From 9c502d42de289ce75451f59aaea2e303459c2b6c Mon Sep 17 00:00:00 2001 From: ndossche Date: Wed, 13 May 2026 16:45:49 +0200 Subject: [PATCH] sqlite: check null returns from sqlite value functions sqlite3_column_text() can return nullptr on failure which was not handled. sqlite3_column_blob() can return nullptr for zero-length BLOBs, which is then passed to memcpy() which is UB. Avoid this by checking for a nullptr. --- src/node_sqlite.cc | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/node_sqlite.cc b/src/node_sqlite.cc index f23f25ba0d58fe..838eb228baf540 100644 --- a/src/node_sqlite.cc +++ b/src/node_sqlite.cc @@ -121,6 +121,10 @@ inline MaybeLocal Utf8StringMaybeOneByte(Isolate* isolate, case SQLITE_TEXT: { \ const char* v = \ reinterpret_cast(sqlite3_##from##_text(__VA_ARGS__)); \ + if (v == nullptr) [[unlikely]] { \ + THROW_ERR_MEMORY_ALLOCATION_FAILED((isolate)); \ + break; \ + } \ const int v_len = sqlite3_##from##_bytes(__VA_ARGS__); \ (result) = \ Utf8StringMaybeOneByte((isolate), std::string_view(v, v_len)) \ @@ -138,7 +142,9 @@ inline MaybeLocal Utf8StringMaybeOneByte(Isolate* isolate, sqlite3_##from##_blob(__VA_ARGS__)); \ auto store = ArrayBuffer::NewBackingStore( \ (isolate), size, BackingStoreInitializationMode::kUninitialized); \ - memcpy(store->Data(), data, size); \ + if (data != nullptr) [[likely]] { \ + memcpy(store->Data(), data, size); \ + } \ auto ab = ArrayBuffer::New((isolate), std::move(store)); \ (result) = Uint8Array::New(ab, 0, size); \ break; \