blob: 40c5e6f2ce4e3d6ad236f6814b811cab8621c6dd (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
From dd6c33d372f3b83f4fe57904c2bd5ebba5c38018 Mon Sep 17 00:00:00 2001
From: drh <drh@noemail.net>
Date: Sat, 23 May 2020 19:58:07 +0000
Subject: [PATCH] Limit the "precision" of floating-point to text conversions
in the printf() function to 100,000,000. Fix for ticket [23439ea582241138].
FossilOrigin-Name: d08d3405878d394e08e5d3af281246edfbd81ca74cc8d16458808591512fb93d
Upstream-Status: Backport
CVE: CVE-2020-13434
Reference to upstream patch:
https://github.com/sqlite/sqlite/commit/dd6c33d372f3b83f4fe57904c2bd5ebba5c38018
Patch converted to amalgamation format
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
diff --git a/sqlite3.c b/sqlite3.c
index 55dc686..5ff2c14 100644
--- a/sqlite3.c
+++ b/sqlite3.c
@@ -28147,6 +28147,13 @@ static char *printfTempBuf(sqlite3_str *pAccum, sqlite3_int64 n){
#endif
#define etBUFSIZE SQLITE_PRINT_BUF_SIZE /* Size of the output buffer */
+/*
+** Hard limit on the precision of floating-point conversions.
+*/
+#ifndef SQLITE_PRINTF_PRECISION_LIMIT
+# define SQLITE_FP_PRECISION_LIMIT 100000000
+#endif
+
/*
** Render a string given by "fmt" into the StrAccum object.
*/
@@ -28468,6 +28475,11 @@ SQLITE_API void sqlite3_str_vappendf(
length = 0;
#else
if( precision<0 ) precision = 6; /* Set default precision */
+#ifdef SQLITE_FP_PRECISION_LIMIT
+ if( precision>SQLITE_FP_PRECISION_LIMIT ){
+ precision = SQLITE_FP_PRECISION_LIMIT;
+ }
+#endif
if( realvalue<0.0 ){
realvalue = -realvalue;
prefix = '-';
|
