Fix an oversized allocation in sqlite3ExprCodeIN().

FossilOrigin-Name: d7be326a80e7b3aa8fd6e5e059c04e6ad3feaffcb20b1e3c251d7195ddc1be8b

diff --git a/manifest b/manifest
index 88ad23640311c28b7200447d7383eca443e26d11..a0bb28e9b6c54fca6bd865108870fa949706cfd8 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Minor\stypo\sfixes\sin\stest-script-interpreter.md.
-D 2024-07-18T19:17:29.793
+C Fix\san\soversized\sallocation\sin\ssqlite3ExprCodeIN().
+D 2024-07-20T16:11:12.048
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -705,7 +705,7 @@ F src/date.c 13dd752847afb32ed70510ad7345a5b9c841f51ad904dba5d010f1fa3a6a324e
 F src/dbpage.c 80e46e1df623ec40486da7a5086cb723b0275a6e2a7b01d9f9b5da0f04ba2782
 F src/dbstat.c 3b677254d512fcafd4d0b341bf267b38b235ccfddbef24f9154e19360fa22e43
 F src/delete.c cb766727c78e715f9fb7ec8a7d03658ed2a3016343ca687acfcec9083cdca500
-F src/expr.c 1119a2cbb1ade3ee249c7eb18916174385219a7e4f0f5ad26d22fed6607903b0
+F src/expr.c fe958028b36af640b70b2174354c044f75b8c4a4645c921592122aa2a022083a
 F src/fault.c 460f3e55994363812d9d60844b2a6de88826e007
 F src/fkey.c 852f93c0ef995e0c2b8983059a2b97151c194cc8259e21f5bc2b7ac508348c2a
 F src/func.c 1f61e32e7a357e615b5d2e774bee563761fce4f2fd97ecb0f72c33e62a2ada5f
@@ -2195,8 +2195,8 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 0c1cc4071edcd3e465779bbb17ea3ee6ddaa7c93c4fde55e5f3e07aa4b45783b
-R aae1e75c8b917e7c82d70094db31bce4
-U stephan
-Z 4b6c3f65da8d1d26380cf3c9e0c046bc
+P bf54b26092ded2e6acc779acfb960364f05c665c7626c38ffae61caae5636184
+R 7ef2615cb760c2eea892196d92897a4d
+U dan
+Z 97c1b7e0a30256a0a7866702bab37888
 # Remove this line to create a well-formed Fossil manifest.

diff --git a/manifest.uuid b/manifest.uuid
index 0d74c4156a9df6caee5767dc97eff805a7c1de61..c9fad50878b670f6ebbac948d539a98e1515ff45 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-bf54b26092ded2e6acc779acfb960364f05c665c7626c38ffae61caae5636184
+d7be326a80e7b3aa8fd6e5e059c04e6ad3feaffcb20b1e3c251d7195ddc1be8b

diff --git a/src/expr.c b/src/expr.c
index b9310fb396ed3061351c685c5f0717e4a7e8bd7b..53b0170ab4ec040398417e2338d7a70992db1c26 100644 (file)
--- a/src/expr.c
+++ b/src/expr.c
@@ -3927,9 +3927,7 @@ static void sqlite3ExprCodeIN(
   if( sqlite3ExprCheckIN(pParse, pExpr) ) return;
   zAff = exprINAffinity(pParse, pExpr);
   nVector = sqlite3ExprVectorSize(pExpr->pLeft);
-  aiMap = (int*)sqlite3DbMallocZero(
-      pParse->db, nVector*(sizeof(int) + sizeof(char)) + 1
-  );
+  aiMap = (int*)sqlite3DbMallocZero(pParse->db, nVector*sizeof(int));
   if( pParse->db->mallocFailed ) goto sqlite3ExprCodeIN_oom_error;
 
   /* Attempt to compute the RHS. After this step, if anything other than