Improved defenses against integer overflow when computing the size of a
memory allocations. No bugs were fixed here. But perhaps future bugs will be prevented. FossilOrigin-Name: eb878c01f317f09e8ef6b1bd2ec8d6d5cd6ce0bdfe9da7fa7d92d2047cc9d9e4
This commit is contained in:
drh
parent
e574a9233c
commit
913306a53a
@ -850,7 +850,7 @@ int sqlite3Fts5StructureTest(Fts5Index *p, void *pStruct){
|
||||
static void fts5StructureMakeWritable(int *pRc, Fts5Structure **pp){
|
||||
Fts5Structure *p = *pp;
|
||||
if( *pRc==SQLITE_OK && p->nRef>1 ){
|
||||
int nByte = sizeof(Fts5Structure)+(p->nLevel-1)*sizeof(Fts5StructureLevel);
|
||||
i64 nByte = sizeof(Fts5Structure)+(p->nLevel-1)*sizeof(Fts5StructureLevel);
|
||||
Fts5Structure *pNew;
|
||||
pNew = (Fts5Structure*)sqlite3Fts5MallocZero(pRc, nByte);
|
||||
if( pNew ){
|
||||
|
||||
@ -374,7 +374,7 @@ static int fts5VocabOpenMethod(
|
||||
}
|
||||
|
||||
if( rc==SQLITE_OK ){
|
||||
int nByte = pFts5->pConfig->nCol * sizeof(i64)*2 + sizeof(Fts5VocabCursor);
|
||||
i64 nByte = pFts5->pConfig->nCol * sizeof(i64)*2 + sizeof(Fts5VocabCursor);
|
||||
pCsr = (Fts5VocabCursor*)sqlite3Fts5MallocZero(&rc, nByte);
|
||||
}
|
||||
|
||||
|
||||
20
manifest
20
manifest
@ -1,5 +1,5 @@
|
||||
C Fixes\sto\sinternal\scomments.\s\sNo\schanges\sto\scode\sor\sdocumentation.
|
||||
D 2021-11-26T15:08:55.132
|
||||
C Improved\sdefenses\sagainst\sinteger\soverflow\swhen\scomputing\sthe\ssize\sof\sa\nmemory\sallocations.\s\sNo\sbugs\swere\sfixed\shere.\s\sBut\sperhaps\sfuture\sbugs\swill\nbe\sprevented.
|
||||
D 2021-11-26T17:10:18.515
|
||||
F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
|
||||
F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
|
||||
F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
|
||||
@ -119,7 +119,7 @@ F ext/fts5/fts5_buffer.c 3001fbabb585d6de52947b44b455235072b741038391f830d6b7292
|
||||
F ext/fts5/fts5_config.c 501e7d3566bc92766b0e11c0109a7c5a6146bc41144195459af5422f6c2078aa
|
||||
F ext/fts5/fts5_expr.c fcd0770d53028c2b53a15d0f53bf6d0e01b1bf3dd97630b9fedf0801f03aa3ec
|
||||
F ext/fts5/fts5_hash.c d4fb70940359f2120ccd1de7ffe64cc3efe65de9e8995b822cd536ff64c96982
|
||||
F ext/fts5/fts5_index.c 037b12ca0a29761b3308f2b8e3505edec8c2b8e178577d96ee88b6a1e27e2a00
|
||||
F ext/fts5/fts5_index.c a3ada4897c3b14b8a15a8695d2cb3a46b5761137aae0964fc44efe96a877ddd0
|
||||
F ext/fts5/fts5_main.c 7c6092a53e6802962fa07b0fad3e61cb077b6c98b74b727d8d44ac2cf63bd914
|
||||
F ext/fts5/fts5_storage.c 76c6085239eb44424004c022e9da17a5ecd5aaec859fba90ad47d3b08f4c8082
|
||||
F ext/fts5/fts5_tcl.c b1445cbe69908c411df8084a10b2485500ac70a9c747cdc8cda175a3da59d8ae
|
||||
@ -128,7 +128,7 @@ F ext/fts5/fts5_test_tok.c a2bed8edb25f6432e8cdb62aad5916935c19dba8dac2b8324950c
|
||||
F ext/fts5/fts5_tokenize.c 5e251efb0f1af99a25ed50010ba6b1ad1250aca5921af1988fdcabe5ebc3cb43
|
||||
F ext/fts5/fts5_unicode2.c eca63dbc797f8ff0572e97caf4631389c0ab900d6364861b915bdd4735973f00
|
||||
F ext/fts5/fts5_varint.c e64d2113f6e1bfee0032972cffc1207b77af63319746951bf1d09885d1dadf80
|
||||
F ext/fts5/fts5_vocab.c 925a05c891edf6abd0ac4fdf4dc998c4c13bf6612d0b6c4102157bc459c0c86b
|
||||
