Avoid passing strings with a single nul-terminator (two are required) to the VFS xOpen() method from within the code that checks to see if a master-journal file may be safely deleted.
FossilOrigin-Name: 2544f233f1041a42bbdbb5413d2bc92b2a2e0397
This commit is contained in:
dan
parent
6f2f19a154
commit
04333f9b3e
12
manifest
12
manifest
@ -1,5 +1,5 @@
|
||||
C Add\sfunction\ssqlite3OsFileControlNoFail(),\swhich\sis\sthe\ssame\sas\ssqlite3OsFileControl()\sexcept\sthat\sit\sdoes\snot\ssimulate\sOOM\serrors.\sThis\ssaves\sadding\scalls\sto\sthe\sBenignMalloc()\sfunctions\saround\seach\sof\sthe\sinvocations\sof\ssqliteOsFileControl()\sthat\signore\sthe\sreturn\scode.
|
||||
D 2012-01-10T16:56:39.621
|
||||
C Avoid\spassing\sstrings\swith\sa\ssingle\snul-terminator\s(two\sare\srequired)\sto\sthe\sVFS\sxOpen()\smethod\sfrom\swithin\sthe\scode\sthat\schecks\sto\ssee\sif\sa\smaster-journal\sfile\smay\sbe\ssafely\sdeleted.
|
||||
D 2012-01-10T17:28:10.499
|
||||
F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
|
||||
F Makefile.in 5b4a3e12a850b021547e43daf886b25133b44c07
|
||||
F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
|
||||
@ -168,7 +168,7 @@ F src/os_common.h 92815ed65f805560b66166e3583470ff94478f04
|
||||
F src/os_os2.c 4a75888ba3dfc820ad5e8177025972d74d7f2440
|
||||
F src/os_unix.c 2ad4366b3c41dc813345d6dbb3cab97d62d60b96
|
||||
F src/os_win.c e344ccb73aaeb5caab2c3419fba2857f914198d7
|
||||
F src/pager.c e7c940ef4a3bad34c9c44ac429257fcf301b828f
|
||||
F src/pager.c f2a3a87da34b6e1ff7f74fb22e6014087ecdf5e4
|
||||
F src/pager.h 5cd760857707529b403837d813d86b68938d6183
|
||||
F src/parse.y fabb2e7047417d840e6fdb3ef0988a86849a08ba
|
||||
F src/pcache.c f8043b433a57aba85384a531e3937a804432a346
|
||||
@ -986,7 +986,7 @@ F tool/tostr.awk e75472c2f98dd76e06b8c9c1367f4ab07e122d06
|
||||
F tool/vdbe-compress.tcl d70ea6d8a19e3571d7ab8c9b75cba86d1173ff0f
|
||||
F tool/warnings-clang.sh 9f406d66e750e8ac031c63a9ef3248aaa347ef2a
|
||||
F tool/warnings.sh fbc018d67fd7395f440c28f33ef0f94420226381
|
||||
P 7f852ac6435f1c9e25b07f816cca5ba40484579e
|
||||
R 0386e0f2452004fbea4274e17c048ecf
|
||||
P af59b182d797642e5ec3ddf291cf62662a136bd1
|
||||
R 47a7f4ba0fc3538cc9b5e527d944f9de
|
||||
U dan
|
||||
Z d0553b98b27ed93d2ef4aa9f634cdd90
|
||||
Z 553d33d7ac54e78ccf7479f534ea4295
|
||||
|
||||
@ -1 +1 @@
|
||||
af59b182d797642e5ec3ddf291cf62662a136bd1
|
||||
2544f233f1041a42bbdbb5413d2bc92b2a2e0397
|
||||
31
src/pager.c
31
src/pager.c
@ -2391,19 +2391,39 @@ static int pager_delmaster(Pager *pPager, const char *zMaster){
|
||||
rc = sqlite3OsFileSize(pMaster, &nMasterJournal);
|
||||
if( rc!=SQLITE_OK ) goto delmaster_out;
|
||||
nMasterPtr = pVfs->mxPathname+1;
|
||||
zMasterJournal = sqlite3Malloc((int)nMasterJournal + nMasterPtr + 1);
