Use strncmp instead of strcmp

warmwaffles · warmwaffles · commit 0c1cfd1f192b · 2026-03-27T15:53:03.000-05:00
diff --git a/c_src/sqlite3_nif.c b/c_src/sqlite3_nif.c
@@ -1453,108 +1453,109 @@ action_code_from_atom(ErlNifEnv* env, ERL_NIF_TERM atom)
     //        can safely ignore it here and avoid the pesky signed integer UB
 
     char buf[32];
-    if (!enif_get_atom(env, atom, buf, sizeof(buf), ERL_NIF_LATIN1)) {
+    const size_t buffsize = sizeof(buf);
+    if (!enif_get_atom(env, atom, buf, buffsize, ERL_NIF_LATIN1)) {
         return 0;
     }
-    buf[31] = 0;
+    buf[buffsize - 1] = 0;
 
-    if (strcmp(buf, "create_index") == 0) {
+    if (strncmp(buf, "create_index", buffsize) == 0) {
         return SQLITE_CREATE_INDEX;
     }
-    if (strcmp(buf, "create_table") == 0) {
+    if (strncmp(buf, "create_table", buffsize) == 0) {
         return SQLITE_CREATE_TABLE;
     }
-    if (strcmp(buf, "create_temp_index") == 0) {
+    if (strncmp(buf, "create_temp_index", buffsize) == 0) {
         return SQLITE_CREATE_TEMP_INDEX;
     }
-    if (strcmp(buf, "create_temp_table") == 0) {
+    if (strncmp(buf, "create_temp_table", buffsize) == 0) {
         return SQLITE_CREATE_TEMP_TABLE;
     }
-    if (strcmp(buf, "create_temp_trigger") == 0) {
+    if (strncmp(buf, "create_temp_trigger", buffsize) == 0) {
         return SQLITE_CREATE_TEMP_TRIGGER;
     }
-    if (strcmp(buf, "create_temp_view") == 0) {
+    if (strncmp(buf, "create_temp_view", buffsize) == 0) {
         return SQLITE_CREATE_TEMP_VIEW;
     }
-    if (strcmp(buf, "create_trigger") == 0) {
+    if (strncmp(buf, "create_trigger", buffsize) == 0) {
         return SQLITE_CREATE_TRIGGER;
     }
-    if (strcmp(buf, "create_view") == 0) {
+    if (strncmp(buf, "create_view", buffsize) == 0) {
         return SQLITE_CREATE_VIEW;
     }
-    if (strcmp(buf, "delete") == 0) {
+    if (strncmp(buf, "delete", buffsize) == 0) {
         return SQLITE_DELETE;
     }
-    if (strcmp(buf, "drop_index") == 0) {
+    if (strncmp(buf, "drop_index", buffsize) == 0) {
         return SQLITE_DROP_INDEX;
     }
-    if (strcmp(buf, "drop_table") == 0) {
+    if (strncmp(buf, "drop_table", buffsize) == 0) {
         return SQLITE_DROP_TABLE;
     }
-    if (strcmp(buf, "drop_temp_index") == 0) {
+    if (strncmp(buf, "drop_temp_index", buffsize) == 0) {
         return SQLITE_DROP_TEMP_INDEX;
     }
-    if (strcmp(buf, "drop_temp_table") == 0) {
+    if (strncmp(buf, "drop_temp_table", buffsize) == 0) {
         return SQLITE_DROP_TEMP_TABLE;
     }
-    if (strcmp(buf, "drop_temp_trigger") == 0) {
+    if (strncmp(buf, "drop_temp_trigger", buffsize) == 0) {
         return SQLITE_DROP_TEMP_TRIGGER;
     }
-    if (strcmp(buf, "drop_temp_view") == 0) {
+    if (strncmp(buf, "drop_temp_view", buffsize) == 0) {
         return SQLITE_DROP_TEMP_VIEW;
     }
-    if (strcmp(buf, "drop_trigger") == 0) {
+    if (strncmp(buf, "drop_trigger", buffsize) == 0) {
         return SQLITE_DROP_TRIGGER;
     }
-    if (strcmp(buf, "drop_view") == 0) {
+    if (strncmp(buf, "drop_view", buffsize) == 0) {
         return SQLITE_DROP_VIEW;
     }
-    if (strcmp(buf, "insert") == 0) {
+    if (strncmp(buf, "insert", buffsize) == 0) {
         return SQLITE_INSERT;
     }
-    if (strcmp(buf, "pragma") == 0) {
