drh [Thu, 4 Jun 2026 16:56:11 +0000 (16:56 +0000)]
Disable the vector-IN-SELECT optimization if the number of columns is so
large that it would cause the WhereTerm.nChild column to wrap.
[bugs:/info/2026-06-04T10:00:49Z|Bug 2026-06-04T10:00:49Z].
dan [Thu, 4 Jun 2026 11:48:18 +0000 (11:48 +0000)]
Fix a crash that could be caused by configuring the pager-cache with a bulk allocation too small to fit even one page. Bug [bugs:/info/2026-06-04T07:03:12Z | 2026-06-04T07:03:12Z].
dan [Thu, 4 Jun 2026 11:19:43 +0000 (11:19 +0000)]
Fix problems with expressions like "(?,?,?) IN (SELECT c,b,a FROM ...)" when there is an index on columns "c", "b" and "a", but not in that order. Bug [bugs:/info/2026-06-04T07:02:53Z | 2026-06-04T07:02:53Z].
drh [Thu, 4 Jun 2026 11:18:11 +0000 (11:18 +0000)]
Clearly mark the ext/misc/wholenumber.c extension as "testing and
debugging use only". Fix a potential integer overflow that can occur
if the above warning is ignored.
[bugs:/info/2026-06-04T09:40:28Z|Bug 2026-06-04T09:40:28Z].
dan [Wed, 3 Jun 2026 17:21:12 +0000 (17:21 +0000)]
Update the utf-8 decoder in the ICU extension to treat invalid sequences as codepoint 0xFFFD, matching the core. Report [bugs:/info/2026-06-03T04:04:46Z | 2026-06-03T04:04:46Z].
dan [Wed, 3 Jun 2026 16:46:15 +0000 (16:46 +0000)]
Fix a faulty assert() in rtree that could fire when processing an unusually large record. Bug [bugs:/info/2026-06-03T14:44:46Z | 2026-06-03T14:44:46Z].
drh [Wed, 3 Jun 2026 16:21:17 +0000 (16:21 +0000)]
Use tail recursion on the larger of the two partitions when doing a
quicksort as part of the implementation of the median() function,
to avoid excess stack usage on pathological inputs.
[bugs:/info/2026-06-03T07:26:42Z|Bug 2026-06-03T07:26:42Z].
dan [Wed, 3 Jun 2026 15:29:59 +0000 (15:29 +0000)]
Fix an integer overflow problem in fts3 that could lead to a buffer overwrite on platforms where size_t is 32-bits. Bug [bugs:/info/2026-06-03T04:28:51Z | 2026-06-03T04:28:51Z].
drh [Wed, 3 Jun 2026 10:55:08 +0000 (10:55 +0000)]
Make the (unused, untested, and unsupported) ext/misc/compress.c routines
responsive to OOM conditions.
[bugs:/info/2026-06-03T08:28:36Z|Bug 2026-06-03T08:28:36Z].
drh [Tue, 2 Jun 2026 10:08:30 +0000 (10:08 +0000)]
Fix the CLI so that it works when compiled using STDCALL on
Microsoft x86. Change should not affect other platforms.
[forum:/info/2026-06-02T09:44:12Z|Forum 2026-06-02T09:44:12Z].
dan [Mon, 1 Jun 2026 16:20:40 +0000 (16:20 +0000)]
For expressions of the form "(x, y...) IN (SELECT a, b ...)" where the result is not true, consider the collation sequences of columns "a" and "b" when determinining if the result should be false or NULL. Bug report [bugs:/info/0785f45e67 | 2026-05-31T02:10:44Z].
stephan [Mon, 1 Jun 2026 13:14:48 +0000 (13:14 +0000)]
Remove the data type ANY added to the shell's CSV exports in [aff74e71ea734e1a], as discussed in [forum:2ea4c50f69fc9829|forum post 2026-06-01T12:01:59Z].
drh [Mon, 1 Jun 2026 12:36:28 +0000 (12:36 +0000)]
Do not allow the argument to a table-valued function to reference a table
to its right, even if the SELECT is inside a common table expression.
This is a replacement for the fix at [3c0a277e6741c722]. Fix
for multiple dbsqlfuzz reports and probably also a fix
for [bugs:/info/b6c6fad96c|Bug 2026-06-01T07:23:11Z].
drh [Mon, 1 Jun 2026 10:53:28 +0000 (10:53 +0000)]
Extra defenses against integer overflows in the untested, unused, and
unsupported transliterate() SQL extension function found in the
ext/misc/spellfix.c extension.
[bugs:/info/2026-06-01T10:34:57Z|Bug 2026-06-01T10:34:57Z].
drh [Sun, 31 May 2026 15:49:57 +0000 (15:49 +0000)]
Fix the zipfile extension so that ZIP archives containing files whose names
contain embedded \000 bytes do not cause problems.
[bugs:/info/2026-05-31T11:43:05Z|Bug 2026-05-31T11:43:05Z].
drh [Sun, 31 May 2026 09:18:31 +0000 (09:18 +0000)]
Fix the format() SQL function so that it reports TOOBIG and NOMEM errors.
Fix a possible integer overflow on %#Q formatting.
[bugs:/info/2026-05-31T02:00:07Z|Bug 2026-05-31T02:00:07Z].
drh [Sat, 30 May 2026 13:23:25 +0000 (13:23 +0000)]
Add a test to ensure an application does not try to create a geopoly
virtual table with too many columns.
