Ensure that filenames passed to the VFS xOpen() function are terminated by 2 '\0' bytes.

FossilOrigin-Name: 66eff473c3634edb42f6ad6955acfba3e3a10def

3 files changed, 18 insertions, 9 deletions

diff --git a/ext/ota/sqlite3ota.c b/ext/ota/sqlite3ota.c
index 35ee5a566..c2fa993d4 100644
--- a/ext/ota/sqlite3ota.c
+++ b/ext/ota/sqlite3ota.c
@@ -3307,11 +3307,20 @@ static int otaVfsOpen(
       ota_file *pDb = otaFindMaindb(pOtaVfs, zName);
       if( pDb ){
         if( pDb->pOta && pDb->pOta->eStage==OTA_STAGE_OAL ){
-          char *zCopy = otaStrndup(zName, &rc);
+          /* This call is to open a *-wal file. Intead, open the *-oal. This
+          ** code ensures that the string passed to xOpen() is terminated by a
+          ** pair of '\0' bytes in case the VFS attempts to extract a URI 
+          ** parameter from it.  */
+          int nCopy = strlen(zName);
+          char *zCopy = sqlite3_malloc(nCopy+2);
           if( zCopy ){
-            int nCopy = strlen(zCopy);
+            memcpy(zCopy, zName, nCopy);
             zCopy[nCopy-3] = 'o';
+            zCopy[nCopy] = '\0';
+            zCopy[nCopy+1] = '\0';
             zOpen = (const char*)(pFd->zDel = zCopy);
+          }else{
+            rc = SQLITE_NOMEM;
           }
           pFd->pOta = pDb->pOta;
         }
diff --git a/manifest b/manifest
index 1f003671b..cec5c2b8b 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Fix\sa\smemory\sleak\sin\ssqlite3ota.c\sthat\scan\sfollow\san\sOOM\serror.
-D 2015-04-17T16:29:11.767
+C Ensure\sthat\sfilenames\spassed\sto\sthe\sVFS\sxOpen()\sfunction\sare\sterminated\sby\s2\s'\\0'\sbytes.
+D 2015-04-17T17:00:52.068
 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
 F Makefile.in 79b306896135a2305cfb7e6d88990fc4820fb917
 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
@@ -138,7 +138,7 @@ F ext/ota/otaA.test ab67f7f53670b81c750dcc946c5b704f51c429a4
 F ext/ota/otacrash.test 8346192b2d46cbe7787d5d65904d81d3262a3cbf
 F ext/ota/otafault.test 8c43586c2b96ca16bbce00b5d7e7d67316126db8
 F ext/ota/otafault2.test fa202a98ca221faec318f3e5c5f39485b1256561
-F ext/ota/sqlite3ota.c 7a2a9f20ac8d13a2ea36382c3d63ed4897fafdca
+F ext/ota/sqlite3ota.c b45d73607b78eba89ca224fb0d10e10d1b32b6b0
 F ext/ota/sqlite3ota.h 5b1453917e955701b0232c0dfb0884b3d598feb1
 F ext/ota/test_ota.c e34c801c665d64b4b9e00b71f1acf8c652404b2b
 F ext/rtree/README 6315c0d73ebf0ec40dedb5aa0e942bc8b54e3761
@@ -1269,7 +1269,7 @@ F tool/vdbe_profile.tcl 67746953071a9f8f2f668b73fe899074e2c6d8c1
 F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
 F tool/warnings.sh 0abfd78ceb09b7f7c27c688c8e3fe93268a13b32
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
-P 0d0e5ec064eaecb200b9b601b7a54a1700cd176e
-R 02e7f33cd98d0e8b29b622a2f9046b41
+P c3dc15e71782fc70e92b71ad9eec0cf8ffef611f
+R c2474b91078725af2bd1a6c2f0fedd19
 U dan
-Z 8d5b962ca676e7aaba586f55b85a175a
+Z f5f8b3c1bf2f5b9b81d7f4245d8bd01a
diff --git a/manifest.uuid b/manifest.uuid
index 3d5e03f47..32d1a8659 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-c3dc15e71782fc70e92b71ad9eec0cf8ffef611f
\ No newline at end of file
+66eff473c3634edb42f6ad6955acfba3e3a10def
\ No newline at end of file