From: drh Date: Thu, 20 Aug 2015 23:21:34 +0000 (+0000) Subject: Fix corner-case memory management issues in table-valued functions. Change X-Git-Tag: version-3.9.0~211 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d8b1bfc6bf2f9463c1dfc27e7c52e9207b291145;p=thirdparty%2Fsqlite.git Fix corner-case memory management issues in table-valued functions. Change virtual table handling so that if xDestroy is missing the table is eponymous only even if xCreate is present. FossilOrigin-Name: 774e6a14b124bbae4da0e188b62aee9ffb8c3745 --- diff --git a/ext/misc/series.c b/ext/misc/series.c index 892426bacb..21f95ccb74 100644 --- a/ext/misc/series.c +++ b/ext/misc/series.c @@ -112,8 +112,7 @@ static int seriesConnect( char **pzErr ){ sqlite3_vtab *pNew; - pNew = *ppVtab = sqlite3_malloc( sizeof(*pNew) ); - if( pNew==0 ) return SQLITE_NOMEM; + int rc; /* Column numbers */ #define SERIES_COLUMN_VALUE 0 @@ -121,10 +120,14 @@ static int seriesConnect( #define SERIES_COLUMN_STOP 2 #define SERIES_COLUMN_STEP 3 - sqlite3_declare_vtab(db, + rc = sqlite3_declare_vtab(db, "CREATE TABLE x(value,start hidden,stop hidden,step hidden)"); - memset(pNew, 0, sizeof(*pNew)); - return SQLITE_OK; + if( rc==SQLITE_OK ){ + pNew = *ppVtab = sqlite3_malloc( sizeof(*pNew) ); + if( pNew==0 ) return SQLITE_NOMEM; + memset(pNew, 0, sizeof(*pNew)); + } + return rc; } /* diff --git a/manifest b/manifest index 3c5d640edd..06e7ddf3f5 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Skip\scalling\sthe\svirtual\stable\sxDestroy\smethod\swhen\sit\sis\snull. -D 2015-08-20T21:14:31.239 +C Fix\scorner-case\smemory\smanagement\sissues\sin\stable-valued\sfunctions.\s\sChange\nvirtual\stable\shandling\sso\sthat\sif\sxDestroy\sis\smissing\sthe\stable\sis\neponymous\sonly\seven\sif\sxCreate\sis\spresent. +D 2015-08-20T23:21:34.475 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f F Makefile.in 4f663b6b4954b9b1eb0e6f08387688a93b57542d F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23 @@ -196,7 +196,7 @@ F ext/misc/nextchar.c 35c8b8baacb96d92abbb34a83a997b797075b342 F ext/misc/percentile.c bcbee3c061b884eccb80e21651daaae8e1e43c63 F ext/misc/regexp.c af92cdaa5058fcec1451e49becc7ba44dba023dc F ext/misc/rot13.c 1ac6f95f99b575907b9b09c81a349114cf9be45a -F ext/misc/series.c 610bf80e8e85bedf3588907476d4dc2a8cdd013c +F ext/misc/series.c 6f94daf590d0668187631dee2a4d7e1d8f3095c3 F ext/misc/showauth.c 732578f0fe4ce42d577e1c86dc89dd14a006ab52 F ext/misc/spellfix.c 86998fb73aefb7b5dc346ba8a58912f312da4996 F ext/misc/totype.c 4a167594e791abeed95e0a8db028822b5e8fe512 @@ -281,7 +281,7 @@ F src/btmutex.c 45a968cc85afed9b5e6cf55bf1f42f8d18107f79 F src/btree.c f48b3ef91676c06a90a8832987ecef6b94c931ee F src/btree.h 969adc948e89e449220ff0ff724c94bb2a52e9f1 F src/btreeInt.h 8177c9ab90d772d6d2c6c517e05bed774b7c92c0 -F src/build.c 733a7b19f2c467775d5997d8467ce3677d2c8cc6 +F src/build.c 0ebd9d21500311ff4b7df52fe927e5f235ad1867 F src/callback.c 7b44ce59674338ad48b0e84e7b72f935ea4f68b0 F src/complete.c addcd8160b081131005d5bc2d34adf20c1c5c92f F src/ctime.c 5a0b735dc95604766f5dac73973658eef782ee8b @@ -334,7 +334,7 @@ F src/pragma.h 631a91c8b0e6ca8f051a1d8a4a0da4150e04620a F src/prepare.c 82e5db1013846a819f198336fed72c44c974e7b1 F src/printf.c 2bc439ff20a4aad0e0ad50a37a67b5eae7d20edc F src/random.c ba2679f80ec82c4190062d756f22d0c358180696 -F src/resolve.c 1103be495dddaae9378626a484d5d350fcb9d5fa +F src/resolve.c 02e2c9ed5f45a22d41e799739c17b770dbb31866 F src/rowset.c eccf6af6d620aaa4579bd3b72c1b6395d9e9fa1e F src/select.c