[[ Bug 15416 ]] Make sure that invalid placeholders for SQLite query are not letting the query build

livecodesebastien · livecodesebastien · commit 8a0d6294a3e1 · 2015-06-01T14:19:22.000+01:00
diff --git a/docs/notes/bugfix-15416.md b/docs/notes/bugfix-15416.md
@@ -0,0 +1 @@
+# Crash when building a SQLite query with out-of-bounds placeholders
diff --git a/revdb/src/sqlite_connection.cpp b/revdb/src/sqlite_connection.cpp
@@ -387,6 +387,12 @@ bool queryCallback(void *p_context, int p_placeholder, DBBuffer& p_output)
 {
 	QueryMetadata *t_query_metadata;
 	t_query_metadata = (QueryMetadata *)p_context;
+    
+    
+    // SN-2015-06-01: [[ Bug 15416 ]] Make sure that we don't access an out-of-
+    //  bounds placeholder.
+    if (p_placeholder > t_query_metadata -> argument_count)
+        return false;
 
 	DBString t_parameter_value;
 	t_parameter_value = t_query_metadata -> arguments[p_placeholder - 1];

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+# Crash when building a SQLite query with out-of-bounds placeholders`