From: drh <drh@noemail.net>
Date: Tue, 16 Sep 2014 20:05:21 +0000 (+0000)
Subject: Make sure registers are cleared properly prior to being used to store
X-Git-Tag: version-3.8.7~107^2~5
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8740a600162808c84040356282fa2f5af95588ff;p=thirdparty%2Fsqlite.git

Make sure registers are cleared properly prior to being used to store
the result of an OP_Column operator.

FossilOrigin-Name: 78fb8838d80b229418c347c63579989432e1af7d
---

diff --git a/manifest b/manifest
index 100a334778..20bc2b4129 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Simplification\sof\sthe\sOP_Column\slogic\sfor\sthe\scase\sof\srows\swith\soverflow.
-D 2014-09-16T18:22:44.852
+C Make\ssure\sregisters\sare\scleared\sproperly\sprior\sto\sbeing\sused\sto\sstore\nthe\sresult\sof\san\sOP_Column\soperator.
+D 2014-09-16T20:05:21.909
 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
 F Makefile.in cf57f673d77606ab0f2d9627ca52a9ba1464146a
 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
@@ -288,13 +288,13 @@ F src/update.c 729f6f18fc27740591d085e1172cebe311144bf0
 F src/utf.c 77abb5e6d27f3d236e50f7c8fff1d00e15262359
 F src/util.c 4006c01772bd8d8ac4306d523bbcee41d3e392d8
 F src/vacuum.c 59f03f92bcff57faa6a8ca256eb29ccddfb0614a
-F src/vdbe.c ff1b0b4f41355ba207bdc691b1017e7642f42c6b
+F src/vdbe.c 6a45baf86fcc6c294d57e0aef8c9f2c54f07ff18
 F src/vdbe.h 09f5b4e3719fa454f252322b1cdab5cf1f361327
 F src/vdbeInt.h dc1743de339f5556cc6687219cf8727ad0d35f72
 F src/vdbeapi.c 4d2aa56efa1b4a010012466bf8e97dbf179081a6
-F src/vdbeaux.c 79ce140ee79ecc7638eac070b48f1d24bbf9653c
+F src/vdbeaux.c 211ad29d51e01c44a0db1ab69b74c11c8de1cccf
 F src/vdbeblob.c 848238dc73e93e48432991bb5651bf87d865eca4
-F src/vdbemem.c 8abc122ce5359a120196e0825dca9a08a787aff6
+F src/vdbemem.c 18556fc614426886e380def839bdcf9cadbb752a
 F src/vdbesort.c 09efa5e5098d1a159cd21f588eb118e4fe87cfde
 F src/vdbetrace.c 16d39c1ef7d1f4a3a7464bea3b7b4bdd7849c415
 F src/vtab.c 019dbfd0406a7447c990e1f7bd1dfcdb8895697f
@@ -1198,7 +1198,7 @@ F tool/vdbe_profile.tcl 67746953071a9f8f2f668b73fe899074e2c6d8c1
 F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
 F tool/warnings.sh 0abfd78ceb09b7f7c27c688c8e3fe93268a13b32
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
-P a10a6bba4963761b490b7243b388dcc920c4cfed
-R e7cf963c2745f47a3657ad38e9817c1f
+P f73678038d8fc399c1ca55230ae45962007c909c
+R 39f3c2bf48f680cf4e99aef8c3698c28
 U drh
-Z 153a841014a3e255f6703a490d77aa20
+Z e586af33404759487ed3f6653fe697fa
diff --git a/manifest.uuid b/manifest.uuid
index 9162c28d1d..0d00de3592 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-f73678038d8fc399c1ca55230ae45962007c909c
\ No newline at end of file
+78fb8838d80b229418c347c63579989432e1af7d
\ No newline at end of file
diff --git a/src/vdbe.c b/src/vdbe.c
index 20301edc56..4bdfbfbdeb 100644
--- a/src/vdbe.c
+++ b/src/vdbe.c
@@ -2437,10 +2437,10 @@ case OP_Column: {
   assert( p2<pC->nHdrParsed );
   assert( rc==SQLITE_OK );
   assert( sqlite3VdbeCheckMemInvariants(pDest) );
+  VdbeMemReleaseExtern(pDest);
   if( pC->szRow>=aOffset[p2+1] ){
     /* This is the common case where the desired content fits on the original
     ** page - where the content is not on an overflow page */
-    VdbeMemReleaseExtern(pDest);
     sqlite3VdbeSerialGet(pC->aRow+aOffset[p2], aType[p2], pDest);
   }else{
     /* This branch happens only when content is on overflow pages */
diff --git a/src/vdbeaux.c b/src/vdbeaux.c
index b7e3da7584..10495e76e4 100644
--- a/src/vdbeaux.c
+++ b/src/vdbeaux.c
@@ -3306,6 +3306,7 @@ static int vdbeCompareMemString(
     c1.db = c2.db = pMem1->db;
     c1.flags = c2.flags = 0;
     c1.zMalloc = c2.zMalloc = 0;
+    c1.xDel = c2.xDel = 0;
     sqlite3VdbeMemShallowCopy(&c1, pMem1, MEM_Ephem);
     sqlite3VdbeMemShallowCopy(&c2, pMem2, MEM_Ephem);
     v1 = sqlite3ValueText((sqlite3_value*)&c1, pColl->enc);
diff --git a/src/vdbemem.c b/src/vdbemem.c
index 432cd4e898..c75046ab87 100644
--- a/src/vdbemem.c
+++ b/src/vdbemem.c
@@ -310,9 +310,13 @@ int sqlite3VdbeMemFinalize(Mem *pMem, FuncDef *pFunc){
 }
 
