Skip to content

Commit 7766349

Browse files
tniessenaduh95
tniessen
authored and
aduh95
committed
sqlite: fix segfault in expandedSQL
The call to sqlite3_expanded_sql() may return NULL depending on various factors. Handle this case instead of running into a segmentation fault. PR-URL: #54687 Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Michaël Zasso <[email protected]>
1 parent 40ba89e commit 7766349

File tree

1 file changed

+20
-5
lines changed

1 file changed

+20
-5
lines changed

src/node_sqlite.cc

Lines changed: 20 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -52,18 +52,23 @@ using v8::Value;
5252
} \
5353
} while (0)
5454

55-
inline Local<Value> CreateSQLiteError(Isolate* isolate, sqlite3* db) {
56-
int errcode = sqlite3_extended_errcode(db);
57-
const char* errstr = sqlite3_errstr(errcode);
58-
const char* errmsg = sqlite3_errmsg(db);
59-
Local<String> js_msg = String::NewFromUtf8(isolate, errmsg).ToLocalChecked();
55+
inline Local<Object> CreateSQLiteError(Isolate* isolate, const char* message) {
56+
Local<String> js_msg = String::NewFromUtf8(isolate, message).ToLocalChecked();
6057
Local<Object> e = Exception::Error(js_msg)
6158
->ToObject(isolate->GetCurrentContext())
6259
.ToLocalChecked();
6360
e->Set(isolate->GetCurrentContext(),
6461
OneByteString(isolate, "code"),
6562
OneByteString(isolate, "ERR_SQLITE_ERROR"))
6663
.Check();
64+
return e;
65+
}
66+
67+
inline Local<Object> CreateSQLiteError(Isolate* isolate, sqlite3* db) {
68+
int errcode = sqlite3_extended_errcode(db);
69+
const char* errstr = sqlite3_errstr(errcode);
70+
const char* errmsg = sqlite3_errmsg(db);
71+
Local<Object> e = CreateSQLiteError(isolate, errmsg);
6772
e->Set(isolate->GetCurrentContext(),
6873
OneByteString(isolate, "errcode"),
6974
Integer::New(isolate, errcode))
@@ -79,6 +84,10 @@ inline void THROW_ERR_SQLITE_ERROR(Isolate* isolate, sqlite3* db) {
7984
isolate->ThrowException(CreateSQLiteError(isolate, db));
8085
}
8186

87+
inline void THROW_ERR_SQLITE_ERROR(Isolate* isolate, const char* message) {
88+
isolate->ThrowException(CreateSQLiteError(isolate, message));
89+
}
90+
8291
DatabaseSync::DatabaseSync(Environment* env,
8392
Local<Object> object,
8493
Local<String> location,
@@ -623,7 +632,13 @@ void StatementSync::ExpandedSQL(const FunctionCallbackInfo<Value>& args) {
623632
Environment* env = Environment::GetCurrent(args);
624633
THROW_AND_RETURN_ON_BAD_STATE(
625634
env, stmt->IsFinalized(), "statement has been finalized");
635+
636+
// sqlite3_expanded_sql may return nullptr without producing an error code.
626637
char* expanded = sqlite3_expanded_sql(stmt->statement_);
638+
if (expanded == nullptr) {
639+
return THROW_ERR_SQLITE_ERROR(
640+
env->isolate(), "Expanded SQL text would exceed configured limits");
641+
}
627642
auto maybe_expanded = String::NewFromUtf8(env->isolate(), expanded);
628643
sqlite3_free(expanded);
629644
Local<String> result;

0 commit comments

Comments
 (0)