Fix a memory leak in rtree triggered by corrupt database records. dbsqlfuzz 397ad036a...

FossilOrigin-Name: 706322c2b5bb31e14c1120a94520b21fa623ff119e3890170e36b37d8bde721a

diff --git a/ext/rtree/rtree.c b/ext/rtree/rtree.c
index 3dc0a6602af45533a34482ebbc26f364f732a155..47905c3d8c452e693b10532af54fbc08b2ff24a0 100644 (file)
--- a/ext/rtree/rtree.c
+++ b/ext/rtree/rtree.c
@@ -2545,6 +2545,10 @@ static int updateMapping(
   xSetMapping = ((iHeight==0)?rowidWrite:parentWrite);
   if( iHeight>0 ){
     RtreeNode *pChild = nodeHashLookup(pRtree, iRowid);
+    RtreeNode *p;
+    for(p=pNode; p; p=p->pParent){
+      if( p==pChild ) return SQLITE_CORRUPT_VTAB;
+    }
     if( pChild ){
       nodeRelease(pRtree, pChild->pParent);
       nodeReference(pNode);

diff --git a/manifest b/manifest
index 44ae1129368991447f2c974c8499fc4b194471d8..4aca4770584cf1ffa03385217225e919fa1917b1 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Fix\sa\sbad\sinteraction\sbetween\sthe\spager\scache\sand\sthe\sdbstat\smodule\sthat\scould\slead\sto\sa\smalfunction\sfollowing\san\sOOM.\sdbsqlfuzz\s9ed3e4e3816219d3509d711636c38542bf3f40b1.
-D 2021-09-25T18:21:01.895
+C Fix\sa\smemory\sleak\sin\srtree\striggered\sby\scorrupt\sdatabase\srecords.\sdbsqlfuzz\s397ad036a9013d7318da30ef84947d2baaaa6d6c.
+D 2021-09-25T20:19:16.641
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -393,7 +393,7 @@ F ext/repair/test/checkindex01.test b530f141413b587c9eb78ff734de6bb79bc3515c3350
 F ext/repair/test/test.tcl 686d76d888dffd021f64260abf29a55c57b2cedfa7fc69150b42b1d6119aac3c
 F ext/rtree/README 6315c0d73ebf0ec40dedb5aa0e942bc8b54e3761
 F ext/rtree/geopoly.c 98d45533989e908bf65b43f36ff6eaad95a9ffe6f3b6b8658fbd47d45c58b10b
-F ext/rtree/rtree.c e3b689c6a2622c572775f26149c4c30bc4cc9e7ddc19810cbaef7f76032b0475
+F ext/rtree/rtree.c 03b238f2134bac3cffeffa03f70cac3b23c9329ab865a73bb0242bfd2f19daf8
 F ext/rtree/rtree.h 4a690463901cb5e6127cf05eb8e642f127012fd5003830dbc974eca5802d9412
 F ext/rtree/rtree1.test 35c3bc0def71317b7601ee0d1149e7df2cd8fc4f13ec89a64761ac3f46ca123f
 F ext/rtree/rtree2.test 9d9deddbb16fd0c30c36e6b4fdc3ee3132d765567f0f9432ee71e1303d32603d
@@ -1926,7 +1926,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 70c221c5cf7b4d9ed34f16d045f262f99d16aa3db84f80cf0b03ee82ba28d075
-R ea98ed9a89a0731001a69934bf5f6de0
+P e03554a6a8c33d820922edccf605a2ce92055315bf22e464207ea8c0d81e3dd6
+R e10289212fa6f853fbfe056d086db189
 U dan
-Z 049319a646210861af4489763ecd7530
+Z 57a6cc5f806335fb018e364d503abadc

diff --git a/manifest.uuid b/manifest.uuid
index 9d24bd23da69c619b15764d32c97ee858050ba17..bf20cd553d55709d3f7b4fbd0fa496499e087b51 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-e03554a6a8c33d820922edccf605a2ce92055315bf22e464207ea8c0d81e3dd6
\ No newline at end of file
+706322c2b5bb31e14c1120a94520b21fa623ff119e3890170e36b37d8bde721a
\ No newline at end of file