Fix a bug in sqlite3_realloc() - if called with a size of more than

author drh <drh@noemail.net>

Sat, 27 Jun 2009 00:48:33 +0000 (00:48 +0000)

committer drh <drh@noemail.net>

Sat, 27 Jun 2009 00:48:33 +0000 (00:48 +0000)
author drh <drh@noemail.net>
Sat, 27 Jun 2009 00:48:33 +0000 (00:48 +0000)
committer drh <drh@noemail.net>
Sat, 27 Jun 2009 00:48:33 +0000 (00:48 +0000)
diff --git a/manifest b/manifest

index 934b0de1d9c8bb850673d12ad13e7d8b213bb1b0..d1e2527f79ac6b7ce45589a0aa19270a3e976b35 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Remove\sincorrect\sNEVER()\smacros\sfrom\smalloc.c.\s\sThe\sallocations\scan\sbe\nexceeded\susing\ssqlite3_malloc()\sand\ssqlite3_realloc().\s(CVS\s6826)
-D 2009-06-26T18:35:17
+C Fix\sa\sbug\sin\ssqlite3_realloc()\s-\sif\scalled\swith\sa\ssize\sof\smore\sthan\n2147483392\sit\sreturns\s0\sbut\sit\salso\sreleases\sthe\sprior\sallocation.\s(CVS\s6827)
+D 2009-06-27T00:48:33
  F Makefile.arm-wince-mingw32ce-gcc fcd5e9cd67fe88836360bb4f9ef4cb7f8e2fb5a0
  F Makefile.in 8b8fb7823264331210cddf103831816c286ba446
  F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654
@@ -126,7 +126,7 @@ F src/journal.c e00df0c0da8413ab6e1bb7d7cab5665d4a9000d0
  F src/legacy.c 9a56cf126ceee332b56061bf16bd0fb4ff9e26c0
  F src/loadext.c 0e88a335665db0b2fb4cece3e49dcb65d832635a
  F src/main.c 9f6d91815233b517c1bdf16fd8fa838d10d2c015
-F src/malloc.c 55c4e997480b89833e693832298b5a7cfd9df9aa
+F src/malloc.c 16907f3b9d3f56e2c69d763ff18d9ee49e7433cd
  F src/mem0.c f2f84062d1f35814d6535c9f9e33de3bfb3b132c
  F src/mem1.c e6d5c23941288df8191b8a98c28e3f57771e2270
  F src/mem2.c d02bd6a5b34f2d59012a852615621939d9c09548
@@ -737,7 +737,7 @@ F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff
  F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224
  F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e
  F tool/vdbe-compress.tcl 672f81d693a03f80f5ae60bfefacd8a349e76746
-P f01a9fc375d77c67602a9f6be6a674beb516233f
-R 2e353673e103372172748404661066b9
+P 0d345e5923ff92a87195f6c04a29a56bf67ee43c
+R 169f7765871685a4332f4c1aefebde22
  U drh
-Z c395fb0e87a2bccde31a68bf5019fc25
+Z 92880a7456ebca89a25dc923023f5817
diff --git a/manifest.uuid b/manifest.uuid

index 2f9d1b7cc86264c369592b68179f66610a09f815..e64cee5356cb6fc296129fc7907cefd36983d0e9 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-0d345e5923ff92a87195f6c04a29a56bf67ee43c
-\ No newline at end of file
+653df0afcc58de82c8c1b5f6a7b2f4829ff69792
+\ No newline at end of file
diff --git a/src/malloc.c b/src/malloc.c

index 5d5fba19c8a1ecb86db724277a38fea07826f4f3..e89f5ab147e43165b087154901c600267cd46b69 100644 (file)
--- a/src/malloc.c
+++ b/src/malloc.c
@@ -12,7 +12,7 @@
  **
  ** Memory allocation functions used throughout sqlite.
  **
-** $Id: malloc.c,v 1.63 2009/06/26 18:35:17 drh Exp $
+** $Id: malloc.c,v 1.64 2009/06/27 00:48:33 drh Exp $
  */
  #include "sqliteInt.h"
  #include <stdarg.h>
@@ -473,11 +473,14 @@ void *sqlite3Realloc(void *pOld, int nBytes){
    if( pOld==0 ){
      return sqlite3Malloc(nBytes);
    }
-  if( nBytes<=0 || nBytes>=0x7fffff00 ){
-    /* The 0x7ffff00 limit term is explained in comments on sqlite3Malloc() */
+  if( nBytes<=0 ){
      sqlite3_free(pOld);
      return 0;
    }
+  if( nBytes>=0x7fffff00 ){
+    /* The 0x7ffff00 limit term is explained in comments on sqlite3Malloc() */
+    return 0;
+  }
    nOld = sqlite3MallocSize(pOld);
    if( sqlite3GlobalConfig.bMemstat ){
      sqlite3_mutex_enter(mem0.mutex);
author	drh <drh@noemail.net>
	Sat, 27 Jun 2009 00:48:33 +0000 (00:48 +0000)
committer	drh <drh@noemail.net>
	Sat, 27 Jun 2009 00:48:33 +0000 (00:48 +0000)
manifest		patch \| blob \| blame \| history
manifest.uuid		patch \| blob \| blame \| history
src/malloc.c		patch \| blob \| blame \| history