Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(145)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/sqlite/patches/0013-backport-Fix-buffer-overrun-in-ICU-extension-s-casem.patch

Issue 2751253002: [sql] Import SQLite 3.17.0. (Closed)
Patch Set: also clang on Linux i386 Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/sqlite/patches/0012-Use-safe-macros-for-UTF-8-iteration-in-sqlite-icu-ex.patch ('k') | third_party/sqlite/patches/0014-backport-Address-integer-overflow-in-sqlite3MulInt64.patch » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/sqlite/patches/0013-backport-Fix-buffer-overrun-in-ICU-extension-s-casem.patch
diff --git a/third_party/sqlite/patches/0013-backport-Fix-buffer-overrun-in-ICU-extension-s-casem.patch b/third_party/sqlite/patches/0013-backport-Fix-buffer-overrun-in-ICU-extension-s-casem.patch
deleted file mode 100644
index d18fd15f2f950bcb6c3f9122aed72ba5d7240203..0000000000000000000000000000000000000000
--- a/third_party/sqlite/patches/0013-backport-Fix-buffer-overrun-in-ICU-extension-s-casem.patch
+++ /dev/null
@@ -1,119 +0,0 @@
-From 0d13e8740021aeeb849662f03f49720287cabe0c Mon Sep 17 00:00:00 2001
-From: Scott Hess <shess@chromium.org>
-Date: Fri, 26 Feb 2016 10:49:33 -0800
-Subject: [PATCH 13/13] [backport] Fix buffer overrun in ICU extension's
- casemap functions.
-
-Original Chromium CL at https://codereview.chromium.org/1704103002
-
-"Fix sqlite3's handling of casemapping result 3 times as long as input"
-
-SQLite interpretation at http://www.sqlite.org/src/info/b8dc1b9f5d413000
-
-"Fix a potential buffer overflow in the ICU upper() function."
-
-BUG=586079
----
- third_party/sqlite/src/ext/icu/icu.c | 48 +++++++++++++++++++++---------------
- third_party/sqlite/src/test/icu.test | 9 +++++++
- 2 files changed, 37 insertions(+), 20 deletions(-)
-
-diff --git a/third_party/sqlite/src/ext/icu/icu.c b/third_party/sqlite/src/ext/icu/icu.c
-index 5654366..263cd98 100644
---- a/third_party/sqlite/src/ext/icu/icu.c
-+++ b/third_party/sqlite/src/ext/icu/icu.c
-@@ -355,11 +355,11 @@ static void icuRegexpFunc(sqlite3_context *p, int nArg, sqlite3_value **apArg){
- */
- static void icuCaseFunc16(sqlite3_context *p, int nArg, sqlite3_value **apArg){
- const UChar *zInput;
-- UChar *zOutput;
-+ UChar *zOutput = 0;
- int nInput;
-- int nOutput;
--
-- UErrorCode status = U_ZERO_ERROR;
-+ int nOut;
-+ int cnt;
-+ UErrorCode status;
- const char *zLocale = 0;
-
- assert(nArg==1 || nArg==2);
-@@ -371,26 +371,34 @@ static void icuCaseFunc16(sqlite3_context *p, int nArg, sqlite3_value **apArg){
- if( !zInput ){
- return;
- }
-- nInput = sqlite3_value_bytes16(apArg[0]);
--
-- nOutput = nInput * 2 + 2;
-- zOutput = sqlite3_malloc(nOutput);
-- if( !zOutput ){
-+ nOut = nInput = sqlite3_value_bytes16(apArg[0]);
-+ if( nOut==0 ){
-+ sqlite3_result_text16(p, "", 0, SQLITE_STATIC);
- return;
- }
-
-- if( sqlite3_user_data(p) ){
-- u_strToUpper(zOutput, nOutput/2, zInput, nInput/2, zLocale, &status);
-- }else{
-- u_strToLower(zOutput, nOutput/2, zInput, nInput/2, zLocale, &status);
-- }
--
-- if( !U_SUCCESS(status) ){
-- icuFunctionError(p, "u_strToLower()/u_strToUpper", status);
-- return;
-+ for(cnt=0; cnt<2; cnt++){
-+ UChar *zNew = sqlite3_realloc(zOutput, nOut);
-+ if( zNew==0 ){
-+ sqlite3_free(zOutput);
-+ sqlite3_result_error_nomem(p);
-+ return;
-+ }
-+ zOutput = zNew;
-+ status = U_ZERO_ERROR;
-+ if( sqlite3_user_data(p) ){
-+ nOut = 2*u_strToUpper(zOutput,nOut/2,zInput,nInput/2,zLocale,&status);
-+ }else{
-+ nOut = 2*u_strToLower(zOutput,nOut/2,zInput,nInput/2,zLocale,&status);
-+ }
-+ if( !U_SUCCESS(status) ){
-+ if( status==U_BUFFER_OVERFLOW_ERROR ) continue;
-+ icuFunctionError(p,
-+ sqlite3_user_data(p) ? "u_strToUpper()" : "u_strToLower", status);
-+ return;
-+ }
- }
--
-- sqlite3_result_text16(p, zOutput, -1, xFree);
-+ sqlite3_result_text16(p, zOutput, nOut, xFree);
- }
-
- /*
-diff --git a/third_party/sqlite/src/test/icu.test b/third_party/sqlite/src/test/icu.test
-index 73cb9b9..743bcfa 100644
---- a/third_party/sqlite/src/test/icu.test
-+++ b/third_party/sqlite/src/test/icu.test
-@@ -72,6 +72,10 @@ test_expr icu-2.6 {i1=$::OGRAVE} {upper(i1)} $::OGRAVE
- test_expr icu-2.7 {i1=$::szlig} {upper(i1)} "SS"
- test_expr icu-2.8 {i1='SS'} {lower(i1)} "ss"
-
-+do_execsql_test icu-2.9 {
-+ SELECT upper(char(0xfb04,0xfb04,0xfb04,0xfb04));
-+} {FFLFFLFFLFFL}
-+
- # In turkish (locale="tr_TR"), the lower case version of I
- # is "small dotless i" (code point 0x131 (decimal 305)).
- #
-@@ -133,4 +137,9 @@ do_catchsql_test icu-5.4 {
- do_catchsql_test icu-5.4 { SELECT 'abc' REGEXP } {1 {near " ": syntax error}}
- do_catchsql_test icu-5.5 { SELECT 'abc' REGEXP, 1 } {1 {near ",": syntax error}}
-
-+
-+do_malloc_test icu-6.10 -sqlbody {
-+ SELECT upper(char(0xfb04,0xdf,0xfb04,0xe8,0xfb04));
-+}
-+
- finish_test
---
-2.7.0
-
« no previous file with comments | « third_party/sqlite/patches/0012-Use-safe-macros-for-UTF-8-iteration-in-sqlite-icu-ex.patch ('k') | third_party/sqlite/patches/0014-backport-Address-integer-overflow-in-sqlite3MulInt64.patch » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698