From: dan <dan@noemail.net>
Date: Thu, 7 Jun 2012 07:24:04 +0000 (+0000)
Subject: Fix a malloc/free mismatch in pager.c (sqlite3_free() called on a buffer allocated... 
X-Git-Tag: version-3.7.13~7
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a879342b0ef772b56d74356e64376359b932c5fe;p=thirdparty%2Fsqlite.git

Fix a malloc/free mismatch in pager.c (sqlite3_free() called on a buffer allocated by sqlite3DbMalloc()).

FossilOrigin-Name: 506008f000ba4af0b35da023b8c52f7a3f5033bd
---

diff --git a/manifest b/manifest
index 2a453a9705..69af0ff4c4 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Provide\san\s(undocumented)\scompile-time\soption\sto\sdisable\sthe\spage\scache\noverflow\scounter,\sin\sorder\sto\savoid\sa\smutex.
-D 2012-06-07T02:35:29.974
+C Fix\sa\smalloc/free\smismatch\sin\spager.c\s(sqlite3_free()\scalled\son\sa\sbuffer\sallocated\sby\ssqlite3DbMalloc()).
+D 2012-06-07T07:24:04.829
 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
 F Makefile.in 4f37eb61be9d38643cdd839a74b8e3bad724cfcf
 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
@@ -166,7 +166,7 @@ F src/os_common.h 92815ed65f805560b66166e3583470ff94478f04
 F src/os_os2.c 4a75888ba3dfc820ad5e8177025972d74d7f2440
 F src/os_unix.c d7c96b5d140f550f07345870112fae5d7ef99757
 F src/os_win.c e3d3d3e26b65a35d4293d753137a58510bd3299b
-F src/pager.c a1147e04bb1f64ee31bba8da2351f5e727f62179
+F src/pager.c e381c118b77dc22021a1a59d3fec24815e91df78
 F src/pager.h 8b8c9bc065a3c66769df8724dfdf492ee1aab3c5
 F src/parse.y f29df90bd3adc64b33114ab1de9fb7768fcf2099
 F src/pcache.c f8043b433a57aba85384a531e3937a804432a346
@@ -314,9 +314,9 @@ F test/boundary4.test 89e02fa66397b8a325d5eb102b5806f961f8ec4b
 F test/busy.test 76b4887f8b9160ba903c1ac22e8ff406ad6ae2f0
 F test/cache.test f64136b0893c293d0b910ed057b3b711249099a7
 F test/capi2.test 835d4cee9f542ea50fa8d01f3fe6de80b0627360
-F test/capi3.test 8a33b82c4a2469977aed91b6eb99ae3ca1546444
+F test/capi3.test 56ab450125ead38846cbae7e5b6a216686c3cffa
 F test/capi3b.test efb2b9cfd127efa84433cd7a2d72ce0454ae0dc4
-F test/capi3c.test 01f197d73f4d4d66316483662f475cab7ab5bd60
+F test/capi3c.test 93d24621c9ff84da9da060f30431e0453db1cdb0
 F test/capi3d.test 17b57ca28be3e37e14c2ba8f787d292d84b724a1
 F test/capi3e.test f7408dda65c92b9056199fdc180f893015f83dde
 F test/cast.test 4c275cbdc8202d6f9c54a3596701719868ac7dc3
@@ -642,7 +642,7 @@ F test/pageropt.test 9191867ed19a2b3db6c42d1b36b6fbc657cd1ab0
 F test/pagesize.test 1dd51367e752e742f58e861e65ed7390603827a0
 F test/pcache.test 065aa286e722ab24f2e51792c1f093bf60656b16
 F test/pcache2.test a83efe2dec0d392f814bfc998def1d1833942025
-F test/permutations.test ea7b6948eaa22993fcfa662eb704ce29ddb24b2a
+F test/permutations.test 2af90e00cea9e7e7c0a6b16d34727cb5bbae14dd
 F test/pragma.test cb736bcc75b8b629af21ac0ad83ba1d054a2107b
 F test/pragma2.test 3a55f82b954242c642f8342b17dffc8b47472947
 F test/printf.test ec9870c4dce8686a37818e0bf1aba6e6a1863552
@@ -1005,7 +1005,7 @@ F tool/tostr.awk e75472c2f98dd76e06b8c9c1367f4ab07e122d06
 F tool/vdbe-compress.tcl d70ea6d8a19e3571d7ab8c9b75cba86d1173ff0f
 F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
 F tool/warnings.sh fbc018d67fd7395f440c28f33ef0f94420226381
-P 31fe1985ad6be5eb04bbe85da378c2385c503ceb
-R c9b7e3ab6dcecb0e1f4bc1dec449f209
-U drh
-Z 08d748f35a747f23b9b024d61c3db611
+P 208825cd830748a2ca456affc57be75bbe618e47
+R 615bebd2a4edb95abd2eb071a3babed8
+U dan
+Z def87c7e203d2567dcd1543b1ddecb6d
diff --git a/manifest.uuid b/manifest.uuid
index 90fe997bca..716f35ce92 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-208825cd830748a2ca456affc57be75bbe618e47
\ No newline at end of file
+506008f000ba4af0b35da023b8c52f7a3f5033bd
\ No newline at end of file
diff --git a/src/pager.c b/src/pager.c
index bd788fb1f3..a3f5d6ec2e 100644
--- a/src/pager.c
+++ b/src/pager.c
@@ -4376,7 +4376,7 @@ int sqlite3PagerOpen(
   if( zFilename && zFilename[0] ){
     const char *z;
     nPathname = pVfs->mxPathname+1;
-    zPathname = sqlite3Malloc(nPathname*2);
+    zPathname = sqlite3DbMallocRaw(0, nPathname*2);
     if( zPathname==0 ){
       return SQLITE_NOMEM;
     }
@@ -4400,7 +4400,7 @@ int sqlite3PagerOpen(
       rc = SQLITE_CANTOPEN_BKPT;
     }
     if( rc!=SQLITE_OK ){
-      sqlite3_free(zPathname);
+      sqlite3DbFree(0, zPathname);
       return rc;
     }
   }
@@ -4430,7 +4430,7 @@ int sqlite3PagerOpen(
   );
   assert( EIGHT_BYTE_ALIGNMENT(SQLITE_INT_TO_PTR(journalFileSize)) );
   if( !pPtr ){
-    sqlite3_free(zPathname);
+    sqlite3DbFree(0, zPathname);
     return SQLITE_NOMEM;
   }
   pPager =              (Pager*)(pPtr);
@@ -4456,7 +4456,7 @@ int sqlite3PagerOpen(
     memcpy(&pPager->zWal[nPathname], "-wal\000", 4+1);
     sqlite3FileSuffix3(pPager->zFilename, pPager->zWal);
 #endif
-    sqlite3_free(zPathname);
+    sqlite3DbFree(0, zPathname);
   }
   pPager->pVfs = pVfs;
   pPager->vfsFlags = vfsFlags;
diff --git a/test/capi3.test b/test/capi3.test
index b84ddbbf1a..9d7434d25d 100644
--- a/test/capi3.test
+++ b/test/capi3.test
@@ -783,6 +783,7 @@ foreach {code english} $code2english {
 }
 
