Fix an integer overflow problem in the sorter.

author dan <dan@noemail.net>

Thu, 3 Apr 2014 16:25:29 +0000 (16:25 +0000)

committer dan <dan@noemail.net>

Thu, 3 Apr 2014 16:25:29 +0000 (16:25 +0000)
author dan <dan@noemail.net>
Thu, 3 Apr 2014 16:25:29 +0000 (16:25 +0000)
committer dan <dan@noemail.net>
Thu, 3 Apr 2014 16:25:29 +0000 (16:25 +0000)
diff --git a/manifest b/manifest

index 2e20875ba95e174fdcb90893ff11d45b7ff3d249..1e7716c432d1fd06d52a3725ea63c9c2b4672a5d 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Fix\sminor\serrors\scausing\scompilation\sto\sfail\swith\sSQLITE_MAX_WORKER_THREADS\sset\sto\sa\svalue\sgreater\sthan\szero.
-D 2014-04-03T14:29:08.251
+C Fix\san\sinteger\soverflow\sproblem\sin\sthe\ssorter.
+D 2014-04-03T16:25:29.778
  F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
  F Makefile.in ad0921c4b2780d01868cf69b419a4f102308d125
  F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
@@ -186,7 +186,7 @@ F src/journal.c b4124532212b6952f42eb2c12fa3c25701d8ba8d
  F src/legacy.c 0df0b1550b9cc1f58229644735e317ac89131f12
  F src/lempar.c cdf0a000315332fc9b50b62f3b5e22e080a0952b
  F src/loadext.c 867c7b330b740c6c917af9956b13b81d0a048303
-F src/main.c d3655832585baef4c2356529a5c6ca5ca3bd7c1f
+F src/main.c fcceb01d74a79c2d7984f33545b35b06da3bb1e8
  F src/malloc.c 0203ebce9152c6a0e5de520140b8ba65187350be
  F src/mem0.c 6a55ebe57c46ca1a7d98da93aaa07f99f1059645
  F src/mem1.c c0c990fcaddff810ea277b4fb5d9138603dd5d4b
@@ -219,15 +219,15 @@ F src/resolve.c 273d5f47c4e2c05b2d3d2bffeda939551ab59e66
  F src/rowset.c 64655f1a627c9c212d9ab497899e7424a34222e0
  F src/select.c 20055cf917222e660c4222fea306bd13a0623caa
  F src/shell.c a08060750f92461fc462b4f767e3b0d19d6b832e
-F src/sqlite.h.in 0249af5d9d3bbeab0dc1f58e1f9fee878807732a
+F src/sqlite.h.in 81221c50addbf698c3247154d92efd1095bfd885
  F src/sqlite3.rc 11094cc6a157a028b301a9f06b3d03089ea37c3e
  F src/sqlite3ext.h 886f5a34de171002ad46fae8c36a7d8051c190fc
-F src/sqliteInt.h 3ed0fedb5b64ece395a2114b7c73417678f3e420
+F src/sqliteInt.h 78c89401120b062660427c7b642de4de7673bc46
  F src/sqliteLimit.h 164b0e6749d31e0daa1a4589a169d31c0dec7b3d
  F src/status.c 7ac05a5c7017d0b9f0b4bcd701228b784f987158
  F src/table.c 2cd62736f845d82200acfa1287e33feb3c15d62e
  F src/tclsqlite.c e87c99e28a145943666b51b212dacae35fcea0bd
-F src/test1.c 31596bf8a9c0629f88e514a4ec864847c8946c4e
+F src/test1.c 0cd73ae82fdf7add76ca603e3575380ae7539ae2
  F src/test2.c 7355101c085304b90024f2261e056cdff13c6c35
  F src/test3.c 1c0e5d6f080b8e33c1ce8b3078e7013fdbcd560c
  F src/test4.c 9b32d22f5f150abe23c1830e2057c4037c45b3df
@@ -286,7 +286,7 @@ F src/vdbeapi.c 0ed6053f947edd0b30f64ce5aeb811872a3450a4
  F src/vdbeaux.c d8dc38965507a34b0e150c0d7fc82b02f8cf25ea
  F src/vdbeblob.c 15377abfb59251bccedd5a9c7d014a895f0c04aa
  F src/vdbemem.c 6fc77594c60f6155404f3f8d71bf36d1fdeb4447
-F src/vdbesort.c 5e7ed44bb4f2af809b6d229ae00f97825efab89a
+F src/vdbesort.c 252d7ab7620649945b53289510a172bc73133f17
  F src/vdbetrace.c 6f52bc0c51e144b7efdcfb2a8f771167a8816767
  F src/vtab.c 21b932841e51ebd7d075e2d0ad1415dce8d2d5fd
  F src/wal.c 76e7fc6de229bea8b30bb2539110f03a494dc3a8
@@ -738,7 +738,7 @@ F test/pagesize.test 1dd51367e752e742f58e861e65ed7390603827a0
  F test/pcache.test b09104b03160aca0d968d99e8cd2c5b1921a993d
  F test/pcache2.test a83efe2dec0d392f814bfc998def1d1833942025
  F test/percentile.test b98fc868d71eb5619d42a1702e9ab91718cbed54
-F test/permutations.test 40add071ba71aefe1c04f5845308cf46f7de8d04
+F test/permutations.test a214a42b4767bbbc7cd0fd965ea6198044ab414d
  F test/pragma.test adb21a90875bc54a880fa939c4d7c46598905aa0
  F test/pragma2.test aea7b3d82c76034a2df2b38a13745172ddc0bc13
  F test/printf.test ec9870c4dce8686a37818e0bf1aba6e6a1863552
@@ -1161,7 +1161,7 @@ F tool/vdbe_profile.tcl 67746953071a9f8f2f668b73fe899074e2c6d8c1
  F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
  F tool/warnings.sh d1a6de74685f360ab718efda6265994b99bbea01
  F tool/win/sqlite.vsix 030f3eeaf2cb811a3692ab9c14d021a75ce41fff
-P d284e30eb1db144965fa85566e4234e30464350b
-R 45d899d78ea7a6cd4a92080d8bb33ecf
+P 0561272abf357a2f4709f6c02866e570d19cd344
+R 8288f2959bddd3667c4349a94ca23e0f
  U dan
-Z 013157fb51930f7eb005a94358375580
+Z 4eb0e7377049f06d09d1ea7ce591ab92
diff --git a/manifest.uuid b/manifest.uuid

