diff options
| author | drh <drh@noemail.net> | 2015-02-07 15:16:35 +0000 |
|---|---|---|
| committer | drh <drh@noemail.net> | 2015-02-07 15:16:35 +0000 |
| commit | d10d18da5f65a36ed76c09289e33ed13432d0ca3 (patch) | |
| tree | faf2fe294b42427c7e7f2c8efd0f91146c826018 /src/vdbeblob.c | |
| parent | 0e55db1cd8748942e3284eb94e774d825ff223fb (diff) | |
| download | sqlite-d10d18da5f65a36ed76c09289e33ed13432d0ca3.tar.gz sqlite-d10d18da5f65a36ed76c09289e33ed13432d0ca3.zip | |
Fix potential 32-bit integer overflow problems on the offset and length
parameters to sqlite3_blob_read() and sqlite3_blob_write(). For
sqlite3_blob_open(), make sure the *ppBlob return parameter is zeroed if
the interface fails with SQLITE_MISUSE.
FossilOrigin-Name: 5df02f50f8348dfde4fc15126abc7b7ef7803e69
Diffstat (limited to 'src/vdbeblob.c')
| -rw-r--r-- | src/vdbeblob.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/src/vdbeblob.c b/src/vdbeblob.c index cf1eb5905..ea01f5ce8 100644 --- a/src/vdbeblob.c +++ b/src/vdbeblob.c @@ -154,12 +154,17 @@ int sqlite3_blob_open( Incrblob *pBlob = 0; #ifdef SQLITE_ENABLE_API_ARMOR - if( !sqlite3SafetyCheckOk(db) || ppBlob==0 || zTable==0 ){ + if( ppBlob==0 ){ return SQLITE_MISUSE_BKPT; } #endif - flags = !!flags; /* flags = (flags ? 1 : 0); */ *ppBlob = 0; +#ifdef SQLITE_ENABLE_API_ARMOR + if( !sqlite3SafetyCheckOk(db) || zTable==0 ){ + return SQLITE_MISUSE_BKPT; + } +#endif + flags = !!flags; /* flags = (flags ? 1 : 0); */ sqlite3_mutex_enter(db->mutex); @@ -373,7 +378,7 @@ static int blobReadWrite( sqlite3_mutex_enter(db->mutex); v = (Vdbe*)p->pStmt; - if( n<0 || iOffset<0 || (iOffset+n)>p->nByte ){ + if( n<0 || iOffset<0 || ((sqlite3_int64)iOffset+n)>p->nByte ){ /* Request is out of range. Return a transient error. */ rc = SQLITE_ERROR; }else if( v==0 ){ |