From: drh <> Date: Sat, 25 Apr 2026 15:04:21 +0000 (+0000) Subject: Fix a single-byte OOB read that could occur in the session module when concatenating... X-Git-Tag: version-3.53.1~8 X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=2ba7864bc495f613117686c08005ace8f22cf468;p=thirdparty%2Fsqlite.git Fix a single-byte OOB read that could occur in the session module when concatenating patchsets. FossilOrigin-Name: 5150cf9a89aebfd7121b4742c8b359116f16d890e83b64105bb192d3d0f68971 --- diff --git a/ext/session/sqlite3session.c b/ext/session/sqlite3session.c index 427a5a5915..b37a91071b 100644 --- a/ext/session/sqlite3session.c +++ b/ext/session/sqlite3session.c @@ -665,17 +665,17 @@ static unsigned int sessionChangeHash( u8 *a = aRecord; /* Used to iterate through change record */ for(i=0; inCol; i++){ - int eType = *a; int isPK = pTab->abPK[i]; if( bPkOnly && isPK==0 ) continue; - assert( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT - || eType==SQLITE_TEXT || eType==SQLITE_BLOB - || eType==SQLITE_NULL || eType==0 - ); - if( isPK ){ - a++; + int eType = *a++; + + assert( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT + || eType==SQLITE_TEXT || eType==SQLITE_BLOB + || eType==SQLITE_NULL || eType==0 + ); + h = sessionHashAppendType(h, eType); if( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT ){ h = sessionHashAppendI64(h, sessionGetI64(a)); diff --git a/manifest b/manifest index ca7319ba88..a54ea3859e 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Update\sinterrupt2.test\sto\savoid\susing\sTcl_GetCommandInfo()\sfrom\swithin\scalls\sto\sTcl_DeleteCommand(). -D 2026-04-23T11:33:26.512 +C Fix\sa\ssingle-byte\sOOB\sread\sthat\scould\soccur\sin\sthe\ssession\smodule\swhen\sconcatenating\spatchsets. +D 2026-04-25T15:04:21.327 F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea @@ -571,7 +571,7 @@ F ext/session/sessionrowid.test 85187c2f1b38861a5844868126f69f9ec62223a03449a98a F ext/session/sessionsize.test 8fcf4685993c3dbaa46a24183940ab9f5aa9ed0d23e5fb63bfffbdb56134b795 F ext/session/sessionstat1.test 5e718d5888c0c49bbb33a7a4f816366db85f59f6a4f97544a806421b85dc2dec F ext/session/sessionwor.test 6fd9a2256442cebde5b2284936ae9e0d54bde692d0f5fd009ecef8511f4cf3fc -F ext/session/sqlite3session.c 871d8a4574bfc682ca0816efb55c85c5fea048e0becf9367a4b271d6a4474b2f +F ext/session/sqlite3session.c 48b5585ea444c9646294d86f16ad3efa28dd19632dd3e295557c1ab40c447a4c F ext/session/sqlite3session.h 063e7bf7be2fff874456f452a224b5b3013b25682d108933b0351c93a1279b9c F ext/session/test_session.c 2a02a68b522e2f3d4a64b2a4733af54b0f3e500769aeccd5bcbdd440103db069 F ext/wasm/GNUmakefile 68c750f173106d9d63f12c1edf1256c6f4bad9894b155da5db64322f4912de4b @@ -2197,9 +2197,9 @@ F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee F tool/warnings.sh a554d13f6e5cf3760f041b87939e3d616ec6961859c3245e8ef701d1eafc2ca2 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f F tool/winmain.c 00c8fb88e365c9017db14c73d3c78af62194d9644feaf60e220ab0f411f3604c -P f1276db5dabe797dfeee2afbb9f3a3fe367b5f860a07af88963f16aa3986f7b9 -Q +1979aa0902a43f20d4e396c5f9b9a49aaf0094d8520bf53ce058bb379a7720ab -R f11617b918910a372381c0b3e84a4c32 -U dan -Z 388ee07722ec3939f79987bf90a3f40a +P 00daafed79290b9bbf7a9359b656d8841745caf22c1c3cdcbacf05eebcfe300c +Q +60d7cd625a6160ba1bc60fd00fab2e91e0deff42034c6864107c19330b35ea7a +R 1b81e2ace5ff455d19d4ba9cf8cdd961 +U drh +Z 9816a7060d2ed5fac2ecd57f975596ff # Remove this line to create a well-formed Fossil manifest. diff --git a/manifest.uuid b/manifest.uuid index 0588ecc99d..97f0577f95 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -00daafed79290b9bbf7a9359b656d8841745caf22c1c3cdcbacf05eebcfe300c +5150cf9a89aebfd7121b4742c8b359116f16d890e83b64105bb192d3d0f68971