Fix a possible NULL pointer dereference in following an OOM error

author drh <drh@noemail.net>

Sun, 12 Mar 2017 20:28:44 +0000 (20:28 +0000)

committer drh <drh@noemail.net>

Sun, 12 Mar 2017 20:28:44 +0000 (20:28 +0000)
author drh <drh@noemail.net>
Sun, 12 Mar 2017 20:28:44 +0000 (20:28 +0000)
committer drh <drh@noemail.net>
Sun, 12 Mar 2017 20:28:44 +0000 (20:28 +0000)
diff --git a/manifest b/manifest

index 29e9c47ab17d0a024d60c20b28d2d4709fdea05d..fe7c037a95d3b6ef335443d8edda9c0b0d85010c 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Remove\san\sobsolete\sassert()\sin\sthe\sIN\soperator\scode\sgeneration.
-D 2017-03-12T19:39:00.634
+C Fix\sa\spossible\sNULL\spointer\sdereference\sin\sfollowing\san\sOOM\serror\nin\ssqlite3ExprIsInteger().\sProblem\sfound\sby\sOSS-Fuzz.
+D 2017-03-12T20:28:44.701
  F Makefile.in 2dae2a56457c2885425a480e1053de8096aff924
  F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434
  F Makefile.msc 9020fa41eb91f657ae0cc44145d0a2f3af520860
@@ -351,7 +351,7 @@ F src/ctime.c a9984df73898c042a5cfc8f9d8e7723d02bc35c9
  F src/date.c ee676e7694dfadbdd2fde1a258a71be8360ba5ae
  F src/dbstat.c 19ee7a4e89979d4df8e44cfac7a8f905ec89b77d
  F src/delete.c 0d9d5549d42e79ce4d82ff1db1e6c81e36d2f67c
-F src/expr.c 7eac40b592672a1f3e0565ac1e66fbb87218436c134d8b2460f989b550e2eb73
+F src/expr.c f12a581f342a6fd85d14c31e4fb84f16b3dd107f54d7728dddb62cebc79d7ce1
  F src/fault.c 460f3e55994363812d9d60844b2a6de88826e007
  F src/fkey.c 2e9aabe1aee76273aff8a84ee92c464e095400ae
  F src/func.c c67273e1ec08abbdcc14c189892a3ff6eeece86b
@@ -1562,7 +1562,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
  F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
  F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
  F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 3299a26160c239255608d1e2b15a221e28b18a3d
-R 0614fda50e45b1c812e74d7f5befdd87
+P 18bf6aca2ac86478fd12d5020f3a41cfd2bd2dc3defe2298411f79ad308a6f73
+R ca6b9859462ac91c5f6d6ceb39023c31
  U drh
-Z 926534de7c008338fc48290e21b48744
+Z af1824315a47164e92b4aa40f4d2923c
diff --git a/manifest.uuid b/manifest.uuid

index 64bc83d667aa3f607119db48580b8802a83575c9..d832e1d80ae0a82ecfa7c55c41f971e101273d7d 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-18bf6aca2ac86478fd12d5020f3a41cfd2bd2dc3defe2298411f79ad308a6f73
-\ No newline at end of file
+5ec655e8e817c1ed3bfb2e576745a7cef441494ad7baf1bf9f8895e98ac19c5a
+\ No newline at end of file
diff --git a/src/expr.c b/src/expr.c

index e074f2f44348a9a3bad3e1b5fd6c71698b76df9a..ce948be69edf847147738b64181a3f7340e74681 100644 (file)
--- a/src/expr.c
+++ b/src/expr.c
@@ -1860,6 +1860,7 @@ int sqlite3ExprContainsSubquery(Expr *p){
  */
  int sqlite3ExprIsInteger(Expr *p, int *pValue){
    int rc = 0;
+  if( p==0 ) return 0;  /* Can only happen following on OOM */
  
    /* If an expression is an integer literal that fits in a signed 32-bit
    ** integer, then the EP_IntValue flag will have already been set */
author	drh <drh@noemail.net>
	Sun, 12 Mar 2017 20:28:44 +0000 (20:28 +0000)
committer	drh <drh@noemail.net>
	Sun, 12 Mar 2017 20:28:44 +0000 (20:28 +0000)
manifest		patch \| blob \| blame \| history
manifest.uuid		patch \| blob \| blame \| history
src/expr.c		patch \| blob \| blame \| history