From: dan Date: Wed, 20 Mar 2019 16:58:21 +0000 (+0000) Subject: Fix a potential dangling pointer deference in an ALTER TABLE run on a schema that... X-Git-Tag: version-3.28.0~102 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2381f6d7e57a8857e1e05343508124e8fe6df285;p=thirdparty%2Fsqlite.git Fix a potential dangling pointer deference in an ALTER TABLE run on a schema that contains constructs of the form "PRIMARY KEY(column COLLATE collation)". FossilOrigin-Name: b9e2393cf201e3fc24519c5ae65d0a5953147d78884e53d44a7958747b4a7e13 --- diff --git a/manifest b/manifest index a719feac7f..1fcb18fbfe 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Fix\sharmless\scompiler\swarnings\sfrom\sMSVC. -D 2019-03-20T12:08:27.465 +C Fix\sa\spotential\sdangling\spointer\sdeference\sin\san\sALTER\sTABLE\srun\son\sa\sschema\sthat\scontains\sconstructs\sof\sthe\sform\s"PRIMARY\sKEY(column\sCOLLATE\scollation)". +D 2019-03-20T16:58:21.326 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -460,7 +460,7 @@ F src/btmutex.c 8acc2f464ee76324bf13310df5692a262b801808984c1b79defb2503bbafadb6 F src/btree.c 9bcd70009cac284622ef6816daca22fda99b4fb54ce0027b461dea52bcb299fa F src/btree.h 63b94fb38ce571c15eb6a3661815561b501d23d5948b2d1e951fbd7a2d04e8d3 F src/btreeInt.h 6111c15868b90669f79081039d19e7ea8674013f907710baa3c814dc3f8bfd3f -F src/build.c 3acec29b23948042173301a8befebae01a98344debf66cbd4467c8b9077707b8 +F src/build.c 0f88a2f52c80da71ceb6e95831622aa4aeda758b69011bde9eb87840c8d38672 F src/callback.c 25dda5e1c2334a367b94a64077b1d06b2553369f616261ca6783c48bcb6bda73 F src/complete.c a3634ab1e687055cd002e11b8f43eb75c17da23e F src/ctime.c 109e58d00f62e8e71ee1eb5944ac18b90171c928ab2e082e058056e1137cc20b @@ -625,7 +625,7 @@ F test/altermalloc.test 167a47de41b5c638f5f5c6efb59784002b196fff70f98d9b4ed3cd74 F test/altermalloc2.test fa7b1c1139ea39b8dec407cf1feb032ca8e0076bd429574969b619175ad0174b F test/altertab.test 6e13f13d8c30708f16187908c31dadb1bfff9e3cb2a07a7392a7a5e076f58f4a F test/altertab2.test 5d423a2d1006085b05cc1b788863d5a860ea2da21c4f892d15e2f2a34c78348a -F test/altertab3.test 35aadf590f75ffb1c22569cc353975c42c943bd6f815c2e97e5c2de85b548fd2 +F test/altertab3.test b917c2a287a1a97d6e2de216357066441985326a148c99467ca5c73dc17b386a F test/amatch1.test b5ae7065f042b7f4c1c922933f4700add50cdb9f F test/analyze.test 7168c8bffa5d5cbc53c05b7e9c7fcdd24b365a1bc5046ce80c45efa3c02e6b7c F test/analyze3.test ff62d9029e6deb2c914490c6b00caf7fae47cc85cdc046e4a0d0a4d4b87c71d8 @@ -1807,8 +1807,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 90acdbfce9c088582d5165589f7eac462b00062bbfffacdcc786eb9cf3ea5377 1c0fe5b5763fe5cbace9773dcdab742e126d0bd035ab13d61f9d134afa0afc0c -R 417e85939120e076f0d5850acd5f41fd -T +closed 1c0fe5b5763fe5cbace9773dcdab742e126d0bd035ab13d61f9d134afa0afc0c -U drh -Z a56e1576d70fb974480a5e8f7221fe60 +P f0f02d46e40667d0fc31c57eb26d459ce2f3a3c222c767fa371100b36e5335d1 +R 92c0df543aea117c127876d55752268a +U dan +Z d663988bb4007d82fa838edb1e98afe4 diff --git a/manifest.uuid b/manifest.uuid index fc12ba30fa..ffd85225fa 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -f0f02d46e40667d0fc31c57eb26d459ce2f3a3c222c767fa371100b36e5335d1 \ No newline at end of file +b9e2393cf201e3fc24519c5ae65d0a5953147d78884e53d44a7958747b4a7e13 \ No newline at end of file diff --git a/src/build.c b/src/build.c index 79ad744c52..07cbaffd44 100644 --- a/src/build.c +++ b/src/build.c @@ -1404,7 +1404,8 @@ void sqlite3AddPrimaryKey( && sortOrder!=SQLITE_SO_DESC ){ if( IN_RENAME_OBJECT && pList ){ - sqlite3RenameTokenRemap(pParse, &pTab->iPKey, pList->a[0].pExpr); + Expr *pCExpr = sqlite3ExprSkipCollate(pList->a[0].pExpr); + sqlite3RenameTokenRemap(pParse, &pTab->iPKey, pCExpr); } pTab->iPKey = iCol; pTab->keyConf = (u8)onError; diff --git a/test/altertab3.test b/test/altertab3.test index ca589341d6..927b0d7bfc 100644 --- a/test/altertab3.test +++ b/test/altertab3.test @@ -114,6 +114,32 @@ do_execsql_test 4.2.3 { SELECT * FROM sqlite_master WHERE type='table' AND name!='t1'; } {table t3 t3 3 {CREATE TABLE t3(e, f)}} +#------------------------------------------------------------------------- +reset_db +do_execsql_test 5.0 { + CREATE TABLE t1 ( + c1 integer, c2, PRIMARY KEY(c1 collate rtrim), + UNIQUE(c2) + ) +} +do_execsql_test 5.1 { + ALTER TABLE t1 RENAME c1 TO c3; +} + +#------------------------------------------------------------------------- +reset_db +do_execsql_test 6.0 { + CREATE TEMPORARY TABLE Table0 ( + Col0 INTEGER, + PRIMARY KEY(Col0 COLLATE RTRIM), + FOREIGN KEY (Col0) REFERENCES Table0 + ); +} + +do_execsql_test 6.1 { + ALTER TABLE Table0 RENAME Col0 TO Col0; +} + finish_test