index 9cf01bf6ace8831abc5e7e95906cccfb4b1159aa..cdc8213641985405dc3346b345ba7f5e077feb57 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-0561272abf357a2f4709f6c02866e570d19cd344
-\ No newline at end of file
+9d3351b8d713232133dad149c73fb2a27c72abb1
+\ No newline at end of file
diff --git a/src/main.c b/src/main.c

index c1eaa6849a1e34d14629ebca816bb568dc59ef23..f18d1a6507e761e3c721cee3856b41eea07496e6 100644 (file)
--- a/src/main.c
+++ b/src/main.c
@@ -2504,6 +2504,7 @@ static int openDatabase(
    db->nextAutovac = -1;
    db->szMmap = sqlite3GlobalConfig.szMmap;
    db->nextPagesize = 0;
+  db->nMaxSorterMmap = 0x7FFFFFFF;
    db->flags |= SQLITE_ShortColNames | SQLITE_EnableTrigger | SQLITE_CacheSpill
  #if !defined(SQLITE_DEFAULT_AUTOMATIC_INDEX) || SQLITE_DEFAULT_AUTOMATIC_INDEX
                   | SQLITE_AutoIndex
@@ -3330,6 +3331,13 @@ int sqlite3_test_control(int op, ...){
        break;
      }
  
+    /*   sqlite3_test_control(SQLITE_TESTCTRL_SORTER_MMAP, db, nMax); */
+    case SQLITE_TESTCTRL_SORTER_MMAP: {
+      sqlite3 *db = va_arg(ap, sqlite3*);
+      db->nMaxSorterMmap = va_arg(ap, int);
+      break;
+    }
+
    }
    va_end(ap);
  #endif /* SQLITE_OMIT_BUILTIN_TEST */
diff --git a/src/sqlite.h.in b/src/sqlite.h.in

index 78aa9c36e1aacb8b5f74dd0bc0918c2a33236ca1..469504b1490912442ad5eb7ea559d920ca36382a 100644 (file)
--- a/src/sqlite.h.in
+++ b/src/sqlite.h.in
@@ -6129,7 +6129,8 @@ int sqlite3_test_control(int op, ...);
  #define SQLITE_TESTCTRL_EXPLAIN_STMT            19
  #define SQLITE_TESTCTRL_NEVER_CORRUPT           20
  #define SQLITE_TESTCTRL_VDBE_COVERAGE           21
-#define SQLITE_TESTCTRL_LAST                    21
+#define SQLITE_TESTCTRL_SORTER_MMAP             22
+#define SQLITE_TESTCTRL_LAST                    22
  
