From: drh <> Date: Tue, 19 May 2026 18:56:11 +0000 (+0000) Subject: Prevent integer overflow in the ICU extension. X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=632b618063002fd1497584b557e24f86a5ce07b3;p=thirdparty%2Fsqlite.git Prevent integer overflow in the ICU extension. [bugs:/forumpost/844bdd7d5c|Bug report 844bdd7d5c]. FossilOrigin-Name: c20cb75ca07d0553d7a847c65a40efb2e5c587579ec32b02121a8963c70db12f --- diff --git a/ext/icu/icu.c b/ext/icu/icu.c index 50110072b5..080ef7bfda 100644 --- a/ext/icu/icu.c +++ b/ext/icu/icu.c @@ -362,7 +362,7 @@ static void icuCaseFunc16(sqlite3_context *p, int nArg, sqlite3_value **apArg){ const UChar *zInput; /* Pointer to input string */ UChar *zOutput = 0; /* Pointer to output buffer */ int nInput; /* Size of utf-16 input string in bytes */ - int nOut; /* Size of output buffer in bytes */ + sqlite3_int64 nOut; /* Size of output buffer in bytes */ int cnt; int bToUpper; /* True for toupper(), false for tolower() */ UErrorCode status; @@ -385,7 +385,7 @@ static void icuCaseFunc16(sqlite3_context *p, int nArg, sqlite3_value **apArg){ } for(cnt=0; cnt<2; cnt++){ - UChar *zNew = sqlite3_realloc(zOutput, nOut); + UChar *zNew = sqlite3_realloc64(zOutput, nOut); if( zNew==0 ){ sqlite3_free(zOutput); sqlite3_result_error_nomem(p); @@ -394,9 +394,9 @@ static void icuCaseFunc16(sqlite3_context *p, int nArg, sqlite3_value **apArg){ zOutput = zNew; status = U_ZERO_ERROR; if( bToUpper ){ - nOut = 2*u_strToUpper(zOutput,nOut/2,zInput,nInput/2,zLocale,&status); + nOut = 2LL*u_strToUpper(zOutput,nOut/2,zInput,nInput/2,zLocale,&status); }else{ - nOut = 2*u_strToLower(zOutput,nOut/2,zInput,nInput/2,zLocale,&status); + nOut = 2LL*u_strToLower(zOutput,nOut/2,zInput,nInput/2,zLocale,&status); } if( U_SUCCESS(status) ){ diff --git a/manifest b/manifest index 551a2d1a20..2597956a0e 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Fix\san\sassertion\sfault\sthat\scan\soccur\sin\sRTree\sgiven\sa\scarefully\ncorrupted\sdatabase.\n[bugs:/forumpost/2026-05-18T06:46:01Z|Bug\sreport\s2026-05-18T06:46:01Z]. -D 2026-05-19T18:45:05.537 +C Prevent\sinteger\soverflow\sin\sthe\sICU\sextension.\n[bugs:/forumpost/844bdd7d5c|Bug\sreport\s844bdd7d5c]. +D 2026-05-19T18:56:11.055 F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea @@ -279,7 +279,7 @@ F ext/fts5/tool/loadfts5.tcl 95b03429ee6b138645703c6ca192c3ac96eaf093 F ext/fts5/tool/mkfts5c.tcl 135b9e160f8e10211c10c5873d5e8c3eaebd3da9ec56a12ae4db157d4738ffe4 F ext/fts5/tool/showfts5.tcl d54da0e067306663e2d5d523965ca487698e722c F ext/icu/README.txt 1f8d76e10d2385fc77914a14ccd99acfbaf68111dfcf26a360ad9063787f57fb -F ext/icu/icu.c 9837f4611915baad1edbe38222f3ee7d1b5e118ab16fec9ba603720f72c78b2a +F ext/icu/icu.c 535d0d61f109e760a56e1afc450414ebfb0e2d594e2233b30315b815e3433ac2 F ext/icu/sqliteicu.h fa373836ed5a1ee7478bdf8a1650689294e41d0c89c1daab26e9ae78a32075a8 F ext/intck/intck1.test 53d885075abeb45aeb1eeffeaa8560b329060835ade4af5c44cf5fcb581c1e63 F ext/intck/intck2.test a29343a8e65c5c3400e10747f394924f3df95a5b2de94f46e9b5c9b97f5e7339 @@ -2205,8 +2205,8 @@ F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee F tool/warnings.sh a554d13f6e5cf3760f041b87939e3d616ec6961859c3245e8ef701d1eafc2ca2 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f F tool/winmain.c 00c8fb88e365c9017db14c73d3c78af62194d9644feaf60e220ab0f411f3604c -P 4d8c3a2919dc942a0a044ec7582a688e0f93e91f4a465bb94390fbe3ad1b50b4 -R de6885248d73ae4c4f72cf1bd72de051 +P 7cf841f3613c8302a419638bdec83b1b9799f00cfedbfe40dca0a1a005c196b5 +R c09ea06136ac3cac53ec6500866ca74e U drh -Z 06d0676a46a703e62cc9d2319d678a43 +Z 6b7926c233703a2415b0bb403daa663f # Remove this line to create a well-formed Fossil manifest. diff --git a/manifest.uuid b/manifest.uuid index 936563b42e..49b58717eb 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -7cf841f3613c8302a419638bdec83b1b9799f00cfedbfe40dca0a1a005c196b5 +c20cb75ca07d0553d7a847c65a40efb2e5c587579ec32b02121a8963c70db12f