Fix a possible buffer overwrite in the ".import" command. [forum:/forumpost/0c447f0548|forum post 0c447f0548].
FossilOrigin-Name: 0fd958fa9b56a8ef254127e29800ca2a267590e86edf739bd339239b25a5da6e
This commit is contained in:
parent
ee8f926027
commit
09f87094bd
16
manifest
16
manifest
@ -1,5 +1,5 @@
|
||||
C Add\snew\sassert()\sstatements\sto\shelp\sout\sa\sstatic\sanalyzer.\s\sResponse\sto\n[forum:/forumpost/17fe8ac32e0de4f5|forum\spost\s17fe8ac32e0de4f5].
|
||||
D 2024-05-27T11:31:02.983
|
||||
C Fix\sa\spossible\sbuffer\soverwrite\sin\sthe\s".import"\scommand.\s[forum:/forumpost/0c447f0548|forum\spost\s0c447f0548].
|
||||
D 2024-05-27T11:35:05.208
|
||||
F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
|
||||
F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
|
||||
F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
|
||||
@ -756,7 +756,7 @@ F src/random.c 606b00941a1d7dd09c381d3279a058d771f406c5213c9932bbd93d5587be4b9c
|
||||
F src/resolve.c 22f1fa3423b377c02ae78d451cfeb1c2d96dcf0389c0642cbdcd19d3bfd7ae01
|
||||
F src/rowset.c 8432130e6c344b3401a8874c3cb49fefe6873fec593294de077afea2dce5ec97
|
||||
F src/select.c cbdaf9cb2d9a697ee9ce1484f27d2e96762d33cc19259aedfb818a68b9d3be10
|
||||
F src/shell.c.in 31249f26684467e95e529915bf486961c535ae8288ed7e79890cc9ed3d781d8f
|
||||
F src/shell.c.in cba809572972ff736aa6c3423ffb87015c740864206d97e168bb77316129015f
|
||||
F src/sqlite.h.in c71d9ef76a6d32dc7ff2d373f2e57ce09056af26c1457bcadae5358b7628c7c3
|
||||
F src/sqlite3.rc 5121c9e10c3964d5755191c80dd1180c122fc3a8
|
||||
F src/sqlite3ext.h 3f046c04ea3595d6bfda99b781926b17e672fd6d27da2ba6d8d8fc39981dcb54
|
||||
@ -1615,7 +1615,7 @@ F test/shell1.test 17a5ca9c6f24f807b2f505b4b38fcbce143d96cd8664c06c34bbbe0672bf7
|
||||
F test/shell2.test 56da24128304c9ab67da2964cc80beff7b35761c446ec6e6e98bff2775b15026
|
||||
F test/shell3.test 5ad4b2813717956414f2c0c8a2027895cd98ccf7dd54dbacbde4d4f5591ce5a1
|
||||
F test/shell4.test 522fdc628c55eff697b061504fb0a9e4e6dfc5d9087a633ab0f3dd11bcc4f807
|
||||
F test/shell5.test 5b2ab1c0540217773f939927c24163a56257446da3f564d4724042620bfea762
|
||||
F test/shell5.test 6a49440bddc33a132f856fb189e71228f8132963655d12a2c8b8a161263b9632
|
||||
F test/shell6.test e3b883b61d4916b6906678a35f9d19054861123ad91b856461e0a456273bdbb8
|
||||
F test/shell7.test 753c6ece5361df50025a50cadf378ea36db9cc05fb23d7a96cff7fa130626ef9
|
||||
F test/shell8.test aea51ecbcd4494c746b096aeff51d841d04d5f0dc4b62eb42427f16109b87acd
