From: drh <> Date: Fri, 15 Jan 2021 15:21:27 +0000 (+0000) Subject: Fix a potential NULL pointer dereference following OOM. X-Git-Tag: version-3.35.0~133^2~8 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9d326d67937b23217718cc64e67d214351691a2a;p=thirdparty%2Fsqlite.git Fix a potential NULL pointer dereference following OOM. FossilOrigin-Name: 8ce3cb90965771530c0021173d98720fc4c76bb99e69f7a879f80471dea0aace --- diff --git a/manifest b/manifest index 0e289c8966..235abe4634 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Add\sa\snew\soptimizer\sdisabling\sbit\sto\sclose\soff\sthe\sexists-to-in\soptimization,\nfor\stesting\spurposes. -D 2021-01-15T15:17:14.152 +C Fix\sa\spotential\sNULL\spointer\sdereference\sfollowing\sOOM. +D 2021-01-15T15:21:27.437 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -630,7 +630,7 @@ F src/walker.c d9c4e454ebb9499e908aa62d55b8994c375cf5355ac78f60d45af17f7890701c F src/where.c 0e6abb22a2323fec80b450825593c26a2ad8f4815d1ee3af9969d8f6144bf681 F src/whereInt.h 9a3f577619f07700d16d89eeb2f3d94d6b7ed7f109c2dacf0ce8844921549506 F src/wherecode.c a3a1aff30fe99a818d8e7c607980f033f40c68d890e03ed25838b9dbb7908bee -F src/whereexpr.c 2d42217961cf8da8280779df88bcfb7cb3ee719369cafb44ac2b376fdecf9db7 +F src/whereexpr.c 8ea4f6cd1332fdfbfbe832dc8a9f5194990684870931e7a07c2cafbc544588e7 F src/window.c edd6f5e25a1e8f2b6f5305b7f5f7da7bb35f07f0d432b255b1d4c2fcab4205aa F test/8_3_names.test ebbb5cd36741350040fd28b432ceadf495be25b2 F test/affinity2.test ce1aafc86e110685b324e9a763eab4f2a73f737842ec3b687bd965867de90627 @@ -1896,7 +1896,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P dcb7772d7695ddbc0fe89e06c07ff4a6ae4fa05de914e2ec10b5cc07a62ed49f -R 6fb63e2f60db07c2af9d4dfa7cc52f88 +P a80c9a076d31729282004ca372913c9fdbfb6e74711fbb8c5dc12ee0ecba2b87 +R 31b39e7a643244cb65bba0cd39985e5a U drh -Z 5ba57a27c0ec24c2bc90f07584644072 +Z 96ac907b935dc11fb79e0a38f40aef27 diff --git a/manifest.uuid b/manifest.uuid index 1f56d238fa..b72b9116a2 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -a80c9a076d31729282004ca372913c9fdbfb6e74711fbb8c5dc12ee0ecba2b87 \ No newline at end of file +8ce3cb90965771530c0021173d98720fc4c76bb99e69f7a879f80471dea0aace \ No newline at end of file diff --git a/src/whereexpr.c b/src/whereexpr.c index 4de5af1730..0359babc50 100644 --- a/src/whereexpr.c +++ b/src/whereexpr.c @@ -1153,6 +1153,7 @@ static void exprAnalyzeExists( Expr *pInLhs = 0; Expr **ppAnd = 0; int idxNew; + sqlite3 *db = pParse->db; assert( pExpr->op==TK_EXISTS ); assert( (pExpr->flags & EP_VarSelect) && (pExpr->flags & EP_xIsSelect) ); @@ -1162,10 +1163,13 @@ static void exprAnalyzeExists( if( pSel->pWhere==0 ) return; if( 0==exprAnalyzeExistsFindEq(pSel, 0, 0) ) return; - pDup = sqlite3ExprDup(pParse->db, pExpr, 0); - if( pDup==0 ) return; + pDup = sqlite3ExprDup(db, pExpr, 0); + if( db->mallocFailed ){ + sqlite3ExprDelete(db, pDup); + return; + } pSel = pDup->x.pSelect; - sqlite3ExprListDelete(pParse->db, pSel->pEList); + sqlite3ExprListDelete(db, pSel->pEList); pSel->pEList = 0; pInLhs = exprAnalyzeExistsFindEq(pSel, &pEq, &ppAnd); @@ -1184,13 +1188,13 @@ static void exprAnalyzeExists( Expr *pAnd = *ppAnd; Expr *pOther = (pAnd->pLeft==pEq) ? pAnd->pRight : pAnd->pLeft; pAnd->pLeft = pAnd->pRight = 0; - sqlite3ExprDelete(pParse->db, pAnd); + sqlite3ExprDelete(db, pAnd); *ppAnd = pOther; }else{ assert( pSel->pWhere==pEq ); pSel->pWhere = 0; } - sqlite3ExprDelete(pParse->db, pEq); + sqlite3ExprDelete(db, pEq); idxNew = whereClauseInsert(pWC, pDup, TERM_VIRTUAL|TERM_DYNAMIC); if( idxNew ){