Avoid a sanitizer error (pointer arithmatic overflow) in vdbesort.c.

FossilOrigin-Name: af61a2fc45a0fa1277d7453779238b77de4c298a9f60714b7dc62ddca5874f80

diff --git a/manifest b/manifest
index 6f83d909e4b54c7e85c739b3ad56089bec045ed8..ffa9189f6dd4a5f2a6b11c96d2c234790b35c1c6 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Avoid\sa\ssanitizer\serror\sin\stest1.c.\sHave\sreleasetest.tcl/wapptest.tcl\screate\sa\sfile\scalled\s"makecommand.sh"\sthat\scan\sbe\sused\sto\srerun\sa\stest\sfrom\sthe\scommand\sline.
-D 2019-04-16T10:51:29.014
+C Avoid\sa\ssanitizer\serror\s(pointer\sarithmatic\soverflow)\sin\svdbesort.c.
+D 2019-04-16T11:21:13.568
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -597,7 +597,7 @@ F src/vdbeapi.c 2ddd60f4a351f15ee98d841e346af16111ad59dfa4d25d2dd4012e9875bf7d92
 F src/vdbeaux.c f873b5c2efcf8a4d6ecfc5b1a5b06fd810419198f3bd882175d371cc03801873
 F src/vdbeblob.c f5c70f973ea3a9e915d1693278a5f890dc78594300cf4d54e64f2b0917c94191
 F src/vdbemem.c 8e6889761e344babdb8a56dd1ac8911501fa648396544d1644f1cd6a87c80dc0
-F src/vdbesort.c 31c7794a517e8b0a1704988f1f7596b74c6fc07eeb7bb85776f50a391ed9d94f
+F src/vdbesort.c 66592d478dbb46f19aed0b42222325eadb84deb40a90eebe25c6e7c1d8468f47
 F src/vdbetrace.c 79d6dbbc479267b255a7de8080eee6e729928a0ef93ed9b0bfa5618875b48392
 F src/vtab.c 4c5959e00b7a142198d178e3a822f4e05f36f2d1a3c57657373f9487154fc06b
 F src/vxworks.h d2988f4e5a61a4dfe82c6524dd3d6e4f2ce3cdb9
@@ -1818,7 +1818,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P ee886600297c2a03d9d1d10db88d3d107b48e5d4de5e5d91b0ab16cc7c447ede
-R 8b174ed25bfed0d8eb722ebaa3aaabbf
+P 4de4480ffdea1e923c4b964692ccde92d713c8b6c056bb04bddf1ff55ee891ec
+R 53d48b50e3fea254b204992be6aac766
 U dan
-Z 97f4f18a7a6e556c0ee0ac2993a46468
+Z 2252f4361031453f785e5bf47a799819

diff --git a/manifest.uuid b/manifest.uuid
index e29f300b769006848c089f95c301bbf6a2f5787a..afe628e5f9392fe297c0a2f757ae2024c11257c0 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-4de4480ffdea1e923c4b964692ccde92d713c8b6c056bb04bddf1ff55ee891ec
\ No newline at end of file
+af61a2fc45a0fa1277d7453779238b77de4c298a9f60714b7dc62ddca5874f80
\ No newline at end of file

diff --git a/src/vdbesort.c b/src/vdbesort.c
index d84a4118d160c661e9fd8c715d14788dcbdb53eb..f909f812d6bf35158f15eee7c329fd1a52ec00ab 100644 (file)
--- a/src/vdbesort.c
+++ b/src/vdbesort.c
@@ -1828,15 +1828,19 @@ int sqlite3VdbeSorterWrite(
 
     if( nMin>pSorter->nMemory ){
       u8 *aNew;
-      int iListOff = (u8*)pSorter->list.pList - pSorter->list.aMemory;
       sqlite3_int64 nNew = 2 * (sqlite3_int64)pSorter->nMemory;
+      int iListOff = -1;
+      if( pSorter->list.pList ){
+        iListOff = (u8*)pSorter->list.pList - pSorter->list.aMemory;
+      }
       while( nNew < nMin ) nNew = nNew*2;
       if( nNew > pSorter->mxPmaSize ) nNew = pSorter->mxPmaSize;
       if( nNew < nMin ) nNew = nMin;
-
       aNew = sqlite3Realloc(pSorter->list.aMemory, nNew);
       if( !aNew ) return SQLITE_NOMEM_BKPT;
-      pSorter->list.pList = (SorterRecord*)&aNew[iListOff];
+      if( iListOff>=0 ){
+        pSorter->list.pList = (SorterRecord*)&aNew[iListOff];
+      }
       pSorter->list.aMemory = aNew;
       pSorter->nMemory = nNew;
     }