Commit e72f822
authored
Lossily coerce invalid UTF-8 in sqlite collation callback (#4219)
The safe Fn(&str, &str) -> Ordering signature exposed by
SqliteConnectOptions::collation() and LockedSqliteHandle::create_collation()
was backed by from_utf8_unchecked, so a database containing invalid UTF-8
text could reach the user callback and materialize &str values that violate
Rust's UTF-8 invariant inside a safe API.
SQLite explicitly documents that invalid UTF-8 may be passed into
application-defined collating sequences, so the FFI shim must not assume
well-formed bytes. Replace from_utf8_unchecked with String::from_utf8_lossy,
which matches the sqlite3_create_collation_v2 SQLITE_UTF8 flag and keeps
the safe signature sound without changing correct-UTF-8 behavior.
Fixes #4194
Co-authored-by: Joaquin Hui Gomez <joaquinhuigomez@users.noreply.github.com>1 parent 69ee0df commit e72f822
1 file changed
+7
-4
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
3 | 3 | | |
4 | 4 | | |
5 | 5 | | |
6 | | - | |
7 | 6 | | |
8 | 7 | | |
9 | 8 | | |
| |||
137 | 136 | | |
138 | 137 | | |
139 | 138 | | |
| 139 | + | |
| 140 | + | |
| 141 | + | |
| 142 | + | |
140 | 143 | | |
141 | 144 | | |
142 | | - | |
| 145 | + | |
143 | 146 | | |
144 | 147 | | |
145 | 148 | | |
146 | | - | |
| 149 | + | |
147 | 150 | | |
148 | | - | |
| 151 | + | |
149 | 152 | | |
150 | 153 | | |
151 | 154 | | |
| |||
0 commit comments