 /*
-** If the memory cell contains a string value that must be freed by
-** invoking an external callback, free it now. Calling this function
-** does not free any Mem.zMalloc buffer.
+** If the memory cell contains a value that must be freed by
+** invoking an external callback, then free it now. 
+**
+** This routine does NOT do any of the following:
+**    (1)  Set the Mem.flags field to a rational value.
+**    (2)  Free memory held by Mem.zMalloc
+** The caller is expected to take care of setting Mem.flags appropriately.
 **
 ** The VdbeMemReleaseExtern() macro invokes this routine if only if there
 ** is work for this routine to do.
@@ -340,8 +344,8 @@ void sqlite3VdbeMemReleaseExternal(Mem *p){
 ** by p->xDel and memory in p->zMalloc.
 **
 ** This is a helper routine invoked by sqlite3VdbeMemRelease() in
-** the uncommon case when there really is memory in p that is
-** need of freeing.
+** the uncommon case when there really is memory in p that needs
+** to be freeing.
 */
 static SQLITE_NOINLINE void vdbeMemRelease(Mem *p){
   if( VdbeMemDynamic(p) ){
@@ -355,9 +359,11 @@ static SQLITE_NOINLINE void vdbeMemRelease(Mem *p){
 }
 
 /*
-** Release any memory held by the Mem. This may leave the Mem in an
-** inconsistent state, for example with (Mem.z==0) and
-** (Mem.flags==MEM_Str).
+** Release any memory held by the Mem. This may leave the Mem.flags in an
+** inconsistent state, for example with (Mem.z==0) and (Mem.flags==MEM_Str).
+**
+** This routine releases both the Mem.xDel space and the Mem.zMalloc space.
+** Use sqlite3VdbeMemReleaseExternal() to release just the Mem.xDel space.
 */
 void sqlite3VdbeMemRelease(Mem *p){
   assert( sqlite3VdbeCheckMemInvariants(p) );
@@ -733,7 +739,7 @@ void sqlite3VdbeMemShallowCopy(Mem *pTo, const Mem *pFrom, int srcType){
   assert( pTo->db==pFrom->db );
   VdbeMemReleaseExtern(pTo);
   memcpy(pTo, pFrom, MEMCELLSIZE);
-  pTo->xDel = 0;
+  assert( pTo->xDel==0 );
   if( (pFrom->flags&MEM_Static)==0 ){
     pTo->flags &= ~(MEM_Dyn|MEM_Static|MEM_Ephem);
     assert( srcType==MEM_Ephem || srcType==MEM_Static );
@@ -753,7 +759,7 @@ int sqlite3VdbeMemCopy(Mem *pTo, const Mem *pFrom){
   VdbeMemReleaseExtern(pTo);
   memcpy(pTo, pFrom, MEMCELLSIZE);
   pTo->flags &= ~MEM_Dyn;
-  pTo->xDel = 0;
+  assert( pTo->xDel==0 );
 
   if( pTo->flags&(MEM_Str|MEM_Blob) ){
     if( 0==(pFrom->flags&MEM_Static) ){
@@ -906,6 +912,7 @@ int sqlite3VdbeMemFromBtree(
   int rc = SQLITE_OK; /* Return code */
 
   assert( sqlite3BtreeCursorIsValid(pCur) );
+  assert( pMem->xDel==0 );
 
   /* Note: the calls to BtreeKeyFetch() and DataFetch() below assert() 
   ** that both the BtShared and database handle mutexes are held. */
@@ -922,19 +929,22 @@ int sqlite3VdbeMemFromBtree(
     pMem->z = &zData[offset];
     pMem->flags = MEM_Blob|MEM_Ephem;
     pMem->n = (int)amt;
-  }else if( SQLITE_OK==(rc = sqlite3VdbeMemGrow(pMem, amt+2, 0)) ){
-    if( key ){
-      rc = sqlite3BtreeKey(pCur, offset, amt, pMem->z);
-    }else{
-      rc = sqlite3BtreeData(pCur, offset, amt, pMem->z);
-    }
-    if( rc==SQLITE_OK ){
-      pMem->z[amt] = 0;
-      pMem->z[amt+1] = 0;
-      pMem->flags = MEM_Blob|MEM_Term;
-      pMem->n = (int)amt;
-    }else{
-      sqlite3VdbeMemRelease(pMem);
+  }else{
+    pMem->flags = MEM_Null;
+    if( SQLITE_OK==(rc = sqlite3VdbeMemGrow(pMem, amt+2, 0)) ){
+      if( key ){
+        rc = sqlite3BtreeKey(pCur, offset, amt, pMem->z);
+      }else{
+        rc = sqlite3BtreeData(pCur, offset, amt, pMem->z);
+      }
+      if( rc==SQLITE_OK ){
+        pMem->z[amt] = 0;
+        pMem->z[amt+1] = 0;
+        pMem->flags = MEM_Blob|MEM_Term;
+        pMem->n = (int)amt;
+      }else{
+        sqlite3VdbeMemRelease(pMem);
+      }
     }
   }