Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bugs in ExtendedCommand.removeQuotation cause possible StringIndexOutOfBoundsException #1141

Closed
arthurscchan opened this issue Jul 11, 2024 · 2 comments
Closed

Bugs in ExtendedCommand.removeQuotation cause possible StringIndexOutOfBoundsException #1141

arthurscchan opened this issue Jul 11, 2024 · 2 comments
Labels
enhancement released Issue has been released

Comments

@arthurscchan
Copy link
Contributor

Describe the bug
The org.sqlite.ExtendedCommand::removeQuotation(String) could throw an unexpected StringIndexOutOfBoundsException with invalid input. The method checks if the provided string starts and ends with the same quotation mark and removes them. But if the string is invalid with just a single quotation mark, the conditional check still passes but the substring method will throw a StringIndexOutOfBoundsException because the second argument for the substring method will be less than the first argument. If this method is being used in part of more complicated command string processing, then the unexpected exception could crash the run unexpectedly.

To Reproduce
Here is a proof of concept code for triggering the bug. Just compile and run it is enough to trigger the bug.

import org.sqlite.ExtendedCommand;
public class ProofOfConcept {
  public static void main(String...args) {
    ExtendedCommand.removeQuotation("\"");
  }
}

Expected behaviour
It should return the original string since in theory, it should fail in the conditional check.

Suggested fix
Changing the conditional check to consider a single quotation string should be better. For example, add a length check to avoid the single quotation character string to pass the existing conditional check.
@gotson
Copy link
Collaborator

gotson commented Aug 19, 2024

PR Welcome

@gotson gotson added enhancement and removed triage labels Aug 19, 2024
@arthurscchan arthurscchan mentioned this issue Aug 19, 2024
Merged
@gotson gotson closed this as completed in 2fdb1e9 Nov 20, 2024
@github-actions GitHub Actions
Copy link
Contributor

🎉 This issue has been resolved in 3.47.1.0 (Release Notes)

@github-actions github-actions bot added the released Issue has been released label Nov 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement released Issue has been released
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gotson @arthurscchan