Fossil SCM
Cherry-pick [http://www.sqlite.org/src/info/ac760db0727209db|ac760db072] from SQLite: Fix a use-after-free problem in the shell tool code that could occur if an SQL statement were executed after an ".open" command with invalid options.
Commit
69b9b9563fd471936d8591fd2f7e79b3e4abe497
Parent
8a76861556c3ee1…
1 file changed
+4
-3
+4
-3
| --- src/shell.c | ||
| +++ src/shell.c | ||
| @@ -2210,11 +2210,11 @@ | ||
| 2210 | 2210 | " csv Comma-separated values\n" |
| 2211 | 2211 | " column Left-aligned columns. (See .width)\n" |
| 2212 | 2212 | " html HTML <table> code\n" |
| 2213 | 2213 | " insert SQL insert statements for TABLE\n" |
| 2214 | 2214 | " line One value per line\n" |
| 2215 | - " list Values delimited by .separator strings\n" | |
| 2215 | + " list Values delimited by \"|\"\n" | |
| 2216 | 2216 | " quote Escape answers as for SQL\n" |
| 2217 | 2217 | " tabs Tab-separated values\n" |
| 2218 | 2218 | " tcl TCL list elements\n" |
| 2219 | 2219 | ".nullvalue STRING Use STRING in place of NULL values\n" |
| 2220 | 2220 | ".once FILENAME Output for the next SQL command only to FILENAME\n" |
| @@ -4342,10 +4342,11 @@ | ||
| 4342 | 4342 | int newFlag = 0; /* True to delete file before opening */ |
| 4343 | 4343 | /* Close the existing database */ |
| 4344 | 4344 | session_close_all(p); |
| 4345 | 4345 | sqlite3_close(p->db); |
| 4346 | 4346 | p->db = 0; |
| 4347 | + p->zDbFilename = 0; | |
| 4347 | 4348 | sqlite3_free(p->zFreeOnClose); |
| 4348 | 4349 | p->zFreeOnClose = 0; |
| 4349 | 4350 | /* Check for command-line arguments */ |
| 4350 | 4351 | for(iName=1; iName<nArg && azArg[iName][0]=='-'; iName++){ |
| 4351 | 4352 | const char *z = azArg[iName]; |
| @@ -4612,11 +4613,11 @@ | ||
| 4612 | 4613 | } |
| 4613 | 4614 | }else |
| 4614 | 4615 | |
| 4615 | 4616 | #if defined(SQLITE_DEBUG) && defined(SQLITE_ENABLE_SELECTTRACE) |
| 4616 | 4617 | if( c=='s' && n==11 && strncmp(azArg[0], "selecttrace", n)==0 ){ |
| 4617 | - sqlite3SelectTrace = integerValue(azArg[1]); | |
| 4618 | + sqlite3SelectTrace = (int)integerValue(azArg[1]); | |
| 4618 | 4619 | }else |
| 4619 | 4620 | #endif |
| 4620 | 4621 | |
| 4621 | 4622 | #if defined(SQLITE_ENABLE_SESSION) |
| 4622 | 4623 | if( c=='s' && strncmp(azArg[0],"session",n)==0 && n>=3 ){ |
| @@ -5190,10 +5191,11 @@ | ||
| 5190 | 5191 | azArg[1]); |
| 5191 | 5192 | break; |
| 5192 | 5193 | } |
| 5193 | 5194 | } |
| 5194 | 5195 | }else |
| 5196 | +#endif /* !defined(SQLITE_UNTESTABLE) */ | |
| 5195 | 5197 | |
| 5196 | 5198 | if( c=='t' && n>4 && strncmp(azArg[0], "timeout", n)==0 ){ |
| 5197 | 5199 | open_db(p, 0); |
