From: dan Date: Fri, 3 Apr 2020 11:20:40 +0000 (+0000) Subject: Fix a case when a pointer might be used after being freed in the ALTER TABLE code... X-Git-Tag: version-3.32.0~94 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fb99e388ec7f30fe43e4878236e3695ff24ae58d;p=thirdparty%2Fsqlite.git Fix a case when a pointer might be used after being freed in the ALTER TABLE code. Fix for [4722bdab08cb1]. FossilOrigin-Name: d09f8c3621d5f7f8c6d99d7d82bcaa8421855b3f470bea2b26c858106382b906 --- diff --git a/manifest b/manifest index 1ee5448a03..7dd9918b91 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Fix\san\sobsolete\scomment\sin\sthe\sparameter\sbinding\slogic\sof\sthe\sCLI.\nNo\schanges\sto\scode. -D 2020-04-02T13:21:10.209 +C Fix\sa\scase\swhen\sa\spointer\smight\sbe\sused\safter\sbeing\sfreed\sin\sthe\sALTER\sTABLE\scode.\sFix\sfor\s[4722bdab08cb1]. +D 2020-04-03T11:20:40.575 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -465,7 +465,7 @@ F spec.template 86a4a43b99ebb3e75e6b9a735d5fd293a24e90ca F sqlite.pc.in 42b7bf0d02e08b9e77734a47798d1a55a9e0716b F sqlite3.1 fc7ad8990fc8409983309bb80de8c811a7506786 F sqlite3.pc.in 48fed132e7cb71ab676105d2a4dc77127d8c1f3a -F src/alter.c f48a4423c8f198d7f1ae4940f74b606707d05384ac79fb219be8e3323af2a2de +F src/alter.c ac9d737cace62b5cd88bff5310e53e299bc0919f08b5934a2bd0f8e8e65d770e F src/analyze.c 831bb090988477a00d3b4c000746e1b0454dcc93b10b793e6ebe1c47f25d193a F src/attach.c ff2daea0fe62080192e3f262670e4f61f5a86c1e7bea9cec34e960fe79852aa1 F src/auth.c a3d5bfdba83d25abed1013a8c7a5f204e2e29b0c25242a56bc02bb0c07bf1e06 @@ -639,7 +639,7 @@ F test/altercol.test 1d6a6fe698b81e626baea4881f5717f9bc53d7d07f1cd23ee7ad1b931f1 F test/alterlegacy.test 82022721ce0de29cedc9a7af63bc9fcc078b0ee000f8283b4b6ea9c3eab2f44b F test/altermalloc.test 167a47de41b5c638f5f5c6efb59784002b196fff70f98d9b4ed3cd74a3fb80c9 F test/altermalloc2.test fa7b1c1139ea39b8dec407cf1feb032ca8e0076bd429574969b619175ad0174b -F test/altertab.test 89735fee876427c3f25dc76d887295fbe3659a91bab92468de9f0e622d48bb57 +F test/altertab.test 2c41e347c0b37725d2c27641056f12f136ce43027d3aca664f380183fdd1c610 F test/altertab2.test b0d62f323ca5dab42b0bc028c52e310ebdd13e655e8fac070fe622bad7852c2b F test/altertab3.test 155b8dc225ce484454a7fb4c8ba745680b6fa0fc3e08919cbbc19f9309d128ff F test/amatch1.test b5ae7065f042b7f4c1c922933f4700add50cdb9f @@ -1860,7 +1860,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P a49f8ec552bede7da731e0571ccf49de1a30e7be3a5673150436c8b411ba6ffc -R f1e88162279da6de3fd27debc4973183 -U drh -Z b2c8f4e4425c9e3ea23a15a961227e19 +P c9c735e201d7900d8c2b766463a6c90f547d9844352719dc650734e25e635fad +R c7d47b4b1d0e3507c385823cf0fb10e9 +U dan +Z 19dcbc942e2e27035df43e0cc566210a diff --git a/manifest.uuid b/manifest.uuid index 6ad938d1cf..8a8c03d74a 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -c9c735e201d7900d8c2b766463a6c90f547d9844352719dc650734e25e635fad \ No newline at end of file +d09f8c3621d5f7f8c6d99d7d82bcaa8421855b3f470bea2b26c858106382b906 \ No newline at end of file diff --git a/src/alter.c b/src/alter.c index ee193d18bf..7114757a27 100644 --- a/src/alter.c +++ b/src/alter.c @@ -755,6 +755,21 @@ static void renameWalkWith(Walker *pWalker, Select *pSelect){ } } +/* +** Unmap all tokens in the IdList object passed as the second argument. +*/ +static void unmapColumnIdlistNames( + Parse *pParse, + IdList *pIdList +){ + if( pIdList ){ + int ii; + for(ii=0; iinId; ii++){ + sqlite3RenameTokenRemap(pParse, 0, (void*)pIdList->a[ii].zName); + } + } +} + /* ** Walker callback used by sqlite3RenameExprUnmap(). */ @@ -776,6 +791,7 @@ static int renameUnmapSelectCb(Walker *pWalker, Select *p){ for(i=0; inSrc; i++){ sqlite3RenameTokenRemap(pParse, 0, (void*)pSrc->a[i].zName); if( sqlite3WalkExpr(pWalker, pSrc->a[i].pOn) ) return WRC_Abort; + unmapColumnIdlistNames(pParse, pSrc->a[i].pUsing); } } @@ -984,6 +1000,7 @@ static void renameColumnIdlistNames( } } + /* ** Parse the SQL statement zSql using Parse object (*p). The Parse object ** is initialized by this function before it is used. diff --git a/test/altertab.test b/test/altertab.test index 5123c5f296..68c52d604b 100644 --- a/test/altertab.test +++ b/test/altertab.test @@ -630,4 +630,15 @@ do_execsql_test 19.120 { SELECT * FROM t2; } {1 1 1 1 1 1 1 1} +# Ticket 4722bdab08cb14 +reset_db +do_execsql_test 20.0 { + CREATE TABLE a(a); + CREATE VIEW b AS SELECT(SELECT *FROM c JOIN a USING(d, a, a, a) JOIN a) IN(); +} + +do_execsql_test 20.1 { + ALTER TABLE a RENAME a TO e; +} {} + finish_test