Fix a buffer overread that might occur in analyze.c if SQLITE_ENABLE_STAT4 was defined.

author dan <dan@noemail.net>

Fri, 5 Dec 2014 21:04:26 +0000 (21:04 +0000)

committer dan <dan@noemail.net>

Fri, 5 Dec 2014 21:04:26 +0000 (21:04 +0000)
author dan <dan@noemail.net>
Fri, 5 Dec 2014 21:04:26 +0000 (21:04 +0000)
committer dan <dan@noemail.net>
Fri, 5 Dec 2014 21:04:26 +0000 (21:04 +0000)
diff --git a/manifest b/manifest

index 12cf54556006be18fc4c06db3b1c8a617fc35552..2c008fe79f24d58ee9e12456ef00f836e527c68c 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Add\snew\stest\sfile\se_walckpt.test.\sStill\ssome\stests\sto\scome.
-D 2014-12-05T20:46:19.108
+C Fix\sa\sbuffer\soverread\sthat\smight\soccur\sin\sanalyze.c\sif\sSQLITE_ENABLE_STAT4\swas\sdefined.
+D 2014-12-05T21:04:26.713
  F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
  F Makefile.in 6c4f961fa91d0b4fa121946a19f9e5eac2f2f809
  F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
@@ -167,7 +167,7 @@ F sqlite.pc.in 42b7bf0d02e08b9e77734a47798d1a55a9e0716b
  F sqlite3.1 fc7ad8990fc8409983309bb80de8c811a7506786
  F sqlite3.pc.in 48fed132e7cb71ab676105d2a4dc77127d8c1f3a
  F src/alter.c ba266a779bc7ce10e52e59e7d3dc79fa342e8fdb
-F src/analyze.c f7d774356ba5a14e7ad4fb637681af16875ad88f
+F src/analyze.c 7a2986e6ea8247e5f21aca3d0b584598f58d84fe
  F src/attach.c f4e94df2d1826feda65eb0939f7f6f5f923a0ad9
  F src/auth.c b56c78ebe40a2110fd361379f7e8162d23f92240
  F src/backup.c 7ddee9c7d505e07e959a575b18498f17c71e53ea
@@ -1225,7 +1225,8 @@ F tool/vdbe_profile.tcl 67746953071a9f8f2f668b73fe899074e2c6d8c1
  F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
  F tool/warnings.sh 0abfd78ceb09b7f7c27c688c8e3fe93268a13b32
  F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
-P fdb667335c2250239a66143aec4235325dec8274
-R 88cb63a8d2ff8042b23c5ce33c03986a
+P e4db3db3a65ecfd4069a40d436aa7a5512d61a30
+Q +194c90db637ad4197a54be83a665feb2a9c96014
+R 4fea4497b1906b35d5aec52d63c738f3
  U dan
-Z d1e87cf655be5398ea39ae6fc02beae8
+Z 35f7cd6f840ef1a069fd6944a80e996c
diff --git a/manifest.uuid b/manifest.uuid

index 786ddbf8ea201b03c611926947de516d30a79ff2..95142505419d4cf3f7c6d9069b4a252e6a5e9488 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-e4db3db3a65ecfd4069a40d436aa7a5512d61a30
-\ No newline at end of file
+c1ae1268b9023a771fda98f26bf451c6066fe70b
+\ No newline at end of file
diff --git a/src/analyze.c b/src/analyze.c

index 01c2f129521913caed8100ed5e51c37d2e1d47e0..e483807116ab27f3fd4c6aec0dcc068ce4eb141d 100644 (file)
--- a/src/analyze.c
+++ b/src/analyze.c
@@ -1596,7 +1596,7 @@ static void initAvgEq(Index *pIdx){
        i64 nSum100 = 0;          /* Number of terms contributing to sumEq */
        i64 nDist100;             /* Number of distinct values in index */
  
-      if( pIdx->aiRowEst==0 || pIdx->aiRowEst[iCol+1]==0 ){
+      if( !pIdx->aiRowEst || iCol>=pIdx->nKeyCol || pIdx->aiRowEst[iCol+1]==0 ){
          nRow = pFinal->anLt[iCol];
          nDist100 = (i64)100 * pFinal->anDLt[iCol];
          nSample--;
author	dan <dan@noemail.net>
	Fri, 5 Dec 2014 21:04:26 +0000 (21:04 +0000)
committer	dan <dan@noemail.net>
	Fri, 5 Dec 2014 21:04:26 +0000 (21:04 +0000)
manifest		patch \| blob \| blame \| history
manifest.uuid		patch \| blob \| blame \| history
src/analyze.c		patch \| blob \| blame \| history