Avoid a crash that can occur after an obscure OOM in the built-in INSTR()

function.

FossilOrigin-Name: 8a55b8e179f3fd14ae656680ed4ebd462800e2f6

diff --git a/manifest b/manifest
index f530df5b08800f337d94ed9c532c95ed8efecbb0..7d790f57cac5598b52645307dd2d8b976677881a 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Mark\sthe\sICU\sextension\sfunctions\sas\sdeterministic.
-D 2016-11-23T20:12:37.140
+C Avoid\sa\scrash\sthat\scan\soccur\safter\san\sobscure\sOOM\sin\sthe\sbuilt-in\sINSTR()\nfunction.
+D 2016-11-23T20:19:00.738
 F Makefile.in 6fd48ffcf7c2deea7499062d1f3747f986c19678
 F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434
 F Makefile.msc 5151cc64c4c05f3455f4f692ad11410a810d937f
@@ -343,7 +343,7 @@ F src/delete.c cb3f6300df24c26c609778b2731f82644b5532ec
 F src/expr.c aac0b8d39373ce8f1d47829ce12c3d7af90c46a6
 F src/fault.c 160a0c015b6c2629d3899ed2daf63d75754a32bb
 F src/fkey.c b9ca262f6ad4d030a3cab737ebf9b0b3c8b4ac80
-F src/func.c 29cc9acb170ec1387b9f63eb52cd85f8de96c771
+F src/func.c 7057bc2c105b82faa668d8e2ec85fad4540e5c51
 F src/global.c 9da4ca5d74b90715f0ec4957f3d17a4749009f34
 F src/hash.c 63d0ee752a3b92d4695b2b1f5259c4621b2cfebd
 F src/hash.h ab34c5c54a9e9de2e790b24349ba5aab3dbb4fd4
@@ -862,6 +862,7 @@ F test/insert3.test 1b7db95a03ad9c5013fdf7d6722b6cd66ee55e30
 F test/insert4.test a20432f1c0fbbcff8f11d0e6ab4acb8c9db58023
 F test/insert5.test 394f96728d1258f406fe5f5aeb0aaf29487c39a6
 F test/instr.test 737bbf80685232033f3abedc6ae92f75860b5dd2
+F test/instrfault.test aa90b7c3486a069151b28384ae525644a1f79d51
 F test/intarray.test 066b7d7ac38d25bf96f87f1b017bfc687551cdd4
 F test/interrupt.test dfe9a67a94b0b2d8f70545ba1a6cca10780d71cc
 F test/intpkey.test ac71107a49a06492b69b82aafaf225400598d3c8
@@ -1526,8 +1527,8 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 794763fd6c04cabb16300421ade169131b7d308d
-Q +afbbb6c66a85ff3f4c8dce677e0892a2a51d2b8e
-R 33f3ac41ee3c3d90a8c94fdad486afd8
+P 8fd2fccefb8885c7e8bae312c184d78187889d32
+Q +b86b79c442a58d10aa005ba4f34095375a88d242
+R 62eaf104f9036a9c788bc58e3db9bcb7
 U drh
-Z 2ed9a3d689a240e363cf630c50009bbb
+Z 071ffa8921945eda55b3b115927dccbc

diff --git a/manifest.uuid b/manifest.uuid
index 45cafe571fdb2a741b889126f6c8e6a6171a297f..260e45146a37a48f9549768910eba54143240e70 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-8fd2fccefb8885c7e8bae312c184d78187889d32
\ No newline at end of file
+8a55b8e179f3fd14ae656680ed4ebd462800e2f6
\ No newline at end of file

diff --git a/src/func.c b/src/func.c
index 79bb1e3dd2f6f9a45e1dde90a8aee8b1f5dc4678..6ec0962de0ea404c5ac92087ebdf5aa8693f8ad0 100644 (file)
--- a/src/func.c
+++ b/src/func.c
@@ -208,6 +208,8 @@ static void instrFunc(
     zHaystack = sqlite3_value_text(argv[0]);
     zNeedle = sqlite3_value_text(argv[1]);
     isText = 1;
+    if( zNeedle==0 ) return;
+    assert( zHaystack );
   }
   while( nNeedle<=nHaystack && memcmp(zHaystack, zNeedle, nNeedle)!=0 ){
     N++;

diff --git a/test/instrfault.test b/test/instrfault.test
new file mode 100644 (file)
index 0000000..e2d93e7
--- /dev/null
+++ b/test/instrfault.test
@@ -0,0 +1,68 @@
+# 2016 November 4
+#
+# The author disclaims copyright to this source code.  In place of
+# a legal notice, here is a blessing:
+#
+#    May you do good and not evil.
+#    May you find forgiveness for yourself and forgive others.
+#    May you share freely, never taking more than you give.
+#
+#***********************************************************************
+# This file implements regression tests for SQLite library.  The
+# focus of this file is testing OOM error handling within the built-in 
+# INSTR() function.
+#
+
+
+set testdir [file dirname $argv0]
+source $testdir/tester.tcl
+set testprefix instrfault
+
+# Use big NEEDLE and HAYSTACK strings. Strings so large they cannot
+# use lookaside buffers.
+#
+set ::NEEDLE [string repeat "abcdefghijklmnopqrstuvwxyz" 10]
+set ::HAYSTACK "[string repeat 123 10]$NEEDLE[string repeat 456 10]"
+
+foreach {enc} {
+  utf8
+  utf16
+} {
+  reset_db
+  execsql "PRAGMA encoding = $enc"
+  do_execsql_test 1.$enc.1 {
+    CREATE TABLE t1(n, h);
+    INSERT INTO t1 VALUES($::NEEDLE, $::HAYSTACK);
+  } {}
+
+  do_faultsim_test 1.$enc.1 -faults oom-t* -prep {
+    execsql { SELECT instr(h, n) FROM t1 }
+  } -body {
+    execsql { SELECT instr(h, n) FROM t1 }
+  } -test {
+    faultsim_test_result {0 31}
+  }
+
+  do_faultsim_test 1.$enc.2 -faults oom-t* -prep {
+    execsql { SELECT instr($::HAYSTACK, $::NEEDLE) FROM t1 }
+  } -body {
+    execsql { SELECT instr($::HAYSTACK, $::NEEDLE) FROM t1 }
+  } -test {
+    faultsim_test_result {0 31}
+  }
+
+  do_faultsim_test 1.$enc.3 -faults oom-t* -prep {
+    set ::stmt [sqlite3_prepare_v2 db "SELECT instr(?, ?)" -1 dummy]
+    sqlite3_bind_text $::stmt 1 $::HAYSTACK [string length $::HAYSTACK]
+    sqlite3_bind_text $::stmt 2 $::NEEDLE [string length $::NEEDLE]
+  } -body {
+    set rc [sqlite3_step $::stmt]
+    if {$rc=="SQLITE_NOMEM"} { error "out of memory" }
+    sqlite3_column_int $::stmt 0
+  } -test {
+    faultsim_test_result {0 31}
+    sqlite3_finalize $::stmt
+  }
+}
+
+finish_test