From fe03773305fa7c52e26df3a5794475037fbf456a Mon Sep 17 00:00:00 2001 From: drh <> Date: Fri, 28 Apr 2023 00:19:55 +0000 Subject: [PATCH 1/3] In the CLI, early out from the output_quoted_string() routine if the input string is NULL. [forum:/forumpost/8a22c0bfa7|forum post 8a22c0bfa7]. FossilOrigin-Name: 2881978d7b7014738a21c590b0430c4fa40e6b00b9547d0284b7656124523ae9 --- manifest | 12 ++++++------ manifest.uuid | 2 +- src/shell.c.in | 1 + 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/manifest b/manifest index cbe41d4e9d..8dfeca3498 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Use\sa\snew\stechnique\sto\sdetect\sfresh\sOOM\sfaults\sin\scolumnName()\sthat\sdoes\snot\nrely\son\sthere\sbeing\sno\sOOMs\sprior\sto\sentry\sinto\scolumnName(),\sas\n[forum/forumpost/fb6811c2f9|forum\spost\sfb6811c2f9]\sdemonstrates\sa\stechnique\nwhich\scould\scause\san\sOOM\sprior\sto\sentry\sinto\scolumnName(). -D 2023-04-27T23:59:51.813 +C In\sthe\sCLI,\searly\sout\sfrom\sthe\soutput_quoted_string()\sroutine\sif\sthe\ninput\sstring\sis\sNULL.\s\s[forum:/forumpost/8a22c0bfa7|forum\spost\s8a22c0bfa7]. +D 2023-04-28T00:19:55.495 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -634,7 +634,7 @@ F src/random.c 606b00941a1d7dd09c381d3279a058d771f406c5213c9932bbd93d5587be4b9c F src/resolve.c 3e53e02ce87c9582bd7e7d22f13f4094a271678d9dc72820fa257a2abb5e4032 F src/rowset.c ba9515a922af32abe1f7d39406b9d35730ed65efab9443dc5702693b60854c92 F src/select.c f879cef11c462a2c37a8c906932781e384c3bb32042c355a704a043029c90d27 -F src/shell.c.in 3b5633b7c78e51df21af693ce27cccca28e6118480060876d6be968c2f7a577c +F src/shell.c.in dbd5bfe1c773115f4e526103807dc3c1484283cd8afe9cf759d64a338408f19f F src/sqlite.h.in 4fff9c6cc5d4cbba9532a668112efb6dc469c425e1a2196664d7c07d508363ef F src/sqlite3.rc 5121c9e10c3964d5755191c80dd1180c122fc3a8 F src/sqlite3ext.h da473ce2b3d0ae407a6300c4a164589b9a6bfdbec9462688a8593ff16f3bb6e4 @@ -2060,8 +2060,8 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 4bbebb6bfb9910265d91b777c1711b3b8e0732bcf299f7459b20c4ea110422bd -R 59c8d7a772734f630b5bf6fd205de302 +P a63346d6a0c0ca7ba4c87499de2e461be9c77e9b5d98f2bebf308cdb6599f33c +R e1382566976c275dfea2ac91ab17df60 U drh -Z d29ba302c14b4aed5db886f9a3fc4bd5 +Z 06ecc62941bb9eb7ee780cf940024968 # Remove this line to create a well-formed Fossil manifest. diff --git a/manifest.uuid b/manifest.uuid index b9ba76d6e8..250b4f032f 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -a63346d6a0c0ca7ba4c87499de2e461be9c77e9b5d98f2bebf308cdb6599f33c \ No newline at end of file +2881978d7b7014738a21c590b0430c4fa40e6b00b9547d0284b7656124523ae9 \ No newline at end of file diff --git a/src/shell.c.in b/src/shell.c.in index d7621c0c9e..18690214b5 100644 --- a/src/shell.c.in +++ b/src/shell.c.in @@ -1860,6 +1860,7 @@ static void output_quoted_string(FILE *out, const char *z){ int i; char c; setBinaryMode(out, 1); + if( z==0 ) return; for(i=0; (c = z[i])!