Tags: nalgeon/sqlean
Tags
fix: define - incorporate upstream fixes from statement_vtab (#94) * Encode parameter indexes to a printable string in idxStr This resolves a potential vulnerability on platforms with uncommon integer widths (see below.) Per the discussion in sqlite.org/forum/info/853f5b586ecbf11c idxStr is strictly intended to reference valid string memory. statement_vtab uses idxStr to supply parameter indexes to xFilter, previously passing these as integer memory directly. It now serializes indexes using a fixed- length 6 bit encoding, which for speed and simplicity is printable but not necessarily readable. idxStr is currently included in EXPLAIN query results as well as in debug output from SQLite. On typical platforms where int is larger than SQLite's column maximum of 32767, previous buffers were incidentally valid for these only due to what amounts to several technicalities in the C standard. On platforms with less common integer widths -- such as those with 16 bit ints or where sizeof(int) is 1 -- there is a risk of overread and disclosure of subsequent memory if an untrusted user is able to execute an EXPLAIN query on a statement_vtab with a sufficient number of columns. Application of this fix can be verified at runtime with the following SQL: > CREATE VIRTUAL TABLE x USING statement((SELECT ?42, ?46)); > EXPLAIN SELECT * FROM x WHERE [46] = 0 AND [42] = 0; In the output of EXPLAIN, the VFilter opcode's P4 register will read "O!!!!!K!!!!!" (without quotes). Corresponds to 0x09/sqlite-statement-vtab@400bea1 * Handle conflicting AND constraints on columns Constraints such as `WHERE ColumnA = 1 AND ColumnA = 2` now result in an empty set rather than an error, which is consistent with the behavior of these queries against normal (non-virtual) SQLite tables. Purely redundant constraints (where ColumnA = 1 AND ColumnA = 1) likewise no longer result in an error. Corresponds to 0x09/sqlite-statement-vtab@e8f20f3 * Clarify shallow copy of argv in xFilter Corresponds to 0x09/sqlite-statement-vtab@77d338e
PreviousNext