blob: 50fcbb0aed49e1f0914abfb764fc97f4ef3ac0de [file] [log] [blame]
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Darwin Huang <huangdarwin@chromium.org>
Date: Wed, 17 Jul 2019 14:52:39 -0700
Subject: [PATCH 2/5] Fix Heap-Buffer-Overflow
Backports https://www.sqlite.org/src/info/bd9a47a3a2997bfb
Bug: 984536, 984475, 984650
---
third_party/sqlite/patched/src/build.c | 32 +++++++++-------
.../sqlite/patched/test/without_rowid7.test | 38 +++++++++++++++++++
2 files changed, 56 insertions(+), 14 deletions(-)
create mode 100644 third_party/sqlite/patched/test/without_rowid7.test
diff --git a/third_party/sqlite/patched/src/build.c b/third_party/sqlite/patched/src/build.c
index fac735f27002..1e9c16684ed2 100644
--- a/third_party/sqlite/patched/src/build.c
+++ b/third_party/sqlite/patched/src/build.c
@@ -1831,6 +1831,7 @@ static void convertToWithoutRowidTable(Parse *pParse, Table *pTab){
Index *pIdx;
Index *pPk;
int nPk;
+ int nExtra;
int i, j;
sqlite3 *db = pParse->db;
Vdbe *v = pParse->pVdbe;
@@ -1873,6 +1874,7 @@ static void convertToWithoutRowidTable(Parse *pParse, Table *pTab){
SQLITE_IDXTYPE_PRIMARYKEY);
if( db->mallocFailed || pParse->nErr ) return;
pPk = sqlite3PrimaryKeyIndex(pTab);
+ assert( pPk->nKeyCol==1 );
}else{
pPk = sqlite3PrimaryKeyIndex(pTab);
assert( pPk!=0 );
@@ -1887,6 +1889,8 @@ static void convertToWithoutRowidTable(Parse *pParse, Table *pTab){
pPk->nColumn--;
}else{
testcase( hasColumn(pPk->aiColumn, j, pPk->aiColumn[i]) );
+ pPk->azColl[j] = pPk->azColl[i];
+ pPk->aSortOrder[j] = pPk->aSortOrder[i];
pPk->aiColumn[j++] = pPk->aiColumn[i];
}
}
@@ -1895,7 +1899,7 @@ static void convertToWithoutRowidTable(Parse *pParse, Table *pTab){
assert( pPk!=0 );
pPk->isCovering = 1;
if( !db->init.imposterTable ) pPk->uniqNotNull = 1;
- nPk = pPk->nKeyCol;
+ nPk = pPk->nColumn = pPk->nKeyCol;
/* Bypass the creation of the PRIMARY KEY btree and the sqlite_master
** table entry. This is only required if currently generating VDBE
@@ -1945,21 +1949,21 @@ static void convertToWithoutRowidTable(Parse *pParse, Table *pTab){
/* Add all table columns to the PRIMARY KEY index
*/
- if( nPk<pTab->nCol ){
- if( resizeIndexObject(db, pPk, pTab->nCol) ) return;
- for(i=0, j=nPk; i<pTab->nCol; i++){
- if( !hasColumn(pPk->aiColumn, j, i) ){
- assert( j<pPk->nColumn );
- pPk->aiColumn[j] = i;
- pPk->azColl[j] = sqlite3StrBINARY;
- j++;
- }
+ nExtra = 0;
+ for(i=0; i<pTab->nCol; i++){
+ if( !hasColumn(pPk->aiColumn, nPk, i) ) nExtra++;
+ }
+ if( resizeIndexObject(db, pPk, nPk+nExtra) ) return;
+ for(i=0, j=nPk; i<pTab->nCol; i++){
+ if( !hasColumn(pPk->aiColumn, j, i) ){
+ assert( j<pPk->nColumn );
+ pPk->aiColumn[j] = i;
+ pPk->azColl[j] = sqlite3StrBINARY;
+ j++;
}
- assert( pPk->nColumn==j );
- assert( pTab->nCol==j );
- }else{
- pPk->nColumn = pTab->nCol;
}
+ assert( pPk->nColumn==j );
+ assert( pTab->nCol<=j );
recomputeColumnsNotIndexed(pPk);
}
diff --git a/third_party/sqlite/patched/test/without_rowid7.test b/third_party/sqlite/patched/test/without_rowid7.test
new file mode 100644
index 000000000000..500f2bd157cd
--- /dev/null
+++ b/third_party/sqlite/patched/test/without_rowid7.test
@@ -0,0 +1,38 @@
+# 2019 July 17
+#
+# The author disclaims copyright to this source code. In place of
+# a legal notice, here is a blessing:
+#
+# May you do good and not evil.
+# May you find forgiveness for yourself and forgive others.
+# May you share freely, never taking more than you give.
+#
+#*************************************************************************
+# This file implements regression tests for SQLite library.
+#
+
+set testdir [file dirname $argv0]
+source $testdir/tester.tcl
+set testprefix without_rowid7
+
+do_execsql_test 1.0 {
+ CREATE TABLE t1(a, b COLLATE nocase, PRIMARY KEY(a, a, b)) WITHOUT ROWID;
+}
+
+do_catchsql_test 1.1 {
+ INSERT INTO t1 VALUES(1, 'one'), (1, 'ONE');
+} {1 {UNIQUE constraint failed: t1.a, t1.b}}
+
+
+do_execsql_test 2.0 {
+ CREATE TABLE t2(a, b, PRIMARY KEY(a, a COLLATE nocase, a)) WITHOUT ROWID;
+}
+
+do_execsql_test 2.1 {
+ INSERT INTO t2 VALUES(1, 'one');
+ SELECT b FROM t2;
+} {one}
+
+
+finish_test
+
--
2.22.0.657.g960e92d24f-goog