From: drh <> Date: Thu, 15 Apr 2021 12:56:44 +0000 (+0000) Subject: Make sure the WhereInfo.pExprMods list is properly cleared when existing X-Git-Tag: version-3.36.0~202 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d784cc893cd28fe2131c4494f9affe9ff07f7c8a;p=thirdparty%2Fsqlite.git Make sure the WhereInfo.pExprMods list is properly cleared when existing sqlite3WhereBegin() early due to an OOM fault. dbsqlfuzz 1247a51318047aba42e7f6991dfa62577cb7a151. FossilOrigin-Name: 0e19af72d84f96245cb4a5cfc37232579b6f5fdebd525f8b6515a4f2cc84e273 --- diff --git a/manifest b/manifest index f7000bbdfd..406f4132ce 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Prevent\san\sassert()\sfrom\sfailing\sif\ssqlite3_blob_reopen()\sis\scalled\son\sa\sblob-handle\sthat\shas\salready\shit\san\sSQLITE_CORRUPT\serror. -D 2021-04-14T15:25:10.656 +C Make\ssure\sthe\sWhereInfo.pExprMods\slist\sis\sproperly\scleared\swhen\sexisting\nsqlite3WhereBegin()\searly\sdue\sto\san\sOOM\sfault.\ndbsqlfuzz\s1247a51318047aba42e7f6991dfa62577cb7a151. +D 2021-04-15T12:56:44.601 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -629,7 +629,7 @@ F src/vxworks.h d2988f4e5a61a4dfe82c6524dd3d6e4f2ce3cdb9 F src/wal.c 69e770e96fd56cc21608992bf2c6f1f3dc5cf2572d0495c6a643b06c3a679f14 F src/wal.h c3aa7825bfa2fe0d85bef2db94655f99870a285778baa36307c0a16da32b226a F src/walker.c d42d6c80ea363ef689a462e65eefcfe87deab924c50de5baa37ecb6af7d7ddaa -F src/where.c 516790825454a104fca2cc9544e279d42217b22e86cec2f73ab1a9d00586b60a +F src/where.c f388f31a6cb482b685be50acddcea424cc2edb746191716d94084ed0b52b049c F src/whereInt.h 446e5e8018f83358ef917cf32d8e6a86dc8430113d0b17e720f1839d3faa44c4 F src/wherecode.c 8bdc239eae3d39f9f6ace4299eeb86e1e0c56eed88b60f9c473dc85ae79f4e89 F src/whereexpr.c d8cafcf6781cf871082f04d7540862cf0fe30cb381dd1b2145a380376364fe8e @@ -1912,7 +1912,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 3c266690c753d093c2cb74138a46ed69276d85cd119d687a6858c84211e84eaf -R 1229821373c94710c6cfca65316fcc76 -U dan -Z d1d1b9d93c24f2fe354e7ba5f2704dee +P b5dc7aba036cfd6d09c68dd17608328063634ca99ff341f97bab2dc2a1f59b11 +R e5a83f7ee0ee38847ddb8ea9b3542d9b +U drh +Z 0c50054693c17120ddefe2f62d9f2e68 diff --git a/manifest.uuid b/manifest.uuid index 5b985ac25b..ad47177d56 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -b5dc7aba036cfd6d09c68dd17608328063634ca99ff341f97bab2dc2a1f59b11 \ No newline at end of file +0e19af72d84f96245cb4a5cfc37232579b6f5fdebd525f8b6515a4f2cc84e273 \ No newline at end of file diff --git a/src/where.c b/src/where.c index ebb553d830..85579b592d 100644 --- a/src/where.c +++ b/src/where.c @@ -1983,6 +1983,17 @@ static void whereInfoFree(sqlite3 *db, WhereInfo *pWInfo){ sqlite3DbFreeNN(db, pWInfo); } +/* Undo all Expr node modifications +*/ +static void whereUndoExprMods(WhereInfo *pWInfo){ + while( pWInfo->pExprMods ){ + WhereExprMod *p = pWInfo->pExprMods; + pWInfo->pExprMods = p->pNext; + memcpy(p->pExpr, &p->orig, sizeof(p->orig)); + sqlite3DbFree(pWInfo->pParse->db, p); + } +} + /* ** Return TRUE if all of the following are true: ** @@ -5314,6 +5325,8 @@ WhereInfo *sqlite3WhereBegin( /* Jump here if malloc fails */ whereBeginError: if( pWInfo ){ + testcase( pWInfo->pExprMods!=0 ); + whereUndoExprMods(pWInfo); pParse->nQueryLoop = pWInfo->savedNQueryLoop; whereInfoFree(db, pWInfo); } @@ -5613,16 +5626,9 @@ void sqlite3WhereEnd(WhereInfo *pWInfo){ } } - /* Undo all Expr node modifications */ - while( pWInfo->pExprMods ){ - WhereExprMod *p = pWInfo->pExprMods; - pWInfo->pExprMods = p->pNext; - memcpy(p->pExpr, &p->orig, sizeof(p->orig)); - sqlite3DbFree(db, p); - } - /* Final cleanup */ + if( pWInfo->pExprMods ) whereUndoExprMods(pWInfo); pParse->nQueryLoop = pWInfo->savedNQueryLoop; whereInfoFree(db, pWInfo); return;