Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | On unix, use setrlimit() to limit total heap space usage to 1GB on 32-bit systems and 10GB on 64-bit systems, and total stack space to 2MB, as a proactive defense again the "stack clash" vulnerability found on many unix-like OSes. I do not yet know if these limits are reasonable. |
|---|---|
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
6e6e4b1d26e187ed5e2bd2aae0c62bf7 |
| User & Date: | drh 2017-06-20 13:35:25.805 |
Context
|
2017-06-21
| ||
| 11:48 | Unicode 10 is officially released now. check-in: 14d8d31b1a user: jan.nijtmans tags: trunk | |
|
2017-06-20
| ||
| 13:35 | On unix, use setrlimit() to limit total heap space usage to 1GB on 32-bit systems and 10GB on 64-bit systems, and total stack space to 2MB, as a proactive defense again the "stack clash" vulnerability found on many unix-like OSes. I do not yet know if these limits are reasonable. check-in: 6e6e4b1d26 user: drh tags: trunk | |
|
2017-06-19
| ||
| 01:55 | Make sure the /uv webpage returns a sensible error if the unversioned table does not exist. check-in: a49ef37865 user: drh tags: trunk | |
Changes
Changes to src/main.c.
| ︙ | ︙ | |||
551 552 553 554 555 556 557 558 559 560 561 562 563 564 |
#endif
int main(int argc, char **argv)
#endif
{
const char *zCmdName = "unknown";
const CmdOrPage *pCmd = 0;
int rc;
if( sqlite3_libversion_number()<3014000 ){
fossil_fatal("Unsuitable SQLite version %s, must be at least 3.14.0",
sqlite3_libversion());
}
sqlite3_config(SQLITE_CONFIG_MULTITHREAD);
sqlite3_config(SQLITE_CONFIG_LOG, fossil_sqlite_log, 0);
memset(&g, 0, sizeof(g));
| > > > > > > > > > > | 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 |
#endif
int main(int argc, char **argv)
#endif
{
const char *zCmdName = "unknown";
const CmdOrPage *pCmd = 0;
int rc;
/* Limit the total amount of heap and stack space available to
** Fossil as a defense against "stack clash" attacks. 64-bit systems
** have much larger limits than 32-bit systems. */
if( sizeof(pCmd)==4 ){
fossil_limit_memory( 1000000000, 2000000); /* 32-bit systems */
}else{
fossil_limit_memory(10000000000, 2000000); /* 64-bit systems */
}
if( sqlite3_libversion_number()<3014000 ){
fossil_fatal("Unsuitable SQLite version %s, must be at least 3.14.0",
sqlite3_libversion());
}
sqlite3_config(SQLITE_CONFIG_MULTITHREAD);
sqlite3_config(SQLITE_CONFIG_LOG, fossil_sqlite_log, 0);
memset(&g, 0, sizeof(g));
|
| ︙ | ︙ |
Changes to src/util.c.
| ︙ | ︙ | |||
445 446 447 448 449 450 451 |
}else{
sqlite3_open("",&db);
}
sqlite3_file_control(db, 0, SQLITE_FCNTL_TEMPFILENAME, (void*)&zTFile);
if( g.db==0 ) sqlite3_close(db);
return zTFile;
}
| > > > > > > > > > > > > > > > > > > > > > > > > > > | 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 |
}else{
sqlite3_open("",&db);
}
sqlite3_file_control(db, 0, SQLITE_FCNTL_TEMPFILENAME, (void*)&zTFile);
if( g.db==0 ) sqlite3_close(db);
return zTFile;
}
/*
** Limit the total amount of memory available to Fossil
*/
void fossil_limit_memory(sqlite3_int64 nHeap, sqlite3_int64 nStack){
#if defined(__unix__)
struct rlimit x;
#if defined(RLIMIT_DATA)
getrlimit(RLIMIT_DATA, &x);
if( sizeof(x.rlim_cur)<8 && nHeap>0x7fffffff ){
nHeap = 0x7fffffff;
}
x.rlim_cur = (rlim_t)nHeap;
setrlimit(RLIMIT_DATA, &x);
#endif /* defined(RLIMIT_DATA) */
#if defined(RLIMIT_STACK)
getrlimit(RLIMIT_STACK, &x);
if( sizeof(x.rlim_cur)<8 && nStack>0x7fffffff ){
nStack = 0x7fffffff;
}
x.rlim_cur = (rlim_t)nStack;
setrlimit(RLIMIT_STACK, &x);
#endif /* defined(RLIMIT_STACK) */
#endif /* defined(__unix__) */
}
|