=0 && c!='\''; i++){} if( c==0 ){ utf8_printf(out,"'%s'",z); From fb016bf25733207d0875302bac7cfb27c7e901b9 Mon Sep 17 00:00:00 2001 From: larrybr Date: Fri, 28 Apr 2023 00:28:06 +0000 Subject: [PATCH 2/3] Make CLI .load slightly harder to abuse. FossilOrigin-Name: 2779f9270cc431786d0e16ef05ec05b0f22dda2307f3bf17467ad0b25304e160 --- manifest | 14 +++++++------- manifest.uuid | 2 +- src/shell.c.in | 3 ++- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/manifest b/manifest index 8dfeca3498..27e6d37f50 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C In\sthe\sCLI,\searly\sout\sfrom\sthe\soutput_quoted_string()\sroutine\sif\sthe\ninput\sstring\sis\sNULL.\s\s[forum:/forumpost/8a22c0bfa7|forum\spost\s8a22c0bfa7]. -D 2023-04-28T00:19:55.495 +C Make\sCLI\s.load\sslightly\sharder\sto\sabuse. +D 2023-04-28T00:28:06.476 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -634,7 +634,7 @@ F src/random.c 606b00941a1d7dd09c381d3279a058d771f406c5213c9932bbd93d5587be4b9c F src/resolve.c 3e53e02ce87c9582bd7e7d22f13f4094a271678d9dc72820fa257a2abb5e4032 F src/rowset.c ba9515a922af32abe1f7d39406b9d35730ed65efab9443dc5702693b60854c92 F src/select.c f879cef11c462a2c37a8c906932781e384c3bb32042c355a704a043029c90d27 -F src/shell.c.in dbd5bfe1c773115f4e526103807dc3c1484283cd8afe9cf759d64a338408f19f +F src/shell.c.in 09097e1b9df1f8092e85bf89979e12ca7b608d7efc84551b5d0c8de4dded7797 F src/sqlite.h.in 4fff9c6cc5d4cbba9532a668112efb6dc469c425e1a2196664d7c07d508363ef F src/sqlite3.rc 5121c9e10c3964d5755191c80dd1180c122fc3a8 F src/sqlite3ext.h da473ce2b3d0ae407a6300c4a164589b9a6bfdbec9462688a8593ff16f3bb6e4 @@ -2060,8 +2060,8 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P a63346d6a0c0ca7ba4c87499de2e461be9c77e9b5d98f2bebf308cdb6599f33c -R e1382566976c275dfea2ac91ab17df60 -U drh -Z 06ecc62941bb9eb7ee780cf940024968 +P 2881978d7b7014738a21c590b0430c4fa40e6b00b9547d0284b7656124523ae9 +R f31a79597744826157054a8d8987cbe4 +U larrybr +Z 94682afadd89800c43fc7c92687bd9b6 # Remove this line to create a well-formed Fossil manifest. diff --git a/manifest.uuid b/manifest.uuid index 250b4f032f..df2a5b5785 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -2881978d7b7014738a21c590b0430c4fa40e6b00b9547d0284b7656124523ae9 \ No newline at end of file +2779f9270cc431786d0e16ef05ec05b0f22dda2307f3bf17467ad0b25304e160 \ No newline at end of file diff --git a/src/shell.c.in b/src/shell.c.in index 18690214b5..7285067bef 100644 --- a/src/shell.c.in +++ b/src/shell.c.in @@ -9192,7 +9192,8 @@ static int do_meta_command(char *zLine, ShellState *p){ const char *zFile, *zProc; char *zErrMsg = 0; failIfSafeMode(p, "cannot run .load in safe mode"); - if( nArg<2 ){ + if( nArg<2 || azArg[1][0]==0 ){ + /* Must have a non-empty FILE. (Will not load self.) */ raw_printf(stderr, "Usage: .load FILE ?ENTRYPOINT?