From: dan Date: Thu, 15 Jan 2026 17:12:57 +0000 (+0000) Subject: Avoid unsigned integer overflow in the delta_apply() extension function. X-Git-Tag: version-3.51.3~4 X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=248ee2f7cc3f8955006b579c98e8095db8174671;p=thirdparty%2Fsqlite.git Avoid unsigned integer overflow in the delta_apply() extension function. Not part of any standard deliverable. [forum:/forumpost/d41879b367c7f7ec|Forum thread d41879b367c7f7ec]. FossilOrigin-Name: 693c90a7aa33f2c3cee978773c614ccc7830633341bf53924e84a21c7e28b091 --- diff --git a/ext/misc/fossildelta.c b/ext/misc/fossildelta.c index b9ff27c532..2dc29b3c3b 100644 --- a/ext/misc/fossildelta.c +++ b/ext/misc/fossildelta.c @@ -543,8 +543,8 @@ static int delta_apply( int lenDelta, /* Length of the delta */ char *zOut /* Write the output into this preallocated buffer */ ){ - unsigned int limit; - unsigned int total = 0; + sqlite3_uint64 limit; + sqlite3_uint64 total = 0; #ifdef FOSSIL_ENABLE_DELTA_CKSUM_TEST char *zOrigOut = zOut; #endif diff --git a/manifest b/manifest index 24d9914ea3..9dd9ecb05f 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Prevent\sa\smalicious\sdelta\sfrom\scausing\san\sinteger\soverflow\sin\sthe\nfossildelta\sextension.\s\sThis\scode\sis\snot\sused\sin\sthe\sSQLite\score. -D 2026-01-15T17:11:33.649 +C Avoid\sunsigned\sinteger\soverflow\sin\sthe\sdelta_apply()\sextension\sfunction.\nNot\spart\sof\sany\sstandard\sdeliverable.\s\s\n[forum:/forumpost/d41879b367c7f7ec|Forum\sthread\sd41879b367c7f7ec]. +D 2026-01-15T17:12:57.335 F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea @@ -373,7 +373,7 @@ F ext/misc/decimal.c d4883de142f6dcd36eda23da40b55e2b51374e7b01eb54a717394019138 F ext/misc/eval.c 04bc9aada78c888394204b4ed996ab834b99726fb59603b0ee3ed6e049755dc1 F ext/misc/explain.c 606100185fb90d6a1eade1ed0414d53503c86820d8956a06e3b0a56291894f2b F ext/misc/fileio.c d80268a5328fe839062a9d3103ea0fc7cacc6d42605959275675cb37867c84f7 -F ext/misc/fossildelta.c 547d0b6744dbec531f081a8c52daf302c38d72da5f548307ee8f72a6618ff419 +F ext/misc/fossildelta.c 86dfa83f85f7ccd640591d8a5c6865346d0c2ee6a949d78591eceb892f1cbfec F ext/misc/fuzzer.c 6b231352815304ba60d8e9ec2ee73d4918e74d9b76bda8940ba2b64e8777515e F ext/misc/ieee754.c 176c061c94857b543313959289cb60cf777c999fd002f82b53d194b95e9f347a F ext/misc/memstat.c 43705d795090efb78c85c736b89251e743c291e23daaa8382fe7a0df2c6a283d @@ -2171,9 +2171,9 @@ F tool/version-info.c 33d0390ef484b3b1cb685d59362be891ea162123cea181cb8e6d2cf6dd F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee87c1b31a7 F tool/warnings.sh d924598cf2f55a4ecbc2aeb055c10bd5f48114793e7ba25f9585435da29e7e98 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f -P 492c3a07dea5953e7197abb1098169c2c2126936f97f4b7e8a45d1c7f31ebfa1 -Q +01409738afc2c0d5bdaa248ffb508aa5f36a66390f6b8e4834734529ee8ed2fa -R ddb9c6785231db9bf75d6481d5221671 +P 1f4e32e2e3985d2ccb56c87794f04557bc451e2d75b28667908d3dc6842678a2 +Q +b354dd12c25c820c04b08e0be4ba8c095fc648dfb4b71345aacce50a17fd269a +R fd20e306c91a171737de70a29dd5078a U dan -Z 01373bb2c79606553cf7c6acdd6bf31a +Z 3993622d4c708029d0919a6be5cb7c0b # Remove this line to create a well-formed Fossil manifest. diff --git a/manifest.uuid b/manifest.uuid index bf436ebfcf..611403f1d9 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -1f4e32e2e3985d2ccb56c87794f04557bc451e2d75b28667908d3dc6842678a2 +693c90a7aa33f2c3cee978773c614ccc7830633341bf53924e84a21c7e28b091