From 16c5290d72cb8059e9dfe545613183b850fc44e4 Mon Sep 17 00:00:00 2001 From: Ondrej Dubaj Date: Mon, 20 Jan 2020 10:26:35 +0100 Subject: [PATCH] Fix the zipfile() function in the zipfile extension so that it is able to deal with goofy filenames that contain embedded zeros. --- ext/misc/zipfile.c | 4 ++-- test/zipfile.test | 13 +++++++++++++ 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/ext/misc/zipfile.c b/ext/misc/zipfile.c index 6f48d0f..e6141ef 100644 --- a/ext/misc/zipfile.c +++ b/ext/misc/zipfile.c @@ -1632,7 +1632,7 @@ static int zipfileUpdate( zFree = sqlite3_mprintf("%s/", zPath); if( zFree==0 ){ rc = SQLITE_NOMEM; } zPath = (const char*)zFree; - nPath++; + nPath = (int)strlen(zPath); } } @@ -2033,11 +2033,11 @@ void zipfileStep(sqlite3_context *pCtx, int nVal, sqlite3_value **apVal){ }else{ if( zName[nName-1]!='/' ){ zName = zFree = sqlite3_mprintf("%s/", zName); - nName++; if( zName==0 ){ rc = SQLITE_NOMEM; goto zipfile_step_out; } + nName = (int)strlen(zName); }else{ while( nName>1 && zName[nName-2]=='/' ) nName--; } diff --git a/test/zipfile.test b/test/zipfile.test index 5bca10b..e4b8088 100644 --- a/test/zipfile.test +++ b/test/zipfile.test @@ -808,4 +808,17 @@ do_execsql_test 13.10 { quote(data),quote(method) FROM t1; } {'' 10 10 2 X'3130' X'3130' 0} +# 2019-12-23 Yongheng and Rui fuzzer +# Run using valgrind to see the problem. +# +do_execsql_test 14.10 { + DROP TABLE t1; + CREATE TABLE t1(x char); + INSERT INTO t1(x) VALUES('1'); + INSERT INTO t1(x) SELECT zipfile(x, 'xyz') FROM t1; + INSERT INTO t1(x) SELECT zipfile(x, 'uvw') FROM t1; + SELECT count(*) FROM t1; + PRAGMA integrity_check; +} {3 ok} + finish_test -- 2.19.1