F ext/fts5/fts5_vocab.c 12138e84616b56218532e3e8feb1d3e0e7ae845e33408dbe911df520424dc9d6
|
||||
F ext/fts5/fts5parse.y eb526940f892ade5693f22ffd6c4f2702543a9059942772526eac1fde256bb05
|
||||
F ext/fts5/mkportersteps.tcl 5acf962d2e0074f701620bb5308155fa1e4a63ba
|
||||
F ext/fts5/test/fts5_common.tcl b01c584144b5064f30e6c648145a2dd6bc440841
|
||||
@ -494,7 +494,7 @@ F src/btmutex.c 8acc2f464ee76324bf13310df5692a262b801808984c1b79defb2503bbafadb6
|
||||
F src/btree.c 13b965a0f3cd57221e3b4e61e24452ec264a5b163de347b03b5039ddcd95cd54
|
||||
F src/btree.h 74d64b8f28cfa4a894d14d4ed64fa432cd697b98b61708d4351482ae15913e22
|
||||
F src/btreeInt.h ee9348c4cb9077243b049edc93a82c1f32ca48baeabf2140d41362b9f9139ff7
|
||||
F src/build.c 1b41a6417e5bb260a5988588764863229905b07b3e9a47878030a1c92d49010f
|
||||
F src/build.c c46bd4f5a69f398410c4472f7c1c4291fb8078d2c9758a2dad5916edd1d30ecc
|
||||
F src/callback.c 106b585da1edd57d75fa579d823a5218e0bf37f191dbf7417eeb4a8a9a267dbc
|
||||
F src/complete.c a3634ab1e687055cd002e11b8f43eb75c17da23e
|
||||
F src/ctime.c 8159d5f706551861c18ec6c8f6bdf105e15ea00367f05d9ab65d31a1077facc1
|
||||
@ -502,7 +502,7 @@ F src/date.c fa928630fecf1d436cdc7a7a5c950c781709023ca782c21b7a43cc7361a9451e
|
||||
F src/dbpage.c 8a01e865bf8bc6d7b1844b4314443a6436c07c3efe1d488ed89e81719047833a
|
||||
F src/dbstat.c 861e08690fcb0f2ee1165eff0060ea8d4f3e2ea10f80dab7d32ad70443a6ff2d
|
||||
F src/delete.c 0c151975fa99560767d7747f9b60543d0093d9f8b89f13d2d6058e9c83ad19e7
|
||||
F src/expr.c 89c4a225af2ccf5e7f1d53a70170c405036c63cc55130467e013ec9553261cb1
|
||||
F src/expr.c 4b6dfb224b6234ff4f529023993b503048e1b045ff49cbb911e7d28a28cca795
|
||||
F src/fault.c 460f3e55994363812d9d60844b2a6de88826e007
|
||||
F src/fkey.c 187b67af20c5795953a592832c5d985e4313fe503ebd8f95e3e9e9ad5a730bb5
|
||||
F src/func.c 1cfb09d7ffca81238eccefdb0293e1f5b7cfebbd1816dfad5ec6024742a7496b
|
||||
@ -550,7 +550,7 @@ F src/printf.c 5901672228f305f7d493cbc4e7d76a61a5caecdbc1cd06b1f9ec42ea4265cf8d
|
||||
F src/random.c 097dc8b31b8fba5a9aca1697aeb9fd82078ec91be734c16bffda620ced7ab83c
|
||||
F src/resolve.c 4a1db4aadd802683db40ca2dbbb268187bd195f10cbdb7206dbd8ac988795571
|
||||
F src/rowset.c ba9515a922af32abe1f7d39406b9d35730ed65efab9443dc5702693b60854c92
|
||||
F src/select.c 335db0c2e009ca251fd5647e1d4769da2bb1bca899e3efcd31ad9e14b8ae9de8
|
||||
F src/select.c a7a3d9f54eb24821ec5f67f2e5589b68a5d42d46fc5849d7376886777d93a85a
|
||||
F src/shell.c.in 975f268ef261773fcbed1e519dfa10c4f33e8b1cffc12120563e61857fff07c6
|
||||
F src/sqlite.h.in 5cd209ac7dc4180f0e19292846f40440b8488015849ca0110c70b906b57d68f0
|
||||
F src/sqlite3.rc 5121c9e10c3964d5755191c80dd1180c122fc3a8
|
||||
@ -1933,7 +1933,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
|
||||
F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
|
||||
F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
|
||||
F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
|
||||
P 654e6cf8ab493d48b1827bb8100d4e4366a8e889e647c233a9b1b1278a7133d0
|
||||
R 6abd755098d90c827f7d464c64811c8f
|
||||
P 1489b196ce82cddf7360aff6c89219ca25e666187f0f5ff6419ba3b504cdef8d
|
||||
R c3e7cad31e108fbcd57f75061231ef74
