From: drh Date: Sun, 20 Nov 2016 12:00:27 +0000 (+0000) Subject: Prevent a possible use-after-free bug in the query optimizer. X-Git-Tag: version-3.16.0~113 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0f85b2ff0970391caf4629236d5bedcf55cc3b8d;p=thirdparty%2Fsqlite.git Prevent a possible use-after-free bug in the query optimizer. FossilOrigin-Name: 0a98c8d76ac86412d5eb68de994658c250989349 --- diff --git a/manifest b/manifest index f1ad21a433..1a6c1dd879 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Fix\sa\sproblem\sin\srtreeD.test\scausing\sit\sto\sfail\sin\sOMIT_BUILTIN_TEST\sbuilds. -D 2016-11-17T20:05:00.694 +C Prevent\sa\spossible\suse-after-free\sbug\sin\sthe\squery\soptimizer. +D 2016-11-20T12:00:27.508 F Makefile.in 6b572807415d3f0a379cebc9461416d8df4a12c8 F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434 F Makefile.msc bb4d970894abbbe0e88d00aac29bd52af8bc95f4 @@ -471,7 +471,7 @@ F src/walker.c 91a6df7435827e41cff6bb7df50ea00934ee78b0 F src/where.c 952f76e7a03727480b274b66ca6641b1657cd591 F src/whereInt.h 2bcc3d176e6091cb8f50a30b65c006e88a73614d F src/wherecode.c 4ea298998499db5a407ffd70e87e119a86ed7834 -F src/whereexpr.c a83d70154f3bbce5051a7e9710021f647c0fe4f2 +F src/whereexpr.c c19a84ac530835d37217db2181e4fe75901b7b97 F test/8_3_names.test ebbb5cd36741350040fd28b432ceadf495be25b2 F test/affinity2.test a6d901b436328bd67a79b41bb0ac2663918fe3bd F test/aggerror.test a867e273ef9e3d7919f03ef4f0e8c0d2767944f2 @@ -1534,7 +1534,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 2331192b4ca6a169b6ac0daafb21ceb7c390de65 -R 252cde6585f71191b31af3499dd16889 -U dan -Z 3bd9299c3f417af0dbc0173ca4fc27e5 +P d6b3779e6dad038d8bc35139cf314bf1e6e91977 +R 830f3978b6b30c614984da775063fd9f +U drh +Z d214ac5b563755a186f4bc035514a8e0 diff --git a/manifest.uuid b/manifest.uuid index 19168176ad..3e43a5563d 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -d6b3779e6dad038d8bc35139cf314bf1e6e91977 \ No newline at end of file +0a98c8d76ac86412d5eb68de994658c250989349 \ No newline at end of file diff --git a/src/whereexpr.c b/src/whereexpr.c index 40075bedee..13d5611457 100644 --- a/src/whereexpr.c +++ b/src/whereexpr.c @@ -1270,6 +1270,8 @@ static void exprAnalyze( /* Prevent ON clause terms of a LEFT JOIN from being used to drive ** an index for tables to the left of the join. */ + testcase( pTerm!=&pWC->a[idxTerm] ); + pTerm = &pWC->a[idxTerm]; pTerm->prereqRight |= extraRight; }