Avoid passing strings with a single nul-terminator (two are required) to the VFS xOpen() method from within the code that checks to see if a master-journal file may be safely deleted.

FossilOrigin-Name: 2544f233f1041a42bbdbb5413d2bc92b2a2e0397
This commit is contained in:
dan 2012-01-10 17:28:10 +00:00
parent 6f2f19a154
commit 04333f9b3e
3 changed files with 32 additions and 13 deletions

View File

@ -1,5 +1,5 @@
C Add\sfunction\ssqlite3OsFileControlNoFail(),\swhich\sis\sthe\ssame\sas\ssqlite3OsFileControl()\sexcept\sthat\sit\sdoes\snot\ssimulate\sOOM\serrors.\sThis\ssaves\sadding\scalls\sto\sthe\sBenignMalloc()\sfunctions\saround\seach\sof\sthe\sinvocations\sof\ssqliteOsFileControl()\sthat\signore\sthe\sreturn\scode. C Avoid\spassing\sstrings\swith\sa\ssingle\snul-terminator\s(two\sare\srequired)\sto\sthe\sVFS\sxOpen()\smethod\sfrom\swithin\sthe\scode\sthat\schecks\sto\ssee\sif\sa\smaster-journal\sfile\smay\sbe\ssafely\sdeleted.
D 2012-01-10T16:56:39.621 D 2012-01-10T17:28:10.499
F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
F Makefile.in 5b4a3e12a850b021547e43daf886b25133b44c07 F Makefile.in 5b4a3e12a850b021547e43daf886b25133b44c07
F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
@ -168,7 +168,7 @@ F src/os_common.h 92815ed65f805560b66166e3583470ff94478f04
F src/os_os2.c 4a75888ba3dfc820ad5e8177025972d74d7f2440 F src/os_os2.c 4a75888ba3dfc820ad5e8177025972d74d7f2440
F src/os_unix.c 2ad4366b3c41dc813345d6dbb3cab97d62d60b96 F src/os_unix.c 2ad4366b3c41dc813345d6dbb3cab97d62d60b96
F src/os_win.c e344ccb73aaeb5caab2c3419fba2857f914198d7 F src/os_win.c e344ccb73aaeb5caab2c3419fba2857f914198d7
F src/pager.c e7c940ef4a3bad34c9c44ac429257fcf301b828f F src/pager.c f2a3a87da34b6e1ff7f74fb22e6014087ecdf5e4
F src/pager.h 5cd760857707529b403837d813d86b68938d6183 F src/pager.h 5cd760857707529b403837d813d86b68938d6183
F src/parse.y fabb2e7047417d840e6fdb3ef0988a86849a08ba F src/parse.y fabb2e7047417d840e6fdb3ef0988a86849a08ba
F src/pcache.c f8043b433a57aba85384a531e3937a804432a346 F src/pcache.c f8043b433a57aba85384a531e3937a804432a346
@ -986,7 +986,7 @@ F tool/tostr.awk e75472c2f98dd76e06b8c9c1367f4ab07e122d06
F tool/vdbe-compress.tcl d70ea6d8a19e3571d7ab8c9b75cba86d1173ff0f F tool/vdbe-compress.tcl d70ea6d8a19e3571d7ab8c9b75cba86d1173ff0f
F tool/warnings-clang.sh 9f406d66e750e8ac031c63a9ef3248aaa347ef2a F tool/warnings-clang.sh 9f406d66e750e8ac031c63a9ef3248aaa347ef2a
F tool/warnings.sh fbc018d67fd7395f440c28f33ef0f94420226381 F tool/warnings.sh fbc018d67fd7395f440c28f33ef0f94420226381
P 7f852ac6435f1c9e25b07f816cca5ba40484579e P af59b182d797642e5ec3ddf291cf62662a136bd1
R 0386e0f2452004fbea4274e17c048ecf R 47a7f4ba0fc3538cc9b5e527d944f9de
U dan U dan
Z d0553b98b27ed93d2ef4aa9f634cdd90 Z 553d33d7ac54e78ccf7479f534ea4295

View File

@ -1 +1 @@
af59b182d797642e5ec3ddf291cf62662a136bd1 2544f233f1041a42bbdbb5413d2bc92b2a2e0397

