Enhance the sqlite3_str_new() interface so that it always returns a valid

and non-NULL pointer even in an OOM condition.

FossilOrigin-Name: ed5b09680fd6659ebbe5ace3c1c56f3962bbd75cfdf65c7565651900cf87917a

diff --git a/manifest b/manifest
index 9675cf488920ebe61d68103eaa1d1ac3521ff3e1..90956c0afc2ac874a2c4665b24ed08e926ea77d0 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Correct\soutput\sfor\sthe\sfullkey\scolumn\sof\sjson_each()\swhen\sthe\stotal\sJSON\ninput\sis\sa\ssimple\svalue,\snot\san\sarray\sor\sobject.
-D 2018-05-16T12:19:11.651
+C Enhance\sthe\ssqlite3_str_new()\sinterface\sso\sthat\sit\salways\sreturns\sa\svalid\nand\snon-NULL\spointer\seven\sin\san\sOOM\scondition.
+D 2018-05-16T15:35:03.770
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F Makefile.in bfc40f350586923e0419d2ea4b559c37ec10ee4b6e210e08c14401f8e340f0da
@@ -489,13 +489,13 @@ F src/pcache1.c 716975564c15eb6679e97f734cec1bfd6c16ac3d4010f05f1f8e509fc7d19880
 F src/pragma.c c0d13c0e82a9197aef5533d63300c5b0c8a216ae1fd14ada64e1f12f398d7e82
 F src/pragma.h bb83728944b42f6d409c77f5838a8edbdb0fe83046c5496ffc9602b40340a324
 F src/prepare.c 95a9dba7a5d032039a77775188cb3b6fb17f2fa1a0b7cd915b30b4b823383ffa
-F src/printf.c 74ca0348796b490cdc56c85a8fb1abaa423c15c869712f54bf49fca65aa1dda1
+F src/printf.c 1d1b4a568a58d0f32a5ff26c6b98db8a6e1883467f343a6406263cacd2e60c21
 F src/random.c 80f5d666f23feb3e6665a6ce04c7197212a88384
 F src/resolve.c 6415381a0e9d22c0e7cba33ca4a53f81474190862f5d4838190f5eb5b0b47bc9
 F src/rowset.c 7b7e7e479212e65b723bf40128c7b36dc5afdfac
 F src/select.c a35d462ee7a3c0856ad7a9d9c8921fbf3d91d911a8f39ad9d61302eb43b24a71
 F src/shell.c.in 53affa90711f280342f7238f9c9aa9dcaed321ec6218a18043cf92154ef8a704
-F src/sqlite.h.in ef7e6fae65cb40ba004abf090ea491751295c11e64b1446322813d3b473b9400
+F src/sqlite.h.in 34be2d0d18bf4726538793bdc9854cd87f689fda4b3789515134cdbd68188cf4
 F src/sqlite3.rc 5121c9e10c3964d5755191c80dd1180c122fc3a8
 F src/sqlite3ext.h 9887b27e69c01e79c2cbe74ef73bf01af5b5703d6a7f0a4371e386d7249cb1c7
 F src/sqliteInt.h 5abdade4744cf3bd567afb65bb144bb3c61f6132f86813b995a5ca79c7b584e8
@@ -1728,7 +1728,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 3012df8b2c0b19d27260f389147a96c501aee9a4aee3813834cc9e438dbacede
-R eb478d353e4bc93e5a0dd64ac51f5c7a
+P b45b18850c59f22a163ee482f529f578a8798f96d0e26b5a061d336d480a1540
+R c3a19bb61082b137e0cb5588248c4f0e
 U drh
-Z bc6a18afa5bd2a1c6b59b76709d0f0cf
+Z 26153b062cb510be04ec5eecb2714fde

diff --git a/manifest.uuid b/manifest.uuid
index 76e3ac920d1e909f1fe8c804eb1639a4558e9811..c2200e96a689cd65f189d77f6f394c25aa0c31be 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-b45b18850c59f22a163ee482f529f578a8798f96d0e26b5a061d336d480a1540
\ No newline at end of file
+ed5b09680fd6659ebbe5ace3c1c56f3962bbd75cfdf65c7565651900cf87917a
\ No newline at end of file

diff --git a/src/printf.c b/src/printf.c
index 3fc4aca55e6bc169e03000fbc47a53de4543e436..d412e5ee20a7061475e94008918199be5231d923 100644 (file)
--- a/src/printf.c
+++ b/src/printf.c
@@ -967,11 +967,21 @@ char *sqlite3StrAccumFinish(StrAccum *p){
   return p->zText;
 }
 
+/*
+** This singleton is an sqlite3_str object that is returned if
+** sqlite3_malloc() fails to provide space for a real one.  This
+** sqlite3_str object accepts no new text and always returns
+** an SQLITE_NOMEM error.
+*/
+static sqlite3_str sqlite3OomStr = {
+   0, 0, 0, 0, 0, SQLITE_NOMEM
+};
+
 /* Finalize a string created using sqlite3_str_new().
 */
 char *sqlite3_str_finish(sqlite3_str *p){
   char *z;
-  if( p ){
+  if( p!=0 && p!=&sqlite3OomStr ){
     z = sqlite3StrAccumFinish(p);
     sqlite3_free(p);
   }else{
@@ -1040,6 +1050,8 @@ sqlite3_str *sqlite3_str_new(sqlite3 *db){
   if( p ){
     sqlite3StrAccumInit(p, 0, 0, 0,
             db ? db->aLimit[SQLITE_LIMIT_LENGTH] : SQLITE_MAX_LENGTH);
+  }else{
+    p = &sqlite3OomStr;
   }
   return p;
 }

diff --git a/src/sqlite.h.in b/src/sqlite.h.in
index e2413d4d30d0cad8cd047d3fd9a8dfebb5fac334..0cd06d09f0b7a5125e9b5b7284f425aa132ac4e8 100644 (file)
--- a/src/sqlite.h.in
+++ b/src/sqlite.h.in
@@ -7155,12 +7155,20 @@ typedef struct sqlite3_str sqlite3_str;
 ** CONSTRUCTOR: sqlite3_str
 **
 ** ^The [sqlite3_str_new(D)] interface allocates and initializes
-** a new [sqlite3_str]
-** object.  ^The [sqlite3_str_new()] interface returns NULL on an out-of-memory
-** condition.  To avoid memory leaks, the object returned by
+** a new [sqlite3_str] object.  To avoid memory leaks, the object returned by
 ** [sqlite3_str_new()] must be freed by a subsequent call to 
 ** [sqlite3_str_finish(X)].
 **
+** ^The [sqlite3_str_new(D)] interface always returns a pointer to a
+** valid [sqlite3_str] object, though in the event of an out-of-memory
+** error the returned object might be a special singleton that will
+** silently reject new text, always return SQLITE_NOMEM from 
+** [sqlite3_str_errcode()], always return 0 for 
+** [sqlite3_str_length()], and always return NULL from
+** [sqlite3_str_finish(X)].  It is always safe to use the value
+** returned by [sqlite3_str_new(D)] as the sqlite3_str parameter
+** to any of the other [sqlite3_str] methods.
+**
 ** The D parameter to [sqlite3_str_new(D)] may be NULL.  If the
 ** D parameter in [sqlite3_str_new(D)] is not NULL, then the maximum
 ** length of the string contained in the [sqlite3_str] object will be