From: dan Date: Wed, 20 May 2015 20:24:10 +0000 (+0000) Subject: Fix a potential NULL pointer deference on a corrupt database schema. Cherrypick of... X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f376d07519c6104628e28e013b23da8392189d23;p=thirdparty%2Fsqlite.git Fix a potential NULL pointer deference on a corrupt database schema. Cherrypick of [dc61b292d8ea]. FossilOrigin-Name: 7f3943fb01490180055312363cdd8a47642f4e9d --- diff --git a/manifest b/manifest index 2665c451b8..dad7366732 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Fix\sa\sbug\scaused\sby\scherrypicking\sfrom\sa\sbranch\sthat\sassumes\ssqlite3_stricmp()\scan\shandle\sNULL\sarguments. -D 2015-05-20T20:21:49.412 +C Fix\sa\spotential\sNULL\spointer\sdeference\son\sa\scorrupt\sdatabase\sschema.\sCherrypick\sof\s[dc61b292d8ea]. +D 2015-05-20T20:24:10.240 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f F Makefile.in 5eb79e334a5de69c87740edd56af6527dd219308 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23 @@ -176,7 +176,7 @@ F src/complete.c dc1d136c0feee03c2f7550bafc0d29075e36deac F src/ctime.c 0231df905e2c4abba4483ee18ffc05adc321df2a F src/date.c 593c744b2623971e45affd0bde347631bdfa4625 F src/delete.c bcf8f72126cea80fc3d5bc5494cf19b3f8935aaf -F src/expr.c e2a1f93860e358dc42de5eb22c9a4659753ffdcb +F src/expr.c 1686997ef7a2ccb6db0a9215761a138bd8e182a0 F src/fault.c 160a0c015b6c2629d3899ed2daf63d75754a32bb F src/fkey.c 8545f3b36da47473e10800ea4fb0810fd4062514 F src/func.c bbb724b74ed96ca42675a7274646a71dd52bcda7 @@ -708,7 +708,7 @@ F test/minmax.test 42fbad0e81afaa6e0de41c960329f2b2c3526efd F test/minmax2.test b44bae787fc7b227597b01b0ca5575c7cb54d3bc F test/minmax3.test cc1e8b010136db0d01a6f2a29ba5a9f321034354 F test/minmax4.test 536a3360470633a177e42fbc19660d146b51daef -F test/misc1.test 830f2398da04b4e933cd16975c1bddb804b5e76d +F test/misc1.test df58abc1a212b07b0b16295a952ae6c75d820252 F test/misc2.test 00d7de54eda90e237fc9a38b9e5ccc769ebf6d4d F test/misc3.test cf3dda47d5dda3e53fc5804a100d3c82be736c9d F test/misc4.test 9c078510fbfff05a9869a0b6d8b86a623ad2c4f6 @@ -1186,7 +1186,8 @@ F tool/vdbe_profile.tcl 67746953071a9f8f2f668b73fe899074e2c6d8c1 F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4 F tool/warnings.sh 0abfd78ceb09b7f7c27c688c8e3fe93268a13b32 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f -P 0da229b81ad29d731789c86abadf2abc9bfcd738 -R 581423dd860f77f5014db0e9e3638ada +P 2c649cdf7e058cf490597ffbddd5dc1eb5c3b346 +Q +dc61b292d8eaf422ca8a2b18f1caccef1a5389fd +R 3aa98590f9ef0d51632cfc6ad035728b U dan -Z 0ff00bd3381bac8382bab76d7dc03ba4 +Z 00df42a4da58e5c26052c32787452a5a diff --git a/manifest.uuid b/manifest.uuid index 55c00aa2f4..1967c56d1d 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -2c649cdf7e058cf490597ffbddd5dc1eb5c3b346 \ No newline at end of file +7f3943fb01490180055312363cdd8a47642f4e9d \ No newline at end of file diff --git a/src/expr.c b/src/expr.c index 39f1ed42df..a6b0f0e175 100644 --- a/src/expr.c +++ b/src/expr.c @@ -1210,10 +1210,26 @@ void sqlite3ExprListDelete(sqlite3 *db, ExprList *pList){ } /* -** These routines are Walker callbacks. Walker.u.pi is a pointer -** to an integer. These routines are checking an expression to see -** if it is a constant. Set *Walker.u.pi to 0 if the expression is -** not constant. +** Return the bitwise-OR of all Expr.flags fields in the given +** ExprList. +*/ +u32 sqlite3ExprListFlags(const ExprList *pList){ + int i; + u32 m = 0; + if( pList ){ + for(i=0; inExpr; i++){ + Expr *pExpr = pList->a[i].pExpr; + if( pExpr ) m |= pList->a[i].pExpr->flags; + } + } + return m; +} + +/* +** These routines are Walker callbacks used to check expressions to +** see if they are "constant" for some definition of constant. The +** Walker.eCode value determines the type of "constant" we are looking +** for. ** ** These callback routines are used to implement the following: ** diff --git a/test/misc1.test b/test/misc1.test index 992633c95b..2ba4bf220e 100644 --- a/test/misc1.test +++ b/test/misc1.test @@ -627,4 +627,18 @@ do_catchsql_test misc1-20.1 { } {1 {CHECK constraint failed: t0}} +# 2015-04-19: NULL pointer dereference on a corrupt schema +# +do_execsql_test misc1-23.1 { + DROP TABLE IF EXISTS t1; + DROP TABLE IF EXISTS t2; + CREATE TABLE t1(x); + PRAGMA writable_schema=ON; + UPDATE sqlite_master SET sql='CREATE table t(d CHECK(T(#0)'; + BEGIN; + CREATE TABLE t2(y); + ROLLBACK; + DROP TABLE IF EXISTS t3; +} {} + finish_test