packages/sqlite
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix the infinite loop in the trim function while the pattern is well formed.

Browse Source 
Signed-off-by: wbq_sky <wangbingquan@huawei.com>
This commit is contained in:
wbq_sky 2021-09-03 16:16:38 +08:00
parent d0aa7d2f6e
commit d81186e427
2 changed files with 94 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
0003-infinite-loop-in-trim-function.patch Normal file
View File

@ -0,0 +1,88 @@
diff -ruN origin_src/src/func.c sqlite-src-3340000/src/func.c
--- origin_src/src/func.c 2021-09-03 10:46:50.253089516 +0800
+++ sqlite-src-3340000/src/func.c 2021-09-03 10:59:23.151415929 +0800
@@ -1315,10 +1315,10 @@
){
const unsigned char *zIn; /* Input string */
const unsigned char *zCharSet; /* Set of characters to trim */
- int nIn; /* Number of bytes in input */
+ unsigned int nIn; /* Number of bytes in input */
int flags; /* 1: trimleft 2: trimright 3: trim */
int i; /* Loop counter */
- unsigned char *aLen = 0; /* Length of each character in zCharSet */
+ unsigned int *aLen = 0; /* Length of each character in zCharSet */
unsigned char **azChar = 0; /* Individual characters in zCharSet */
int nChar; /* Number of characters in zCharSet */
@@ -1327,13 +1327,13 @@
}
zIn = sqlite3_value_text(argv[0]);
if( zIn==0 ) return;
- nIn = sqlite3_value_bytes(argv[0]);
+ nIn = (unsigned)sqlite3_value_bytes(argv[0]);
assert( zIn==sqlite3_value_text(argv[0]) );
if( argc==1 ){
- static const unsigned char lenOne[] = { 1 };
+ static const unsigned lenOne[] = { 1 };
static unsigned char * const azOne[] = { (u8*)" " };
nChar = 1;
- aLen = (u8*)lenOne;
+ aLen = (unsigned*)lenOne;
azChar = (unsigned char **)azOne;
zCharSet = 0;
}else if( (zCharSet = sqlite3_value_text(argv[1]))==0 ){
@@ -1344,15 +1344,16 @@
SQLITE_SKIP_UTF8(z);
}
if( nChar>0 ){
- azChar = contextMalloc(context, ((i64)nChar)*(sizeof(char*)+1));
+ azChar = contextMalloc(context,
+ ((i64)nChar)*(sizeof(char*)+sizeof(unsigned)));
if( azChar==0 ){
return;
}
- aLen = (unsigned char*)&azChar[nChar];
+ aLen = (unsigned*)&azChar[nChar];
for(z=zCharSet, nChar=0; *z; nChar++){
azChar[nChar] = (unsigned char *)z;
SQLITE_SKIP_UTF8(z);
- aLen[nChar] = (u8)(z - azChar[nChar]);
+ aLen[nChar] = (unsigned)(z - azChar[nChar]);
}
}
}
@@ -1360,7 +1361,7 @@
flags = SQLITE_PTR_TO_INT(sqlite3_user_data(context));
if( flags & 1 ){
while( nIn>0 ){
- int len = 0;
+ unsigned int len = 0;
for(i=0; i<nChar; i++){
len = aLen[i];
if( len<=nIn && memcmp(zIn, azChar[i], len)==0 ) break;
@@ -1372,7 +1373,7 @@
}
if( flags & 2 ){
while( nIn>0 ){
- int len = 0;
+ unsigned int len = 0;
for(i=0; i<nChar; i++){
len = aLen[i];
if( len<=nIn && memcmp(&zIn[nIn-len],azChar[i],len)==0 ) break;
diff -ruN origin_src/test/func.test sqlite-src-3340000/test/func.test
--- origin_src/test/func.test 2021-09-03 10:46:50.201088526 +0800
+++ sqlite-src-3340000/test/func.test 2021-09-03 10:59:42.751788869 +0800
@@ -1111,6 +1111,13 @@
execsql {SELECT typeof(trim('hello',NULL));}
} {null}
+# 2021-06-15 - infinite loop due to unsigned character counter
+# overflow, reported by Zimuzo Ezeozue
+#
+do_execsql_test func-22.23 {
+ SELECT trim('xyzzy',x'c0808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080808080');
+} {xyzzy}
+
# This is to test the deprecated sqlite3_aggregate_count() API.
#
ifcapable deprecated {

7
sqlite.spec
View File

@ -6,7 +6,7 @@
Name: sqlite Name: sqlite
Version: 3.34.0 Version: 3.34.0
Release: 1 Release: 2
Summary: Embeded SQL database Summary: Embeded SQL database
License: Public Domain License: Public Domain
URL: http://www.sqlite.org/ URL: http://www.sqlite.org/
@ -17,6 +17,7 @@ Source2: https://www.sqlite.org/2020/sqlite-autoconf-%{extver}.tar.gz
Patch1: 0001-sqlite-no-malloc-usable-size.patch Patch1: 0001-sqlite-no-malloc-usable-size.patch
Patch2: 0002-remove-fail-testcase-in-no-free-fd-situation.patch Patch2: 0002-remove-fail-testcase-in-no-free-fd-situation.patch
Patch3: 0003-infinite-loop-in-trim-function.patch
BuildRequires: gcc autoconf tcl tcl-devel BuildRequires: gcc autoconf tcl tcl-devel
BuildRequires: ncurses-devel readline-devel glibc-devel BuildRequires: ncurses-devel readline-devel glibc-devel
@ -61,6 +62,7 @@ This contains man files and HTML files for the using of sqlite.
%setup -q -a1 -n %{name}-src-%{extver} %setup -q -a1 -n %{name}-src-%{extver}
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2 -p1
%patch3 -p1
rm -f %{name}-doc-%{extver}/sqlite.css~ || : rm -f %{name}-doc-%{extver}/sqlite.css~ || :
@ -131,6 +133,9 @@ make test
%{_mandir}/man*/* %{_mandir}/man*/*
%changelog %changelog
* Fri Sep 3 2021 wbq_sky <wangbingquan@huawei.com> - 3.34.0-2
- fix the infinite loop problem in the trim function while the pattern is well formed.
* Thu Jan 14 2021 yanglongkang <yanglongkang@huawei.com> - 3.34.0-1 * Thu Jan 14 2021 yanglongkang <yanglongkang@huawei.com> - 3.34.0-1
- update package to 3.34.0 - update package to 3.34.0