From: drh Date: Mon, 4 Jan 2016 23:43:47 +0000 (+0000) Subject: Fix a corner case in the opcode-array reuse logic where the number of bytes of X-Git-Tag: version-3.10.0~4 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=11e3e538d672188c95430b7277b1e238533c5ee1;p=thirdparty%2Fsqlite.git Fix a corner case in the opcode-array reuse logic where the number of bytes of reusable space might be computed to be a negative number, due to unusual system alignment restrictions and rounding error. FossilOrigin-Name: 1aa530144643582658c8c1dd66548662f950efe3 --- diff --git a/manifest b/manifest index 1628852800..ac0852705f 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Fix\sthe\sconflict2.test\smodule\swhich\swas\sbroken\sby\scheck-in\s[e30062e9f6c]. -D 2016-01-04T13:06:53.893 +C Fix\sa\scorner\scase\sin\sthe\sopcode-array\sreuse\slogic\swhere\sthe\snumber\sof\sbytes\sof\nreusable\sspace\smight\sbe\scomputed\sto\sbe\sa\snegative\snumber,\sdue\sto\sunusual\nsystem\salignment\srestrictions\sand\srounding\serror. +D 2016-01-04T23:43:47.141 F Makefile.in 28bcd6149e050dff35d4dcfd97e890cd387a499d F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434 F Makefile.msc 5fff077fcc46de7714ed6eebb6159a4c00eab751 @@ -402,7 +402,7 @@ F src/vdbe.c 6ac8e5d808d48afc369316e147c191102f0584c1 F src/vdbe.h efb7a8c1459e31f3ea4377824c6a7e4cb5068637 F src/vdbeInt.h 75c2e82ee3357e9210c06474f8d9bdf12c81105d F src/vdbeapi.c 020681b943e77766b32ae1cddf86d7831b7374ca -F src/vdbeaux.c 66b546a1da82dfa6e67985ae0442ba5fd9efe0ff +F src/vdbeaux.c 141ee231ad190240d0d1ee133c9ea28eecd55824 F src/vdbeblob.c fdc4a81605ae7a35ae94a55bd768b66d6be16f15 F src/vdbemem.c fdd1578e47bea61390d472de53c565781d81e045 F src/vdbesort.c a7ec02da4494c59dfd071126dd3726be5a11459d @@ -1406,7 +1406,7 @@ F tool/vdbe_profile.tcl 246d0da094856d72d2c12efec03250d71639d19f F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4 F tool/warnings.sh 48bd54594752d5be3337f12c72f28d2080cb630b F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f -P 7adb789f45698e5569b840d23f3f9488db3ed109 -R 16019d64036d1aa36ba8b50ba392c4e8 +P b779ca8a7580e2a0bb1176316c4540867b635229 +R 3b3e1e83b8e4867e299c87ba108024a8 U drh -Z 8bde812e449e210a56672af13ac69445 +Z b5772777614dc8e4c77919f902a0659c diff --git a/manifest.uuid b/manifest.uuid index fa6d00eef8..bc138403e1 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -b779ca8a7580e2a0bb1176316c4540867b635229 \ No newline at end of file +1aa530144643582658c8c1dd66548662f950efe3 \ No newline at end of file diff --git a/src/vdbeaux.c b/src/vdbeaux.c index 7d547e5830..de7f482126 100644 --- a/src/vdbeaux.c +++ b/src/vdbeaux.c @@ -1848,18 +1848,21 @@ void sqlite3VdbeMakeReady( */ nMem += nCursor; - /* Allocate space for memory registers, SQL variables, VDBE cursors and - ** an array to marshal SQL function arguments in. + /* zCsr will initially point to nFree bytes of unused space at the + ** end of the opcode array, p->aOp. The computation of nFree is + ** conservative - it might be smaller than the true number of free + ** bytes, but never larger. nFree might be negative. But the allocation + ** loop will still function correctly. */ zCsr = ((u8*)p->aOp) + ROUND8(sizeof(Op)*p->nOp); /* Available space */ nFree = pParse->szOpAlloc - ROUND8(sizeof(Op)*p->nOp); /* Size of zCsr */ + if( nFree>0 ) memset(zCsr, 0, nFree); resolveP2Values(p, &nArg); p->usesStmtJournal = (u8)(pParse->isMultiWrite && pParse->mayAbort); if( pParse->explain && nMem<10 ){ nMem = 10; } - memset(zCsr, 0, nFree); assert( EIGHT_BYTE_ALIGNMENT(&zCsr[nFree]) ); p->expired = 0;