64 lines
1.8 KiB
Diff
64 lines
1.8 KiB
Diff
From 16c5290d72cb8059e9dfe545613183b850fc44e4 Mon Sep 17 00:00:00 2001
|
|
From: Ondrej Dubaj <odubaj@redhat.com>
|
|
Date: Mon, 20 Jan 2020 10:26:35 +0100
|
|
Subject: [PATCH] Fix the zipfile() function in the zipfile extension so that
|
|
it is able to
|
|
|
|
deal with goofy filenames that contain embedded zeros.
|
|
---
|
|
ext/misc/zipfile.c | 4 ++--
|
|
test/zipfile.test | 13 +++++++++++++
|
|
2 files changed, 15 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/ext/misc/zipfile.c b/ext/misc/zipfile.c
|
|
index 6f48d0f..e6141ef 100644
|
|
--- a/ext/misc/zipfile.c
|
|
+++ b/ext/misc/zipfile.c
|
|
@@ -1632,7 +1632,7 @@ static int zipfileUpdate(
|
|
zFree = sqlite3_mprintf("%s/", zPath);
|
|
if( zFree==0 ){ rc = SQLITE_NOMEM; }
|
|
zPath = (const char*)zFree;
|
|
- nPath++;
|
|
+ nPath = (int)strlen(zPath);
|
|
}
|
|
}
|
|
|
|
@@ -2033,11 +2033,11 @@ void zipfileStep(sqlite3_context *pCtx, int nVal, sqlite3_value **apVal){
|
|
}else{
|
|
if( zName[nName-1]!='/' ){
|
|
zName = zFree = sqlite3_mprintf("%s/", zName);
|
|
- nName++;
|
|
if( zName==0 ){
|
|
rc = SQLITE_NOMEM;
|
|
goto zipfile_step_out;
|
|
}
|
|
+ nName = (int)strlen(zName);
|
|
}else{
|
|
while( nName>1 && zName[nName-2]=='/' ) nName--;
|
|
}
|
|
diff --git a/test/zipfile.test b/test/zipfile.test
|
|
index 5bca10b..e4b8088 100644
|
|
--- a/test/zipfile.test
|
|
+++ b/test/zipfile.test
|
|
@@ -808,4 +808,17 @@ do_execsql_test 13.10 {
|
|
quote(data),quote(method) FROM t1;
|
|
} {'' 10 10 2 X'3130' X'3130' 0}
|
|
|
|
+# 2019-12-23 Yongheng and Rui fuzzer
|
|
+# Run using valgrind to see the problem.
|
|
+#
|
|
+do_execsql_test 14.10 {
|
|
+ DROP TABLE t1;
|
|
+ CREATE TABLE t1(x char);
|
|
+ INSERT INTO t1(x) VALUES('1');
|
|
+ INSERT INTO t1(x) SELECT zipfile(x, 'xyz') FROM t1;
|
|
+ INSERT INTO t1(x) SELECT zipfile(x, 'uvw') FROM t1;
|
|
+ SELECT count(*) FROM t1;
|
|
+ PRAGMA integrity_check;
|
|
+} {3 ok}
|
|
+
|
|
finish_test
|
|
--
|
|
2.19.1
|
|
|