Skip to content

Commit 9e094e7

Browse files
Check string input length before compiling query
1 parent 610108a commit 9e094e7

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

src/net/sqlcipher/database/SQLiteProgram.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -64,9 +64,10 @@ public abstract class SQLiteProgram extends SQLiteClosable {
6464
db.acquireReference();
6565
db.addSQLiteClosable(this);
6666
this.nHandle = db.mNativeHandle;
67+
int crudPrefixLength = 6;
6768

6869
// only cache CRUD statements
69-
String prefixSql = mSql.substring(0, 6);
70+
String prefixSql = mSql.length() >= crudPrefixLength ? mSql.substring(0, crudPrefixLength) : mSql;
7071
if (!prefixSql.equalsIgnoreCase("INSERT") && !prefixSql.equalsIgnoreCase("UPDATE") &&
7172
!prefixSql.equalsIgnoreCase("REPLAC") &&
7273
!prefixSql.equalsIgnoreCase("DELETE") && !prefixSql.equalsIgnoreCase("SELECT")) {

0 commit comments

Comments
 (0)