Enhance the defenses against malformed JSONB in the jsonbPayloadSize()

author drh <>

Mon, 25 May 2026 18:46:42 +0000 (18:46 +0000)

committer drh <>

Mon, 25 May 2026 18:46:42 +0000 (18:46 +0000)
author drh <>
Mon, 25 May 2026 18:46:42 +0000 (18:46 +0000)
committer drh <>
Mon, 25 May 2026 18:46:42 +0000 (18:46 +0000)
diff --git a/manifest b/manifest

index 92d92545d121e5a7d4eeca50898915cebe9f383e..e014c59fa2579c9ff6a511ebd99aa4355fdf5c02 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Use\s"-encoding\siso8859-1"\sinstead\sof\s"-encoding\sbinary"\sin\smjournal.test\sso\sthat\sthe\sscript\sworks\swith\sboth\sTcl\s8\sand\s9.
-D 2026-05-25T18:14:58.294
+C Enhance\sthe\sdefenses\sagainst\smalformed\sJSONB\sin\sthe\sjsonbPayloadSize()\nroutine.
+D 2026-05-25T18:46:42.889
  F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x
  F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
  F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
@@ -699,7 +699,7 @@ F src/hash.h 46b92795a95bfefb210f52f0c316e9d7cdbcdd7e7fcfb0d8be796d3a5767cddf
  F src/hwtime.h 21c2cf1f736e7b97502c3674d0c386db3f06870d6f10d0cf8174e2a4b8cb726e
  F src/in-operator.md 10cd8f4bcd225a32518407c2fb2484089112fd71
  F src/insert.c 8dbc22f6ddcc5f0af3abf11daeb89b1978f00059cda15ebc61251fa7724fc7ee
-F src/json.c fadf5f0a00c1af99dbc6ac78dd3c2064c40bb28e602a5746f7c66c1ec8cbb006
+F src/json.c 4b92f3d961c839e05245d6e80410f207eca061f00bd15c7e24007fdddde93cd2
  F src/legacy.c d7874bc885906868cd51e6c2156698f2754f02d9eee1bae2d687323c3ca8e5aa
  F src/loadext.c 78d5b06f18996ffa1203129b28fea043f63a87a4117539678f1d761c30b4ff65
  F src/main.c 6180079f53ccdd784df2eddc3751f49ea7153c5959bee792b19ad9f4bdbcf437
@@ -2207,8 +2207,8 @@ F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee
  F tool/warnings.sh a554d13f6e5cf3760f041b87939e3d616ec6961859c3245e8ef701d1eafc2ca2
  F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
  F tool/winmain.c 00c8fb88e365c9017db14c73d3c78af62194d9644feaf60e220ab0f411f3604c
-P b3766c3afd0ac4d31f158ee5938f19d72a047872e422b5f19b1567c60640f54d
-R 68491f627fa8594d873043b14a1150c2
-U dan
-Z 5b697bd95f0c1528a1b9895f7511a4f8
+P 897b443fb35d550891315890a5af473d347af3b6ecea11fcafafb5b06a1b50a5
+R c71d94874b145851b67d61b6f4d02ce9
+U drh
+Z 3cc13306f6222d2b47b54b5c5cbe5b10
  # Remove this line to create a well-formed Fossil manifest.
diff --git a/manifest.uuid b/manifest.uuid

index ce2706dcfeb036adefb3653a7b1e3b223e73f6a0..fdd7411ad1a507239043fa17aa7654cb6d737e3a 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-897b443fb35d550891315890a5af473d347af3b6ecea11fcafafb5b06a1b50a5
+32c9f71a989fa4c81a613398ca5c1e68eb88b2a90ac4a4a7bf39e755717f43b1
diff --git a/src/json.c b/src/json.c

index 09c77308bb83f14e3bc191d38e2f43f89e4d4d1d..69013dcde9129ee958dc75d55bc2683c3350dcf1 100644 (file)
--- a/src/json.c
+++ b/src/json.c
@@ -2124,9 +2124,10 @@ static u32 jsonbPayloadSize(const JsonParse *pParse, u32 i, u32 *pSz){
    u8 x;
    u32 sz;
    u32 n;
-  assert( i<=pParse->nBlob );
-  x = pParse->aBlob[i]>>4;
-  if( x<=11 ){
+  if( i>=pParse->nBlob ){
+    *pSz = 0;
+    return 0;
+  }else if( (x = pParse->aBlob[i]>>4)<=11 ){
      sz = x;
      n = 1;
    }else if( x==12 ){
author	drh <>
	Mon, 25 May 2026 18:46:42 +0000 (18:46 +0000)
committer	drh <>
	Mon, 25 May 2026 18:46:42 +0000 (18:46 +0000)
manifest		patch \| blob \| blame \| history
manifest.uuid		patch \| blob \| blame \| history
src/json.c		patch \| blob \| blame \| history