diff options
| author | drh <> | 2023-07-22 16:37:28 +0000 |
|---|---|---|
| committer | drh <> | 2023-07-22 16:37:28 +0000 |
| commit | 5d03b1610f268916a7609d5fb290441a07787357 (patch) | |
| tree | 44b3b8dc59c60436c5b1a9eca628ffae0eaf989b /src | |
| parent | 61a5b6e3bc0482ed169c86760e83c6d95a5b94c7 (diff) | |
| download | sqlite-5d03b1610f268916a7609d5fb290441a07787357.tar.gz sqlite-5d03b1610f268916a7609d5fb290441a07787357.zip | |
Do not read past the end of a text buffer looking for a zero terminator, as
that space might not be initialized. If the buffer is owned, just set the
null terminator. This is a better fix for the OSSFuzz-detected
use-of-initialized-value problem.
FossilOrigin-Name: 931bccb0cc290b8bf3027641e7a7fac30e3244d7dc84aa9e38b24b7e9544ca06
Diffstat (limited to 'src')
| -rw-r--r-- | src/vdbemem.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/vdbemem.c b/src/vdbemem.c index 3f845452c..b5a794ae8 100644 --- a/src/vdbemem.c +++ b/src/vdbemem.c @@ -328,8 +328,8 @@ void sqlite3VdbeMemZeroTerminateIfAble(Mem *pMem){ if( pMem->flags & MEM_Dyn ){ if( pMem->xDel==sqlite3_free && sqlite3_msize(pMem->z) >= (u64)(pMem->n+1) - && pMem->z[pMem->n]==0 ){ + pMem->z[pMem->n] = 0; pMem->flags |= MEM_Term; return; } |