[bugs:/info/2026-05-30T12:47:27Z|Bug 2026-05-30T12:47:27Z].
drh [Sat, 30 May 2026 10:24:03 +0000 (10:24 +0000)]
Harden the diskused.c extension against NULL pointer deferences that
might have previously occurred when given a corrupt database file.
[bug:/info/2026-05-30T07:08:55Z|Bug 2026-05-30T07:08:55Z].
drh [Fri, 29 May 2026 14:57:38 +0000 (14:57 +0000)]
Rename the ext/misc/analyze.c extension to ext/misc/diskused.c, to avoid
confusion with the src/analyze.c file. The function is now called
"diskused(X)" instead of "analyze(X)". The CLI command is renamed
from ".dbstat" to ".diskused".
drh [Fri, 29 May 2026 12:23:38 +0000 (12:23 +0000)]
The -csv option to the CLI also sets "-limits off", for legacy
compatibility, and because that seems to make sense.
[forum:/info/2026-05-28T16:23:36Z|Forum thread 2026-05-28T16:23:36Z].
drh [Thu, 28 May 2026 11:16:55 +0000 (11:16 +0000)]
Fix an infinite loop that can occur in the unused, untested, and
unsupported ext/misc/btreeinfo.c extension if it is presented with
a corrupt database file.
[bugs:/forumpost/b43c44cc1c|Bug 2026-05-28T05:41:01Z].
dan [Fri, 22 May 2026 14:29:33 +0000 (14:29 +0000)]
Update the session module so that it can apply changesets containing two or more UPDATE changes that form a dependency loop - so that no single UPDATE can be applied independently without violating a constraint.
dan [Fri, 22 May 2026 14:22:14 +0000 (14:22 +0000)]
Add the SQLITE_CHANGESETAPPLY_NOUPDATELOOP option to the sqlite3_changeset_apply_v2/3() method. To disable the extra processing to commit changesets that swap two or more values subject to a UNIQUE constraint between rows.
drh [Thu, 21 May 2026 15:14:35 +0000 (15:14 +0000)]
Fix the VFSes so that there is no 32-bit integer overflow in the
xShmMap method if the WAL file size exceeds about 25 terabytes, or
if the header is corrupted to make SQLite think that the WAL file size
is that big.
[bugs:/info/2026-05-21T03:53:03Z|Bug 2026-05-21T03:53:03Z].
drh [Thu, 21 May 2026 13:37:15 +0000 (13:37 +0000)]
Limit the length of inputs to the spellfix1_editdist() extension
function (not part of the standard SQLite build and rarely used)
to 99999 characters, to avoid any possibility of integer overflow.
[bugs:/forumpost/5da728247a|Bug 5da728247a].
drh [Thu, 21 May 2026 13:03:18 +0000 (13:03 +0000)]
A join constraint is not an equivalence unless both operands have the
same collation.
[bugs:/info/2026-05-21T03:39:28Z|Bug 2026-05-21T03:39:28Z].
Error goes back to version 3.7.17, 13 years ago.
drh [Thu, 21 May 2026 12:04:20 +0000 (12:04 +0000)]
Enhance the xfer-optimization to verify access to the source table using
the authorizer, if an authorizer is registered.
[bugs:/info/2026-05-21T03:31:22Z|Bug 2026-05-21T03:31:22Z].
dan [Wed, 20 May 2026 11:41:24 +0000 (11:41 +0000)]
Avoid returning an SQLITE_SCHEMA error from within sqlite3session_diff() if the schema has been recently modified. First <a href=https://sqlite.org/bugs/forumpost/269f1e9cef>reported here</a>.
drh [Wed, 20 May 2026 00:16:20 +0000 (00:16 +0000)]
Improvements to testrunner.tcl: Make C-program tests responsive to the
pattern list. Do not remove build steps until the very end when we are
certain that the build step is not required. The pattern list matches
the exact text of the displayname column of the jobs table.
drh [Tue, 19 May 2026 19:33:49 +0000 (19:33 +0000)]
Silently ignore nested porter tokenizers in FTS5. Having nested porter
tokenizers is pointless, but it does use stack space unnecessarily.
[bugs:/forumpost/a7766198f1|Bug report a7766198f1].
drh [Tue, 19 May 2026 18:45:05 +0000 (18:45 +0000)]
Fix an assertion fault that can occur in RTree given a carefully
corrupted database.
[bugs:/forumpost/2026-05-18T06:46:01Z|Bug report 2026-05-18T06:46:01Z].
drh [Tue, 19 May 2026 12:40:00 +0000 (12:40 +0000)]
Early detection of attempts to overwrite an in-use cache page due
to database corruption.
[https://issues.chromium.org/issues/513858286|Chromium 513858286].
drh [Tue, 19 May 2026 11:15:33 +0000 (11:15 +0000)]
Security enhancements to the untested and unused fossildelta.c extension.
Bug reports [bugs:/forumpost/3ac3fe3d71|3ac3fe3d71] and
[bugs:/forumpost/e7e470b760|e7e470b760].
drh [Tue, 19 May 2026 10:30:13 +0000 (10:30 +0000)]
Limit the size of input strings to the (disused) spellfix extension
to avoid excessive runtime and integer overflows.
[bugs:/forumpost/24a33e5d10|Bugs report 24a33e5d10].
drh [Mon, 18 May 2026 23:58:14 +0000 (23:58 +0000)]
Fix a NULL pointer dereference in the obscure (and unused) prefixes
extension, which I had forgotten even existed.
[bugs:/forumpost/24a33e5d10|Bug report 24a33e5d10].
projects / thirdparty / sqlite.git / log
