Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
sqlite3.11569
sqlite3-CVE-2019-8457.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File sqlite3-CVE-2019-8457.patch of Package sqlite3.11569
--- sqlite3.c.orig +++ sqlite3.c @@ -154260,48 +154260,48 @@ static int rtreeInit( ** <num-dimension>*2 coordinates. */ static void rtreenode(sqlite3_context *ctx, int nArg, sqlite3_value **apArg){ - char *zText = 0; RtreeNode node; Rtree tree; int ii; + int nData; + int errCode = SQLITE_OK; + StrAccum pOut; UNUSED_PARAMETER(nArg); memset(&node, 0, sizeof(RtreeNode)); memset(&tree, 0, sizeof(Rtree)); tree.nDim = sqlite3_value_int(apArg[0]); + if( tree.nDim<1 || tree.nDim>5 ) return; tree.nBytesPerCell = 8 + 8 * tree.nDim; node.zData = (u8 *)sqlite3_value_blob(apArg[1]); + nData = sqlite3_value_bytes(apArg[1]); + if( nData<4 ) return; + if( nData<NCELL(&node)*tree.nBytesPerCell ) return; + + sqlite3StrAccumInit(&pOut, 0, 0, 0, SQLITE_MAX_LENGTH); for(ii=0; ii<NCELL(&node); ii++){ - char zCell[512]; - int nCell = 0; RtreeCell cell; int jj; nodeGetCell(&tree, &node, ii, &cell); - sqlite3_snprintf(512-nCell,&zCell[nCell],"%lld", cell.iRowid); - nCell = (int)strlen(zCell); + if( ii>0 ) sqlite3StrAccumAppend(&pOut, " ", 1); + sqlite3XPrintf(&pOut, 0, "{%lld", cell.iRowid); for(jj=0; jj<tree.nDim*2; jj++){ #ifndef SQLITE_RTREE_INT_ONLY - sqlite3_snprintf(512-nCell,&zCell[nCell], " %g", - (double)cell.aCoord[jj].f); + sqlite3XPrintf(&pOut, 0, " %g", (double)cell.aCoord[jj].f); #else - sqlite3_snprintf(512-nCell,&zCell[nCell], " %d", - cell.aCoord[jj].i); + sqlite3XPrintf(&pOut, 0, " %d", cell.aCoord[jj].i); #endif - nCell = (int)strlen(zCell); } - if( zText ){ - char *zTextNew = sqlite3_mprintf("%s {%s}", zText, zCell); - sqlite3_free(zText); - zText = zTextNew; - }else{ - zText = sqlite3_mprintf("{%s}", zCell); - } + sqlite3StrAccumAppend(&pOut, "}", 1); } - - sqlite3_result_text(ctx, zText, -1, sqlite3_free); + + if (pOut.accError == STRACCUM_NOMEM) errCode = SQLITE_NOMEM; + else if (pOut.accError == STRACCUM_TOOBIG) errCode = SQLITE_TOOBIG; + sqlite3_result_text(ctx, sqlite3StrAccumFinish(&pOut), -1, sqlite3_free); + sqlite3_result_error_code(ctx, errCode); } /* This routine implements an SQL function that returns the "depth" parameter
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor