What about these tests?
do_test printf-1.17.1 {
sqlite3_mprintf_int {abd: %2147483647d %2147483647x %2147483647o} 1 1 1
} {}
do_test printf-1.17.2 {
sqlite3_mprintf_int {abd: %*d %x} 2147483647 1 1
} {}
do_test printf-1.17.3 {
sqlite3_mprintf_int {abd: %*d %x} -2147483648 1 1
} {abd: 1 1}
do_test printf-2.1.2.10 {
sqlite3_mprintf_double {abc: %*.*f} 2000000000 1000000000 1.0e-20
} {abc: }
do_test printf-3.7 {
sqlite3_mprintf_str {%d A String: (%*s)} 1 2147483647 {This is the string}
} []
do_test printf-3.8 {
sqlite3_mprintf_str {%d A String: (%*s)} 1 -2147483648 {This is the string}
} {1 A String: (This is the string)}
do_test printf-3.9 {
sqlite3_mprintf_str {%d A String: (%.*s)} 1 -2147483648 {This is the string}
} {1 A String: (This is the string)}
do_test printf-13.7 {
sqlite3_mprintf_hexdouble %2147483648.10000f 4693b8b5b5056e17
} {/100000000000000000000000000000000.00/}
Why are 1.17.3, 3.8, 3.9, 13.7 not getting shot down, while the rest are?
Thank you,
Viktor
----- Original Message -----
From: "Richard Hipp" <d...@sqlite.org>
To: "General Discussion of SQLite Database" <sqlite-users at
mailinglists.sqlite.org>
Sent: Thursday, July 23, 2015 4:45:15 PM
Subject: Re: [sqlite] Help with understanding sqlite3_mprintf_int test expected
result
On 7/23/15, Viktor Jancik <vjancik at redhat.com> wrote:
> Hi, I am trying to create a patch for sqlite in RHEL6 to backport a security
> fix:
> https://www.sqlite.org/src/info/aeca95ac77f6f320
>
> That is to sqlite version 3.6.20, and I can't understand why the expected
> result of do_test printf-1.17.4 is /.*/
The result of mprintf in that test case is undefined. The test is
merely to show that the hostile input does not cause an assertion
fault or trigger a run-time error detectable using valgrind or
-fsanitize=undefined or -fsanitized=memory.
--
D. Richard Hipp
drh at sqlite.org
_______________________________________________
sqlite-users mailing list
sqlite-users at mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
