Fix OOM handling in sqlite3NestedParse().

FossilOrigin-Name: e6e9dd5c17405a3e5547076d4004455621a318de46233312557ed9e48ebc821d

diff --git a/manifest b/manifest
index ea467fade7ad7c7983311584fb6445ee2d15d968..a4ddfc37a5d2c5e1af7a2652045c791da5d5e2f8 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Detect\soversized\sstrings\sin\sthe\sOP_String\sopcode\seven\sif\sthe\sP4\sargument\nis\soriginally\sUTF8\sand\shas\sto\sbe\sconverted\sto\sUTF16\sto\smatch\sthe\sdatabase\nfile\sand\sthat\sconversion\scauses\sthe\sstring\sto\sbecome\sshorter\sand\scross\nbelow\sSQLITE_LIMIT_LENGTH\sthreshold.\s\sThis\smight\sfix\san\sOSSFuzz\sproblem\nthat\swe\shave\sbeen\sso\sfar\sunable\sto\sreproduce.
-D 2019-02-21T16:41:34.321
+C Fix\sOOM\shandling\sin\ssqlite3NestedParse().
+D 2019-02-21T18:11:12.457
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F Makefile.in 178d8eb6840771149cee40b322d1b3be30d330198c522c903c1b66fb5a1bfca4
@@ -459,7 +459,7 @@ F src/btmutex.c 8acc2f464ee76324bf13310df5692a262b801808984c1b79defb2503bbafadb6
 F src/btree.c 026f48c39b179a5602423904fcaaae87bbd75f659fd672b3756fea43356d9909
 F src/btree.h 63b94fb38ce571c15eb6a3661815561b501d23d5948b2d1e951fbd7a2d04e8d3
 F src/btreeInt.h 6111c15868b90669f79081039d19e7ea8674013f907710baa3c814dc3f8bfd3f
-F src/build.c ac41c86b486f480b2bcad7e55c6cc19d7151082f74682ab048c45980d6c9ddac
+F src/build.c a8789fbc05f77244f1cc433ceff3cd4201ab1a7273c50da42702cc3bca1958cc
 F src/callback.c 25dda5e1c2334a367b94a64077b1d06b2553369f616261ca6783c48bcb6bda73
 F src/complete.c a3634ab1e687055cd002e11b8f43eb75c17da23e
 F src/ctime.c 109e58d00f62e8e71ee1eb5944ac18b90171c928ab2e082e058056e1137cc20b
@@ -1036,7 +1036,7 @@ F test/index9.test 0aa3e509dddf81f93380396e40e9bb386904c1054924ba8fa9bcdfe85a8e7
 F test/indexedby.test a52c8c6abfae4fbfb51d99440de4ca1840dbacc606b05e29328a2a8ba7cd914e
 F test/indexexpr1.test 635261197bcdc19b9b2c59bbfa7227d525c00e9587faddb2d293c44d287ce60e
 F test/indexexpr2.test 38020c247ee77ba19322fadde99db84bdf2aef34f714866786563c3834bb2dce
-F test/indexfault.test 31d4ab9a7d2f6e9616933eb079722362a883eb1d
+F test/indexfault.test 98d78a8ff1f5335628b62f886a1cb7c7dac1ef6d48fa39c51ec871c87dce9811
 F test/init.test 15c823093fdabbf7b531fe22cf037134d09587a7
 F test/insert.test 9773604f8e1a2595f51488a5643c359d8a11dc55a11cb185910d93387d378458
 F test/insert2.test 4d14b8f1b810a41995f6286b64a6943215d52208
@@ -1805,7 +1805,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P be21a6416d47ff7db995006a0422b745044d9b8bb5bad3c53342aa6e2e524771
-R c5273df2e86448fbe31848ca521a60a4
-U drh
-Z 34aa1885dbc38a0426f19597b6e0799d
+P c13d563925db12bc2c91ff9432050261e5bd39d960e2739777a66bf804df2e31
+R 7a163acf7f942d8245b73b8e899e2cfe
+U dan
+Z e403406ab6982a1457a012f7f673697a

diff --git a/manifest.uuid b/manifest.uuid
index a0f17d4ac043831c31eb932aebfe22cf826c255c..f9484c5409fc9a63dced4ad1a3a6b344c6b3f42c 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-c13d563925db12bc2c91ff9432050261e5bd39d960e2739777a66bf804df2e31
\ No newline at end of file
+e6e9dd5c17405a3e5547076d4004455621a318de46233312557ed9e48ebc821d
\ No newline at end of file

diff --git a/src/build.c b/src/build.c
index 0cf9f52701d67e4586bddfc7720614aef85bcd26..1bdc5d7a070e1d066a2cb4a85c6792d27592abad 100644 (file)
--- a/src/build.c
+++ b/src/build.c
@@ -250,26 +250,26 @@ void sqlite3FinishCoding(Parse *pParse){
 void sqlite3NestedParse(Parse *pParse, const char *zFormat, ...){
   va_list ap;
   char *zSql;
-  char *zErrMsg = 0;
   sqlite3 *db = pParse->db;
-  char saveBuf[PARSE_TAIL_SZ];
 
   if( pParse->nErr ) return;
   assert( pParse->nested<10 );  /* Nesting should only be of limited depth */
   va_start(ap, zFormat);
   zSql = sqlite3VMPrintf(db, zFormat, ap);
   va_end(ap);
-  if( zSql==0 ){
-    return;   /* A malloc must have failed */
-  }
-  pParse->nested++;
-  memcpy(saveBuf, PARSE_TAIL(pParse), PARSE_TAIL_SZ);
-  memset(PARSE_TAIL(pParse), 0, PARSE_TAIL_SZ);
-  sqlite3RunParser(pParse, zSql, &zErrMsg);
-  sqlite3DbFree(db, zErrMsg);
+  assert( zSql!=0 || db->mallocFailed );
+  if( db->mallocFailed==0 ){
+    char *zErrMsg = 0;
+    char saveBuf[PARSE_TAIL_SZ];
+    pParse->nested++;
+    memcpy(saveBuf, PARSE_TAIL(pParse), PARSE_TAIL_SZ);
+    memset(PARSE_TAIL(pParse), 0, PARSE_TAIL_SZ);
+    sqlite3RunParser(pParse, zSql, &zErrMsg);
+    sqlite3DbFree(db, zErrMsg);
+    memcpy(PARSE_TAIL(pParse), saveBuf, PARSE_TAIL_SZ);
+    pParse->nested--;
+  }
   sqlite3DbFree(db, zSql);
-  memcpy(PARSE_TAIL(pParse), saveBuf, PARSE_TAIL_SZ);
-  pParse->nested--;
 }
 
 #if SQLITE_USER_AUTHENTICATION

diff --git a/test/indexfault.test b/test/indexfault.test
index efe493219edc907f8ef895842db7abbb8d2dea5a..0e65179a3238ee96a71c9ab8fe1c2e6289b661f6 100644 (file)
--- a/test/indexfault.test
+++ b/test/indexfault.test
@@ -337,6 +337,16 @@ do_faultsim_test 4.2 -faults custom -prep {
   faultsim_test_result {0 {}} 
 }
 
+do_faultsim_test 5 -prep {
+  reset_db
+} -body {
+  execsql { 
+ CREATE TABLE reallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallyreallylongname(a PRIMARY KEY) WITHOUT ROWID;
+  }
+} -test {
+  faultsim_test_result {0 {}} 
+}
+
 uninstall_custom_faultsim
 
 finish_test