  /*
  ** CAPI3REF: SQLite Runtime Status
diff --git a/src/sqliteInt.h b/src/sqliteInt.h

index 0763f085ab7f4d62e3ffce055ba91728372bba06..b802d7aab74777dd37b40bb23eceff16ea854684 100644 (file)
--- a/src/sqliteInt.h
+++ b/src/sqliteInt.h
@@ -981,6 +981,7 @@ struct sqlite3 {
    int nChange;                  /* Value returned by sqlite3_changes() */
    int nTotalChange;             /* Value returned by sqlite3_total_changes() */
    int aLimit[SQLITE_N_LIMIT];   /* Limits */
+  int nMaxSorterMmap;           /* Maximum size of regions mapped by sorter */
    struct sqlite3InitInfo {      /* Information used during initialization */
      int newTnum;                /* Rootpage of table being initialized */
      u8 iDb;                     /* Which db file is being initialized */
diff --git a/src/test1.c b/src/test1.c

index 4b485ce741961e9409b73591ab22916499d38827..44e96c2c1f3a609d3b322eedc4c84d58e19f187a 100644 (file)
--- a/src/test1.c
+++ b/src/test1.c
@@ -5884,6 +5884,7 @@ static int test_test_control(
      int i;
    } aVerb[] = {
      { "SQLITE_TESTCTRL_LOCALTIME_FAULT", SQLITE_TESTCTRL_LOCALTIME_FAULT }, 
+    { "SQLITE_TESTCTRL_SORTER_MMAP", SQLITE_TESTCTRL_SORTER_MMAP }, 
    };
    int iVerb;
    int iFlag;
@@ -5911,6 +5912,19 @@ static int test_test_control(
        sqlite3_test_control(SQLITE_TESTCTRL_LOCALTIME_FAULT, val);
        break;
      }
+
+    case SQLITE_TESTCTRL_SORTER_MMAP: {
+      int val;
+      sqlite3 *db;
+      if( objc!=4 ){
+        Tcl_WrongNumArgs(interp, 2, objv, "DB LIMIT");
+        return TCL_ERROR;
+      }
+      if( getDbPointer(interp, Tcl_GetString(objv[2]), &db) ) return TCL_ERROR;
+      if( Tcl_GetIntFromObj(interp, objv[3], &val) ) return TCL_ERROR;
+      sqlite3_test_control(SQLITE_TESTCTRL_SORTER_MMAP, db, val);
+      break;
+    }
    }
  
    Tcl_ResetResult(interp);
diff --git a/src/vdbesort.c b/src/vdbesort.c

index 78f5183b5d113b697c49e252c23c9d5444174d91..ece66d4c11837c8545fec2647bece76e47cf154b 100644 (file)
--- a/src/vdbesort.c
+++ b/src/vdbesort.c
@@ -144,7 +144,7 @@ struct SortSubtask {
    SQLiteThread *pThread;          /* Thread handle, or NULL */
    int bDone;                      /* Set to true by pTask when finished */
  
-  sqlite3_vfs *pVfs;              /* VFS used to open temporary files */
+  sqlite3 *db;                    /* Database connection */
    KeyInfo *pKeyInfo;              /* How to compare records */
    UnpackedRecord *pUnpacked;      /* Space to unpack a record */
    int pgsz;                       /* Main database page size */
@@ -514,7 +514,9 @@ static int vdbePmaReaderInit(
    if( pIter->aAlloc ){
      /* Try to xFetch() a mapping of the entire temp file. If this is possible,
      ** the PMA will be read via the mapping. Otherwise, use xRead().  */
-    rc = sqlite3OsFetch(pIter->pFile, 0, pTask->iTemp1Off, &pMap);
+    if( pTask->iTemp1Off<=(i64)(pTask->db->nMaxSorterMmap) ){
+      rc = sqlite3OsFetch(pIter->pFile, 0, pTask->iTemp1Off, &pMap);
+    }
    }else{
      rc = SQLITE_NOMEM;
    }
@@ -670,8 +672,8 @@ int sqlite3VdbeSorterInit(
      for(i=0; i<pSorter->nTask; i++){
        SortSubtask *pTask = &pSorter->aTask[i];
        pTask->pKeyInfo = pKeyInfo;
-      pTask->pVfs = db->pVfs;
        pTask->pgsz = pgsz;
+      pTask->db = db;
      }
  
