From 2b9ee77fd69a1cd1456bee195ebbab5dc3a0dbce Mon Sep 17 00:00:00 2001 From: dan Date: Sat, 31 Mar 2012 09:59:44 +0000 Subject: [PATCH] Fix a bug in the EXPLAIN code for listing trigger programs that was causing an out-of-bounds read. FossilOrigin-Name: c9342ca58105499a5eb61c3e6d016559b6072c95 --- manifest | 16 ++++++++-------- manifest.uuid | 2 +- src/vdbeaux.c | 2 +- src/vdbemem.c | 12 ++++++++---- 4 files changed, 18 insertions(+), 14 deletions(-) diff --git a/manifest b/manifest index 5e66a79aee..0042119b0d 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Do\smore\saggressive\soptimization\sof\sthe\sAND\soperator\swhere\sone\sside\sor\sthe\nother\sis\salways\sfalse. -D 2012-03-31T02:34:35.585 +C Fix\sa\sbug\sin\sthe\sEXPLAIN\scode\sfor\slisting\strigger\sprograms\sthat\swas\scausing\san\sout-of-bounds\sread. +D 2012-03-31T09:59:44.574 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f F Makefile.in 2f37e468503dbe79d35c9f6dffcf3fae1ae9ec20 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23 @@ -245,9 +245,9 @@ F src/vdbe.c 8913926230bfc9d183fcd44e3d023c6d393b6548 F src/vdbe.h 18f581cac1f4339ec3299f3e0cc6e11aec654cdb F src/vdbeInt.h 6ff4180a05683566a8835d12f7ec504b22932c82 F src/vdbeapi.c 3662b6a468a2a4605a15dfab313baa6dff81ad91 -F src/vdbeaux.c 79cf42b70e211a52d664fc4d585ee2da0a64deac +F src/vdbeaux.c d52c8a424fdd4b1d5cf1ac93cc7cd20da023ec5c F src/vdbeblob.c 32f2a4899d67f69634ea4dd93e3f651936d732cb -F src/vdbemem.c fb0ac964ccbcd94f595eb993c05bfd9c52468a4a +F src/vdbemem.c cb55e84b8e2c15704968ee05f0fae25883299b74 F src/vdbesort.c b25814d385895544ebc8118245c8311ded7f81c9 F src/vdbetrace.c d6e50e04e1ec498150e519058f617d91b8f5c843 F src/vtab.c ab90fb600a3f5e4b7c48d22a4cdb2d6b23239847 @@ -999,7 +999,7 @@ F tool/tostr.awk e75472c2f98dd76e06b8c9c1367f4ab07e122d06 F tool/vdbe-compress.tcl d70ea6d8a19e3571d7ab8c9b75cba86d1173ff0f F tool/warnings-clang.sh 9f406d66e750e8ac031c63a9ef3248aaa347ef2a F tool/warnings.sh fbc018d67fd7395f440c28f33ef0f94420226381 -P 196ca3a8b007b9f792e969893d981f6c5aa2fccc -R d4cee1bded14d0c2a35aac2c2a8ea01d -U drh -Z c8013359e2c16f7dbb75906fb62e335f +P f9a7e179cbbeeab5e57bbf392bef89750215546b +R ab995d275ca5429ef68a8cbbd55bb89c +U dan +Z cbd6b70420ae30df5a5f82de3e30da3c diff --git a/manifest.uuid b/manifest.uuid index 360fef573d..8123f23dcb 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -f9a7e179cbbeeab5e57bbf392bef89750215546b \ No newline at end of file +c9342ca58105499a5eb61c3e6d016559b6072c95 \ No newline at end of file diff --git a/src/vdbeaux.c b/src/vdbeaux.c index ef339d1e13..caa2bf6700 100644 --- a/src/vdbeaux.c +++ b/src/vdbeaux.c @@ -1239,7 +1239,7 @@ int sqlite3VdbeList( for(j=0; jp4.pProgram ) break; } - if( j==nSub && SQLITE_OK==sqlite3VdbeMemGrow(pSub, nByte, 1) ){ + if( j==nSub && SQLITE_OK==sqlite3VdbeMemGrow(pSub, nByte, nSub!=0) ){ apSub = (SubProgram **)pSub->z; apSub[nSub++] = pOp->p4.pProgram; pSub->flags |= MEM_Blob; diff --git a/src/vdbemem.c b/src/vdbemem.c index 088d3d64a4..fd964de2e9 100644 --- a/src/vdbemem.c +++ b/src/vdbemem.c @@ -59,10 +59,10 @@ int sqlite3VdbeChangeEncoding(Mem *pMem, int desiredEnc){ ** Make sure pMem->z points to a writable allocation of at least ** n bytes. ** -** If the memory cell currently contains string or blob data -** and the third argument passed to this function is true, the -** current content of the cell is preserved. Otherwise, it may -** be discarded. +** If the third argument passed to this function is true, then memory +** cell pMem must contain a string or blob. In this case the content is +** preserved. Otherwise, if the third parameter to this function is false, +** any current string or blob value may be discarded. ** ** This function sets the MEM_Dyn flag and clears any xDel callback. ** It also clears MEM_Ephem and MEM_Static. If the preserve flag is @@ -77,6 +77,10 @@ int sqlite3VdbeMemGrow(Mem *pMem, int n, int preserve){ ); assert( (pMem->flags&MEM_RowSet)==0 ); + /* If the preserve flag is set to true, then the memory cell must already + ** contain a valid string or blob value. */ + assert( preserve==0 || pMem->flags&(MEM_Blob|MEM_Str) ); + if( n<32 ) n = 32; if( sqlite3DbMallocSize(pMem->db, pMem->zMalloc)z==pMem->zMalloc ){ -- 2.47.2