+    if (strncmp(buf, "pragma", buffsize) == 0) {
         return SQLITE_PRAGMA;
     }
-    if (strcmp(buf, "read") == 0) {
+    if (strncmp(buf, "read", buffsize) == 0) {
         return SQLITE_READ;
     }
-    if (strcmp(buf, "select") == 0) {
+    if (strncmp(buf, "select", buffsize) == 0) {
         return SQLITE_SELECT;
     }
-    if (strcmp(buf, "transaction") == 0) {
+    if (strncmp(buf, "transaction", buffsize) == 0) {
         return SQLITE_TRANSACTION;
     }
-    if (strcmp(buf, "update") == 0) {
+    if (strncmp(buf, "update", buffsize) == 0) {
         return SQLITE_UPDATE;
     }
-    if (strcmp(buf, "attach") == 0) {
+    if (strncmp(buf, "attach", buffsize) == 0) {
         return SQLITE_ATTACH;
     }
-    if (strcmp(buf, "detach") == 0) {
+    if (strncmp(buf, "detach", buffsize) == 0) {
         return SQLITE_DETACH;
     }
-    if (strcmp(buf, "alter_table") == 0) {
+    if (strncmp(buf, "alter_table", buffsize) == 0) {
         return SQLITE_ALTER_TABLE;
     }
-    if (strcmp(buf, "reindex") == 0) {
+    if (strncmp(buf, "reindex", buffsize) == 0) {
         return SQLITE_REINDEX;
     }
-    if (strcmp(buf, "analyze") == 0) {
+    if (strncmp(buf, "analyze", buffsize) == 0) {
         return SQLITE_ANALYZE;
     }
-    if (strcmp(buf, "create_vtable") == 0) {
+    if (strncmp(buf, "create_vtable", buffsize) == 0) {
         return SQLITE_CREATE_VTABLE;
     }
-    if (strcmp(buf, "drop_vtable") == 0) {
+    if (strncmp(buf, "drop_vtable", buffsize) == 0) {
         return SQLITE_DROP_VTABLE;
     }
-    if (strcmp(buf, "function") == 0) {
+    if (strncmp(buf, "function", buffsize) == 0) {
         return SQLITE_FUNCTION;
     }
-    if (strcmp(buf, "savepoint") == 0) {
+    if (strncmp(buf, "savepoint", buffsize) == 0) {
         return SQLITE_SAVEPOINT;
     }
-    if (strcmp(buf, "recursive") == 0) {
+    if (strncmp(buf, "recursive", buffsize) == 0) {
         return SQLITE_RECURSIVE;
     }
 
@@ -1603,7 +1604,8 @@ exqlite_set_authorizer(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
     // Validate all atoms before mutating state — a bad atom in the list
     // should not clear an existing authorizer as a side effect.
     int new_deny[AUTHORIZER_DENY_SIZE] = {0};
-    ERL_NIF_TERM head, tail = argv[1];
+    ERL_NIF_TERM head;
+    ERL_NIF_TERM tail = argv[1];
     while (enif_get_list_cell(env, tail, &head, &tail)) {
         unsigned int code = action_code_from_atom(env, head);
         if (code == 0) {
diff --git a/test/exqlite/sqlite3_test.exs b/test/exqlite/sqlite3_test.exs
@@ -854,6 +854,12 @@ defmodule Exqlite.Sqlite3Test do
                )
     end
 
+    test "ensure long atoms are handled", context do
+      assert_raise ArgumentError, fn ->
+        Sqlite3.set_authorizer(context.conn, [:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbb])
+      end
+    end
+
     test "denies all action codes at once without segfault", context do
       all_actions = [
         :create_index,

Original file line number	Diff line number	Diff line change
`@@ -1453,108 +1453,109 @@ action_code_from_atom(ErlNifEnv* env, ERL_NIF_TERM atom)`
`1453`	`1453`	`// can safely ignore it here and avoid the pesky signed integer UB`
`1454`	`1454`
`1455`	`1455`	`char buf[32];`
`1456`		`- if (!enif_get_atom(env, atom, buf, sizeof(buf), ERL_NIF_LATIN1)) {`
