search

HappyPeng2x / SumatoraDictionary

An offline Japanese dictionary for Android.
GNU General Public License v3.0
22 stars 1 forks source link

Bad input sanitization? #7

Closed sG4ZvHrf closed 3 years ago

sG4ZvHrf commented 4 years ago

Expected Behavior

The application shouldn't crash.

Actual Behavior

When searching for with " in any part of the query, the application crashes.

How to Reproduce

Just search something like ", "blah, blah", or bl"ah. "" does not cause a crash.

HappyPeng2x commented 4 years ago

Thank you very much for the feedback.

Indeed it is required to sanitize input as MATCH queries for the FTS feature of SQLite are regex not plain text. It is an oversight on my part and I will fix it for the next version.

sG4ZvHrf commented 3 years ago

I would also like to add that both ( and ) seems to crash the program. I tried other things like SQLite's comment syntax, semicolons, apostrophes, etc but those functioned just fine. So I presume the problem is more or less limited to parenthesis and quotes.

Not sure if this helps, but just mentioning it here in case it does.

HappyPeng2x commented 3 years ago

Yes it helped, and it is fixed in 0.4.5.2. Thanks again!