Minor changes to help ensure the pointer returned by sqlite3VdbeGetOp() is

not used after it becomes invalid.

FossilOrigin-Name: 346bdd49fb93aa58e8bd14250974d8c0c32cc7e8317c8b12da1fa44db10d8a3a

diff --git a/manifest b/manifest
index 5311e40b16e72baba0ac08559c87d65976ef6ab7..864b489bde9ab9e37fed63452dbb4af1c334f91d 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Overnight,\sOSSFuzz\shelpfully\spointed\sout\sa\spotential\suse-after-free\sbug\sin\nyesterdays\schanges,\sinvolving\scontinued\suse\sof\sa\spointer\safter\sthe\smemory\npointed\sto\shad\sbeen\srealloc()-ed.\s\sThanks\sGoogle.
-D 2019-10-26T12:27:55.016
+C Minor\schanges\sto\shelp\sensure\sthe\spointer\sreturned\sby\ssqlite3VdbeGetOp()\sis\nnot\sused\safter\sit\sbecomes\sinvalid.
+D 2019-10-26T15:40:17.027
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -526,7 +526,7 @@ F src/printf.c 9be6945837c839ba57837b4bc3af349eba630920fa5532aa518816defe42a7d4
 F src/random.c 80f5d666f23feb3e6665a6ce04c7197212a88384
 F src/resolve.c e021be0c1c4a2125fa38aabcd8dbb764bf5b2c889a948c30d3708430ec6ccd00
 F src/rowset.c d977b011993aaea002cab3e0bb2ce50cf346000dff94e944d547b989f4b1fe93
-F src/select.c 9c81d168b5a7ddc2277a6f6d3daec9ddd0ff5cebf12628d7e342f3c337231e7e
+F src/select.c 3395765ea3749341deb4c25e8339c3d626a8ac641a52c216e9632e48e620ba68
 F src/shell.c.in 3093bdf5eedd91da08f0268f1442aa510a60798c9441868149ddbecdf8bcaa79
 F src/sqlite.h.in 5725a6b20190a1e8d662077a1c1c8ea889ad7be90dd803f914c2de226f5fe6ab
 F src/sqlite3.rc 5121c9e10c3964d5755191c80dd1180c122fc3a8
@@ -1848,7 +1848,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 41cc8e3dab998f7efc898d18837ca7fdac94ea3f89954990c5231456bf725fee
-R 85a03747b28d7a0450d46a9d4dc21bf2
+P c422afb507dc875751e6a72e4ba5f4f0793097c0de4533c1600311f689e76ed7
+R db228a05e58b529536c1de42c6c5fd0e
 U drh
-Z 237c760989c5c2d15ac113cc385665f5
+Z a43bb1565ee5620721b3d2ce725b0a46

diff --git a/manifest.uuid b/manifest.uuid
index 58e1f76c6e9370696ea5c960bd761a13842012c1..01a1a9aea633a7d14b22e96c2e1952b6e1df2cbd 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-c422afb507dc875751e6a72e4ba5f4f0793097c0de4533c1600311f689e76ed7
\ No newline at end of file
+346bdd49fb93aa58e8bd14250974d8c0c32cc7e8317c8b12da1fa44db10d8a3a
\ No newline at end of file

diff --git a/src/select.c b/src/select.c
index abb381a16a4528cc9bf5a84ead22be1bf36aa5c8..b21effc0a048bc1c8260a150f4380fab23824a74 100644 (file)
--- a/src/select.c
+++ b/src/select.c
@@ -669,6 +669,7 @@ static void pushOntoSorter(
     testcase( pKI->nAllField > pKI->nKeyField+2 );
     pOp->p4.pKeyInfo = sqlite3KeyInfoFromExprList(pParse,pSort->pOrderBy,nOBSat,
                                            pKI->nAllField-pKI->nKeyField-1);
+    pOp = 0; /* Ensure pOp not used after sqltie3VdbeAddOp3() */
     addrJmp = sqlite3VdbeCurrentAddr(v);
     sqlite3VdbeAddOp3(v, OP_Jump, addrJmp+1, 0, addrJmp+1); VdbeCoverage(v);
     pSort->labelBkOut = sqlite3VdbeMakeLabel(pParse);
@@ -1031,6 +1032,7 @@ static void selectInnerLoop(
         pOp->opcode = OP_Null;
         pOp->p1 = 1;
         pOp->p2 = regPrev;
+        pOp = 0;  /* Ensure pOp is not used after sqlite3VdbeAddOp() */
 
         iJump = sqlite3VdbeCurrentAddr(v) + nResultCol;
         for(i=0; i<nResultCol; i++){