	`1456`	`+ const size_t buffsize = sizeof(buf);`
	`1457`	`+ if (!enif_get_atom(env, atom, buf, buffsize, ERL_NIF_LATIN1)) {`
`1457`	`1458`	`return 0;`
`1458`	`1459`	`}`
`1459`		`- buf[31] = 0;`
	`1460`	`+ buf[buffsize - 1] = 0;`
`1460`	`1461`
`1461`		`- if (strcmp(buf, "create_index") == 0) {`
	`1462`	`+ if (strncmp(buf, "create_index", buffsize) == 0) {`
`1462`	`1463`	`return SQLITE_CREATE_INDEX;`
`1463`	`1464`	`}`
`1464`		`- if (strcmp(buf, "create_table") == 0) {`
	`1465`	`+ if (strncmp(buf, "create_table", buffsize) == 0) {`
`1465`	`1466`	`return SQLITE_CREATE_TABLE;`
`1466`	`1467`	`}`
`1467`		`- if (strcmp(buf, "create_temp_index") == 0) {`
	`1468`	`+ if (strncmp(buf, "create_temp_index", buffsize) == 0) {`
`1468`	`1469`	`return SQLITE_CREATE_TEMP_INDEX;`
`1469`	`1470`	`}`
`1470`		`- if (strcmp(buf, "create_temp_table") == 0) {`
	`1471`	`+ if (strncmp(buf, "create_temp_table", buffsize) == 0) {`
`1471`	`1472`	`return SQLITE_CREATE_TEMP_TABLE;`
`1472`	`1473`	`}`
`1473`		`- if (strcmp(buf, "create_temp_trigger") == 0) {`
	`1474`	`+ if (strncmp(buf, "create_temp_trigger", buffsize) == 0) {`
`1474`	`1475`	`return SQLITE_CREATE_TEMP_TRIGGER;`
`1475`	`1476`	`}`
`1476`		`- if (strcmp(buf, "create_temp_view") == 0) {`
	`1477`	`+ if (strncmp(buf, "create_temp_view", buffsize) == 0) {`
`1477`	`1478`	`return SQLITE_CREATE_TEMP_VIEW;`
`1478`	`1479`	`}`
`1479`		`- if (strcmp(buf, "create_trigger") == 0) {`
	`1480`	`+ if (strncmp(buf, "create_trigger", buffsize) == 0) {`
`1480`	`1481`	`return SQLITE_CREATE_TRIGGER;`
`1481`	`1482`	`}`
`1482`		`- if (strcmp(buf, "create_view") == 0) {`
	`1483`	`+ if (strncmp(buf, "create_view", buffsize) == 0) {`
`1483`	`1484`	`return SQLITE_CREATE_VIEW;`
`1484`	`1485`	`}`
`1485`		`- if (strcmp(buf, "delete") == 0) {`
	`1486`	`+ if (strncmp(buf, "delete", buffsize) == 0) {`
`1486`	`1487`	`return SQLITE_DELETE;`
`1487`	`1488`	`}`
`1488`		`- if (strcmp(buf, "drop_index") == 0) {`
	`1489`	`+ if (strncmp(buf, "drop_index", buffsize) == 0) {`
`1489`	`1490`	`return SQLITE_DROP_INDEX;`
`1490`	`1491`	`}`
`1491`		`- if (strcmp(buf, "drop_table") == 0) {`
	`1492`	`+ if (strncmp(buf, "drop_table", buffsize) == 0) {`
`1492`	`1493`	`return SQLITE_DROP_TABLE;`
`1493`	`1494`	`}`
`1494`		`- if (strcmp(buf, "drop_temp_index") == 0) {`
	`1495`	`+ if (strncmp(buf, "drop_temp_index", buffsize) == 0) {`
`1495`	`1496`	`return SQLITE_DROP_TEMP_INDEX;`
`1496`	`1497`	`}`
`1497`		`- if (strcmp(buf, "drop_temp_table") == 0) {`
	`1498`	`+ if (strncmp(buf, "drop_temp_table", buffsize) == 0) {`
`1498`	`1499`	`return SQLITE_DROP_TEMP_TABLE;`
`1499`	`1500`	`}`
`1500`		`- if (strcmp(buf, "drop_temp_trigger") == 0) {`
	`1501`	`+ if (strncmp(buf, "drop_temp_trigger", buffsize) == 0) {`
`1501`	`1502`	`return SQLITE_DROP_TEMP_TRIGGER;`
`1502`	`1503`	`}`
`1503`		`- if (strcmp(buf, "drop_temp_view") == 0) {`
	`1504`	`+ if (strncmp(buf, "drop_temp_view", buffsize) == 0) {`
`1504`	`1505`	`return SQLITE_DROP_TEMP_VIEW;`
`1505`	`1506`	`}`
`1506`		`- if (strcmp(buf, "drop_trigger") == 0) {`
	`1507`	`+ if (strncmp(buf, "drop_trigger", buffsize) == 0) {`
`1507`	`1508`	`return SQLITE_DROP_TRIGGER;`
`1508`	`1509`	`}`
`1509`		`- if (strcmp(buf, "drop_view") == 0) {`
	`1510`	`+ if (strncmp(buf, "drop_view", buffsize) == 0) {`