View File

@ -2391,19 +2391,39 @@ static int pager_delmaster(Pager *pPager, const char *zMaster){
rc = sqlite3OsFileSize(pMaster, &nMasterJournal); rc = sqlite3OsFileSize(pMaster, &nMasterJournal);
if( rc!=SQLITE_OK ) goto delmaster_out; if( rc!=SQLITE_OK ) goto delmaster_out;
nMasterPtr = pVfs->mxPathname+1; nMasterPtr = pVfs->mxPathname+1;
zMasterJournal = sqlite3Malloc((int)nMasterJournal + nMasterPtr + 1); zMasterJournal = sqlite3Malloc((int)nMasterJournal + nMasterPtr + 2);
if( !zMasterJournal ){ if( !zMasterJournal ){
rc = SQLITE_NOMEM; rc = SQLITE_NOMEM;
goto delmaster_out; goto delmaster_out;
} }
zMasterPtr = &zMasterJournal[nMasterJournal+1]; zMasterPtr = &zMasterJournal[nMasterJournal+2];
rc = sqlite3OsRead(pMaster, zMasterJournal, (int)nMasterJournal, 0); rc = sqlite3OsRead(pMaster, zMasterJournal, (int)nMasterJournal, 0);
if( rc!=SQLITE_OK ) goto delmaster_out; if( rc!=SQLITE_OK ) goto delmaster_out;
/* Ensure that even if the contents of the master journal file are corrupt,
** they are terminated by a pair of 0x00 bytes. This prevents buffer
** overreads in any calls made to sqlite3_uri_xxx() via sqlite3OsOpen()
** below. */
zMasterJournal[nMasterJournal] = 0; zMasterJournal[nMasterJournal] = 0;
zMasterJournal[nMasterJournal+1] = 0;
zJournal = zMasterJournal; zJournal = zMasterJournal;
while( (zJournal-zMasterJournal)<nMasterJournal ){ while( (zJournal-zMasterJournal)<nMasterJournal ){
char c;
int exists; int exists;
int nJournal = sqlite3Strlen30(zJournal);
/* The sqlite3OsAccess() and sqlite3OsOpen() functions require argument
** strings that may be passed to the sqlite3_uri_xxx() API functions.
** In this case that means strings terminated by a pair of 0x00 bytes.
** But the master-journal file contains strings terminated by a single
** 0x00 only. So temporarily replace the first byte of the following
** string with a second 0x00. The original value is restored before the
** next iteration of this loop. */
assert( &zJournal[nJournal+1] < zMasterPtr );
c = zJournal[nJournal+1];
zJournal[nJournal+1] = '\0';
rc = sqlite3OsAccess(pVfs, zJournal, SQLITE_ACCESS_EXISTS, &exists); rc = sqlite3OsAccess(pVfs, zJournal, SQLITE_ACCESS_EXISTS, &exists);
if( rc!=SQLITE_OK ){ if( rc!=SQLITE_OK ){
goto delmaster_out; goto delmaster_out;
@ -2413,7 +2433,6 @@ static int pager_delmaster(Pager *pPager, const char *zMaster){
** Open it and check if it points at the master journal. If ** Open it and check if it points at the master journal. If
** so, return without deleting the master journal file. ** so, return without deleting the master journal file.
*/ */
int c;
int flags = (SQLITE_OPEN_READONLY|SQLITE_OPEN_MAIN_JOURNAL); int flags = (SQLITE_OPEN_READONLY|SQLITE_OPEN_MAIN_JOURNAL);
rc = sqlite3OsOpen(pVfs, zJournal, pJournal, flags, 0); rc = sqlite3OsOpen(pVfs, zJournal, pJournal, flags, 0);
if( rc!=SQLITE_OK ){ if( rc!=SQLITE_OK ){
@ -2426,13 +2445,13 @@ static int pager_delmaster(Pager *pPager, const char *zMaster){
goto delmaster_out; goto delmaster_out;
} }
c = zMasterPtr[0]!=0 && strcmp(zMasterPtr, zMaster)==0; if( zMasterPtr[0]!=0 && strcmp(zMasterPtr, zMaster)==0 ){
if( c ){
/* We have a match. Do not delete the master journal file. */ /* We have a match. Do not delete the master journal file. */
goto delmaster_out; goto delmaster_out;
} }
} }
zJournal += (sqlite3Strlen30(zJournal)+1); zJournal += nJournal+1;
zJournal[0] = c;
} }
sqlite3OsClose(pMaster); sqlite3OsClose(pMaster);