Merge the latest trunk fixes and enhancements into the jsonb branch, and

especially the JSON cache spill UAF fix.

FossilOrigin-Name: 9422c24f4a8b290dcae61e50ec81be5b314b22c61a2bca1e194e47da1316b6e6

diff --cc manifest
index 1df3b331aae5533c5a3e5bc29a6d5fca01c13e9a,b8dc175a7990753cb60ad37023254d99132efeea..d523129a6f040264698dd85059d560215d9fc86e
--- 1/manifest
--- 2/manifest
+++ b/manifest
@@@ -1,5 -1,5 +1,5 @@@
- C Remove\ssome\sunnecessary\scode.\s\sReport\serrors\sfor\sinvalid\sJSONB\sinput\son\nan\sextract.
- D 2023-10-07T23:35:07.967
 -C Fix\sa\spotential\sUAF\scaused\sby\sJSON\sparser\scache\sspill.\n[forum:/forumpost/b25edc1d46|Forum\spost\sb25edc1d46].
 -D 2023-10-09T12:46:53.137
++C Merge\sthe\slatest\strunk\sfixes\sand\senhancements\sinto\sthe\sjsonb\sbranch,\sand\nespecially\sthe\sJSON\scache\sspill\sUAF\sfix.
++D 2023-10-09T12:57:03.290
  F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
  F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
  F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@@ -235,41 -235,43 +235,43 @@@ F ext/fts5/tool/showfts5.tcl d54da0e067
  F ext/icu/README.txt 7ab7ced8ae78e3a645b57e78570ff589d4c672b71370f5aa9e1cd7024f400fc9
  F ext/icu/icu.c c074519b46baa484bb5396c7e01e051034da8884bad1a1cb7f09bbe6be3f0282
  F ext/icu/sqliteicu.h fa373836ed5a1ee7478bdf8a1650689294e41d0c89c1daab26e9ae78a32075a8
- F ext/jni/GNUmakefile 7278812b41ced95fe67a9e5823aee027d641fd26fdfabe66c62b102a3a4e0631
- F ext/jni/README.md 9fceaeb17cecdc5d699dfc83c0cbc3a03fdb3b86bf676381894166c73375ee75
+ F ext/jni/GNUmakefile 8c44e22bad18ecc266dd8c521f215e95dc3741d9e337c51b175029abaedcfb35
+ F ext/jni/README.md ef9ac115e97704ea995d743b4a8334e23c659e5534c3b64065a5405256d5f2f4
  F ext/jni/jar-dist.make 030aaa4ae71dd86e4ec5e7c1e6cd86f9dfa47c4592c070d2e35157e42498e1fa
- F ext/jni/src/c/sqlite3-jni.c 2c4948634fd7f6460b074b72328b9c885ec11333bbc98144f745e4d6203a7ac2
- F ext/jni/src/c/sqlite3-jni.h 74e3da791f748f02d0d684562126cf6bfdd2a85cbb6a5d1354b14fcd46e187bc
+ F ext/jni/src/c/sqlite3-jni.c fb8f178d27df828e3c797b4427a0a20545b44f5147ce38d09ce9b465be5a840b
+ F ext/jni/src/c/sqlite3-jni.h be1fdff7ab3a2bb357197271c8ac5d2bf6ff59380c106dde3a13be88724bad22
  F ext/jni/src/org/sqlite/jni/AbstractCollationCallback.java 95e88ba04f4aac51ffec65693e878e234088b2f21b387f4e4285c8b72b33e436
  F ext/jni/src/org/sqlite/jni/AggregateFunction.java 7312486bc65fecdb91753c0a4515799194e031f45edbe16a6373cea18f404dc4
- F ext/jni/src/org/sqlite/jni/AuthorizerCallback.java e6135be32f12bf140bffa39be7fd1a45ad83b2661ed49c08dbde04c8485feb38
- F ext/jni/src/org/sqlite/jni/AutoExtensionCallback.java 5e4a75611c026730289d776469d6122cb2699d6970af5f53fe85e74d49930476
- F ext/jni/src/org/sqlite/jni/BusyHandlerCallback.java d316373b12b3bf1a421f1f7eed08128fa8dd52bb98617ba28c161aaabd71d1ee
+ F ext/jni/src/org/sqlite/jni/AuthorizerCallback.java fde5f758ad170ca45ae00b12194c8ba8d8f3090bd64cc3e002dd9c5e7dff8568
+ F ext/jni/src/org/sqlite/jni/AutoExtensionCallback.java c0fbfd3779fc92982c7935325a7484dee43eeb80d716989ed31218f453addb94
+ F ext/jni/src/org/sqlite/jni/BusyHandlerCallback.java 4cb7fc70efd55583fed6033c34a8719da42975ca97ef4781dda0b9f6cc8ec2e8
 -F ext/jni/src/org/sqlite/jni/CApi.java c1dde485a3a3f43c46c8d9c527f9ba5bf303fe0409b2c0de253fb7b6e1055f7e
++F ext/jni/src/org/sqlite/jni/CApi.java c1dde485a3a3f43c46c8d9c527f9ba5bf303fe0409b2c0de253fb7b6e1055f7e w ext/jni/src/org/sqlite/jni/SQLite3Jni.java
  F ext/jni/src/org/sqlite/jni/CallbackProxy.java 064a8a00e4c63cc501c30504f93ca996d422c5f010067f969b2d0a10f0868153
- F ext/jni/src/org/sqlite/jni/CollationCallback.java df327348e1a34ee65210208d694d690e5ee0bfe901410122e07caf6c98b2b7c8
- F ext/jni/src/org/sqlite/jni/CollationNeededCallback.java 07df5fa161a0b81154295258037f662e7c372735c2899c76e81cb3abd9fd3b39
- F ext/jni/src/org/sqlite/jni/CommitHookCallback.java 77cf8bb4f5548113e9792978f3f8a454614f420fa0ad73939421cbff4e7776f2
