From: drh Date: Sat, 27 Jun 2009 11:17:35 +0000 (+0000) Subject: Fix an instance where sqlite3JumpHere() might be called with a negative X-Git-Tag: cvs-to-fossil-cutover~144 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bdfb6b5ab274e33774bbc6e0afc9de01ec6da0c3;p=thirdparty%2Fsqlite.git Fix an instance where sqlite3JumpHere() might be called with a negative address following an OOM fault. (CVS 6828) FossilOrigin-Name: 49f22e55d69d0b5a34400b36332a2eb861362eb2 --- diff --git a/manifest b/manifest index d1e2527f79..98b365eb83 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Fix\sa\sbug\sin\ssqlite3_realloc()\s-\sif\scalled\swith\sa\ssize\sof\smore\sthan\n2147483392\sit\sreturns\s0\sbut\sit\salso\sreleases\sthe\sprior\sallocation.\s(CVS\s6827) -D 2009-06-27T00:48:33 +C Fix\san\sinstance\swhere\ssqlite3JumpHere()\smight\sbe\scalled\swith\sa\snegative\naddress\sfollowing\san\sOOM\sfault.\s(CVS\s6828) +D 2009-06-27T11:17:35 F Makefile.arm-wince-mingw32ce-gcc fcd5e9cd67fe88836360bb4f9ef4cb7f8e2fb5a0 F Makefile.in 8b8fb7823264331210cddf103831816c286ba446 F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654 @@ -199,7 +199,7 @@ F src/test_thread.c b8a1ab7ca1a632f18e8a361880d5d65eeea08eac F src/test_wsd.c 3ae5101de6cbfda2720152ab659ea84079719241 F src/tokenize.c eadd396fa81e8031d4b4a65eefd661e9c675167f F src/trigger.c c07c5157c58fcdb704f65d5f5e4775276e45bb8b -F src/update.c b58db45e40f11082281d6f94137cd3b5657771d9 +F src/update.c a1bbe774bce495d62dce3df3f42a5f04c1de173a F src/utf.c 9541d28f40441812c0b40f00334372a0542c00ff F src/util.c 861d5b5c58be4921f0a254489ea94cb15f550ef8 F src/vacuum.c 0e14f371ea3326c6b8cfba257286d798cd20db59 @@ -737,7 +737,7 @@ F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224 F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e F tool/vdbe-compress.tcl 672f81d693a03f80f5ae60bfefacd8a349e76746 -P 0d345e5923ff92a87195f6c04a29a56bf67ee43c -R 169f7765871685a4332f4c1aefebde22 +P 653df0afcc58de82c8c1b5f6a7b2f4829ff69792 +R 081c6cf0e8f2499b8b69ecc027b9626f U drh -Z 92880a7456ebca89a25dc923023f5817 +Z 2ef2a0908757252ee03ecce7509b94c2 diff --git a/manifest.uuid b/manifest.uuid index e64cee5356..1db69584e1 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -653df0afcc58de82c8c1b5f6a7b2f4829ff69792 \ No newline at end of file +49f22e55d69d0b5a34400b36332a2eb861362eb2 \ No newline at end of file diff --git a/src/update.c b/src/update.c index 12348c91a7..fb69799c56 100644 --- a/src/update.c +++ b/src/update.c @@ -12,7 +12,7 @@ ** This file contains C code routines that are called by the parser ** to handle UPDATE statements. ** -** $Id: update.c,v 1.203 2009/06/23 20:28:54 drh Exp $ +** $Id: update.c,v 1.204 2009/06/27 11:17:35 drh Exp $ */ #include "sqliteInt.h" @@ -669,8 +669,7 @@ static void updateVirtualTable( /* Generate code to scan the ephemeral table and call VUpdate. */ iReg = ++pParse->nMem; pParse->nMem += pTab->nCol+1; - sqlite3VdbeAddOp2(v, OP_Rewind, ephemTab, 0); - addr = sqlite3VdbeCurrentAddr(v); + addr = sqlite3VdbeAddOp2(v, OP_Rewind, ephemTab, 0); sqlite3VdbeAddOp3(v, OP_Column, ephemTab, 0, iReg); sqlite3VdbeAddOp3(v, OP_Column, ephemTab, (pRowid?1:0), iReg+1); for(i=0; inCol; i++){ @@ -678,8 +677,8 @@ static void updateVirtualTable( } sqlite3VtabMakeWritable(pParse, pTab); sqlite3VdbeAddOp4(v, OP_VUpdate, 0, pTab->nCol+2, iReg, pVtab, P4_VTAB); - sqlite3VdbeAddOp2(v, OP_Next, ephemTab, addr); - sqlite3VdbeJumpHere(v, addr-1); + sqlite3VdbeAddOp2(v, OP_Next, ephemTab, addr+1); + sqlite3VdbeJumpHere(v, addr); sqlite3VdbeAddOp2(v, OP_Close, ephemTab, 0); /* Cleanup */