|
||||
U drh
|
||||
Z 3a2155d677f9253d6797d37459c4bb61
|
||||
Z d9bca23ba48769924e0a60580792a369
|
||||
|
||||
@ -1 +1 @@
|
||||
1489b196ce82cddf7360aff6c89219ca25e666187f0f5ff6419ba3b504cdef8d
|
||||
eb878c01f317f09e8ef6b1bd2ec8d6d5cd6ce0bdfe9da7fa7d92d2047cc9d9e4
|
||||
10
src/build.c
10
src/build.c
@ -742,8 +742,8 @@ void sqlite3ColumnSetColl(
|
||||
Column *pCol,
|
||||
const char *zColl
|
||||
){
|
||||
int nColl;
|
||||
int n;
|
||||
i64 nColl;
|
||||
i64 n;
|
||||
char *zNew;
|
||||
assert( zColl!=0 );
|
||||
n = sqlite3Strlen30(pCol->zCnName) + 1;
|
||||
@ -1548,7 +1548,7 @@ void sqlite3AddColumn(Parse *pParse, Token sName, Token sType){
|
||||
}
|
||||
}
|
||||
|
||||
z = sqlite3DbMallocRaw(db, sName.n + 1 + sType.n + (sType.n>0) );
|
||||
z = sqlite3DbMallocRaw(db, (i64)sName.n + 1 + (i64)sType.n + (sType.n>0) );
|
||||
if( z==0 ) return;
|
||||
if( IN_RENAME_OBJECT ) sqlite3RenameTokenMap(pParse, (void*)z, &sName);
|
||||
memcpy(z, sName.z, sName.n);
|
||||
@ -1562,7 +1562,7 @@ void sqlite3AddColumn(Parse *pParse, Token sName, Token sType){
|
||||
return;
|
||||
}
|
||||
}
|
||||
aNew = sqlite3DbRealloc(db,p->aCol,(p->nCol+1)*sizeof(p->aCol[0]));
|
||||
aNew = sqlite3DbRealloc(db,p->aCol,((i64)p->nCol+1)*sizeof(p->aCol[0]));
|
||||
if( aNew==0 ){
|
||||
sqlite3DbFree(db, z);
|
||||
return;
|
||||
@ -3575,7 +3575,7 @@ void sqlite3CreateForeignKey(
|
||||
FKey *pFKey = 0;
|
||||
FKey *pNextTo;
|
||||
Table *p = pParse->pNewTable;
|
||||
int nByte;
|
||||
i64 nByte;
|
||||
int i;
|
||||
int nCol;
|
||||
char *z;
|
||||
|
||||
@ -5888,7 +5888,7 @@ int sqlite3ExprCoveredByIndex(
|
||||
struct RefSrcList {
|
||||
sqlite3 *db; /* Database connection used for sqlite3DbRealloc() */
|
||||
SrcList *pRef; /* Looking for references to these tables */
|
||||
int nExclude; /* Number of tables to exclude from the search */
|
||||
i64 nExclude; /* Number of tables to exclude from the search */
|
||||
int *aiExclude; /* Cursor IDs for tables to exclude from the search */
|
||||
};
|
||||
|
||||
@ -5903,7 +5903,8 @@ struct RefSrcList {
|
||||
static int selectRefEnter(Walker *pWalker, Select *pSelect){
|
||||
struct RefSrcList *p = pWalker->u.pRefSrcList;
|
||||
SrcList *pSrc = pSelect->pSrc;
|
||||
int i, j, *piNew;
|
||||
i64 i, j;
|
||||
int *piNew;
|
||||
if( pSrc->nSrc==0 ) return WRC_Continue;
|
||||
j = p->nExclude;
|
||||
p->nExclude += pSrc->nSrc;
|
||||
|
||||
@ -2196,7 +2196,7 @@ void sqlite3SelectAddColumnTypeAndCollation(
|
||||
a = pSelect->pEList->a;
|
||||
for(i=0, pCol=pTab->aCol; i<pTab->nCol; i++, pCol++){
|
||||
const char *zType;
|
||||
int n, m;
|
||||
i64 n, m;
|
||||
pTab->tabFlags |= (pCol->colFlags & COLFLAG_NOINSERT);
|
||||
p = a[i].pExpr;
|
||||
zType = columnType(&sNC, p, 0, 0, 0);
|
||||
@ -4182,7 +4182,7 @@ static int flattenSubquery(
|
||||
|
||||
if( pSrc->nSrc>1 ){
|
||||
if( pParse->nSelect>500 ) return 0;
|
||||
aCsrMap = sqlite3DbMallocZero(db, (pParse->nTab+1)*sizeof(int));
|
||||
aCsrMap = sqlite3DbMallocZero(db, ((i64)pParse->nTab+1)*sizeof(int));
|
||||
if( aCsrMap ) aCsrMap[0] = pParse->nTab;
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user