From 02d6f9b295827d5d545801f5babcc572389f8d5a Mon Sep 17 00:00:00 2001
From: drh <>
Date: Fri, 29 Jan 2021 16:20:16 +0000
Subject: [PATCH] Fix possible division-by-zero in the new log() SQL functions.
 Problemm discovered by OSSFuzz.

FossilOrigin-Name: 1ffd321a33b778e87614a26a91a8407ec7b9dec4f0f847b16b1dac4f3b910604
---
 manifest        | 14 +++++++-------
 manifest.uuid   |  2 +-
 src/func.c      |  9 +++++----
 test/func7.test |  8 ++++----
 4 files changed, 17 insertions(+), 16 deletions(-)

diff --git a/manifest b/manifest
index 7045fd7798..95498bd054 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Performance\soptimization\s(and\ssize\sreduction)\sin\ssqlite3TriggerList()\sfor\sthe\ncommon\scase\swhere\sthere\sare\sno\sTEMP\striggers.
-D 2021-01-29T13:47:36.426
+C Fix\spossible\sdivision-by-zero\sin\sthe\snew\slog()\sSQL\sfunctions.\nProblemm\sdiscovered\sby\sOSSFuzz.
+D 2021-01-29T16:20:16.527
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -496,7 +496,7 @@ F src/delete.c 927cf8f900583e79aca8f1a321979e0a8f053babd9a690b44b38f79de2cc09fe
 F src/expr.c 47c85263e6d179424e6b09e2c79db5704ab5b8cbc2fae2ee3285faa2566f2e74
 F src/fault.c 460f3e55994363812d9d60844b2a6de88826e007
 F src/fkey.c 83372403298e6a7dd989a47aaacdbaa5b4307b5199dbd56e07d4896066b3de72
-F src/func.c 796a7a4a0ff5eee82a04ee3c8265c5ebf9c6a9f5625621c5f97ed94f6224d7d9
+F src/func.c 2ea99e9e0531b7f020d5e8e167d25344d618afc718ddc94dd91fa8fef1c85a91
 F src/global.c ed55af196a9b66e198aaeda3f5454c3aa7d7d050c6c938181fd044b70d180a81
 F src/hash.c 8d7dda241d0ebdafb6ffdeda3149a412d7df75102cecfc1021c98d6219823b19
 F src/hash.h 9d56a9079d523b648774c1784b74b89bd93fac7b365210157482e4319a468f38
@@ -1030,7 +1030,7 @@ F test/func3.test 2bb0f31ab7baaed690b962a88544d7be6b34fa389364bc36a44e441ed3e3f1
 F test/func4.test 2285fb5792d593fef442358763f0fd9de806eda47dbc7a5934df57ffdc484c31
 F test/func5.test 863e6d1bd0013d09c17236f8a13ea34008dd857d87d85a13a673960e4c25d82a
 F test/func6.test 90e42b64c4f9fb6f04f44cb8a1da586c8542502e926b19c76504fe74ff2a9b7c
-F test/func7.test bb05a77daedf0e3f8764f323a49bc3b8d98f280a0bc6a370387117f4596bde05
+F test/func7.test b9e2a1a30a8562b00841b4a21a5d2d81754fa3ab99275fd71fd5279287b44b1c
 F test/fuzz-oss1.test e58330d01cbbd8215ee636b17a03fe220b37dbfa
 F test/fuzz.test 96083052bf5765e4518c1ba686ce2bab785670d1
 F test/fuzz2.test 76dc35b32b6d6f965259508508abce75a6c4d7e1
@@ -1898,7 +1898,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 9dc7fc9f04d5c14fc436e5ff5b4c06c1969ddde5857ebeb5dccd59b7c748c339
-R 0b7a0544b0d15fb4a458f0ab87fbb410
+P 0defaf730bdc82212a5d3feeb2e16f16423b1691b0aaa7da1787eb82ea39ae9e
+R 818a051c7c4bf2ae05824d55152903eb
 U drh
-Z 6a477571c6e856bdd183f551e55df63b
+Z b6b8cd840ef34d4d25e074519b6e4b42
diff --git a/manifest.uuid b/manifest.uuid
index 6f87f82bcf..dc726d75c2 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-0defaf730bdc82212a5d3feeb2e16f16423b1691b0aaa7da1787eb82ea39ae9e
\ No newline at end of file
+1ffd321a33b778e87614a26a91a8407ec7b9dec4f0f847b16b1dac4f3b910604
\ No newline at end of file
diff --git a/src/func.c b/src/func.c
index e6f293ef06..6d7a77fdb6 100644
--- a/src/func.c
+++ b/src/func.c
@@ -1980,7 +1980,7 @@ static void logFunc(
     case SQLITE_INTEGER:
     case SQLITE_FLOAT:
       x = sqlite3_value_double(argv[0]);
-      if( x<0.0 ) return;
+      if( x<=0.0 ) return;
       break;
     default:
       return;
@@ -1989,14 +1989,15 @@ static void logFunc(
     switch( sqlite3_value_numeric_type(argv[0]) ){
       case SQLITE_INTEGER:
       case SQLITE_FLOAT:
-        b = x;
+        b = log(x);
+        if( b<=0.0 ) return;
         x = sqlite3_value_double(argv[1]);
-        if( x<0.0 ) return;
+        if( x<=0.0 ) return;
         break;
      default:
         return;
     }
-    ans = log(x)/log(b);
+    ans = log(x)/b;
   }else{
     ans = log(x);
     switch( SQLITE_PTR_TO_INT(sqlite3_user_data(context)) ){
diff --git a/test/func7.test b/test/func7.test
index 536f7eb414..c8ae2931e1 100644
--- a/test/func7.test
+++ b/test/func7.test
@@ -202,11 +202,11 @@ do_execsql_test func7-mysql-210 {
 #} {0.6931472 NULL}
 # log() means natural logarithm in MySQL
 do_execsql_test func7-mysql-230 {
-   SELECT log(2,65536), log(10,100), quote(log(1,100));
-} {16.0 2.0 Inf}
+   SELECT log(2,65536), log(10,100), quote(log(1,100)), quote(log(0,100));
+} {16.0 2.0 NULL NULL}
 do_execsql_test func7-mysql-240 {
-   SELECT log2(65536), quote(log2(-100));
-} {16.0 NULL}
+   SELECT log2(65536), quote(log2(-100)), quote(log2(0));
+} {16.0 NULL NULL}
 do_execsql_test func7-mysql-250 {
    SELECT round(log10(2),7), log10(100), quote(log10(-100));
 } {0.30103 2.0 NULL}