diff options
| author | drh <> | 2023-10-11 17:24:31 +0000 |
|---|---|---|
| committer | drh <> | 2023-10-11 17:24:31 +0000 |
| commit | ac4aea5102e3a272f6cd8a601a35d2541733fa90 (patch) | |
| tree | 435454f18a289097b2892d9418f22331d81f64bf /src/json.c | |
| parent | 582d65cce31cc4e17124ceac92fcba89ff0e52d0 (diff) | |
| download | sqlite-ac4aea5102e3a272f6cd8a601a35d2541733fa90.tar.gz sqlite-ac4aea5102e3a272f6cd8a601a35d2541733fa90.zip | |
Fix the use of an uninitialized value that occurs when doing a json_insert()
of a string value that contains embedded U+0000 characters.
FossilOrigin-Name: d3c0cbb90966316be9cd25e3edb501da42731e8a83c13227b90ce17d3975a2c3
Diffstat (limited to 'src/json.c')
| -rw-r--r-- | src/json.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/json.c b/src/json.c index b28ba7ecd..e334b2214 100644 --- a/src/json.c +++ b/src/json.c @@ -2843,11 +2843,13 @@ static void jsonReplaceNode( break; } if( sqlite3_value_subtype(pValue)!=JSON_SUBTYPE ){ - char *zCopy = sqlite3DbStrDup(0, z); + char *zCopy = sqlite3_malloc64( n+1 ); int k; if( zCopy ){ + memcpy(zCopy, z, n); + zCopy[n] = 0; jsonParseAddCleanup(p, sqlite3_free, zCopy); - }else{ + }else{ p->oom = 1; sqlite3_result_error_nomem(pCtx); } |