diff options
| author | drh <drh@noemail.net> | 2019-02-21 16:41:34 +0000 |
|---|---|---|
| committer | drh <drh@noemail.net> | 2019-02-21 16:41:34 +0000 |
| commit | dbdddc99d83130fe22ed63a4bfc19a53a408c51b (patch) | |
| tree | df656e6ff87a75c7af2e4c3d18ee38a1dd0a1232 /src | |
| parent | 6a1bfc9a6d5b2367a84d367290d3bf5dba708a16 (diff) | |
| download | sqlite-dbdddc99d83130fe22ed63a4bfc19a53a408c51b.tar.gz sqlite-dbdddc99d83130fe22ed63a4bfc19a53a408c51b.zip | |
Detect oversized strings in the OP_String opcode even if the P4 argument
is originally UTF8 and has to be converted to UTF16 to match the database
file and that conversion causes the string to become shorter and cross
below SQLITE_LIMIT_LENGTH threshold. This might fix an OSSFuzz problem
that we have been so far unable to reproduce.
FossilOrigin-Name: c13d563925db12bc2c91ff9432050261e5bd39d960e2739777a66bf804df2e31
Diffstat (limited to 'src')
| -rw-r--r-- | src/vdbe.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/vdbe.c b/src/vdbe.c index e53623852..5085273bc 100644 --- a/src/vdbe.c +++ b/src/vdbe.c @@ -1102,6 +1102,7 @@ case OP_String8: { /* same as TK_STRING, out2 */ if( encoding!=SQLITE_UTF8 ){ rc = sqlite3VdbeMemSetStr(pOut, pOp->p4.z, -1, SQLITE_UTF8, SQLITE_STATIC); assert( rc==SQLITE_OK || rc==SQLITE_TOOBIG ); + if( rc ) goto too_big; if( SQLITE_OK!=sqlite3VdbeChangeEncoding(pOut, encoding) ) goto no_mem; assert( pOut->szMalloc>0 && pOut->zMalloc==pOut->z ); assert( VdbeMemDynamic(pOut)==0 ); @@ -1114,7 +1115,6 @@ case OP_String8: { /* same as TK_STRING, out2 */ pOp->p4.z = pOut->z; pOp->p1 = pOut->n; } - testcase( rc==SQLITE_TOOBIG ); #endif if( pOp->p1>db->aLimit[SQLITE_LIMIT_LENGTH] ){ goto too_big; |