec3422072d6
 F ext/session/sessionA.test 1feeab0b8e03527f08f2f1defb442da25480138f
 F ext/session/sessionB.test c4fb7f8a688787111606e123a555f18ee04f65bb9f2a4bb2aa71d55ce4e6d02c
-F ext/session/sessionC.test 2bd42225efdf5f5b1a20f75b672665bcd4f67e2a6d7ddf7420fe7bf523ba41f8
+F ext/session/sessionC.test de98b5e173fd86c79af0d0541534398d2ea75dc0d5d74a00103eb26151b76959
 F ext/session/sessionD.test 470ff917dc849e2eb78142ade63aaabd729d773833cff0ff01bca0eda68a21ce
 F ext/session/sessionE.test b2010949c9d7415306f64e3c2072ddabc4b8250c98478d3c0c4d064bce83111d
 F ext/session/sessionF.test d37ed800881e742c208df443537bf29aa49fd56eac520d0f0c6df3e6320f3401
@@ -571,7 +571,7 @@ F ext/session/sessionrowid.test 85187c2f1b38861a5844868126f69f9ec62223a03449a98a
 F ext/session/sessionsize.test 8fcf4685993c3dbaa46a24183940ab9f5aa9ed0d23e5fb63bfffbdb56134b795
 F ext/session/sessionstat1.test 5e718d5888c0c49bbb33a7a4f816366db85f59f6a4f97544a806421b85dc2dec
 F ext/session/sessionwor.test 6fd9a2256442cebde5b2284936ae9e0d54bde692d0f5fd009ecef8511f4cf3fc
-F ext/session/sqlite3session.c d5c91d5b07d2b8e860f2782ae23f7b44ce929280e00645418ee84a0fd14525b2
+F ext/session/sqlite3session.c 871d8a4574bfc682ca0816efb55c85c5fea048e0becf9367a4b271d6a4474b2f
 F ext/session/sqlite3session.h 063e7bf7be2fff874456f452a224b5b3013b25682d108933b0351c93a1279b9c
 F ext/session/test_session.c 2a02a68b522e2f3d4a64b2a4733af54b0f3e500769aeccd5bcbdd440103db069
 F ext/wasm/GNUmakefile 68c750f173106d9d63f12c1edf1256c6f4bad9894b155da5db64322f4912de4b
@@ -2197,9 +2197,9 @@ F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee
 F tool/warnings.sh a554d13f6e5cf3760f041b87939e3d616ec6961859c3245e8ef701d1eafc2ca2
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
 F tool/winmain.c 00c8fb88e365c9017db14c73d3c78af62194d9644feaf60e220ab0f411f3604c
-P b6b1d069cd5528b79ab0412137971fca1963a500f99e5c53ae57de1dd90066d2
-Q +7f5afb12f4a5d35cfe6b95f17d85ce85ce62159515bfe26fb9c67d3ce26b6d4a
-R 851a71900348ae901688ebe64ca4a3c6
+P 2d37af77a139cdcecb959b0821e5ed925f12789a759d0c94dce29d4b30b5750a
+Q +eba625f917935437e3f366197df1c6717c7120ce0418a0cbac1d2024b2235091
+R dcb24cce5d2700ab42d311c352c4aedb
 U dan
-Z 4428c1c266384805efbe62fecbccb4cd
+Z 62b8b5c2ca906067709de2d932c7ea99
 # Remove this line to create a well-formed Fossil manifest.

diff --git a/manifest.uuid b/manifest.uuid
index 11bda9eae15022860b4dc19f40f28248e409d1c6..c5c921e4f21fb32229f58fe94f36703cee871e50 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-2d37af77a139cdcecb959b0821e5ed925f12789a759d0c94dce29d4b30b5750a
+dceee93ab38a623a6c94658583ad6e012e141d5a4eaa91b074de06e175cb4175