From: drh Date: Sun, 18 Feb 2018 17:50:03 +0000 (+0000) Subject: Fix a memory leak in the processing of nested row values. This problem has X-Git-Tag: version-3.23.0~120 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e28eb64d09e3615d2695c2f6972d0c01b472bc2f;p=thirdparty%2Fsqlite.git Fix a memory leak in the processing of nested row values. This problem has existed every since row values support was added (version 3.15.0, 2016-10-14) but was only just now detected by OSSFuzz. FossilOrigin-Name: 2df6bbf1b8ca881c8a465d6624de66fde4c5975ccae6b2f2dda392b137f577de --- diff --git a/manifest b/manifest index 7d33baf3f3..646fefe6c5 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Port\smutex\senhancments\sfrom\scheck-in\s[f53b8a573b]\sto\sthe\sWin32\simplementation. -D 2018-02-18T00:54:06.860 +C Fix\sa\smemory\sleak\sin\sthe\sprocessing\sof\snested\srow\svalues.\s\sThis\sproblem\shas\nexisted\severy\ssince\srow\svalues\ssupport\swas\sadded\s(version\s3.15.0,\s2016-10-14)\nbut\swas\sonly\sjust\snow\sdetected\sby\sOSSFuzz. +D 2018-02-18T17:50:03.135 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F Makefile.in 7a3f714b4fcf793108042b7b0a5c720b0b310ec84314d61ba7f3f49f27e550ea @@ -574,7 +574,7 @@ F src/walker.c da987a20d40145c0a03c07d8fefcb2ed363becc7680d0500d9c79915591f5b1f F src/where.c 7cae47e813393d70c6d327fdf000fcb30f76b1b0b5a5b52ff6402e0c658de32c F src/whereInt.h 82c04c5075308abbac59180c8bad5ecb45b07453981f60a53f3c7dee21e1e971 F src/wherecode.c e1aaadd8fec650037cfbf27d1b3470338fb3b58fec34d11082df16fe9a08fbd7 -F src/whereexpr.c 22dbfd3bf5f6051a61523dd0ebef7a944fb29ee4aa7d2a62feb8aac6ffbbc0eb +F src/whereexpr.c 53532be687e12f3cd314f1e204cd4fbdac7ad250e918a182b048121e16e828ae F test/8_3_names.test ebbb5cd36741350040fd28b432ceadf495be25b2 F test/affinity2.test a6d901b436328bd67a79b41bb0ac2663918fe3bd F test/affinity3.test 6a101af2fc945ce2912f6fe54dd646018551710d @@ -1166,7 +1166,7 @@ F test/rollbackfault.test 0e646aeab8840c399cfbfa43daab46fd609cf04a F test/rowallock.test 3f88ec6819489d0b2341c7a7528ae17c053ab7cc F test/rowhash.test 0bc1d31415e4575d10cacf31e1a66b5cc0f8be81 F test/rowid.test 5b7509f384f4f6fae1af3c8c104c8ca299fea18d -F test/rowvalue.test 0bc33483f2ef5e69ff4bdd2ae58e36fc598bfd1605fb718c8329bcfc0c10cfd1 +F test/rowvalue.test 32861d6a933ded868035f2ec79aeb993a2a46eb7a6d282ae13415a4c2e369463 F test/rowvalue2.test 060d238b7e5639a7c5630cb5e63e311b44efef2b F test/rowvalue3.test 3068f508753af69884b12125995f023da0dbb256 F test/rowvalue4.test 4b556d7de161a0dd8cff095c336e913986398bea @@ -1707,7 +1707,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P f53b8a573bfbb48780243d56ca8372165adb1b979731c43d46cd1f8eb7e593f3 -R 46ee6e1b6f9dc8c46dcea8bb3cc2eb52 -U mistachkin -Z 55a8fbd8babcd295b13a70346a882792 +P 74bb7225d132c80fd5758bb8c120448e3b3e951d0ca2fa0c57cac0a9c6c27045 +R 31bbf28c288f447f1b599c906d481780 +U drh +Z 61189c02e04bfbbf029a1ddaa686693e diff --git a/manifest.uuid b/manifest.uuid index 28ef8a23c6..cc0ffaa4fc 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -74bb7225d132c80fd5758bb8c120448e3b3e951d0ca2fa0c57cac0a9c6c27045 \ No newline at end of file +2df6bbf1b8ca881c8a465d6624de66fde4c5975ccae6b2f2dda392b137f577de \ No newline at end of file diff --git a/src/whereexpr.c b/src/whereexpr.c index 82cc519650..313c5ee9bc 100644 --- a/src/whereexpr.c +++ b/src/whereexpr.c @@ -1291,7 +1291,7 @@ static void exprAnalyze( exprAnalyze(pSrc, pWC, idxNew); } pTerm = &pWC->a[idxTerm]; - pTerm->wtFlags = TERM_CODED|TERM_VIRTUAL; /* Disable the original */ + pTerm->wtFlags |= TERM_CODED|TERM_VIRTUAL; /* Disable the original */ pTerm->eOperator = 0; } diff --git a/test/rowvalue.test b/test/rowvalue.test index 5805178301..00d9395331 100644 --- a/test/rowvalue.test +++ b/test/rowvalue.test @@ -540,4 +540,10 @@ do_execsql_test 19.36 { SELECT * FROM t1 WHERE (3,32)>=(a,b) ORDER BY a DESC; } {2 22 1 11} +# 2018-02-18: Memory leak nexted row-value. Detected by OSSFuzz. +# +do_catchsql_test 20.1 { + SELECT 1 WHERE (2,(2,0)) IS (2,(2,0)); +} {0 1} + finish_test