 # Test the error message when a "real" out of memory occurs.
+if { [permutation] != "nofaultsim" } {
 ifcapable memdebug {
   do_test capi3-10-1 {
     sqlite3 db test.db
@@ -821,6 +822,7 @@ ifcapable memdebug {
   db close
   sqlite3_memdebug_fail -1
 }
+}
 
 # The following tests - capi3-11.* - test that a COMMIT or ROLLBACK
 # statement issued while there are still outstanding VMs that are part of
diff --git a/test/capi3c.test b/test/capi3c.test
index 4092091894..14545c0a68 100644
--- a/test/capi3c.test
+++ b/test/capi3c.test
@@ -751,6 +751,7 @@ foreach {code english} $code2english {
 }
 
 # Test the error message when a "real" out of memory occurs.
+if { [permutation] != "nofaultsim" } {
 ifcapable memdebug {
   do_test capi3c-10-1 {
     sqlite3 db test.db
@@ -771,6 +772,7 @@ ifcapable memdebug {
   db close
   sqlite3_memdebug_fail -1
 }
+}
 
 # The following tests - capi3c-11.* - test that a COMMIT or ROLLBACK
 # statement issued while there are still outstanding VMs that are part of
diff --git a/test/permutations.test b/test/permutations.test
index 3c83c30031..4370d8691d 100644
--- a/test/permutations.test
+++ b/test/permutations.test
@@ -188,6 +188,21 @@ test_suite "fts3" -prefix "" -description {
   fts4check.test fts4unicode.test
 }
 
+test_suite "nofaultsim" -prefix "" -description {
+  "Very" quick test suite. Runs in less than 5 minutes on a workstation. 
+  This test suite is the same as the "quick" tests, except that some files
+  that test malloc and IO errors are omitted.
+} -files [
+  test_set $allquicktests -exclude *malloc* *ioerr* *fault*
+] -initialize {
+  catch {db close}
+  sqlite3_shutdown
+  install_malloc_faultsim 0
+  sqlite3_initialize
+  autoinstall_test_functions
+} -shutdown {
+  unset -nocomplain ::G(valgrind)
+}
 
 lappend ::testsuitelist xxx
 #-------------------------------------------------------------------------