- F ext/jni/src/org/sqlite/jni/ConfigLogCallback.java 636ed6b89ed03f15bc2a6f6f47bf7853b8328e5a8269e52e80630708efa703a6
- F ext/jni/src/org/sqlite/jni/ConfigSqllogCallback.java e3656909eab7ed0f7e457c5b82df160ca22dd5e954c0a306ec1fca61b0d266b4
+ F ext/jni/src/org/sqlite/jni/CollationCallback.java 8cf57cb014a645ecc12609eed17308852a597bc5e83d82a4fdb90f7fadc25f9d
+ F ext/jni/src/org/sqlite/jni/CollationNeededCallback.java 0c62245e000d5db52576c728cac20f6a31f31f5cf40ca4cbcd64b22964e82ae5
+ F ext/jni/src/org/sqlite/jni/CommitHookCallback.java d15bd87ca6159a48b281966cf7a6e67dd17e2fabf974a797c9e3a66a74f361e8
+ F ext/jni/src/org/sqlite/jni/ConfigLogCallback.java 16bb391d8d4ae89cc43baa3cfa0c80c988003627b7ea872deb41156a76f7e867
+ F ext/jni/src/org/sqlite/jni/ConfigSqllogCallback.java 6d6b64638123acb70ffefcd5d2345b1bea3d3b528727d1684cc20cc2357f03a0
  F ext/jni/src/org/sqlite/jni/NativePointerHolder.java 3eb36b5e81993a847f5ec03d23ab219a92671f817547b6a85d312667faeedd8b
  F ext/jni/src/org/sqlite/jni/OutputPointer.java 2f57c05672ddc9b38e3f8eed11759896cf0bf01107ffd24d5182b99f6e7254b6
- F ext/jni/src/org/sqlite/jni/PrepareMultiCallback.java 878ed9cc8000def1a4e6d7113d52bba6fce0aa6733b4eb216d68dfbe096776ac
- F ext/jni/src/org/sqlite/jni/PreupdateHookCallback.java eccaed8dc9c6289f07ef3fc109891c6be1e7cc6c88723d90174b68706fc21cda
- F ext/jni/src/org/sqlite/jni/ProgressHandlerCallback.java 7b9ff2218129ece98ba60c57eeedcd8447e9e3b6e5d0f5e5d3eb0f0c5037d48d
- F ext/jni/src/org/sqlite/jni/ResultCode.java ba701f20213a5f259e94cfbfdd36eb7ac7ce7797f2c6c7fca2004ff12ce20f86
- F ext/jni/src/org/sqlite/jni/RollbackHookCallback.java d12352c0e22840de484ffa9b11ed5058bb0daca2e9f218055d3c54c947a273c4
+ F ext/jni/src/org/sqlite/jni/PrepareMultiCallback.java 6f051951fecab41f2e842b1ac1d3c498706de9387c86f62564e2afbe03d026cb
+ F ext/jni/src/org/sqlite/jni/PreupdateHookCallback.java 242dc2afea13c45b4809d41b6a919e0a4003508713ceffe5f6545270138c6a7b
+ F ext/jni/src/org/sqlite/jni/ProgressHandlerCallback.java 247a47f49a1dd54fda28201c27796d2600a5c904f47fa21697a5377d49febe56
+ F ext/jni/src/org/sqlite/jni/ResultCode.java dc7400b8b18df10027525d8d0f04300b2c6afc617d4d980923f8b5bb14412f3a
+ F ext/jni/src/org/sqlite/jni/RollbackHookCallback.java ec6cd96bff5d3bc5af079cbf1469ae7fb34c50583a23581a58d6b2f8b55bafd3
  F ext/jni/src/org/sqlite/jni/SQLFunction.java 544a875d33fd160467d82e2397ac33157b29971d715a821a4fad3c899113ee8c
- F ext/jni/src/org/sqlite/jni/SQLTester.java da42be06a2d644e0b915b40508934c1f32391e5308ab8767c1e2e65a281a198f
- F ext/jni/src/org/sqlite/jni/SQLite3Jni.java 9860c1cebd8a38041306f2ee7563f2898fcbdf77e4bfa393fba25b4924edcb5d
+ F ext/jni/src/org/sqlite/jni/SQLTester.java d246c67f93e2fa2603bd106dbb3246ea725c987dffd6e5d42214ae262f750c68
  F ext/jni/src/org/sqlite/jni/ScalarFunction.java 6d387bb499fbe3bc13c53315335233dbf6a0c711e8fa7c521683219b041c614c
+ F ext/jni/src/org/sqlite/jni/Sqlite.java 44b23a929e5d625b35c83fd49a80ada944bdd8b2bdece3ca7d400b33a2652fbd
+ F ext/jni/src/org/sqlite/jni/SqliteException.java f5d17a10202c0983fb074f66a0b48cf1e573b1da2eaeda679825e3edc1829706
  F ext/jni/src/org/sqlite/jni/TableColumnMetadata.java 54511b4297fa28dcb3f49b24035e34ced10e3fd44fd0e458e784f4d6b0096dab
- F ext/jni/src/org/sqlite/jni/Tester1.java ced62ed417c3326f93d2e90b3bb64ac2db58ac42a7ad7a5965b24545434e3200
- F ext/jni/src/org/sqlite/jni/TesterFts5.java 854c737bb5c9463ee92a8ee230013e924236dd4b74d4688dd62c17f38d5837db
- F ext/jni/src/org/sqlite/jni/TraceV2Callback.java beb0b064c1a5f8bfe585a324ed39a4e33edbe379a3fc60f1401661620d3ca7c0
- F ext/jni/src/org/sqlite/jni/UpdateHookCallback.java 8376f4a931f2d5612b295c003c9515ba933ee76d8f95610e89c339727376e36c
+ F ext/jni/src/org/sqlite/jni/Tester1.java f7b85fe24cf6c3e43bdf7e390617657e8137359f804d76921829c2a8c41b6df1
+ F ext/jni/src/org/sqlite/jni/Tester2.java 75aa079e2baf8f73d95299da092e611656be0f6e12fe2fa051fdd984657857e2
+ F ext/jni/src/org/sqlite/jni/TesterFts5.java d60fe9944a81156b3b5325dd1b0e8e92a1547468f39fd1266d06f7bb6a95fa70
