Fossil SCM
Fix an out-of-bounds array access in the function to decode a UTF-8 sequence (similar to a problem reported on the SQLite Forum: https://sqlite.org/forum/forumpost/184b372388).
Commit
59879abe16ed1d606c08302ddea3b3030309b9c30b29f496aa445ebb7a912f47
Parent
b1e811c3e705432…
1 file changed
+1
-1
+1
-1
| --- src/comformat.c | ||
| +++ src/comformat.c | ||
| @@ -303,11 +303,11 @@ | ||
| 303 | 303 | case 4: |
| 304 | 304 | *pUtf32 = |
| 305 | 305 | ( (z[0] & 0x0f)<<18 ) | |
| 306 | 306 | ( (z[1] & 0x3f)<<12 ) | |
| 307 | 307 | ( (z[2] & 0x3f)<< 6 ) | |
| 308 | - ( (z[4] & 0x3f)<< 0 ) ; | |
| 308 | + ( (z[3] & 0x3f)<< 0 ) ; | |
| 309 | 309 | break; |
| 310 | 310 | case 3: |
| 311 | 311 | *pUtf32 = |
| 312 | 312 | ( (z[0] & 0x0f)<<12 ) | |
| 313 | 313 | ( (z[1] & 0x3f)<< 6 ) | |
| 314 | 314 |
| --- src/comformat.c | |
| +++ src/comformat.c | |
| @@ -303,11 +303,11 @@ | |
| 303 | case 4: |
| 304 | *pUtf32 = |
| 305 | ( (z[0] & 0x0f)<<18 ) | |
| 306 | ( (z[1] & 0x3f)<<12 ) | |
| 307 | ( (z[2] & 0x3f)<< 6 ) | |
| 308 | ( (z[4] & 0x3f)<< 0 ) ; |
| 309 | break; |
| 310 | case 3: |
| 311 | *pUtf32 = |
| 312 | ( (z[0] & 0x0f)<<12 ) | |
| 313 | ( (z[1] & 0x3f)<< 6 ) | |
| 314 |
| --- src/comformat.c | |
| +++ src/comformat.c | |
| @@ -303,11 +303,11 @@ | |
| 303 | case 4: |
| 304 | *pUtf32 = |
| 305 | ( (z[0] & 0x0f)<<18 ) | |
| 306 | ( (z[1] & 0x3f)<<12 ) | |
| 307 | ( (z[2] & 0x3f)<< 6 ) | |
| 308 | ( (z[3] & 0x3f)<< 0 ) ; |
| 309 | break; |
| 310 | case 3: |
| 311 | *pUtf32 = |
| 312 | ( (z[0] & 0x0f)<<12 ) | |
| 313 | ( (z[1] & 0x3f)<< 6 ) | |
| 314 |