From: drh <> Date: Tue, 19 May 2026 10:33:53 +0000 (+0000) Subject: Limit the size of input strings to the (disused) spellfix extension X-Git-Tag: release~45 X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=62587d292bc0d467b54528bfd862a8a284d2db08;p=thirdparty%2Fsqlite.git Limit the size of input strings to the (disused) spellfix extension to avoid excessive runtime and integer overflows. FossilOrigin-Name: 2a8951b548a9408df300d238a9fea313268a30c322f0efc0b233bdd3e71a7f9d --- diff --git a/ext/misc/spellfix.c b/ext/misc/spellfix.c index f51f3bdfe0..bb0ab0b44e 100644 --- a/ext/misc/spellfix.c +++ b/ext/misc/spellfix.c @@ -1008,6 +1008,8 @@ static int editDist3Core( unsigned int stackSpace[SQLITE_SPELLFIX_STACKALLOC_SZ/sizeof(unsigned int)]; /* allocate the Wagner matrix and the aTo[] array for the TO string */ + if( n2>10000 ) return -2; + if( f.n>10000 ) return -2; n = (f.n+1)*(n2+1); n = (n+1)&~1; nByte = n*sizeof(m[0]) + sizeof(a2[0])*n2; @@ -1198,6 +1200,8 @@ static void editDist3SqlFunc( editDist3FromStringDelete(pFrom); if( dist==(-1) ){ sqlite3_result_error_nomem(context); + }else if( dist==(-2) ){ + sqlite3_result_error_toobig(context); }else{ sqlite3_result_int(context, dist); } diff --git a/manifest b/manifest index 2eedad2329..be6f965d01 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Fix\sa\sNULL\spointer\sdereference\sin\sthe\sobscure\s(and\sunused)\sprefixes\nextension,\swhich\sI\shad\sforgotten\seven\sexisted. -D 2026-05-19T10:30:29.681 +C Limit\sthe\ssize\sof\sinput\sstrings\sto\sthe\s(disused)\sspellfix\sextension\nto\savoid\sexcessive\sruntime\sand\sinteger\soverflows. +D 2026-05-19T10:33:53.258 F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea @@ -398,7 +398,7 @@ F ext/misc/series.c 496f43bac9bad2ee2cea63fb5212036f30ad3003b4cd317d5c2d6f3ad7c7 F ext/misc/sha1.c 8bf60344c11a525384c2efd1ae77f160b06be336db679effaadf292d4b41451c F ext/misc/shathree.c fd22d70620f86a0467acfdd3acd8435d5cb54eb1e2d9ff36ae44e389826993df F ext/misc/showauth.c 732578f0fe4ce42d577e1c86dc89dd14a006ab52 -F ext/misc/spellfix.c 693c8fd3293087fa821322967a97e59dfa24051e5d2ca7fa85790a4034db6fa4 +F ext/misc/spellfix.c 33c92014c4662c2678ec01fd7dfa622aeff2f6f0f7821f643b331d4cabac2c7e F ext/misc/sqlar.c 97c100b010159c08a7a9acd8eb1ea510a5522e64741aaafcd7b6c629de682edc F ext/misc/sqlite3_stdio.c b43a0f530c6f0fb3d41d9af8c0b40f3f71198a1db55ab8ffffbef5c8cc329d22 F ext/misc/sqlite3_stdio.h 27a4ecea47e61bc9574ccdf2806f468afe23af2f95028c9b689bfa08ab1ce99f @@ -1670,7 +1670,7 @@ F test/speedtest1.c 6c01252e66f46de0b6b8d5316e03521e2151782104f3608c10262aa5dce8 F test/spellfix.test 951a6405d49d1a23d6b78027d3877b4a33eeb8221dcab5704b499755bb4f552e F test/spellfix2.test dfc8f519a3fc204cb2dfa8b4f29821ae90f6f8c3 F test/spellfix3.test 0f9efaaa502a0e0a09848028518a6fb096c8ad33 -F test/spellfix4.test 51c7c26514ade169855c66bcf130bd5acfb4d7fd090cc624645ab275ae6a41fb +F test/spellfix4.test 7c56a09de68b95051ef0627fe235e514efbba2aa816dc2a9c5c670d98877e632 F test/sqldiff1.test 1b7ab4f312442c5cc6b3a5f299fa8ca051416d1dd173cb1126fd51bf64f2c3fb F test/sqllimits1.test 408131e4975d61868711c83f101a56d4602313cc5cae88d3eee81c1da364fd89 F test/sqllog.test 6af6cb0b09f4e44e1917e06ce85be7670302517a @@ -2198,9 +2198,9 @@ F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee F tool/warnings.sh a554d13f6e5cf3760f041b87939e3d616ec6961859c3245e8ef701d1eafc2ca2 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f F tool/winmain.c 00c8fb88e365c9017db14c73d3c78af62194d9644feaf60e220ab0f411f3604c -P 9bf2f4ca8f3d0cce2ac0bf3742a04a83460d309bd8864bd414946d35106014a9 -Q +4880adc053b0f21633936347fd5610e4338b15da39607d8ba5a6b32d1516e8cb -R 3774ec557a88b5c578c28228d99536f7 +P 24b8ecd17f70f222c40aa91382515a7d0d0b82c882498ae0714818d672806e7f +Q +4b16b80cf2e26c41f0828d65883145dc81c0987110c3f04a864cec43e7c418e5 +R 6f5606fdbd8f4c5422503bb256f4ddcd U drh -Z 4d02eabbd2e500772250f8e258de799f +Z 6768569daddda80128545c4db75384d8 # Remove this line to create a well-formed Fossil manifest. diff --git a/manifest.uuid b/manifest.uuid index 562ab404c8..04bb7e778e 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -24b8ecd17f70f222c40aa91382515a7d0d0b82c882498ae0714818d672806e7f +2a8951b548a9408df300d238a9fea313268a30c322f0efc0b233bdd3e71a7f9d diff --git a/test/spellfix4.test b/test/spellfix4.test index caf6d5139a..6b9f09b3d7 100644 --- a/test/spellfix4.test +++ b/test/spellfix4.test @@ -350,4 +350,14 @@ do_execsql_test 320 { ) } {69d0a31872203a775e19325ea98cd053} +do_catchsql_test 400 { + SELECT editdist3(format('%.10001c','x'),'abc'); +} {1 {string or blob too big}} +do_catchsql_test 401 { + SELECT editdist3('xxxabc',format('%.10001c','x')); +} {1 {string or blob too big}} +do_catchsql_test 410 { + SELECT editdist3(format('abc%.9997c','x'),format('abc%.9997c','x')); +} {0 0} + finish_test