diff options
| author | dan <dan@noemail.net> | 2017-09-14 20:41:17 +0000 |
|---|---|---|
| committer | dan <dan@noemail.net> | 2017-09-14 20:41:17 +0000 |
| commit | 629ec14abc44aa8292923db945263f8d0f96440d (patch) | |
| tree | 575f6698406749333c991f925a2984c26c2b1282 /src/os_unix.c | |
| parent | 263a8b660f401afb7fc1da94d34c37b896feebb0 (diff) | |
| download | sqlite-629ec14abc44aa8292923db945263f8d0f96440d.tar.gz sqlite-629ec14abc44aa8292923db945263f8d0f96440d.zip | |
Avoid an out-of-bounds read that can be caused by a specially constructed
journal file.
FossilOrigin-Name: cf5bf42cad6e019a38dc0a36ff1f53ada619eef5259e175c3554a16669e03202
Diffstat (limited to 'src/os_unix.c')
| -rw-r--r-- | src/os_unix.c | 25 |
1 files changed, 5 insertions, 20 deletions
diff --git a/src/os_unix.c b/src/os_unix.c index 0d7e49414..395198935 100644 --- a/src/os_unix.c +++ b/src/os_unix.c @@ -5300,17 +5300,6 @@ static int fillInUnixFile( assert( pNew->pInode==NULL ); - /* Usually the path zFilename should not be a relative pathname. The - ** exception is when opening the proxy "conch" file in builds that - ** include the special Apple locking styles. - */ -#if defined(__APPLE__) && SQLITE_ENABLE_LOCKING_STYLE - assert( zFilename==0 || zFilename[0]=='/' - || pVfs->pAppData==(void*)&autolockIoFinder ); -#else - assert( zFilename==0 || zFilename[0]=='/' ); -#endif - /* No locking occurs in temporary files */ assert( zFilename!=0 || (ctrlFlags & UNIXFILE_NOLOCK)!=0 ); @@ -5673,16 +5662,11 @@ static int findCreateFileMode( */ nDb = sqlite3Strlen30(zPath) - 1; while( zPath[nDb]!='-' ){ -#ifndef SQLITE_ENABLE_8_3_NAMES - /* In the normal case (8+3 filenames disabled) the journal filename - ** is guaranteed to contain a '-' character. */ - assert( nDb>0 ); - assert( sqlite3Isalnum(zPath[nDb]) ); -#else - /* If 8+3 names are possible, then the journal file might not contain - ** a '-' character. So check for that case and return early. */ + /* In normal operation, the journal file name will always contain + ** a '-' character. However in 8+3 filename mode, or if a corrupt + ** rollback journal specifies a master journal with a goofy name, then + ** the '-' might be missing. */ if( nDb==0 || zPath[nDb]=='.' ) return SQLITE_OK; -#endif nDb--; } memcpy(zDb, zPath, nDb); @@ -5968,6 +5952,7 @@ static int unixOpen( } #endif + assert( zPath==0 || zPath[0]=='/' || eType==SQLITE_OPEN_MASTER_JOURNAL ); rc = fillInUnixFile(pVfs, fd, pFile, zPath, ctrlFlags); open_finished: |