bug on zPath length

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

bug on zPath length

Ondrej Dubaj
Hi,

I discovered an issue found by coverity scan.
sqlite-src-3260000/shell.c:5697: var_compare_op: Comparing "zFree" to null
implies that "zFree" might be null.
sqlite-src-3260000/shell.c:5698: alias_transfer: Assigning: "zPath" =
"zFree".
sqlite-src-3260000/shell.c:5699: var_deref_model: Passing null pointer
"zPath" to "strlen", which dereferences it.
# 5697| if( zFree==0 ){ rc = SQLITE_NOMEM; }
# 5698| zPath = (const char*)zFree;
# 5699|-> nPath = (int)strlen(zPath);
# 5700| }
# 5701| }

It sais that ZPath can be NULL during strlen() action. I have made a patch,
which seems to solve this issue. Can you please confirm or discomfirm my
cheanges?

diff --git a/ext/misc/zipfile.c b/ext/misc/zipfile.c
index e6141ef..1f214a4 100644
--- a/ext/misc/zipfile.c
+++ b/ext/misc/zipfile.c
@@ -1630,9 +1630,12 @@ static int zipfileUpdate(
** otherwise. */
if( zPath[nPath-1]!='/' ){
zFree = sqlite3_mprintf("%s/", zPath);
- if( zFree==0 ){ rc = SQLITE_NOMEM; }
- zPath = (const char*)zFree;
- nPath = (int)strlen(zPath);
+ if( zFree==0 ){
+ rc = SQLITE_NOMEM;
+ } else {
+ zPath = (const char*)zFree;
+ nPath = (int)strlen(zPath);
+ }
}
}
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: bug on zPath length

Richard Hipp-3
On 1/23/20, Ondrej Dubaj <[hidden email]> wrote:
> I discovered an issue found by coverity scan.

Thanks for the report.  This was previously fixed here:
https://www.sqlite.org/src/info/465a15c5c2077011


--
D. Richard Hipp
[hidden email]
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users