| 5198 | 5200 | sqlite3_busy_timeout(p->db, nArg>=2 ? (int)integerValue(azArg[1]) : 0); |
| 5199 | 5201 | }else |
| @@ -5226,11 +5228,10 @@ | ||
| 5226 | 5228 | }else{ |
| 5227 | 5229 | sqlite3_trace_v2(p->db, SQLITE_TRACE_STMT, sql_trace_callback,p->traceOut); |
| 5228 | 5230 | } |
| 5229 | 5231 | #endif |
| 5230 | 5232 | }else |
| 5231 | -#endif /* !defined(SQLITE_UNTESTABLE) */ | |
| 5232 | 5233 | |
| 5233 | 5234 | #if SQLITE_USER_AUTHENTICATION |
| 5234 | 5235 | if( c=='u' && strncmp(azArg[0], "user", n)==0 ){ |
| 5235 | 5236 | if( nArg<2 ){ |
| 5236 | 5237 | raw_printf(stderr, "Usage: .user SUBCOMMAND ...\n"); |
| 5237 | 5238 |
| --- src/shell.c | |
| +++ src/shell.c | |
| @@ -2210,11 +2210,11 @@ | |
| 2210 | " csv Comma-separated values\n" |
| 2211 | " column Left-aligned columns. (See .width)\n" |
| 2212 | " html HTML <table> code\n" |
| 2213 | " insert SQL insert statements for TABLE\n" |
| 2214 | " line One value per line\n" |
| 2215 | " list Values delimited by .separator strings\n" |
| 2216 | " quote Escape answers as for SQL\n" |
| 2217 | " tabs Tab-separated values\n" |
| 2218 | " tcl TCL list elements\n" |
| 2219 | ".nullvalue STRING Use STRING in place of NULL values\n" |
| 2220 | ".once FILENAME Output for the next SQL command only to FILENAME\n" |
| @@ -4342,10 +4342,11 @@ | |
| 4342 | int newFlag = 0; /* True to delete file before opening */ |
| 4343 | /* Close the existing database */ |
| 4344 | session_close_all(p); |
| 4345 | sqlite3_close(p->db); |
| 4346 | p->db = 0; |
| 4347 | sqlite3_free(p->zFreeOnClose); |
| 4348 | p->zFreeOnClose = 0; |
| 4349 | /* Check for command-line arguments */ |
| 4350 | for(iName=1; iName<nArg && azArg[iName][0]=='-'; iName++){ |
| 4351 | const char *z = azArg[iName]; |
| @@ -4612,11 +4613,11 @@ | |
| 4612 | } |
| 4613 | }else |
| 4614 | |
| 4615 | #if defined(SQLITE_DEBUG) && defined(SQLITE_ENABLE_SELECTTRACE) |
| 4616 | if( c=='s' && n==11 && strncmp(azArg[0], "selecttrace", n)==0 ){ |
| 4617 | sqlite3SelectTrace = integerValue(azArg[1]); |
| 4618 | }else |
| 4619 | #endif |
| 4620 | |
| 4621 | #if defined(SQLITE_ENABLE_SESSION) |
| 4622 | if( c=='s' && strncmp(azArg[0],"session",n)==0 && n>=3 ){ |
| @@ -5190,10 +5191,11 @@ | |
| 5190 | azArg[1]); |
| 5191 | break; |
| 5192 | } |
| 5193 | } |
| 5194 | }else |
| 5195 | |
| 5196 | if( c=='t' && n>4 && strncmp(azArg[0], "timeout", n)==0 ){ |
| 5197 | open_db(p, 0); |
| 5198 | sqlite3_busy_timeout(p->db, nArg>=2 ? (int)integerValue(azArg[1]) : 0); |
| 5199 | }else |
| @@ -5226,11 +5228,10 @@ | |
| 5226 | }else{ |
| 5227 | sqlite3_trace_v2(p->db, SQLITE_TRACE_STMT, sql_trace_callback,p->traceOut); |
| 5228 | } |
