sqlite/0003-infinite-loop-in-trim-function.patch

diff -ruN origin_src/src/func.c sqlite-src-3340000/src/func.c
--- origin_src/src/func.c	2021-09-03 10:46:50.253089516 +0800
+++ sqlite-src-3340000/src/func.c	2021-09-03 10:59:23.151415929 +0800
@@ -1315,10 +1315,10 @@
 ){
   const unsigned char *zIn;         /* Input string */
   const unsigned char *zCharSet;    /* Set of characters to trim */
-  int nIn;                          /* Number of bytes in input */
+  unsigned int nIn;                 /* Number of bytes in input */
   int flags;                        /* 1: trimleft  2: trimright  3: trim */
   int i;                            /* Loop counter */
-  unsigned char *aLen = 0;          /* Length of each character in zCharSet */
+  unsigned int *aLen = 0;           /* Length of each character in zCharSet */
   unsigned char **azChar = 0;       /* Individual characters in zCharSet */
   int nChar;                        /* Number of characters in zCharSet */
 
@@ -1327,13 +1327,13 @@
   }
   zIn = sqlite3_value_text(argv[0]);
   if( zIn==0 ) return;
-  nIn = sqlite3_value_bytes(argv[0]);
+  nIn = (unsigned)sqlite3_value_bytes(argv[0]);
   assert( zIn==sqlite3_value_text(argv[0]) );
   if( argc==1 ){
-    static const unsigned char lenOne[] = { 1 };
+    static const unsigned lenOne[] = { 1 };
     static unsigned char * const azOne[] = { (u8*)" " };
     nChar = 1;
-    aLen = (u8*)lenOne;
+    aLen = (unsigned*)lenOne;
     azChar = (unsigned char **)azOne;
     zCharSet = 0;
   }else if( (zCharSet = sqlite3_value_text(argv[1]))==0 ){
@@ -1344,15 +1344,16 @@
       SQLITE_SKIP_UTF8(z);
     }
     if( nChar>0 ){
-      azChar = contextMalloc(context, ((i64)nChar)*(sizeof(char*)+1));
+      azChar = contextMalloc(context, 
+                     ((i64)nChar)*(sizeof(char*)+sizeof(unsigned)));
       if( azChar==0 ){
         return;
       }
-      aLen = (unsigned char*)&azChar[nChar];
+      aLen = (unsigned*)&azChar[nChar];
       for(z=zCharSet, nChar=0; *z; nChar++){
         azChar[nChar] = (unsigned char *)z;
         SQLITE_SKIP_UTF8(z);
-        aLen[nChar] = (u8)(z - azChar[nChar]);
+        aLen[nChar] = (unsigned)(z - azChar[nChar]);
       }
     }
   }
@@ -1360,7 +1361,7 @@
     flags = SQLITE_PTR_TO_INT(sqlite3_user_data(context));
     if( flags & 1 ){
       while( nIn>0 ){
-        int len = 0;
+        unsigned int len = 0;
         for(i=0; i<nChar; i++){
           len = aLen[i];
           if( len<=nIn && memcmp(zIn, azChar[i], len)==0 ) break;
@@ -1372,7 +1373,7 @@
     }
     if( flags & 2 ){
       while( nIn>0 ){
-        int len = 0;
+        unsigned int len = 0;
         for(i=0; i<nChar; i++){
           len = aLen[i];
           if( len<=nIn && memcmp(&zIn[nIn-len],azChar[i],len)==0 ) break;
diff -ruN origin_src/test/func.test sqlite-src-3340000/test/func.test
--- origin_src/test/func.test	2021-09-03 10:46:50.201088526 +0800
+++ sqlite-src-3340000/test/func.test	2021-09-03 10:59:42.751788869 +0800
@@ -1111,6 +1111,13 @@
   execsql {SELECT typeof(trim('hello',NULL));}
 } {null}
 
