32 lines
1.0 KiB
Diff
32 lines
1.0 KiB
Diff
|
From 95a3db8dcf8622a8db12059abe1befca418d9440 Mon Sep 17 00:00:00 2001
|
||
|
|
From: "D. Richard Hipp" <drh@hwaci.com>
|
||
|
|
Date: Sat, 12 Jan 2019 21:30:26 +0000
|
||
|
|
Subject: [PATCH 0756/1009] Prevent unsigned 32-bit integer overflow from
|
||
|
|
leading to a buffer overread inside of an assert(). The problem fixed here
|
||
|
|
is no reachable in production code.
|
||
|
|
|
||
|
|
https://github.com/mackyle/sqlite/commit/95a3db8dcf8622a8db12059abe1befca418d9440
|
||
|
|
|
||
|
|
---
|
||
|
|
src/vdbeaux.c | 4 ++--
|
||
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||
|
|
|
||
|
|
diff --git a/src/vdbeaux.c b/src/vdbeaux.c
|
||
|
|
index 1125cfd..1af8a6f 100644
|
||
|
|
--- a/src/vdbeaux.c
|
||
|
|
+++ b/src/vdbeaux.c
|
||
|
|
@@ -3883,8 +3883,8 @@ static int vdbeRecordCompareDebug(
|
||
|
|
** Use that approximation to avoid the more expensive call to
|
||
|
|
** sqlite3VdbeSerialTypeLen() in the common case.
|
||
|
|
*/
|
||
|
|
- if( d1+serial_type1+2>(u32)nKey1
|
||
|
|
- && d1+sqlite3VdbeSerialTypeLen(serial_type1)>(u32)nKey1
|
||
|
|
+ if( d1+(u64)serial_type1+2>(u64)nKey1
|
||
|
|
+ && d1+(u64)sqlite3VdbeSerialTypeLen(serial_type1)>(u64)nKey1
|
||
|
|
){
|
||
|
|
break;
|
||
|
|
}
|
||
|
|
--
|
||
|
|
1.8.3.1
|
||
|
|
|