|
||||
zMasterJournal = sqlite3Malloc((int)nMasterJournal + nMasterPtr + 2);
|
||||
if( !zMasterJournal ){
|
||||
rc = SQLITE_NOMEM;
|
||||
goto delmaster_out;
|
||||
}
|
||||
zMasterPtr = &zMasterJournal[nMasterJournal+1];
|
||||
zMasterPtr = &zMasterJournal[nMasterJournal+2];
|
||||
rc = sqlite3OsRead(pMaster, zMasterJournal, (int)nMasterJournal, 0);
|
||||
if( rc!=SQLITE_OK ) goto delmaster_out;
|
||||
|
||||
/* Ensure that even if the contents of the master journal file are corrupt,
|
||||
** they are terminated by a pair of 0x00 bytes. This prevents buffer
|
||||
** overreads in any calls made to sqlite3_uri_xxx() via sqlite3OsOpen()
|
||||
** below. */
|
||||
zMasterJournal[nMasterJournal] = 0;
|
||||
zMasterJournal[nMasterJournal+1] = 0;
|
||||
|
||||
zJournal = zMasterJournal;
|
||||
while( (zJournal-zMasterJournal)<nMasterJournal ){
|
||||
char c;
|
||||
int exists;
|
||||
int nJournal = sqlite3Strlen30(zJournal);
|
||||
|
||||
/* The sqlite3OsAccess() and sqlite3OsOpen() functions require argument
|
||||
** strings that may be passed to the sqlite3_uri_xxx() API functions.
|
||||
** In this case that means strings terminated by a pair of 0x00 bytes.
|
||||
** But the master-journal file contains strings terminated by a single
|
||||
** 0x00 only. So temporarily replace the first byte of the following
|
||||
** string with a second 0x00. The original value is restored before the
|
||||
** next iteration of this loop. */
|
||||
assert( &zJournal[nJournal+1] < zMasterPtr );
|
||||
c = zJournal[nJournal+1];
|
||||
zJournal[nJournal+1] = '\0';
|
||||
|
||||
rc = sqlite3OsAccess(pVfs, zJournal, SQLITE_ACCESS_EXISTS, &exists);
|
||||
if( rc!=SQLITE_OK ){
|
||||
goto delmaster_out;
|
||||
@ -2413,7 +2433,6 @@ static int pager_delmaster(Pager *pPager, const char *zMaster){
|
||||
** Open it and check if it points at the master journal. If
|
||||
** so, return without deleting the master journal file.
|
||||
*/
|
||||
int c;
|
||||
int flags = (SQLITE_OPEN_READONLY|SQLITE_OPEN_MAIN_JOURNAL);
|
||||
rc = sqlite3OsOpen(pVfs, zJournal, pJournal, flags, 0);
|
||||
if( rc!=SQLITE_OK ){
|
||||
@ -2426,13 +2445,13 @@ static int pager_delmaster(Pager *pPager, const char *zMaster){
|
||||
goto delmaster_out;
|
||||
}
|
||||
|
||||
c = zMasterPtr[0]!=0 && strcmp(zMasterPtr, zMaster)==0;
|
||||
if( c ){
|
||||
if( zMasterPtr[0]!=0 && strcmp(zMasterPtr, zMaster)==0 ){
|
||||
/* We have a match. Do not delete the master journal file. */
|
||||
goto delmaster_out;
|
||||
}
|
||||
}
|
||||
zJournal += (sqlite3Strlen30(zJournal)+1);
|
||||
zJournal += nJournal+1;
|
||||
zJournal[0] = c;
|
||||
}
|
||||
|
||||
sqlite3OsClose(pMaster);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user