Fix a potential use-after-free bug that follows an OOM error in code

author drh <drh@noemail.net>

Fri, 1 Nov 2019 16:37:53 +0000 (16:37 +0000)

committer drh <drh@noemail.net>

Fri, 1 Nov 2019 16:37:53 +0000 (16:37 +0000)
author drh <drh@noemail.net>
Fri, 1 Nov 2019 16:37:53 +0000 (16:37 +0000)
committer drh <drh@noemail.net>
Fri, 1 Nov 2019 16:37:53 +0000 (16:37 +0000)
diff --git a/manifest b/manifest

index 35b6c2896f7a75560499e7ad5ebcb28f14267937..17570b187e1b13ad78e75c73ce91ae61652195f8 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Add\sanother\smissing\scolumn\snumber\stranslation\sto\sthe\sforeign\skey\slogic.
-D 2019-11-01T16:08:20.952
+C Fix\sa\spotential\suse-after-free\sbug\sthat\sfollows\san\sOOM\serror\sin\scode\nadded\stwo\sdays\sago\sby\scheck-in\s[84e02d773d60cffe].\s\sProblem\sdiscovered\nby\sOSSFuzz.
+D 2019-11-01T16:37:53.191
  F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
  F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
  F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -602,7 +602,7 @@ F src/vdbe.c b67d6af853e03c3dd6d1116351567f62d8a2c10d3bd6db5f7f366e75d11c6653
  F src/vdbe.h fdbc0a11e5768a702b46ce63286f60e22e71351a29bd98b3666405e1fccc7802
  F src/vdbeInt.h bd589b8b7273286858950717e0e1ec5c88b18af45079a3366dc1371865cea704
  F src/vdbeapi.c 1252d80c548711e47a6d84dae88ed4e95d3fbb4e7bd0eaa1347299af7efddf02
-F src/vdbeaux.c ab10ec13e61cffacf26024aa10053e66285d175b3d88d87966674b6b9b8820c4
+F src/vdbeaux.c 75fa4792b6bc327751018ecd1516c189184d7224b8f3dfeda20c09112ef31a68
  F src/vdbeblob.c 253ed82894924c362a7fa3079551d3554cd1cdace39aa833da77d3bc67e7c1b1
  F src/vdbemem.c d8e10d1773806105e62094c4ede0a4684f46caaf07667a45e6d461e94306b530
  F src/vdbesort.c a3be032cc3fee0e3af31773af4a7a6f931b7230a34f53282ccf1d9a2a72343be
@@ -1849,7 +1849,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
  F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
  F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
  F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P e6c96ed91e7a96d2bd30ea9df132644ac02d5a321a62f81f8f3984a8e49ed94b
-R 3ab52f0e710580b54aac492242a1edc3
+P 32df5edcfef2605009f45d6ef1b97c63a99df07c7b4e00dc70f93001cfb8d81f
+R d43c58ef1fe087aa7eb409f8964655f5
  U drh
-Z 4e3a2664d2b976593cf31430f3790c9d
+Z 51a0b480453b8134aa91c2e503e48e63
diff --git a/manifest.uuid b/manifest.uuid

index 6d269be404d0e937e5eeea4a93acf5acfe47f0c4..5a5634c037a642a369ac0cfeada4424bc3dacbc4 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-32df5edcfef2605009f45d6ef1b97c63a99df07c7b4e00dc70f93001cfb8d81f
-\ No newline at end of file
+0a2eb949f8a759e5745d9468c8183d3c0b4b30e0fa2a14b3062620eb9e1d5c1d
+\ No newline at end of file
diff --git a/src/vdbeaux.c b/src/vdbeaux.c

index 9596e163b0fde576f81118813359eb199349d36a..21b396b36405d8e2370d41f77b5a87f054436305 100644 (file)
--- a/src/vdbeaux.c
+++ b/src/vdbeaux.c
@@ -368,10 +368,10 @@ int sqlite3VdbeAddFunctionCall(
    pCtx->pVdbe = 0;
    pCtx->isError = 0;
    pCtx->argc = nArg;
+  pCtx->iOp = sqlite3VdbeCurrentAddr(v);
    addr = sqlite3VdbeAddOp4(v, eCallCtx ? OP_PureFunc : OP_Function,
                             p1, p2, p3, (char*)pCtx, P4_FUNCCTX);
    sqlite3VdbeChangeP5(v, eCallCtx & NC_SelfRef);
-  pCtx->iOp = addr;
    return addr;
  }
author	drh <drh@noemail.net>
	Fri, 1 Nov 2019 16:37:53 +0000 (16:37 +0000)
committer	drh <drh@noemail.net>
	Fri, 1 Nov 2019 16:37:53 +0000 (16:37 +0000)
manifest		patch \| blob \| blame \| history
manifest.uuid		patch \| blob \| blame \| history
src/vdbeaux.c		patch \| blob \| blame \| history