xerial / sqlite-jdbc

SQLite JDBC Driver
Apache License 2.0
2.84k stars 619 forks source link

Bugs in ExtendedCommand.removeQuotation cause possible StringIndexOutOfBoundsException #1141

Open arthurscchan opened 3 months ago

arthurscchan commented 3 months ago

Describe the bug The org.sqlite.ExtendedCommand::removeQuotation(String) could throw an unexpected StringIndexOutOfBoundsException with invalid input. The method checks if the provided string starts and ends with the same quotation mark and removes them. But if the string is invalid with just a single quotation mark, the conditional check still passes but the substring method will throw a StringIndexOutOfBoundsException because the second argument for the substring method will be less than the first argument. If this method is being used in part of more complicated command string processing, then the unexpected exception could crash the run unexpectedly.

To Reproduce Here is a proof of concept code for triggering the bug. Just compile and run it is enough to trigger the bug.

import org.sqlite.ExtendedCommand;
public class ProofOfConcept {
  public static void main(String...args) {
    ExtendedCommand.removeQuotation("\"");
  }
}

Expected behaviour It should return the original string since in theory, it should fail in the conditional check.

Suggested fix Changing the conditional check to consider a single quotation string should be better. For example, add a length check to avoid the single quotation character string to pass the existing conditional check.

gotson commented 2 months ago

PR Welcome