Fix an issue (discovered by OSSFuzz) in the enhanced OP_Concat operator

from check-in [713caa382cf7dd] earlier today.

FossilOrigin-Name: 3e897702f8f789fe5119b9042fb93eca3fbfcc44564fbfa66c65628725b1157d

diff --git a/manifest b/manifest
index 6979d5436ccdc0893f825f7bd07a4acea08b0060..6e3dac55c2801d114300ec838b67fb23f0aef8bb 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Add\sa\stest\scase\sfor\sticket\s[ae0f637bddc5290b44669e066a].
-D 2019-05-01T19:01:27.714
+C Fix\san\sissue\s(discovered\sby\sOSSFuzz)\sin\sthe\senhanced\sOP_Concat\soperator\nfrom\scheck-in\s[713caa382cf7dd]\searlier\stoday.
+D 2019-05-02T00:52:50.915
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -591,7 +591,7 @@ F src/upsert.c 0dd81b40206841814d46942a7337786932475f085716042d0cb2fc7791bf8ca4
 F src/utf.c 2f0fac345c7660d5c5bd3df9e9d8d33d4c27f366bcfb09e07443064d751a0507
 F src/util.c 5061987401c2e8003177fa30d73196aa036727c8f04bf36a2df0c82b1904a236
 F src/vacuum.c 82dcec9e7b1afa980288718ad11bc499651c722d7b9f32933c4d694d91cb6ebf
-F src/vdbe.c c15d6a105c41db6a166b0aa9650829bdc0d92918a8926a92332ea1feb27c33ba
+F src/vdbe.c 36993059b87e7c2adf671aaa4ef5e0f826b6f4d95be15b019aee14308f0047b5
 F src/vdbe.h 712bca562eaed1c25506b9faf9680bdc75fc42e2f4a1cd518d883fa79c7a4237
 F src/vdbeInt.h 0e2c44958fb42d90a4eacb122d77e2d5b89b82f5e2b4b047b422962dc0346357
 F src/vdbeapi.c 2ddd60f4a351f15ee98d841e346af16111ad59dfa4d25d2dd4012e9875bf7d92
@@ -1822,7 +1822,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 5997d075665faca6b70fa647e877ebc84c473b32887b96235865d59ce80247f8
-R c6735d94da423c75a5fbf44f945ad851
+P ece481695fc3c959c3eba0fb485cdda43a10b06d17259b0121e15bfc5e8e8b9f
+R e11be1adfb0c3f0eaf3587a8d84226ea
 U drh
-Z bc6fd770927f38308301380ce5d36731
+Z 373f392215a854f1484c07e1e5f7b6f0

diff --git a/manifest.uuid b/manifest.uuid
index a535d6515f62e7ef626271975e3bfbbea8042aa5..27e888c142429031623cd421fe37ed14ce4cd010 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-ece481695fc3c959c3eba0fb485cdda43a10b06d17259b0121e15bfc5e8e8b9f
\ No newline at end of file
+3e897702f8f789fe5119b9042fb93eca3fbfcc44564fbfa66c65628725b1157d
\ No newline at end of file

diff --git a/src/vdbe.c b/src/vdbe.c
index 7fa7bc2a71537905b17731f78b29f38781659448..9bc5e4ee5683a09dd7a4175cc1d0f3136863dd0a 100644 (file)
--- a/src/vdbe.c
+++ b/src/vdbe.c
@@ -1476,14 +1476,18 @@ case OP_Concat: {           /* same as TK_CONCAT, in1, in2, out3 */
   }
   if( (flags1 & (MEM_Str|MEM_Blob))==0 ){
     if( sqlite3VdbeMemStringify(pIn1,encoding,0) ) goto no_mem;
+    flags1 = pIn1->flags & ~MEM_Str;
   }else if( (flags1 & MEM_Zero)!=0 ){
     if( sqlite3VdbeMemExpandBlob(pIn1) ) goto no_mem;
+    flags1 = pIn1->flags & ~MEM_Str;
   }
   flags2 = pIn2->flags;
   if( (flags2 & (MEM_Str|MEM_Blob))==0 ){
     if( sqlite3VdbeMemStringify(pIn2,encoding,0) ) goto no_mem;
+    flags2 = pIn2->flags & ~MEM_Str;
   }else if( (flags2 & MEM_Zero)!=0 ){
     if( sqlite3VdbeMemExpandBlob(pIn2) ) goto no_mem;
+    flags2 = pIn2->flags & ~MEM_Str;
   }
   nByte = pIn1->n + pIn2->n;
   if( nByte>db->aLimit[SQLITE_LIMIT_LENGTH] ){