+ F ext/jni/src/org/sqlite/jni/TraceV2Callback.java f157edd9c72e7d2243c169061487cd7bb51a0d50f3ac976dbcbbacf748ab1fc2
+ F ext/jni/src/org/sqlite/jni/UpdateHookCallback.java 959d4677a857c9079c6e96ddd10918b946d68359af6252b6f284379069ea3d27
  F ext/jni/src/org/sqlite/jni/WindowFunction.java 488980f4dbb6bdd7067d6cb9c43e4075475e51c54d9b74a5834422654b126246
  F ext/jni/src/org/sqlite/jni/XDestroyCallback.java 50c5ca124ef6c6b735a7e136e7a23a557be367e61b56d4aab5777a614ab46cc2
- F ext/jni/src/org/sqlite/jni/annotation/Canonical.java 44ea75a3c6c39513be9052eaa845b258a953f6af59e61002d715363fa52a7175
  F ext/jni/src/org/sqlite/jni/annotation/NotNull.java a99341e88154e70447596b1af6a27c586317df41a7e0f246fd41370cd7b723b2
  F ext/jni/src/org/sqlite/jni/annotation/Nullable.java 0b1879852707f752512d4db9d7edd0d8db2f0c2612316ce1c832715e012ff6ba
  F ext/jni/src/org/sqlite/jni/annotation/package-info.java 977b374aed9d5853cbf3438ba3b0940abfa2ea4574f702a2448ee143b98ac3ca
@@@ -670,7 -674,7 +674,7 @@@ F src/hash.h 3340ab6e1d13e725571d7cee6d
  F src/hwtime.h f9c2dfb84dce7acf95ce6d289e46f5f9d3d1afd328e53da8f8e9008e3b3caae6
  F src/in-operator.md 10cd8f4bcd225a32518407c2fb2484089112fd71
  F src/insert.c 3f0a94082d978bbdd33c38fefea15346c6c6bffb70bc645a71dc0f1f87dd3276
- F src/json.c e97d03f1c19e403bfe0f0a1deaf50b3e3d657bb8addd5dfe7f9dcf72bcfa3109
 -F src/json.c 82b9cef53ebc00069d516a06be4aa971e2e70caffe3417bd6001bf00177bb1bf
++F src/json.c 8717fe7a6461f24ba7b92ccd323c8e2417f44f2a959704c5a05a7aac1ca0df12
  F src/legacy.c d7874bc885906868cd51e6c2156698f2754f02d9eee1bae2d687323c3ca8e5aa
  F src/loadext.c 98cfba10989b3da6f1807ad42444017742db7f100a54f1032af7a8b1295912c0
  F src/main.c 618aeb399e993cf561864f4b0cf6a331ee4f355cf663635f8d9da3193a46aa40
@@@ -1300,11 -1304,10 +1304,11 @@@ F test/jrnlmode2.test 8759a1d4657c06463
  F test/jrnlmode3.test 556b447a05be0e0963f4311e95ab1632b11c9eaa
  F test/json/README.md 63e3e589e1df8fd3cc1588ba1faaff659214003f8b77a15af5c6452b35e30ee2
  F test/json/json-generator.tcl dc0dd0f393800c98658fc4c47eaa6af29d4e17527380cd28656fb261bddc8a3f
 +F test/json/json-q1-b.txt 606818a5fba6d9e418c9f4ea7d8418af026775042dad81439b72447a147a462c
  F test/json/json-q1.txt 65f9d1cdcc4cffa9823fb73ed936aae5658700cd001fde448f68bfb91c807307
 -F test/json/json-speed-check.sh 8b7babf530faa58bd59d6d362cec8e9036a68c5457ff46f3b1f1511d21af6737 x
 -F test/json101.test 4d78048b185ffb9ae37645fa6934d48fc182473ae0bae088a1e2f7ba483c3a71
 -F test/json102.test 4c69694773a470f1fda34e5f4ba24920b35184fb66050b450fc2ef9ab5ad310b
 +F test/json/json-speed-check.sh b060a9a6c696c0a807d8929400fa11bd7113edc58b0d66b9795f424f8d0db326 x
- F test/json101.test e8ccd09f965c594f38ef486ddf7913f0fcac97be20a785a41c3d7cd4289e82de
++F test/json101.test abb5a0cfde077a6f1124604e75806fbe889bc1c0acc11d32897f191e1f9c6b2c
 +F test/json102.test 557a46e16df1aa9bdbc4076a71a45814ea0e7503d6621d87d42a8c04cbc2b0ef
  F test/json103.test 53df87f83a4e5fa0c0a56eb29ff6c94055c6eb919f33316d62161a8880112dbe
  F test/json104.test 1b844a70cddcfa2e4cd81a5db0657b2e61e7f00868310f24f56a9ba0114348c1
  F test/json105.test 11670a4387f4308ae0318cadcbd6a918ea7edcd19fbafde020720a073952675d
@@@ -2124,8 -2127,8 +2128,8 @@@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a9
  F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
  F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
  F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
- P 7b52b266b066f1385144c1103a3a411306db5f44568366ae1e93cd8cce799bbc
- R 878d86e1e87a30f2fb868ea5f585d29f
 -P 5c5397ff15543f4b3620244d9e57e15708eafcab1d42c9f87b4a60f0c01e8858
 -R ef96c768d43529a9f0e56ea07269cc45
++P cbea16c29eb0507f39b5a1cf744a3bb9bb7c71ac156e84a19d03a37cb1816891 a163fecca90cab9d1b7bf8ebac78d498775eed7b6d81e7920e3401633c3a4b60
++R 1dd322f61ae3b783d06705b01094df38
  U drh
- Z 509d9208ad89eff1e0f2ca5c213ed021
 -Z b75470c169946884c1cac663c7d92420
++Z 41e410a665a938a0454df231f95bd4b4
  # Remove this line to create a well-formed Fossil manifest.