\n"); rc = 1; goto meta_command_exit; From 90f549a0cfb94c25e2126e27ce358618e11e8bd6 Mon Sep 17 00:00:00 2001 From: drh <> Date: Fri, 28 Apr 2023 10:10:52 +0000 Subject: [PATCH 3/3] Do not assert() a bad string representation in an sqlite3_value after an OOM. dbsqlfuzz c822a17a23c524a0ac7cfb203c7198209da15de8. FossilOrigin-Name: 91fee79a01971259b21478e60a069a711a00efc79ddfececa6224a152cd8d09a --- manifest | 14 +++++++------- manifest.uuid | 2 +- src/vdbemem.c | 1 + 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/manifest b/manifest index 27e6d37f50..9f1cd11163 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Make\sCLI\s.load\sslightly\sharder\sto\sabuse. -D 2023-04-28T00:28:06.476 +C Do\snot\sassert()\sa\sbad\sstring\srepresentation\sin\san\ssqlite3_value\safter\nan\sOOM.\s\sdbsqlfuzz\sc822a17a23c524a0ac7cfb203c7198209da15de8. +D 2023-04-28T10:10:52.120 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -709,7 +709,7 @@ F src/vdbeInt.h a4147a4ddf613cb1bcb555ace9e9e74a9c099d65facd88155f191b1fb4d74cfb F src/vdbeapi.c b4982cde547054c4f7341198db3c3008a48e1eb028f757601bf5bf2fc026cbcf F src/vdbeaux.c 6ee48db408d4c297a363f1e31145c09793a580e7c508bb36063dd017d67117a2 F src/vdbeblob.c 5e61ce31aca17db8fb60395407457a8c1c7fb471dde405e0cd675974611dcfcd -F src/vdbemem.c 1d9a0f37b0097fbb53f0d7ba081f7181b83cee2c6f46364706ea0c3896bd8ec0 +F src/vdbemem.c 1cac4028c0dabbf1f3259f107440e2780e05ac9fe419e9709e6eb4e166ba714b F src/vdbesort.c 43756031ca7430f7aec3ef904824a7883c4ede783e51f280d99b9b65c0796e35 F src/vdbetrace.c fe0bc29ebd4e02c8bc5c1945f1d2e6be5927ec12c06d89b03ef2a4def34bf823 F src/vdbevtab.c aae4bd769410eb7e1d02c42613eec961d514459b1c3c1c63cfc84e92a137daac @@ -2060,8 +2060,8 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 2881978d7b7014738a21c590b0430c4fa40e6b00b9547d0284b7656124523ae9 -R f31a79597744826157054a8d8987cbe4 -U larrybr -Z 94682afadd89800c43fc7c92687bd9b6 +P 2779f9270cc431786d0e16ef05ec05b0f22dda2307f3bf17467ad0b25304e160 +R fcf6991862458e9816409ec8d717ddc8 +U drh +Z d3df2b888a0fbd6bd36c6662515c45b3 # Remove this line to create a well-formed Fossil manifest. diff --git a/manifest.uuid b/manifest.uuid index df2a5b5785..e2c06ba976 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -2779f9270cc431786d0e16ef05ec05b0f22dda2307f3bf17467ad0b25304e160 \ No newline at end of file +91fee79a01971259b21478e60a069a711a00efc79ddfececa6224a152cd8d09a \ No newline at end of file diff --git a/src/vdbemem.c b/src/vdbemem.c index 7b3b970f3f..d3cd55ba9f 100644 --- a/src/vdbemem.c +++ b/src/vdbemem.c @@ -157,6 +157,7 @@ int sqlite3VdbeMemValidStrRep(Mem *p){ char *z; int i, j, incr; if( (p->flags & MEM_Str)==0 ) return 1; + if( p->db && p->db->mallocFailed ) return 1; if( p->flags & MEM_Term ){ /* Insure that the string is properly zero-terminated. Pay particular ** attention to the case where p->n is odd */