`1510`	`1511`	`return SQLITE_DROP_VIEW;`
`1511`	`1512`	`}`
`1512`		`- if (strcmp(buf, "insert") == 0) {`
	`1513`	`+ if (strncmp(buf, "insert", buffsize) == 0) {`
`1513`	`1514`	`return SQLITE_INSERT;`
`1514`	`1515`	`}`
`1515`		`- if (strcmp(buf, "pragma") == 0) {`
	`1516`	`+ if (strncmp(buf, "pragma", buffsize) == 0) {`
`1516`	`1517`	`return SQLITE_PRAGMA;`
`1517`	`1518`	`}`
`1518`		`- if (strcmp(buf, "read") == 0) {`
	`1519`	`+ if (strncmp(buf, "read", buffsize) == 0) {`
`1519`	`1520`	`return SQLITE_READ;`
`1520`	`1521`	`}`
`1521`		`- if (strcmp(buf, "select") == 0) {`
	`1522`	`+ if (strncmp(buf, "select", buffsize) == 0) {`
`1522`	`1523`	`return SQLITE_SELECT;`
`1523`	`1524`	`}`
`1524`		`- if (strcmp(buf, "transaction") == 0) {`
	`1525`	`+ if (strncmp(buf, "transaction", buffsize) == 0) {`
`1525`	`1526`	`return SQLITE_TRANSACTION;`
`1526`	`1527`	`}`
`1527`		`- if (strcmp(buf, "update") == 0) {`
	`1528`	`+ if (strncmp(buf, "update", buffsize) == 0) {`
`1528`	`1529`	`return SQLITE_UPDATE;`
`1529`	`1530`	`}`
`1530`		`- if (strcmp(buf, "attach") == 0) {`
	`1531`	`+ if (strncmp(buf, "attach", buffsize) == 0) {`
`1531`	`1532`	`return SQLITE_ATTACH;`
`1532`	`1533`	`}`
`1533`		`- if (strcmp(buf, "detach") == 0) {`
	`1534`	`+ if (strncmp(buf, "detach", buffsize) == 0) {`
`1534`	`1535`	`return SQLITE_DETACH;`
`1535`	`1536`	`}`
`1536`		`- if (strcmp(buf, "alter_table") == 0) {`
	`1537`	`+ if (strncmp(buf, "alter_table", buffsize) == 0) {`
`1537`	`1538`	`return SQLITE_ALTER_TABLE;`
`1538`	`1539`	`}`
`1539`		`- if (strcmp(buf, "reindex") == 0) {`
	`1540`	`+ if (strncmp(buf, "reindex", buffsize) == 0) {`
`1540`	`1541`	`return SQLITE_REINDEX;`
`1541`	`1542`	`}`
`1542`		`- if (strcmp(buf, "analyze") == 0) {`
	`1543`	`+ if (strncmp(buf, "analyze", buffsize) == 0) {`
`1543`	`1544`	`return SQLITE_ANALYZE;`
`1544`	`1545`	`}`
`1545`		`- if (strcmp(buf, "create_vtable") == 0) {`
	`1546`	`+ if (strncmp(buf, "create_vtable", buffsize) == 0) {`
`1546`	`1547`	`return SQLITE_CREATE_VTABLE;`
`1547`	`1548`	`}`
`1548`		`- if (strcmp(buf, "drop_vtable") == 0) {`
	`1549`	`+ if (strncmp(buf, "drop_vtable", buffsize) == 0) {`
`1549`	`1550`	`return SQLITE_DROP_VTABLE;`
`1550`	`1551`	`}`
`1551`		`- if (strcmp(buf, "function") == 0) {`
	`1552`	`+ if (strncmp(buf, "function", buffsize) == 0) {`
`1552`	`1553`	`return SQLITE_FUNCTION;`
`1553`	`1554`	`}`
`1554`		`- if (strcmp(buf, "savepoint") == 0) {`
	`1555`	`+ if (strncmp(buf, "savepoint", buffsize) == 0) {`
`1555`	`1556`	`return SQLITE_SAVEPOINT;`
`1556`	`1557`	`}`
`1557`		`- if (strcmp(buf, "recursive") == 0) {`
	`1558`	`+ if (strncmp(buf, "recursive", buffsize) == 0) {`
`1558`	`1559`	`return SQLITE_RECURSIVE;`
`1559`	`1560`	`}`
`1560`	`1561`
`@@ -1603,7 +1604,8 @@ exqlite_set_authorizer(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])`
`1603`	`1604`	`// Validate all atoms before mutating state — a bad atom in the list`
`1604`	`1605`	`// should not clear an existing authorizer as a side effect.`
`1605`	`1606`	`int new_deny[AUTHORIZER_DENY_SIZE] = {0};`
`1606`		`- ERL_NIF_TERM head, tail = argv[1];`
	`1607`	`+ ERL_NIF_TERM head;`
	`1608`	`+ ERL_NIF_TERM tail = argv[1];`
`1607`	`1609`	`while (enif_get_list_cell(env, tail, &head, &tail)) {`
`1608`	`1610`	`unsigned int code = action_code_from_atom(env, head);`
`1609`	`1611`	`if (code == 0) {`