|
||||
@ -2193,8 +2193,8 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
|
||||
F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
|
||||
F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
|
||||
F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
|
||||
P 57aeb3a287fc190bf8d438a7b03d6715c05fd3fd71559c6a14d7bd910d37b38d
|
||||
R 7cbf595b1ca4596681b998a2f0ff06f6
|
||||
U drh
|
||||
Z 965bcfdda628566a6226377c41ce768a
|
||||
P 857f6d530949221d154b5120ecc2aa906418bec6f69d1c13197a432ba3cad8eb
|
||||
R 208aed0e15e5a9e1542642ed290f707d
|
||||
U dan
|
||||
Z dedd3aceb57544d244ea5c9933280761
|
||||
# Remove this line to create a well-formed Fossil manifest.
|
||||
|
@ -1 +1 @@
|
||||
857f6d530949221d154b5120ecc2aa906418bec6f69d1c13197a432ba3cad8eb
|
||||
0fd958fa9b56a8ef254127e29800ca2a267590e86edf739bd339239b25a5da6e
|
@ -8978,7 +8978,6 @@ static int do_meta_command(char *zLine, ShellState *p){
|
||||
import_cleanup(&sCtx);
|
||||
shell_out_of_memory();
|
||||
}
|
||||
nByte = strlen(zSql);
|
||||
rc = sqlite3_prepare_v2(p->db, zSql, -1, &pStmt, 0);
|
||||
sqlite3_free(zSql);
|
||||
zSql = 0;
|
||||
@ -8997,16 +8996,21 @@ static int do_meta_command(char *zLine, ShellState *p){
|
||||
sqlite3_finalize(pStmt);
|
||||
pStmt = 0;
|
||||
if( nCol==0 ) return 0; /* no columns, no error */
|
||||
zSql = sqlite3_malloc64( nByte*2 + 20 + nCol*2 );
|
||||
|
||||
nByte = 64 /* space for "INSERT INTO", "VALUES(", ")\0" */
|
||||
+ (zSchema ? strlen(zSchema)*2 + 2: 0) /* Quoted schema name */
|
||||
+ strlen(zTable)*2 + 2 /* Quoted table name */
|
||||
+ nCol*2; /* Space for ",?" for each column */
|
||||
zSql = sqlite3_malloc64( nByte );
|
||||
if( zSql==0 ){
|
||||
import_cleanup(&sCtx);
|
||||
shell_out_of_memory();
|
||||
}
|
||||
if( zSchema ){
|
||||
sqlite3_snprintf(nByte+20, zSql, "INSERT INTO \"%w\".\"%w\" VALUES(?",
|
||||
sqlite3_snprintf(nByte, zSql, "INSERT INTO \"%w\".\"%w\" VALUES(?",
|
||||
zSchema, zTable);
|
||||
}else{
|
||||
sqlite3_snprintf(nByte+20, zSql, "INSERT INTO \"%w\" VALUES(?", zTable);
|
||||
sqlite3_snprintf(nByte, zSql, "INSERT INTO \"%w\" VALUES(?", zTable);
|
||||
}
|
||||
j = strlen30(zSql);
|
||||
for(i=1; i<nCol; i++){
|
||||
@ -9015,6 +9019,7 @@ static int do_meta_command(char *zLine, ShellState *p){
|
||||
}
|
||||
zSql[j++] = ')';
|
||||
zSql[j] = 0;
|
||||
assert( j<nByte );
|
||||
if( eVerbose>=2 ){
|
||||
oputf("Insert using: %s\n", zSql);
|
||||
}
|
||||
|
@ -585,4 +585,16 @@ do_test shell5-7.1 {
|
||||
SELECT * FROM t1;}
|
||||
} {0 aaa|bbb|aaabbb}
|
||||
|
||||
#-------------------------------------------------------------------------
|
||||
|
||||
do_test shell5-8.1 {
|
||||
|
||||
set out [open shell5.csv w]
|
||||
fconfigure $out -translation lf
|
||||
puts $out x
|
||||
close $out
|
||||
|
||||
catchcmd :memory: {.import --csv shell5.csv '""""""""""""""""""""""""""""""""""""""""""""""'}
|
||||
} {0 {}}
|
||||
|
||||
finish_test
|
||||
|
Loading…
Reference in New Issue
Block a user