      if( !sqlite3TempInMemory(db) ){
@@ -1015,17 +1017,20 @@ static void vdbePmaWriteVarint(PmaWriter *p, u64 iVal){
  ** Whether or not the file does end up memory mapped of course depends on
  ** the specific VFS implementation.
  */
-static int vdbeSorterExtendFile(sqlite3_file *pFile, i64 nByte){
-  int rc = sqlite3OsTruncate(pFile, nByte);
-  if( rc==SQLITE_OK ){
-    void *p = 0;
-    sqlite3OsFetch(pFile, 0, nByte, &p);
-    sqlite3OsUnfetch(pFile, 0, p);
+static int vdbeSorterExtendFile(sqlite3 *db, sqlite3_file *pFile, i64 nByte){
+  int rc = SQLITE_OK;
+  if( nByte<=(i64)(db->nMaxSorterMmap) ){
+    rc = sqlite3OsTruncate(pFile, nByte);
+    if( rc==SQLITE_OK ){
+      void *p = 0;
+      sqlite3OsFetch(pFile, 0, nByte, &p);
+      sqlite3OsUnfetch(pFile, 0, p);
+    }
    }
    return rc;
  }
  #else
-# define vdbeSorterExtendFile(x,y) SQLITE_OK
+# define vdbeSorterExtendFile(x,y,z) SQLITE_OK
  #endif
  
  
@@ -1051,7 +1056,7 @@ static int vdbeSorterListToPMA(SortSubtask *pTask){
  
    /* If the first temporary PMA file has not been opened, open it now. */
    if( pTask->pTemp1==0 ){
-    rc = vdbeSorterOpenTempFile(pTask->pVfs, &pTask->pTemp1);
+    rc = vdbeSorterOpenTempFile(pTask->db->pVfs, &pTask->pTemp1);
      assert( rc!=SQLITE_OK || pTask->pTemp1 );
      assert( pTask->iTemp1Off==0 );
      assert( pTask->nPMA==0 );
@@ -1059,7 +1064,7 @@ static int vdbeSorterListToPMA(SortSubtask *pTask){
  
    /* Try to get the file to memory map */
    if( rc==SQLITE_OK ){
-    rc = vdbeSorterExtendFile(
+    rc = vdbeSorterExtendFile(pTask->db, 
          pTask->pTemp1, pTask->iTemp1Off + pTask->nInMemory + 9
      );
    }
@@ -1206,9 +1211,9 @@ static void *vdbeSortSubtaskMain(void *pCtx){
        }
  
        /* Open a second temp file to write merged data to */
-      rc = vdbeSorterOpenTempFile(pTask->pVfs, &pTemp2);
+      rc = vdbeSorterOpenTempFile(pTask->db->pVfs, &pTemp2);
        if( rc==SQLITE_OK ){
-        rc = vdbeSorterExtendFile(pTemp2, pTask->iTemp1Off);
+        rc = vdbeSorterExtendFile(pTask->db, pTemp2, pTask->iTemp1Off);
        }
        if( rc!=SQLITE_OK ){
          vdbeMergeEngineFree(pMerger);
diff --git a/test/permutations.test b/test/permutations.test

index 7f1485f8315fc1b13f6414322a155b9bc99f5fda..4487af055b434ae87e5cb5a9762e37fc04f975e4 100644 (file)
--- a/test/permutations.test
+++ b/test/permutations.test
@@ -112,6 +112,7 @@ set allquicktests [test_set $alltests -exclude {
    incrvacuum_ioerr.test autovacuum_crash.test btree8.test shared_err.test
    vtab_err.test walslow.test walcrash.test walcrash3.test
    walthread.test rtree3.test indexfault.test securedel2.test
+  sort3.test
  }]
  if {[info exists ::env(QUICKTEST_INCLUDE)]} {
    set allquicktests [concat $allquicktests $::env(QUICKTEST_INCLUDE)]
author	dan <dan@noemail.net>
	Thu, 3 Apr 2014 16:25:29 +0000 (16:25 +0000)
committer	dan <dan@noemail.net>
	Thu, 3 Apr 2014 16:25:29 +0000 (16:25 +0000)
manifest		patch \| blob \| blame \| history
manifest.uuid		patch \| blob \| blame \| history
src/main.c		patch \| blob \| blame \| history
src/sqlite.h.in		patch \| blob \| blame \| history
src/sqliteInt.h		patch \| blob \| blame \| history
src/test1.c		patch \| blob \| blame \| history
src/vdbesort.c		patch \| blob \| blame \| history
test/permutations.test		patch \| blob \| blame \| history