| 5229 | #endif |
| 5230 | }else |
| 5231 | #endif /* !defined(SQLITE_UNTESTABLE) */ |
| 5232 | |
| 5233 | #if SQLITE_USER_AUTHENTICATION |
| 5234 | if( c=='u' && strncmp(azArg[0], "user", n)==0 ){ |
| 5235 | if( nArg<2 ){ |
| 5236 | raw_printf(stderr, "Usage: .user SUBCOMMAND ...\n"); |
| 5237 |
| --- src/shell.c | |
| +++ src/shell.c | |
| @@ -2210,11 +2210,11 @@ | |
| 2210 | " csv Comma-separated values\n" |
| 2211 | " column Left-aligned columns. (See .width)\n" |
| 2212 | " html HTML <table> code\n" |
| 2213 | " insert SQL insert statements for TABLE\n" |
| 2214 | " line One value per line\n" |
| 2215 | " list Values delimited by \"|\"\n" |
| 2216 | " quote Escape answers as for SQL\n" |
| 2217 | " tabs Tab-separated values\n" |
| 2218 | " tcl TCL list elements\n" |
| 2219 | ".nullvalue STRING Use STRING in place of NULL values\n" |
| 2220 | ".once FILENAME Output for the next SQL command only to FILENAME\n" |
| @@ -4342,10 +4342,11 @@ | |
| 4342 | int newFlag = 0; /* True to delete file before opening */ |
| 4343 | /* Close the existing database */ |
| 4344 | session_close_all(p); |
| 4345 | sqlite3_close(p->db); |
| 4346 | p->db = 0; |
| 4347 | p->zDbFilename = 0; |
| 4348 | sqlite3_free(p->zFreeOnClose); |
| 4349 | p->zFreeOnClose = 0; |
| 4350 | /* Check for command-line arguments */ |
| 4351 | for(iName=1; iName<nArg && azArg[iName][0]=='-'; iName++){ |
| 4352 | const char *z = azArg[iName]; |
| @@ -4612,11 +4613,11 @@ | |
| 4613 | } |
| 4614 | }else |
| 4615 | |
| 4616 | #if defined(SQLITE_DEBUG) && defined(SQLITE_ENABLE_SELECTTRACE) |
| 4617 | if( c=='s' && n==11 && strncmp(azArg[0], "selecttrace", n)==0 ){ |
| 4618 | sqlite3SelectTrace = (int)integerValue(azArg[1]); |
| 4619 | }else |
| 4620 | #endif |
| 4621 | |
| 4622 | #if defined(SQLITE_ENABLE_SESSION) |
| 4623 | if( c=='s' && strncmp(azArg[0],"session",n)==0 && n>=3 ){ |
| @@ -5190,10 +5191,11 @@ | |
| 5191 | azArg[1]); |
| 5192 | break; |
| 5193 | } |
| 5194 | } |
| 5195 | }else |
| 5196 | #endif /* !defined(SQLITE_UNTESTABLE) */ |
| 5197 | |
| 5198 | if( c=='t' && n>4 && strncmp(azArg[0], "timeout", n)==0 ){ |
| 5199 | open_db(p, 0); |
| 5200 | sqlite3_busy_timeout(p->db, nArg>=2 ? (int)integerValue(azArg[1]) : 0); |
| 5201 | }else |
| @@ -5226,11 +5228,10 @@ | |
| 5228 | }else{ |
| 5229 | sqlite3_trace_v2(p->db, SQLITE_TRACE_STMT, sql_trace_callback,p->traceOut); |
| 5230 | } |
| 5231 | #endif |
| 5232 | }else |
| 5233 | |
| 5234 | #if SQLITE_USER_AUTHENTICATION |
| 5235 | if( c=='u' && strncmp(azArg[0], "user", n)==0 ){ |
| 5236 | if( nArg<2 ){ |
| 5237 | raw_printf(stderr, "Usage: .user SUBCOMMAND ...\n"); |
| 5238 |