+# 2021-06-15 - infinite loop due to unsigned character counter
+# overflow, reported by Zimuzo Ezeozue
+#
+do_execsql_test func-22.23 {
+  SELECT trim('xyzzy',x'c0808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080');
+} {xyzzy}
+
 # This is to test the deprecated sqlite3_aggregate_count() API.
 #
 ifcapable deprecated {
fix the infinite loop in the trim function while the pattern is well formed. Signed-off-by: wbq_sky <wangbingquan@huawei.com> 2021-09-03 16:16:38 +08:00			`diff -ruN origin_src/src/func.c sqlite-src-3340000/src/func.c`
			`--- origin_src/src/func.c 2021-09-03 10:46:50.253089516 +0800`
			`+++ sqlite-src-3340000/src/func.c 2021-09-03 10:59:23.151415929 +0800`
			`@@ -1315,10 +1315,10 @@`
			`){`
			`const unsigned char zIn; / Input string */`
			`const unsigned char zCharSet; / Set of characters to trim */`
			`- int nIn; /* Number of bytes in input */`
			`+ unsigned int nIn; /* Number of bytes in input */`
			`int flags; /* 1: trimleft 2: trimright 3: trim */`
			`int i; /* Loop counter */`
			`- unsigned char aLen = 0; / Length of each character in zCharSet */`
			`+ unsigned int aLen = 0; / Length of each character in zCharSet */`
			`unsigned char *azChar = 0; / Individual characters in zCharSet */`
			`int nChar; /* Number of characters in zCharSet */`

			`@@ -1327,13 +1327,13 @@`
			`}`
			`zIn = sqlite3_value_text(argv[0]);`
			`if( zIn==0 ) return;`
			`- nIn = sqlite3_value_bytes(argv[0]);`
			`+ nIn = (unsigned)sqlite3_value_bytes(argv[0]);`
			`assert( zIn==sqlite3_value_text(argv[0]) );`
			`if( argc==1 ){`
			`- static const unsigned char lenOne[] = { 1 };`
			`+ static const unsigned lenOne[] = { 1 };`
			`static unsigned char * const azOne[] = { (u8*)" " };`
			`nChar = 1;`
			`- aLen = (u8*)lenOne;`
			`+ aLen = (unsigned*)lenOne;`
			`azChar = (unsigned char **)azOne;`
			`zCharSet = 0;`
			`}else if( (zCharSet = sqlite3_value_text(argv[1]))==0 ){`
			`@@ -1344,15 +1344,16 @@`
			`SQLITE_SKIP_UTF8(z);`
			`}`
			`if( nChar>0 ){`
			`- azChar = contextMalloc(context, ((i64)nChar)(sizeof(char)+1));`
			`+ azChar = contextMalloc(context,`
			`+ ((i64)nChar)(sizeof(char)+sizeof(unsigned)));`
			`if( azChar==0 ){`
			`return;`
			`}`
			`- aLen = (unsigned char*)&azChar[nChar];`
			`+ aLen = (unsigned*)&azChar[nChar];`
			`for(z=zCharSet, nChar=0; *z; nChar++){`
			`azChar[nChar] = (unsigned char *)z;`
			`SQLITE_SKIP_UTF8(z);`
			`- aLen[nChar] = (u8)(z - azChar[nChar]);`
			`+ aLen[nChar] = (unsigned)(z - azChar[nChar]);`
			`}`
			`}`
			`}`
			`@@ -1360,7 +1361,7 @@`
			`flags = SQLITE_PTR_TO_INT(sqlite3_user_data(context));`
			`if( flags & 1 ){`
			`while( nIn>0 ){`
			`- int len = 0;`
			`+ unsigned int len = 0;`
			`for(i=0; i<nChar; i++){`
			`len = aLen[i];`
			`if( len<=nIn && memcmp(zIn, azChar[i], len)==0 ) break;`
			`@@ -1372,7 +1373,7 @@`
			`}`
			`if( flags & 2 ){`
			`while( nIn>0 ){`
			`- int len = 0;`
			`+ unsigned int len = 0;`
			`for(i=0; i<nChar; i++){`
			`len = aLen[i];`
			`if( len<=nIn && memcmp(&zIn[nIn-len],azChar[i],len)==0 ) break;`
			`diff -ruN origin_src/test/func.test sqlite-src-3340000/test/func.test`
			`--- origin_src/test/func.test 2021-09-03 10:46:50.201088526 +0800`
			`+++ sqlite-src-3340000/test/func.test 2021-09-03 10:59:42.751788869 +0800`
			`@@ -1111,6 +1111,13 @@`
			`execsql {SELECT typeof(trim('hello',NULL));}`
			`} {null}`

			`+# 2021-06-15 - infinite loop due to unsigned character counter`
			`+# overflow, reported by Zimuzo Ezeozue`
			`+#`
			`+do_execsql_test func-22.23 {`
			+ SELECT trim('xyzzy',x'c0808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080');
			`+} {xyzzy}`
			`+`
			`# This is to test the deprecated sqlite3_aggregate_count() API.`
			`#`
			`ifcapable deprecated {`