Fix a corner case in the opcode-array reuse logic where the number of bytes of

reusable space might be computed to be a negative number, due to unusual
system alignment restrictions and rounding error.

FossilOrigin-Name: 1aa530144643582658c8c1dd66548662f950efe3

diff --git a/manifest b/manifest
index 16288528007bb08bb7cb48904662a96a7b1aaac1..ac0852705ff13f696df2569808d45d33a35418a5 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Fix\sthe\sconflict2.test\smodule\swhich\swas\sbroken\sby\scheck-in\s[e30062e9f6c].
-D 2016-01-04T13:06:53.893
+C Fix\sa\scorner\scase\sin\sthe\sopcode-array\sreuse\slogic\swhere\sthe\snumber\sof\sbytes\sof\nreusable\sspace\smight\sbe\scomputed\sto\sbe\sa\snegative\snumber,\sdue\sto\sunusual\nsystem\salignment\srestrictions\sand\srounding\serror.
+D 2016-01-04T23:43:47.141
 F Makefile.in 28bcd6149e050dff35d4dcfd97e890cd387a499d
 F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434
 F Makefile.msc 5fff077fcc46de7714ed6eebb6159a4c00eab751
@@ -402,7 +402,7 @@ F src/vdbe.c 6ac8e5d808d48afc369316e147c191102f0584c1
 F src/vdbe.h efb7a8c1459e31f3ea4377824c6a7e4cb5068637
 F src/vdbeInt.h 75c2e82ee3357e9210c06474f8d9bdf12c81105d
 F src/vdbeapi.c 020681b943e77766b32ae1cddf86d7831b7374ca
-F src/vdbeaux.c 66b546a1da82dfa6e67985ae0442ba5fd9efe0ff
+F src/vdbeaux.c 141ee231ad190240d0d1ee133c9ea28eecd55824
 F src/vdbeblob.c fdc4a81605ae7a35ae94a55bd768b66d6be16f15
 F src/vdbemem.c fdd1578e47bea61390d472de53c565781d81e045
 F src/vdbesort.c a7ec02da4494c59dfd071126dd3726be5a11459d
@@ -1406,7 +1406,7 @@ F tool/vdbe_profile.tcl 246d0da094856d72d2c12efec03250d71639d19f
 F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
 F tool/warnings.sh 48bd54594752d5be3337f12c72f28d2080cb630b
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
-P 7adb789f45698e5569b840d23f3f9488db3ed109
-R 16019d64036d1aa36ba8b50ba392c4e8
+P b779ca8a7580e2a0bb1176316c4540867b635229
+R 3b3e1e83b8e4867e299c87ba108024a8
 U drh
-Z 8bde812e449e210a56672af13ac69445
+Z b5772777614dc8e4c77919f902a0659c

diff --git a/manifest.uuid b/manifest.uuid
index fa6d00eef8b5c587c9fbeaaf62ccfd041f217e0b..bc138403e1e818b84c823b7cee589b282d365aeb 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-b779ca8a7580e2a0bb1176316c4540867b635229
\ No newline at end of file
+1aa530144643582658c8c1dd66548662f950efe3
\ No newline at end of file

diff --git a/src/vdbeaux.c b/src/vdbeaux.c
index 7d547e5830a7f61ec33ca57b0daa6a118109581c..de7f482126aea6b213a96fa4b3393fda87dedb67 100644 (file)
--- a/src/vdbeaux.c
+++ b/src/vdbeaux.c
@@ -1848,18 +1848,21 @@ void sqlite3VdbeMakeReady(
   */
   nMem += nCursor;
 
-  /* Allocate space for memory registers, SQL variables, VDBE cursors and 
-  ** an array to marshal SQL function arguments in.
+  /* zCsr will initially point to nFree bytes of unused space at the
+  ** end of the opcode array, p->aOp.  The computation of nFree is
+  ** conservative - it might be smaller than the true number of free
+  ** bytes, but never larger.  nFree might be negative.  But the allocation
+  ** loop will still function correctly.
   */
   zCsr = ((u8*)p->aOp) + ROUND8(sizeof(Op)*p->nOp);      /* Available space */
   nFree = pParse->szOpAlloc - ROUND8(sizeof(Op)*p->nOp); /* Size of zCsr */
+  if( nFree>0 ) memset(zCsr, 0, nFree);
 
   resolveP2Values(p, &nArg);
   p->usesStmtJournal = (u8)(pParse->isMultiWrite && pParse->mayAbort);
   if( pParse->explain && nMem<10 ){
     nMem = 10;
   }
-  memset(zCsr, 0, nFree);
   assert( EIGHT_BYTE_ALIGNMENT(&zCsr[nFree]) );
   p->expired = 0;