subject:"\[sqlite\] bug on zPath length"

Re: [sqlite] bug on zPath length

2020-01-23 Thread Richard Hipp

On 1/23/20, Ondrej Dubaj  wrote:
> I discovered an issue found by coverity scan.

Thanks for the report.  This was previously fixed here:
https://www.sqlite.org/src/info/465a15c5c2077011


-- 
D. Richard Hipp
d...@sqlite.org
___
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

[sqlite] bug on zPath length

2020-01-23 Thread Ondrej Dubaj

Hi,

I discovered an issue found by coverity scan.
sqlite-src-326/shell.c:5697: var_compare_op: Comparing "zFree" to null
implies that "zFree" might be null.
sqlite-src-326/shell.c:5698: alias_transfer: Assigning: "zPath" =
"zFree".
sqlite-src-326/shell.c:5699: var_deref_model: Passing null pointer
"zPath" to "strlen", which dereferences it.
# 5697| if( zFree==0 ){ rc = SQLITE_NOMEM; }
# 5698| zPath = (const char*)zFree;
# 5699|-> nPath = (int)strlen(zPath);
# 5700| }
# 5701| }

It sais that ZPath can be NULL during strlen() action. I have made a patch,
which seems to solve this issue. Can you please confirm or discomfirm my
cheanges?

diff --git a/ext/misc/zipfile.c b/ext/misc/zipfile.c
index e6141ef..1f214a4 100644
--- a/ext/misc/zipfile.c
+++ b/ext/misc/zipfile.c
@@ -1630,9 +1630,12 @@ static int zipfileUpdate(
** otherwise. */
if( zPath[nPath-1]!='/' ){
zFree = sqlite3_mprintf("%s/", zPath);
- if( zFree==0 ){ rc = SQLITE_NOMEM; }
- zPath = (const char*)zFree;
- nPath = (int)strlen(zPath);
+ if( zFree==0 ){
+ rc = SQLITE_NOMEM;
+ } else {
+ zPath = (const char*)zFree;
+ nPath = (int)strlen(zPath);
+ }
}
}
___
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] bug on zPath length

[sqlite] bug on zPath length

2 matches

Site Navigation

Mail list logo

Footer information