Fix a one-byte buffer overread that may follow a syntax error while preparing an SQL statement.

FossilOrigin-Name: 075003930da98419f671b7833a5850693529fb62
This commit is contained in:
dan 2015-05-26 18:58:57 +00:00
parent ea93c7005d
commit 584390e8dd
4 changed files with 18 additions and 13 deletions

View File

@ -1,5 +1,5 @@
C The\s"make\sfuzztest"\starget\snow\suses\sfuzzcheck\sinstead\sof\sfuzzershell.
D 2015-05-26T18:15:08.927
C Fix\sa\sone-byte\sbuffer\soverread\sthat\smay\sfollow\sa\ssyntax\serror\swhile\spreparing\san\sSQL\sstatement.
D 2015-05-26T18:58:57.869
F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
F Makefile.in 3feb7cbdad8898fe7a8a24355b4a753029c3ec3b
F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
@ -306,7 +306,7 @@ F src/test_vfs.c 3b65d42e18b262805716bd96178c81da8f2d9283
F src/test_vfstrace.c bab9594adc976cbe696ff3970728830b4c5ed698
F src/test_wsd.c 41cadfd9d97fe8e3e4e44f61a4a8ccd6f7ca8fe9
F src/threads.c 6bbcc9fe50c917864d48287b4792d46d6e873481
F src/tokenize.c af8cbbca6db6b664ffecafa236b06629ef6d35c4
F src/tokenize.c 27d60b6bf4a92d17c329a11ff9fe94081b2a8510
F src/trigger.c 322f23aad694e8f31d384dcfa386d52a48d3c52f
F src/update.c 487747b328b7216bb7f6af0695d6937d5c9e605f
F src/utf.c fc6b889ba0779b7722634cdeaa25f1930d93820c
@ -768,7 +768,7 @@ F test/minmax.test 42fbad0e81afaa6e0de41c960329f2b2c3526efd
F test/minmax2.test b44bae787fc7b227597b01b0ca5575c7cb54d3bc
F test/minmax3.test cc1e8b010136db0d01a6f2a29ba5a9f321034354
F test/minmax4.test 936941484ebdceb8adec7c86b6cd9b6e5e897c1f
F test/misc1.test 2bb46a3656e97f80c82880a94ea10d76a3b60cb0
F test/misc1.test 3f1c479c5a093a6280f378c0fbff1c2701486660
F test/misc2.test 00d7de54eda90e237fc9a38b9e5ccc769ebf6d4d
F test/misc3.test cf3dda47d5dda3e53fc5804a100d3c82be736c9d
F test/misc4.test 0d8be3466adf123a7791a66ba2bc8e8d229e87f3
@ -1279,10 +1279,7 @@ F tool/vdbe_profile.tcl 67746953071a9f8f2f668b73fe899074e2c6d8c1
F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
F tool/warnings.sh 0abfd78ceb09b7f7c27c688c8e3fe93268a13b32
F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
P 193364c81c301a41c16835108d23ad2ab84d9dd7
R 72bebf492c55de7ece7f6fdbb9a7dd3f
T *branch * test-using-fuzzcheck
T *sym-test-using-fuzzcheck *
T -sym-trunk *
U drh
Z 66f2916d8728b836edfc9ebde30c4bfc
P 4a5f6f1f0128657fd8d4d99d0682edd5bac2a19e
R 065e508f512bb407d5d12027502751ea
U dan
Z 196ef8f8d5bf66f74ab95e80a414f84a

View File

@ -1 +1 @@
4a5f6f1f0128657fd8d4d99d0682edd5bac2a19e
075003930da98419f671b7833a5850693529fb62

View File

@ -450,7 +450,7 @@ int sqlite3RunParser(Parse *pParse, const char *zSql, char **pzErrMsg){
}
abort_parse:
assert( nErr==0 );
if( zSql[i]==0 && pParse->rc==SQLITE_OK && db->mallocFailed==0 ){
if( pParse->rc==SQLITE_OK && db->mallocFailed==0 && zSql[i]==0 ){
if( lastTokenParsed!=TK_SEMI ){
sqlite3Parser(pEngine, TK_SEMI, pParse->sLastToken, pParse);
pParse->zTail = &zSql[i];

View File

@ -693,4 +693,12 @@ do_catchsql_test misc1-23.3 {
DROP TABLE IF EXISTS t;
} {0 {}}
# At one point, running this would read one byte passed the end of a
# buffer, upsetting valgrind.
#
do_test misc1-24.0 {
list [catch { sqlite3_prepare_v2 db ! -1 dummy } msg] $msg
} {1 {(1) unrecognized token: "!}}
finish_test