/ Check-in [0ccea80092]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Avoid another potential OOB read in sqlite3expert.c.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 0ccea80092f16e7f17f4c4de4f8be3fdef217199fcc08ace37e179c1b22c1294
User & Date: dan 2020-05-21 19:13:46
Context
2020-05-21
20:38
Change a NEVER macro into a NO_TEST comment, as the conditional is reachable, but only when compiling for Windows 32-bit. check-in: ce36b6d133 user: drh tags: trunk
19:13
Avoid another potential OOB read in sqlite3expert.c. check-in: 0ccea80092 user: dan tags: trunk
2020-05-20
15:02
Back out the change from [7fab1393c2b22b1f] that tries to convert invalid surrogate characters in UTF16 into the replacement character 0xfffd, as we find that this breaks some software. check-in: 4218c7b71f user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to ext/expert/sqlite3expert.c.

1132
1133
1134
1135
1136
1137
1138
1139
1140

1141

1142
1143
1144
1145
1146
1147
1148
      int i;

      if( !zDetail ) continue;
      nDetail = STRLEN(zDetail);

      for(i=0; i<nDetail; i++){
        const char *zIdx = 0;
        if( memcmp(&zDetail[i], " USING INDEX ", 13)==0 ){
          zIdx = &zDetail[i+13];

        }else if( memcmp(&zDetail[i], " USING COVERING INDEX ", 22)==0 ){

          zIdx = &zDetail[i+22];
        }
        if( zIdx ){
          const char *zSql;
          int nIdx = 0;
          while( zIdx[nIdx]!='\0' && (zIdx[nIdx]!=' ' || zIdx[nIdx+1]!='(') ){
            nIdx++;







|

>
|
>







1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
      int i;

      if( !zDetail ) continue;
      nDetail = STRLEN(zDetail);

      for(i=0; i<nDetail; i++){
        const char *zIdx = 0;
        if( i+13<nDetail && memcmp(&zDetail[i], " USING INDEX ", 13)==0 ){
          zIdx = &zDetail[i+13];
        }else if( i+22<nDetail 
            && memcmp(&zDetail[i], " USING COVERING INDEX ", 22)==0 
        ){
          zIdx = &zDetail[i+22];
        }
        if( zIdx ){
          const char *zSql;
          int nIdx = 0;
          while( zIdx[nIdx]!='\0' && (zIdx[nIdx]!=' ' || zIdx[nIdx+1]!='(') ){
            nIdx++;