From 898ec7927ae4d25083d5a034c5ce536cfbd0cb42 Mon Sep 17 00:00:00 2001 From: drh <> Date: Tue, 2 Mar 2021 16:27:04 +0000 Subject: [PATCH] Limit the size of the exponent input in the second argument to the ieee754() SQL function, to avoid integer overflow. Ticket [22dea1cfdb9151e4]. FossilOrigin-Name: 99aab32da14cc76beb5c1823a70bdeab144459398d61c42a858be4d6868d361e --- ext/misc/ieee754.c | 8 ++++++++ manifest | 14 +++++++------- manifest.uuid | 2 +- 3 files changed, 16 insertions(+), 8 deletions(-) diff --git a/ext/misc/ieee754.c b/ext/misc/ieee754.c index 121eb43d66..6cdd79a4d4 100644 --- a/ext/misc/ieee754.c +++ b/ext/misc/ieee754.c @@ -167,6 +167,14 @@ static void ieee754func( int isNeg = 0; m = sqlite3_value_int64(argv[0]); e = sqlite3_value_int64(argv[1]); + + /* Limit the range of e. Ticket 22dea1cfdb9151e4 2021-03-02 */ + if( e>10000 ){ + e = 10000; + }else if( e<-10000 ){ + e = -10000; + } + if( m<0 ){ isNeg = 1; m = -m; diff --git a/manifest b/manifest index d86f7e9f53..d7cab31c96 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Change\sthe\stimeout\sfor\stest\scase\s"valgrindfuzz"\sfrom\s600\sseconds\sto\s1200. -D 2021-03-02T13:50:56.639 +C Limit\sthe\ssize\sof\sthe\sexponent\sinput\sin\sthe\ssecond\sargument\sto\sthe\nieee754()\sSQL\sfunction,\sto\savoid\sinteger\soverflow.\nTicket\s[22dea1cfdb9151e4]. +D 2021-03-02T16:27:04.746 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -304,7 +304,7 @@ F ext/misc/explain.c 0086fab288d4352ea638cf40ac382aad3b0dc5e845a1ea829a694c015fd F ext/misc/fileio.c 9b69e25da3b51d4a1d905a464ccb96709792ad627a742ba09215bc0d1447e7bd F ext/misc/fossildelta.c 1240b2d3e52eab1d50c160c7fe1902a9bd210e052dc209200a750bbf885402d5 F ext/misc/fuzzer.c eae560134f66333e9e1ca4c8ffea75df42056e2ce8456734565dbe1c2a92bf3d -F ext/misc/ieee754.c 5c7ca326361c7368f95f5743972eade3b8b24f60359ed7cba4706668a5682896 +F ext/misc/ieee754.c cd6ab89f85fda8a020559b3f4d03001a8a62dd856beda5af3f558621d12be913 F ext/misc/json1.c f31e89171f932d1821c91f10d2cb4979fc0447030030a8bce70420cd43d074c0 F ext/misc/memstat.c 3017a0832c645c0f8c773435620d663855f04690172316bd127270d1a7523d4d F ext/misc/memtrace.c 7c0d115d2ef716ad0ba632c91e05bd119cb16c1aedf3bec9f06196ead2d5537b @@ -1908,7 +1908,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 275a75aa82bf5d2366fd4020066d7b9fbb93a955ac9ec15dc7d5b8bfa29074e4 -R c373869bc96fc586d3402291bf9340d0 -U dan -Z 3b4e27f86c56b854caf42a3578645a4e +P 7c6aa6f38403931df7940c7acfeba4e2f8099a419222fcab2a3c959ccae90e40 +R 4b7008b2d896fb2345868e9330fd6fad +U drh +Z 8d007010cf38126393218aad44f4b7ca diff --git a/manifest.uuid b/manifest.uuid index e88c888324..cd003681d9 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -7c6aa6f38403931df7940c7acfeba4e2f8099a419222fcab2a3c959ccae90e40 \ No newline at end of file +99aab32da14cc76beb5c1823a70bdeab144459398d61c42a858be4d6868d361e \ No newline at end of file