From 524fce5a19ad17ebb51e5fe15d3160a30ae70df4 Mon Sep 17 00:00:00 2001
From: gwenn <gtreguier@gmail.com>
Date: Sat, 7 Dec 2024 11:10:47 +0100
Subject: [PATCH 1/2] Check if specified `arg` is out-of-range for auxiliary
 data

But do not check lower-bound because of undocumented behavior.
---
 src/functions.rs | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/src/functions.rs b/src/functions.rs
index 4e0469d..ba34178 100644
--- a/src/functions.rs
+++ b/src/functions.rs
@@ -176,6 +176,11 @@ impl Context<'_> {
     ///
     /// See `https://www.sqlite.org/c3ref/get_auxdata.html` for a discussion of
     /// this feature, or the unit tests of this module for an example.
+    ///
+    /// # Failure
+    ///
+    /// Will panic if `arg` is greater than or equal to
+    /// [`self.len()`](Context::len).
     pub fn get_or_create_aux<T, E, F>(&self, arg: c_int, func: F) -> Result<Arc<T>>
     where
         T: Send + Sync + 'static,
@@ -196,7 +201,13 @@ impl Context<'_> {
     /// Sets the auxiliary data associated with a particular parameter. See
     /// `https://www.sqlite.org/c3ref/get_auxdata.html` for a discussion of
     /// this feature, or the unit tests of this module for an example.
+    ///
+    /// # Failure
+    ///
+    /// Will panic if `arg` is greater than or equal to
+    /// [`self.len()`](Context::len).
     pub fn set_aux<T: Send + Sync + 'static>(&self, arg: c_int, value: T) -> Result<Arc<T>> {
+        assert!(idx < self.len());
         let orig: Arc<T> = Arc::new(value);
         let inner: AuxInner = orig.clone();
         let outer = Box::new(inner);
@@ -216,7 +227,13 @@ impl Context<'_> {
     /// [`set_aux`](Context::set_aux). Returns `Ok(None)` if no data has been
     /// associated, and Ok(Some(v)) if it has. Returns an error if the
     /// requested type does not match.
+    ///
+    /// # Failure
+    ///
+    /// Will panic if `arg` is greater than or equal to
+    /// [`self.len()`](Context::len).
     pub fn get_aux<T: Send + Sync + 'static>(&self, arg: c_int) -> Result<Option<Arc<T>>> {
+        assert!(idx < self.len());
         let p = unsafe { ffi::sqlite3_get_auxdata(self.ctx, arg) as *const AuxInner };
         if p.is_null() {
             Ok(None)

From 62a8ec5371556428f4b9175697a38746c51819a9 Mon Sep 17 00:00:00 2001
From: gwenn <gtreguier@gmail.com>
Date: Sat, 7 Dec 2024 11:29:07 +0100
Subject: [PATCH 2/2] Oops

---
 src/functions.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/functions.rs b/src/functions.rs
index ba34178..5dfdef5 100644
--- a/src/functions.rs
+++ b/src/functions.rs
@@ -207,7 +207,7 @@ impl Context<'_> {
     /// Will panic if `arg` is greater than or equal to
     /// [`self.len()`](Context::len).
     pub fn set_aux<T: Send + Sync + 'static>(&self, arg: c_int, value: T) -> Result<Arc<T>> {
-        assert!(idx < self.len());
+        assert!(arg < self.len() as i32);
         let orig: Arc<T> = Arc::new(value);
         let inner: AuxInner = orig.clone();
         let outer = Box::new(inner);
@@ -233,7 +233,7 @@ impl Context<'_> {
     /// Will panic if `arg` is greater than or equal to
     /// [`self.len()`](Context::len).
     pub fn get_aux<T: Send + Sync + 'static>(&self, arg: c_int) -> Result<Option<Arc<T>>> {
-        assert!(idx < self.len());
+        assert!(arg < self.len() as i32);
         let p = unsafe { ffi::sqlite3_get_auxdata(self.ctx, arg) as *const AuxInner };
         if p.is_null() {
             Ok(None)