diff --cc manifest.uuid
index db876805c8c678b52b01a47736439af8562556db,e3e070c26a5877a8d753e9217568e283672fd2eb..e2032820b2029621754540152a66898adb291b2e
--- 1/manifest.uuid
--- 2/manifest.uuid
+++ b/manifest.uuid
@@@ -1,1 -1,1 +1,1 @@@
- cbea16c29eb0507f39b5a1cf744a3bb9bb7c71ac156e84a19d03a37cb1816891
 -a163fecca90cab9d1b7bf8ebac78d498775eed7b6d81e7920e3401633c3a4b60
++9422c24f4a8b290dcae61e50ec81be5b314b22c61a2bca1e194e47da1316b6e6

diff --cc src/json.c
index 139ffb459857066551bb98c01621baf7fef70ab5,b28ba7ecdc4ba24833ba7fe3d9d9a66408215ae1..d4367324d8b093a0f98e943c652bd5ab81c67743
--- 1/src/json.c
--- 2/src/json.c
+++ b/src/json.c
@@@ -4775,9 -2912,10 +4776,10 @@@ static void jsonReplaceFunc
        jsonReplaceNode(ctx, pParse, (u32)(pNode - pParse->aNode), argv[i+1]);
      }
    }
 -  jsonReturnJson(pParse, pParse->aNode, ctx, 1);
 +  jsonReturnNodeAsJson(pParse, pParse->aNode, ctx, 1);
  replace_err:
    jsonDebugPrintParse(pParse);
+   jsonParseFree(pParse);
  }
  