c46de38c1b66355f02a839bb72eb13f277e6d19c F src/shell.c b1f91e60918df3a68efad1e3a11696b9a7e23d23 @@ -408,7 +408,7 @@ F src/vdbeblob.c 4f2e8e075d238392df98c5e03a64342465b03f90 F src/vdbemem.c ae38a0d35ae71cf604381a887c170466ba518090 F src/vdbesort.c f5009e7a35e3065635d8918b9a31f498a499976b F src/vdbetrace.c 8befe829faff6d9e6f6e4dee5a7d3f85cc85f1a0 -F src/vtab.c ab36813224d5551cb60f87f3c7e58e0b32541e12 +F src/vtab.c d31174e4c8f592febab3fa7f69e18320b4fd657a F src/vxworks.h c18586c8edc1bddbc15c004fa16aeb1e1342b4fb F src/wal.c 6fb6b68969e4692593c2552c4e7bff5882de2cb8 F src/wal.h df01efe09c5cb8c8e391ff1715cca294f89668a4 @@ -416,7 +416,7 @@ F src/walker.c 2e14d17f592d176b6dc879c33fbdec4fbccaa2ba F src/where.c 66518a14a1238611aa0744d6980b6b7f544f4816 F src/whereInt.h 880a8599226ac1c00203490d934f3ed79b292572 F src/wherecode.c 69f19535a6de0cceb10e16b31a3a03463e31bc24 -F src/whereexpr.c 6332ade8f72beebb6438734e92757da4631176e0 +F src/whereexpr.c f9dbd159127452150c92b558e184827ecb8f9229 F test/8_3_names.test ebbb5cd36741350040fd28b432ceadf495be25b2 F test/affinity2.test a6d901b436328bd67a79b41bb0ac2663918fe3bd F test/aggerror.test a867e273ef9e3d7919f03ef4f0e8c0d2767944f2 @@ -1031,7 +1031,7 @@ F test/superlock.test 1cde669f68d2dd37d6c9bd35eee1d95491ae3fc2 F test/sync.test a34cd43e98b7fb84eabbf38f7ed8f7349b3f3d85 F test/syscall.test d2fdaad713f103ac611fe7ef9b724c7b69f8149c F test/sysfault.test fa776e60bf46bdd3ae69f0b73e46ee3977a58ae6 -F test/tabfunc01.test ae7f4e5b67edbb423e63efeee37d672bb61d5a07 +F test/tabfunc01.test d556af2def6af10b0a759b2f8a8f41135c2b634e F test/table.test 33bf0d1fd07f304582695184b8e6feb017303816 F test/tableapi.test 2674633fa95d80da917571ebdd759a14d9819126 F test/tableopts.test dba698ba97251017b7c80d738c198d39ab747930 @@ -1376,7 +1376,7 @@ F tool/vdbe_profile.tcl 67746953071a9f8f2f668b73fe899074e2c6d8c1 F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4 F tool/warnings.sh 48bd54594752d5be3337f12c72f28d2080cb630b F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f -P 17eb7f18cb76170e109977a94b259b763cd86c47 -R 25130809f3babeec0691a193d02e4069 -U mistachkin -Z f2d173175579a2040d53483e92ff71ba +P b73ad305a6b7cb84fe0a1efb334b8e4592e21c40 +R f600d04c9db5494b68811630044e0207 +U drh +Z 52a18320de00f5816e7cb149e8e4308c diff --git a/manifest.uuid b/manifest.uuid index fda47be90f..903bbc12fa 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -b73ad305a6b7cb84fe0a1efb334b8e4592e21c40 \ No newline at end of file +774e6a14b124bbae4da0e188b62aee9ffb8c3745 \ No newline at end of file diff --git a/src/build.c b/src/build.c index 5f8bf8488f..d6ceb2c88e 100644 --- a/src/build.c +++ b/src/build.c @@ -355,7 +355,6 @@ Table *sqlite3LocateTable( p = sqlite3FindTable(pParse->db, zName, zDbase); if( p==0 ){ - const char *zMsg; #ifndef SQLITE_OMIT_VIRTUAL_TABLE /* If zName is the not the name of a table in the schema created using ** CREATE, then check to see if it is the name of an virtual table that @@ -365,7 +364,7 @@ Table *sqlite3LocateTable( return pMod->pEpoTab; } #endif - zMsg = isView ? "no such view" : "no such table"; + const char *zMsg = isView ? "no such view" : "no such table"; if( zDbase ){ sqlite3ErrorMsg(pParse, "%s: %s.