Take extra care to ensure that JSONB values that are in cache are actually
owned by the JSON subsystem, and that ownership of such values is not handed back to the bytecode engine. FossilOrigin-Name: 1304534001e9ef66c6b12752b69d790bfa3427cc803f87cc48ca22ae12df0fdf
This commit is contained in:
drh
parent
05db513435
commit
a11aaff05a
12
manifest
12
manifest
@ -1,5 +1,5 @@
|
||||
C Protect\sa\smemcpy()\sagainst\sOOM\sconditions.
|
||||
D 2023-12-02T16:11:22.802
|
||||
C Take\sextra\scare\sto\sensure\sthat\sJSONB\svalues\sthat\sare\sin\scache\sare\sactually\nowned\sby\sthe\sJSON\ssubsystem,\sand\sthat\sownership\sof\ssuch\svalues\sis\snot\shanded\nback\sto\sthe\sbytecode\sengine.
|
||||
D 2023-12-02T18:04:27.395
|
||||
F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
|
||||
F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
|
||||
F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
|
||||
@ -688,7 +688,7 @@ F src/hash.h 3340ab6e1d13e725571d7cee6d3e3135f0779a7d8e76a9ce0a85971fa3953c51
|
||||
F src/hwtime.h f9c2dfb84dce7acf95ce6d289e46f5f9d3d1afd328e53da8f8e9008e3b3caae6
|
||||
F src/in-operator.md 10cd8f4bcd225a32518407c2fb2484089112fd71
|
||||
F src/insert.c 3f0a94082d978bbdd33c38fefea15346c6c6bffb70bc645a71dc0f1f87dd3276
|
||||
F src/json.c 21ffece5a6e846480e6f108203d5ee3838261c0d8af773986895b1fd33fea593
|
||||
F src/json.c 4c6b5c0c731fe7a2b2d28467af747c4744370bd47b5f9d6b7531efb8617eda37
|
||||
F src/legacy.c d7874bc885906868cd51e6c2156698f2754f02d9eee1bae2d687323c3ca8e5aa
|
||||
F src/loadext.c 7432c944ff197046d67a1207790a1b13eec4548c85a9457eb0896bb3641dfb36
|
||||
F src/main.c 1b89f3de98d1b59fec5bac1d66d6ece21f703821b8eaa0d53d9604c35309f6f9
|
||||
@ -2145,8 +2145,8 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
|
||||
F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
|
||||
F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
|
||||
F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
|
||||
P c6bacf57bd6fe0fee00c9d41163a270b60997c20659949971bbf5c6c62622bfe
|
||||
R 0ee4315c57b01c35ef946afcac5153f9
|
||||
P 26144d1c25ae0435db568009ba05e485d23d146f2b1f29f3a426c87860316aed
|
||||
R 4e2a070d847085a145ada5a2fea29659
|
||||
U drh
|
||||
Z 15254a8c6732e3004ca75d702e3d0bea
|
||||
Z 2cced16db85959c5b0bfa29c3e3e2f71
|
||||
# Remove this line to create a well-formed Fossil manifest.
|
||||
|
||||
@ -1 +1 @@
|
||||
26144d1c25ae0435db568009ba05e485d23d146f2b1f29f3a426c87860316aed
|
||||
1304534001e9ef66c6b12752b69d790bfa3427cc803f87cc48ca22ae12df0fdf
|
||||
16
src/json.c
16
src/json.c
@ -375,6 +375,7 @@ static int jsonCacheInsert(
|
||||
memmove(p->a, &p->a[1], (JSON_CACHE_SIZE-1)*sizeof(p->a[0]));
|
||||
p->nUsed = JSON_CACHE_SIZE-1;
|
||||
}
|
||||
assert( pParse->nBlobAlloc>0 );
|
||||
pParse->eEdit = 0;
|
||||
pParse->nJPRef++;
|
||||
pParse->bReadOnly = 1;
|
||||
@ -731,7 +732,7 @@ static void jsonReturnString(
|
||||
sqlite3_result_text64(p->pCtx, p->zBuf, p->nUsed,
|
||||
SQLITE_TRANSIENT, SQLITE_UTF8);
|
||||
}else if( jsonForceRCStr(p) ){
|
||||
if( pParse && pParse->bJsonIsRCStr==0 ){
|
||||
if( pParse && pParse->bJsonIsRCStr==0 && pParse->nBlobAlloc>0 ){
|
||||
int rc;
|
||||
pParse->zJson = sqlite3RCStrRef(p->zBuf);
|
||||
pParse->nJson = p->nUsed;
|
||||
@ -1751,6 +1752,8 @@ static void jsonReturnStringAsBlob(JsonString *pStr){
|
||||
sqlite3_free(px.aBlob);
|
||||
sqlite3_result_error_nomem(pStr->pCtx);
|
||||
}else{
|
||||
assert( px.nBlobAlloc>0 );
|
||||
assert( !px.bReadOnly );
|
||||
sqlite3_result_blob(pStr->pCtx, px.aBlob, px.nBlob, sqlite3_free);
|
||||
}
|
||||
}
|
||||
@ -2841,9 +2844,12 @@ static void jsonReturnParse(
|
||||
}
|
||||
flgs = SQLITE_PTR_TO_INT(sqlite3_user_data(ctx));
|
||||
if( flgs & JSON_BLOB ){
|
||||
sqlite3_result_blob(ctx, p->aBlob, p->nBlob,
|
||||
p->nBlobAlloc>0 ? SQLITE_DYNAMIC : SQLITE_TRANSIENT);
|
||||
p->nBlobAlloc = 0;
|
||||
if( p->nBlobAlloc>0 && !p->bReadOnly ){
|
||||
sqlite3_result_blob(ctx, p->aBlob, p->nBlob, SQLITE_DYNAMIC);
|
||||
p->nBlobAlloc = 0;
|
||||
}else{
|
||||
sqlite3_result_blob(ctx, p->aBlob, p->nBlob, SQLITE_TRANSIENT);
|
||||
}
|
||||
}else{
|
||||
JsonString s;
|
||||
jsonStringInit(&s, ctx);
|
||||
@ -3063,6 +3069,8 @@ static void jsonbFunc(
|
||||
if( jsonConvertTextToBlob(pParse, ctx) ){
|
||||
sqlite3_result_error(ctx, "malformed JSON", -1);
|
||||
}else{
|
||||
assert( pParse->nBlobAlloc>0 );
|
||||
assert( !pParse->bReadOnly );
|
||||
sqlite3_result_blob(ctx, pParse->aBlob, pParse->nBlob, sqlite3_free);
|
||||
pParse->aBlob = 0;
|
||||
pParse->nBlob = 0;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user