Fix an obscure memory leak found by libfuzzer that may occur under some circumstances...

FossilOrigin-Name: 60de5f23424552c98aa760ac89149a3d51f895be

diff --git a/manifest b/manifest
index 48ad5f5d35ad38bfd26e1f5eaba1824bf8ef53af..1ed1813193b3acb4f6cf9e11bf0e52ed84fd99c1 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Fix\sover-length\ssource\scode\slines.\s\sNo\slogic\schanges.
-D 2015-11-21T17:27:42.127
+C Fix\san\sobscure\smemory\sleak\sfound\sby\slibfuzzer\sthat\smay\soccur\sunder\ssome\scircumstances\sif\sexpanding\sa\s"*"\sexpression\scauses\sa\sSELECT\sto\sreturn\smore\sthan\s32767\scolumns.
+D 2015-11-21T19:43:29.760
 F Makefile.in d828db6afa6c1fa060d01e33e4674408df1942a1
 F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434
 F Makefile.msc e928e68168df69b353300ac87c10105206653a03
@@ -339,7 +339,7 @@ F src/printf.c f8fc8f04e75b1e983ef2793c27ec7a43b287e94a
 F src/random.c ba2679f80ec82c4190062d756f22d0c358180696
 F src/resolve.c f4c897ca76ca6d5e0b3f0499c627392ffe657c8e
 F src/rowset.c eccf6af6d620aaa4579bd3b72c1b6395d9e9fa1e
-F src/select.c 0495e86f8377026fbd529a1a5bf62046cbb6eec5
+F src/select.c e10586c750d87211caa8f4b239e2bfa6a2049e5b
 F src/shell.c f0f59ea60ad297f671b7ae0fb957a736ad17c92c
 F src/sqlite.h.in fa62718f73553f06b2f2e362fd09ccb4e1cbb626
 F src/sqlite3.rc 992c9f5fb8285ae285d6be28240a7e8d3a7f2bad
@@ -1038,7 +1038,7 @@ F test/speedtest1.c f8bf04214e7b5f745feea99f7bde68b1c4870666
 F test/spellfix.test 0597065ff57042df1f138e6a2611ae19c2698135
 F test/spellfix2.test dfc8f519a3fc204cb2dfa8b4f29821ae90f6f8c3
 F test/sqldiff1.test 8f6bc7c6a5b3585d350d779c6078869ba402f8f5
-F test/sqllimits1.test 89b3d5aad05b99f707ee3786bdd4416dccf83304
+F test/sqllimits1.test a74ee2a3740b9f9c2437c246d8fb77354862a142
 F test/sqllog.test a8faa2df39610a037dd372ed872d124260d32953
 F test/stat.test 8de91498c99f5298b303f70f1d1f3b9557af91bf
 F test/statfault.test f525a7bf633e50afd027700e9a486090684b1ac1
@@ -1404,7 +1404,7 @@ F tool/vdbe_profile.tcl 246d0da094856d72d2c12efec03250d71639d19f
 F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
 F tool/warnings.sh 48bd54594752d5be3337f12c72f28d2080cb630b
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
-P ff5716b89f99d9c4568a39f1f52524528a631623
-R 558d15295cc22b403e8d5cb8c3ebd48a
-U drh
-Z 0a3988f827c1f289bd36fdbbf324f548
+P 198d191b2f5ef7d63ac0093c701955c9052fd734
+R 8ed8d9e954ea81e19ae35a6836359b00
+U dan
+Z f96d100152be981f85597b50bc9a8134

diff --git a/manifest.uuid b/manifest.uuid
index 48582621bbe5a9438118871f49705006b44a5c58..90fb983695846f427925ba0744ec697a9abbb3f0 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-198d191b2f5ef7d63ac0093c701955c9052fd734
\ No newline at end of file
+60de5f23424552c98aa760ac89149a3d51f895be
\ No newline at end of file

diff --git a/src/select.c b/src/select.c
index dc8443e8b5c9149a7ed4fd6f19931e40a0316109..cf486e5b85e6bd5a84060e9175b20216a17fab07 100644 (file)
--- a/src/select.c
+++ b/src/select.c
@@ -1613,6 +1613,7 @@ int sqlite3ColumnsFromExprList(
     nCol = 0;
     aCol = 0;
   }
+  assert( nCol==(i16)nCol );
   *pnCol = nCol;
   *paCol = aCol;
 
@@ -4455,6 +4456,7 @@ static int selectExpander(Walker *pWalker, Select *p){
 #if SQLITE_MAX_COLUMN
   if( p->pEList && p->pEList->nExpr>db->aLimit[SQLITE_LIMIT_COLUMN] ){
     sqlite3ErrorMsg(pParse, "too many columns in result set");
+    return WRC_Abort;
   }
 #endif
   return WRC_Continue;

diff --git a/test/sqllimits1.test b/test/sqllimits1.test
index ec72723ebe38c4e3e63a64b695fc1e6b3eb55173..9508b5233dc7d931acae7d16e9fdb10521068814 100644 (file)
--- a/test/sqllimits1.test
+++ b/test/sqllimits1.test
@@ -874,6 +874,17 @@ do_test sqllimits1-16.2 {
   }
 } {1 {string or blob too big}}
 
+do_catchsql_test sqllimits1.17.0 {
+  SELECT *,*,*,*,*,*,*,* FROM (
+  SELECT *,*,*,*,*,*,*,* FROM (
+  SELECT *,*,*,*,*,*,*,* FROM (
+  SELECT *,*,*,*,*,*,*,* FROM (
+  SELECT *,*,*,*,*,*,*,* FROM (
+    SELECT 1,2,3,4,5,6,7,8,9,10
+  )
+  ))))
+} "1 {too many columns in result set}"
+
 
 foreach {key value} [array get saved] {
   catch {set $key $value}