From: drh Date: Wed, 17 Mar 2004 23:32:08 +0000 (+0000) Subject: Fix a VDBE stack overflow that occurs when the left-hand side of an IN X-Git-Tag: version-3.6.10~4769 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8b8891bf0aa39fde98831f4cdd391c1a22e672f1;p=thirdparty%2Fsqlite.git Fix a VDBE stack overflow that occurs when the left-hand side of an IN expression is NULL and the result is stored on the stack rather than used to control a jump. Ticket #668. (CVS 1299) FossilOrigin-Name: fc7a7975b03c144c2db3566facd008d3701c735e --- diff --git a/manifest b/manifest index ddd89a768f..21efd8949d 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C The\ssqlite_trace()\sAPI\sonly\sworks\sfor\scommands\sstarted\sby\sthe\suser,\snot\sfor\nSQL\scommands\srun\sduring\sinitialization.\s(CVS\s1298) -D 2004-03-17T18:44:46 +C Fix\sa\sVDBE\sstack\soverflow\sthat\soccurs\swhen\sthe\sleft-hand\sside\sof\san\sIN\nexpression\sis\sNULL\sand\sthe\sresult\sis\sstored\son\sthe\sstack\srather\sthan\sused\nto\scontrol\sa\sjump.\s\sTicket\s#668.\s(CVS\s1299) +D 2004-03-17T23:32:08 F Makefile.in 5d50a7d2a6a641e90a0312fc30d4e9c96b3903da F Makefile.linux-gcc b86a99c493a5bfb402d1d9178dcdc4bd4b32f906 F README f1de682fbbd94899d50aca13d387d1b3fd3be2dd @@ -31,7 +31,7 @@ F src/copy.c 750e13828c3e4a293123e36aaa7cf0f22466248a F src/date.c f055419d602bde622c70f831350b6b52f2235de0 F src/delete.c 82001c74882319f94dab5f6b92a27311b31092ae F src/encode.c fc8c51f0b61bc803ccdec092e130bebe762b0a2f -F src/expr.c 95ea5d47d11b5085aaeeb77d60b17c2cba13383a +F src/expr.c 938e4d341ce6766a5ee14b31d119ce1f99f478b6 F src/func.c 34fead7a33e82095f6412d3fafd379d47864b3be F src/hash.c 9b56ef3b291e25168f630d5643a4264ec011c70e F src/hash.h 3247573ab95b9dd90bcca0307a75d9a16da1ccc7 @@ -110,7 +110,7 @@ F test/memleak.test 4d5d374c8ea1fc5ac634aed58cac1047848ce65e F test/minmax.test 9dcf52f713b1b9e61d0a88a51eb8bb2e3c52d0ab F test/misc1.test 0b98d493b0cf55cb5f53e1f3df8107c166eecb5a F test/misc2.test 10c2ce26407d37411b96273e552d5095393732be -F test/misc3.test 3eac0f13a3d8ae71c1c5ec884b0192bd68ae7e5f +F test/misc3.test 3b5e369514a3ba3f919fb7eafa7d027440b5079e F test/misuse.test 1095f26d1aed406c65e1d2eba651c4bb7c38cbff F test/notnull.test 7a08117a71e74b0321aaa937dbeb41a09d6eb1d0 F test/null.test c14d0f4739f21e929b8115b72bf0c765b6bb1721 @@ -188,7 +188,7 @@ F www/sqlite.tcl 3c83b08cf9f18aa2d69453ff441a36c40e431604 F www/tclsqlite.tcl b9271d44dcf147a93c98f8ecf28c927307abd6da F www/vdbe.tcl 9b9095d4495f37697fd1935d10e14c6015e80aa1 F www/whentouse.tcl a8335bce47cc2fddb07f19052cb0cb4d9129a8e4 -P 72205a371ce5be4eac0a77d5d2fa8ccb23bb988f -R 99d9abce4fbd17d2074c2e743660ebc3 +P 0a12473c4ae370ec34f1f431dd6d7d6ffa25d41a +R 78357d97f8c7b89c610dec1a1190b368 U drh -Z 0b52db8f82add9da6aef2ec7c65ba20e +Z 1080973831d1d9ef12eb93cdd69e8b88 diff --git a/manifest.uuid b/manifest.uuid index d2944b794e..79ad66f0cd 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -0a12473c4ae370ec34f1f431dd6d7d6ffa25d41a \ No newline at end of file +fc7a7975b03c144c2db3566facd008d3701c735e \ No newline at end of file diff --git a/src/expr.c b/src/expr.c index dca48e35e3..eafc50ce82 100644 --- a/src/expr.c +++ b/src/expr.c @@ -12,7 +12,7 @@ ** This file contains routines used for analyzing expressions and ** for generating VDBE code that evaluates expressions in SQLite. ** -** $Id: expr.c,v 1.112 2004/02/25 13:47:31 drh Exp $ +** $Id: expr.c,v 1.113 2004/03/17 23:32:08 drh Exp $ */ #include "sqliteInt.h" #include @@ -1163,7 +1163,7 @@ void sqliteExprCode(Parse *pParse, Expr *pExpr){ sqliteExprCode(pParse, pExpr->pLeft); addr = sqliteVdbeCurrentAddr(v); sqliteVdbeAddOp(v, OP_NotNull, -1, addr+4); - sqliteVdbeAddOp(v, OP_Pop, 1, 0); + sqliteVdbeAddOp(v, OP_Pop, 2, 0); sqliteVdbeAddOp(v, OP_String, 0, 0); sqliteVdbeAddOp(v, OP_Goto, 0, addr+6); if( pExpr->pSelect ){ diff --git a/test/misc3.test b/test/misc3.test index 946c251016..544b96c7ec 100644 --- a/test/misc3.test +++ b/test/misc3.test @@ -13,7 +13,7 @@ # This file implements tests for miscellanous features that were # left out of other test files. # -# $Id: misc3.test,v 1.9 2004/03/02 18:37:42 drh Exp $ +# $Id: misc3.test,v 1.10 2004/03/17 23:32:08 drh Exp $ set testdir [file dirname $argv0] source $testdir/tester.tcl @@ -286,5 +286,19 @@ do_test misc3-7.3 { } } 32 +# Ticket #668: VDBE stack overflow occurs when the left-hand side +# of an IN expression is NULL and the result is used as an integer, not +# as a jump. +# +do_test misc-8.1 { + execsql { + SELECT count(CASE WHEN b IN ('abc','xyz') THEN 'x' END) FROM t3 + } +} {2} +do_test misc-8.2 { + execsql { + SELECT count(*) FROM t3 WHERE 1+(b IN ('abc','xyz'))==2 + } +} {2} finish_test