Fossil SCM

Avoid unsigned integer overflow in the delta_apply() function when handed a maliciously malformed input.

drh 2026-01-12 19:51 trunk
Commit e417a5070bf0af2995625137997adfe1f3025149aa57b5da390bae6a4859f122
Parent b0188ce122c43b4…
1 file changed +2 -2
~ src/delta.c
M src/delta.c
+2 -2
--- src/delta.c
+++ src/delta.c
@@ -572,12 +572,12 @@
572572
 int lenSrc, /* Length of the source file */
573573
 const char *zDelta, /* Delta to apply to the pattern */
574574
 int lenDelta, /* Length of the delta */
575575
 char *zOut /* Write the output into this preallocated buffer */
576576
 ){
577
- unsigned int limit;
578
- unsigned int total = 0;
577
+ sqlite3_uint64 limit;
578
+ sqlite3_uint64 total = 0;
579579
 #ifdef FOSSIL_ENABLE_DELTA_CKSUM_TEST
580580
 char *zOrigOut = zOut;
581581
 #endif
582582
583583
 limit = getInt(&zDelta, &lenDelta);
584584
--- src/delta.c
+++ src/delta.c
@@ -572,12 +572,12 @@
572 int lenSrc, /* Length of the source file */
573 const char *zDelta, /* Delta to apply to the pattern */
574 int lenDelta, /* Length of the delta */
575 char *zOut /* Write the output into this preallocated buffer */
576 ){
577 unsigned int limit;
578 unsigned int total = 0;
579 #ifdef FOSSIL_ENABLE_DELTA_CKSUM_TEST
580 char *zOrigOut = zOut;
581 #endif
582
583 limit = getInt(&zDelta, &lenDelta);
584
--- src/delta.c
+++ src/delta.c
@@ -572,12 +572,12 @@
572 int lenSrc, /* Length of the source file */
573 const char *zDelta, /* Delta to apply to the pattern */
574 int lenDelta, /* Length of the delta */
575 char *zOut /* Write the output into this preallocated buffer */
576 ){
577 sqlite3_uint64 limit;
578 sqlite3_uint64 total = 0;
579 #ifdef FOSSIL_ENABLE_DELTA_CKSUM_TEST
580 char *zOrigOut = zOut;
581 #endif
582
583 limit = getInt(&zDelta, &lenDelta);
584

Keyboard Shortcuts

Open search /
Next entry (timeline) j
Previous entry (timeline) k
Open focused entry Enter
Show this help ?
Toggle theme Top nav button