mirror of https://github.com/sqlite/sqlite
Fix a potential buffer overrun in sqlite3_mprintf() when a non-terminated
string is passed to a "%s" format with a precision specifying the number of bytes to copy. (CVS 5067) FossilOrigin-Name: 1f5b18419bb4e2552ac26593381e2eb866bb67fd
This commit is contained in:
parent
2eaf93d34f
commit
e509094bee
12
manifest
12
manifest
|
@ -1,5 +1,5 @@
|
|||
C Always\sconvert\sIEEE\sNaN\sinto\sNULL.\s\sTicket\s#3060.\s\sAdd\stest\scases\sto\sverify\nthat\sthis\sis\shappening.\s(CVS\s5066)
|
||||
D 2008-04-29T00:15:21
|
||||
C Fix\sa\spotential\sbuffer\soverrun\sin\ssqlite3_mprintf()\swhen\sa\snon-terminated\nstring\sis\spassed\sto\sa\s"%s"\sformat\swith\sa\sprecision\sspecifying\sthe\snumber\nof\sbytes\sto\scopy.\s(CVS\s5067)
|
||||
D 2008-04-29T15:22:27
|
||||
F Makefile.arm-wince-mingw32ce-gcc ac5f7b2cef0cd850d6f755ba6ee4ab961b1fadf7
|
||||
F Makefile.in 25b3282a4ac39388632c2fb0e044ff494d490952
|
||||
F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654
|
||||
|
@ -127,7 +127,7 @@ F src/pager.h 45ec2188593afd48a25c743529646771d75e83e4
|
|||
F src/parse.y fc4bd35c6088901f7c8daead26c6fb11c87d22e7
|
||||
F src/pragma.c 2e4bb2e76e48a32750529fdc4bfe86ac5f54e01b
|
||||
F src/prepare.c adc7e1fc08dfbab63cd213d4c0aff8f3fa70d477
|
||||
F src/printf.c 2d9bac813d1319babf3c6e925cf7ec5be1281c94
|
||||
F src/printf.c 77c192ccc81117d68b21b449cd33396357aa266d
|
||||
F src/random.c 2b2db2de4ab491f5a14d3480466f8f4b5a5db74a
|
||||
F src/select.c b02ee16591f0194739e7deb12099d3e98e60b7f3
|
||||
F src/server.c 087b92a39d883e3fa113cae259d64e4c7438bc96
|
||||
|
@ -633,7 +633,7 @@ F www/tclsqlite.tcl 8be95ee6dba05eabcd27a9d91331c803f2ce2130
|
|||
F www/vdbe.tcl 87a31ace769f20d3627a64fa1fade7fed47b90d0
|
||||
F www/version3.tcl 890248cf7b70e60c383b0e84d77d5132b3ead42b
|
||||
F www/whentouse.tcl fc46eae081251c3c181bd79c5faef8195d7991a5
|
||||
P e6f71abb22fb74e5910d817caec98fa44070fc5f
|
||||
R e524df0bf8a8555789b9eeb5782f38f2
|
||||
P 9b07e59e510e2de39c2081653662fbc654ca6fbb
|
||||
R 5793178ea6130e42720ac3eacd25bef7
|
||||
U drh
|
||||
Z e4a613f256396e3f19a950003ad91fee
|
||||
Z 662aa440bf0ad4382085d54e6e7f7798
|
||||
|
|
|
@ -1 +1 @@
|
|||
9b07e59e510e2de39c2081653662fbc654ca6fbb
|
||||
1f5b18419bb4e2552ac26593381e2eb866bb67fd
|
|
@ -627,8 +627,11 @@ static void vxprintf(
|
|||
}else if( xtype==etDYNSTRING ){
|
||||
zExtra = bufpt;
|
||||
}
|
||||
length = strlen(bufpt);
|
||||
if( precision>=0 && precision<length ) length = precision;
|
||||
if( precision>=0 ){
|
||||
for(length=0; length<precision && bufpt[length]; length++){}
|
||||
}else{
|
||||
length = strlen(bufpt);
|
||||
}
|
||||
break;
|
||||
case etSQLESCAPE:
|
||||
case etSQLESCAPE2:
|
||||
|
|
Loading…
Reference in New Issue