Add column name to API_ARMOR check in sqlite3_blob_open() to avoid a null-pointer deref.

FossilOrigin-Name: 0114a6622afc4588c47e98d804340449417b603dc4831513eab4d8e4ccb15d42
2023-10-14 13:24:30 +00:00 · 2023-10-14 13:24:30 +00:00 · a17f63290c
commit a17f63290c
parent 067a13c395
3 changed files with 8 additions and 9 deletions
--- a/13
+++ b/13
@ -1,5 +1,5 @@
-C Revert\s[f6cd88e6b234]\s-\sthe\sNULL\scallback\scase\sis\sperfectly\slegal.
-D 2023-10-14T12:45:11.220
+C Add\scolumn\sname\sto\sAPI_ARMOR\scheck\sin\ssqlite3_blob_open()\sto\savoid\sa\snull-pointer\sderef.
+D 2023-10-14T13:24:30.111
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@ -789,7 +789,7 @@ F src/vdbe.h 41485521f68e9437fdb7ec4a90f9d86ab294e9bb8281e33b235915e29122cfc0
 F src/vdbeInt.h 949669dfd8a41550d27dcb905b494f2ccde9a2e6c1b0b04daa1227e2e74c2b2c
 F src/vdbeapi.c be7d88a05df51cb3940304f74e4b0534817b51213b3406143a67eecd6f82fe21
 F src/vdbeaux.c 5b415e09b5b9d5be6c0f4fcbf18ea9d7d16f6a29ced2f14a3b2041020f63e9c1
-F src/vdbeblob.c 4cf5aa130e96e3b52ba3fb54b7f9606c942ab988dbb32cb19cff4db24e06aeec
+F src/vdbeblob.c 13f9287b55b6356b4b1845410382d6bede203ceb29ef69388a4a3d007ffacbe5
 F src/vdbemem.c 317b9f48708139db6239ade40c7980b4bc8233168383690d588dad6d8437f722
 F src/vdbesort.c 237840ca1947511fa59bd4e18b9eeae93f2af2468c34d2427b059f896230a547
 F src/vdbetrace.c fe0bc29ebd4e02c8bc5c1945f1d2e6be5927ec12c06d89b03ef2a4def34bf823
@ -2128,9 +2128,8 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P c2afc1c2a2fc9bdf3d7b7701004e0fa40965cf8c6b7cf44b46f2ca37cfa1d2aa
-Q -f6cd88e6b234560f729ff00da86144a0121ad96d5a07d227c9ffa3f43c22f72d
-R e425a976b909e6e9442ecfbc934213d4
+P 718ab67607895176e529eb7469832d262a347d030e83e7ee66d3b4704bf933de
+R 6939314c5aa83ebb51a4869d1b741b9d
 U stephan
-Z d7f2236cb14e3dff65c1d3d5c7a3103b
+Z 1c92c68280e405080d393332e7ff98bd
 # Remove this line to create a well-formed Fossil manifest.
--- a/manifest.uuid
+++ b/manifest.uuid
@ -1 +1 @@
-718ab67607895176e529eb7469832d262a347d030e83e7ee66d3b4704bf933de
+0114a6622afc4588c47e98d804340449417b603dc4831513eab4d8e4ccb15d42
--- a/src/vdbeblob.c
+++ b/src/vdbeblob.c
@ -142,7 +142,7 @@ int sqlite3_blob_open(
 #endif
  *ppBlob = 0;
 #ifdef SQLITE_ENABLE_API_ARMOR
-  if( !sqlite3SafetyCheckOk(db) || zTable==0 ){
+  if( !sqlite3SafetyCheckOk(db) || zTable==0 || zColumn==0 ){
    return SQLITE_MISUSE_BKPT;
  }
 #endif