  
@@@ -4828,10 -2966,9 +4831,9 @@@ static void jsonSetFunc
      }
    }
    jsonDebugPrintParse(pParse);
 -  jsonReturnJson(pParse, pParse->aNode, ctx, 1);
 +  jsonReturnNodeAsJson(pParse, pParse->aNode, ctx, 1);
- 
  jsonSetDone:
-   /* no cleanup required */;
+   jsonParseFree(pParse);
  }
  
  /*

diff --cc test/json101.test
index d5ec36d8b54c0b6ac5cfb166d48da54729e079e6,45903307400aaad33b4e9723d94a93b2a9489e58..7445cc987c4ea7028405cb73ea0d81fb51b38fd7
--- 1/test/json101.test
--- 2/test/json101.test
+++ b/test/json101.test
@@@ -1098,4 -1013,31 +1098,30 @@@ do_execsql_test json101-21.27 
    SELECT json_group_object(x,y) FROM c;
  } {{{"a":1,"b":2.0,"c":null,:"three","e":"four"}}}
  
 -
+ # 2023-10-09 https://sqlite.org/forum/forumpost/b25edc1d46
+ # UAF due to JSON cache overflow
+ #
+ do_execsql_test json101-22.1 {
+   SELECT json_set(
+     '{}',
+     '$.a', json('1'),
+     '$.a', json('2'),
+     '$.b', json('3'),
+     '$.b', json('4'),
+     '$.c', json('5'),
+     '$.c', json('6')
+   );
+ } {{{"a":2,"b":4,"c":6}}}
+ do_execsql_test json101-22.2 {
+   SELECT json_replace(
+     '{"a":7,"b":8,"c":9}',
+     '$.a', json('1'),
+     '$.a', json('2'),
+     '$.b', json('3'),
+     '$.b', json('4'),
+     '$.c', json('5'),
+     '$.c', json('6')
+   );
+ } {{{"a":2,"b":4,"c":6}}}
+ 
  finish_test