Fossil

Check-in [174d61b9]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a possible buffer overrun in the delta_apply() routine if handed an invalid delta.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:174d61b90a7e4fe366f5914b80facb220d1cee7a
User & Date: drh 2010-12-23 18:00:33
Context
2010-12-23
18:18
Add the test-integrity command for verifying repository integrity. Also add an "all" version of this command. check-in: d5673454 user: drh tags: trunk
18:00
Fix a possible buffer overrun in the delta_apply() routine if handed an invalid delta. check-in: 174d61b9 user: drh tags: trunk
17:53
Fix a (harmless) buffer size miscalculation in the decompression logic. check-in: 52aa366c user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/delta.c.

534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
  while( *zDelta && lenDelta>0 ){
    unsigned int cnt, ofst;
    cnt = getInt(&zDelta, &lenDelta);
    switch( zDelta[0] ){
      case '@': {
        zDelta++; lenDelta--;
        ofst = getInt(&zDelta, &lenDelta);
        if( zDelta[0]!=',' ){
          /* ERROR: copy command not terminated by ',' */
          return -1;
        }
        zDelta++; lenDelta--;
        DEBUG1( printf("COPY %d from %d\n", cnt, ofst); )
        total += cnt;
        if( total>limit ){







|







534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
  while( *zDelta && lenDelta>0 ){
    unsigned int cnt, ofst;
    cnt = getInt(&zDelta, &lenDelta);
    switch( zDelta[0] ){
      case '@': {
        zDelta++; lenDelta--;
        ofst = getInt(&zDelta, &lenDelta);
        if( lenDelta>0 && zDelta[0]!=',' ){
          /* ERROR: copy command not terminated by ',' */
          return -1;
        }
        zDelta++; lenDelta--;
        DEBUG1( printf("COPY %d from %d\n", cnt, ofst); )
        total += cnt;
        if( total>limit ){