From 4977ccf1431327925e07a09f281efd6a494faa0d Mon Sep 17 00:00:00 2001 From: drh Date: Sat, 19 Sep 2015 11:57:26 +0000 Subject: [PATCH] Fix an off-by-one error (really off-by-2 in this case) in the buffer resize logic of json1. FossilOrigin-Name: d2a027372a5a6efc0f9b6f605093d865ae1c6788 --- ext/misc/json1.c | 3 ++- manifest | 14 +++++++------- manifest.uuid | 2 +- test/json102.test | 9 +++++++++ 4 files changed, 19 insertions(+), 9 deletions(-) diff --git a/ext/misc/json1.c b/ext/misc/json1.c index b878c0a3e4..c59b09432f 100644 --- a/ext/misc/json1.c +++ b/ext/misc/json1.c @@ -239,12 +239,13 @@ static void jsonAppendString(JsonString *p, const char *zIn, u32 N){ for(i=0; inUsed+N+1-i > p->nAlloc) && jsonGrow(p,N+1-i)!=0 ) return; + if( (p->nUsed+N+3-i > p->nAlloc) && jsonGrow(p,N+3-i)!=0 ) return; p->zBuf[p->nUsed++] = '\\'; } p->zBuf[p->nUsed++] = c; } p->zBuf[p->nUsed++] = '"'; + assert( p->nUsednAlloc ); } /* diff --git a/manifest b/manifest index d338183a16..e62f8ab030 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Do\snot\sallow\srowid\sin\sa\sUNIQUE\sor\sPRIMARY\sKEY\sconstraint.\s\s(This\srestores\sthe\nsame\sbehavior\sexhibited\sby\sall\sprior\sreleases.) -D 2015-09-19T03:07:30.685 +C Fix\san\soff-by-one\serror\s(really\soff-by-2\sin\sthis\scase)\sin\sthe\sbuffer\nresize\slogic\sof\sjson1. +D 2015-09-19T11:57:26.958 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f F Makefile.in f85066ce844a28b671aaeeff320921cd0ce36239 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23 @@ -195,7 +195,7 @@ F ext/misc/eval.c f971962e92ebb8b0a4e6b62949463ee454d88fa2 F ext/misc/fileio.c d4171c815d6543a9edef8308aab2951413cd8d0f F ext/misc/fuzzer.c 4c84635c71c26cfa7c2e5848cf49fe2d2cfcd767 F ext/misc/ieee754.c b0362167289170627659e84173f5d2e8fee8566e -F ext/misc/json1.c 4b1048a7f4f2989d27c451cef80e06d77d69921e +F ext/misc/json1.c d96049b4147eb55755593bf806e27d5966b9d244 F ext/misc/nextchar.c 35c8b8baacb96d92abbb34a83a997b797075b342 F ext/misc/percentile.c bcbee3c061b884eccb80e21651daaae8e1e43c63 F ext/misc/regexp.c af92cdaa5058fcec1451e49becc7ba44dba023dc @@ -816,7 +816,7 @@ F test/jrnlmode.test 7864d59cf7f6e552b9b99ba0f38acd167edc10fa F test/jrnlmode2.test 81610545a4e6ed239ea8fa661891893385e23a1d F test/jrnlmode3.test 556b447a05be0e0963f4311e95ab1632b11c9eaa F test/json101.test e20d2421c531db32fad59c5e06e80af0b1b002c8 -F test/json102.test b6282433ac49c57ab00ed55e8b9fd5317e699b3d +F test/json102.test 796b1c59894c6e0f38fc1a3acb0e690573b952a3 F test/keyword1.test 37ef6bba5d2ed5b07ecdd6810571de2956599dff F test/lastinsert.test 42e948fd6442f07d60acbd15d33fb86473e0ef63 F test/laststmtchanges.test ae613f53819206b3222771828d024154d51db200 @@ -1387,7 +1387,7 @@ F tool/vdbe_profile.tcl 67746953071a9f8f2f668b73fe899074e2c6d8c1 F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4 F tool/warnings.sh 48bd54594752d5be3337f12c72f28d2080cb630b F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f -P 25f34cb9b576a2d4250a06a7dbf88010b1c11675 -R fd8d20dd4f43b078e61007ad89d6a2fb +P b1278301e37220a075c1bae88c0fcca2ef7a7d5c +R f3af9f9f0faeeb27ced4a62df7fbb79b U drh -Z 9e371c3a4b995f769acecd4879783adf +Z 22c0ef8050295e4df286a766029de3a6 diff --git a/manifest.uuid b/manifest.uuid index de66c0e978..0024ef993c 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -b1278301e37220a075c1bae88c0fcca2ef7a7d5c \ No newline at end of file +d2a027372a5a6efc0f9b6f605093d865ae1c6788 \ No newline at end of file diff --git a/test/json102.test b/test/json102.test index 950d4196b6..f40580da4e 100644 --- a/test/json102.test +++ b/test/json102.test @@ -285,4 +285,13 @@ do_execsql_test json102-1132 { do_execsql_test json102-1201 { SELECT json_valid(char(32) || '"xyz"') } 1 do_execsql_test json102-1202 { SELECT json_valid(char(200) || '"xyz"') } 0 +# Off-by-one error in jsonAppendString() +# +for {set i 0} {$i<100} {incr i} { + set str abcdef[string repeat \" [expr {$i+50}]]uvwxyz + do_test json102-[format %d [expr {$i+1300}]] { + db eval {SELECT json_extract(json_array($::str),'$[0]')==$::str} + } {1} +} + finish_test