%s", zMsg, zDbase, zName); }else{ @@ -3803,13 +3802,15 @@ void sqlite3SrcListIndexedBy(Parse *pParse, SrcList *p, Token *pIndexedBy){ ** table-valued-function. */ void sqlite3SrcListFuncArgs(Parse *pParse, SrcList *p, ExprList *pList){ - if( p && ALWAYS(p->nSrc>0) && pList ){ + if( p && pList ){ struct SrcList_item *pItem = &p->a[p->nSrc-1]; assert( pItem->fg.notIndexed==0 ); assert( pItem->fg.isIndexedBy==0 ); assert( pItem->fg.isTabFunc==0 ); pItem->u1.pFuncArg = pList; pItem->fg.isTabFunc = 1; + }else{ + sqlite3ExprListDelete(pParse->db, pList); } } diff --git a/src/resolve.c b/src/resolve.c index 9799a136b9..0908d4cd5d 100644 --- a/src/resolve.c +++ b/src/resolve.c @@ -1451,11 +1451,10 @@ int sqlite3ResolveExprListNames( NameContext *pNC, /* Namespace to resolve expressions in. */ ExprList *pList /* The expression list to be analyzed. */ ){ - if( pList ){ - int i; - for(i=0; inExpr; i++){ - if( sqlite3ResolveExprNames(pNC, pList->a[i].pExpr) ) return WRC_Abort; - } + assert( pList!=0 ); + int i; + for(i=0; inExpr; i++){ + if( sqlite3ResolveExprNames(pNC, pList->a[i].pExpr) ) return WRC_Abort; } return WRC_Continue; } diff --git a/src/vtab.c b/src/vtab.c index 8042e0e7bd..1675ca2e31 100644 --- a/src/vtab.c +++ b/src/vtab.c @@ -699,7 +699,7 @@ int sqlite3VtabCallCreate(sqlite3 *db, int iDb, const char *zTab, char **pzErr){ ** invoke it now. If the module has not been registered, return an ** error. Otherwise, do nothing. */ - if( pMod==0 || pMod->pModule->xCreate==0 ){ + if( pMod==0 || pMod->pModule->xCreate==0 || pMod->pModule->xDestroy==0 ){ *pzErr = sqlite3MPrintf(db, "no such module: %s", zMod); rc = SQLITE_ERROR; }else{ @@ -810,7 +810,8 @@ int sqlite3VtabCallDestroy(sqlite3 *db, int iDb, const char *zTab){ } p = vtabDisconnectAll(db, pTab); xDestroy = p->pMod->pModule->xDestroy; - rc = xDestroy ? xDestroy(p->pVtab) : SQLITE_OK; + assert( xDestroy!=0 ); /* Checked before the virtual table is created */ + rc = xDestroy(p->pVtab); /* Remove the sqlite3_vtab* from the aVTrans[] array, if applicable */ if( rc==SQLITE_OK ){ assert( pTab->pVTable==p && p->pNext==0 ); @@ -1123,9 +1124,9 @@ int sqlite3VtabEponymousTableInit(Parse *pParse, Module *pMod){ pTab->tabFlags |= TF_Virtual; pTab->nModuleArg = 0; pTab->iPKey = -1; - addModuleArgument(db, pTab, pTab->zName); + addModuleArgument(db, pTab, sqlite3DbStrDup(db, pTab->zName)); addModuleArgument(db, pTab, 0); - addModuleArgument(db, pTab, pTab->zName); + addModuleArgument(db, pTab, sqlite3DbStrDup(db, pTab->zName)); rc = vtabCallConstructor(db, pTab, pMod, pModule->xConnect, &zErr); if( rc ){ sqlite3ErrorMsg(pParse, "%s", zErr); @@ -1144,7 +1145,7 @@ void sqlite3VtabEponymousTableClear(sqlite3 *db, Module *pMod){ Table *pTab = pMod->pEpoTab; if( (pTab = pMod->pEpoTab)!=0 ){ sqlite3DeleteColumnNames(db, pTab); - sqlite3DbFree(db, pTab->azModuleArg); + sqlite3VtabClear(db, pTab); sqlite3DbFree(db, pTab); pMod->pEpoTab = 0; } diff --git a/src/whereexpr.c b/src/whereexpr.c index a0f7c822af..d6f94b3e1a 100644 --- a/src/whereexpr.c +++ b/src/whereexpr.c @@ -1273,7 +1273,7 @@ void sqlite3WhereTabFuncArgs( for(j=k=0; jnExpr; j++){ while( knCol && (pTab->aCol[k].colFlags & COLFLAG_HIDDEN)==0 ){ k++; } if( k>=pTab->nCol ){ - sqlite3ErrorMsg(pParse, "too many arguments on %s - max %d", + sqlite3ErrorMsg(pParse, "too many arguments on %s() - max %d", pTab->zName, j); return; } diff --git a/test/tabfunc01.test b/test/tabfunc01.test index b3711baea0..39264d2f05 100644 --- a/test/tabfunc01.test +++ b/test/tabfunc01.test @@ -43,7 +43,7 @@ do_execsql_test tabfunc01-1.6 { } {1 4 7 10} do_catchsql_test tabfunc01-1.7 { SELECT * FROM generate_series(1,9,2,11); -} {1 {too many arguments on generate_series - max 3}} +} {1 {too many arguments on generate_series() - max 3}} do_execsql_test tabfunc01-1.8 { SELECT * FROM generate_series(0,32,5) ORDER BY rowid DESC;