From 54a85187b29f647697095c0afdef8a7267b22eb6 Mon Sep 17 00:00:00 2001 From: dan Date: Fri, 5 Dec 2014 20:43:48 +0000 Subject: [PATCH] Fix a buffer overread that might occur in analyze.c if SQLITE_ENABLE_STAT4 was defined. FossilOrigin-Name: 194c90db637ad4197a54be83a665feb2a9c96014 --- manifest | 14 +++++++------- manifest.uuid | 2 +- src/analyze.c | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/manifest b/manifest index b71864db04..2762e815f6 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C The\sKeyInfo\scache\smust\sbe\scleared\sbefore\sclosing\sthe\sbtree,\snot\safter.\nRevised\sfix\sfor\sticket\s[e4a18565a36884b00edf]. -D 2014-12-05T15:25:49.142 +C Fix\sa\sbuffer\soverread\sthat\smight\soccur\sin\sanalyze.c\sif\sSQLITE_ENABLE_STAT4\swas\sdefined. +D 2014-12-05T20:43:48.762 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f F Makefile.in cf57f673d77606ab0f2d9627ca52a9ba1464146a F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23 @@ -166,7 +166,7 @@ F sqlite.pc.in 42b7bf0d02e08b9e77734a47798d1a55a9e0716b F sqlite3.1 3d8b83c91651f53472ca17599dae3457b8b89494 F sqlite3.pc.in 48fed132e7cb71ab676105d2a4dc77127d8c1f3a F src/alter.c ba266a779bc7ce10e52e59e7d3dc79fa342e8fdb -F src/analyze.c 8c322e1ecc08909526dbd5ab4421889d05f2263d +F src/analyze.c 614428e1de74f51f5db918e385f689d4fb3a895a F src/attach.c f4e94df2d1826feda65eb0939f7f6f5f923a0ad9 F src/auth.c d8abcde53426275dab6243b441256fcd8ccbebb2 F src/backup.c 8cdfeb0c8a6d8bdad3faefae418eb3dc767051b6 @@ -1206,7 +1206,7 @@ F tool/vdbe_profile.tcl 67746953071a9f8f2f668b73fe899074e2c6d8c1 F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4 F tool/warnings.sh 0abfd78ceb09b7f7c27c688c8e3fe93268a13b32 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f -P 9f7560bc453f55570eb67e1a03359f0133d66d99 -R c773f0f4ea9c118e2f2d4aca4c769c11 -U drh -Z 52f033891643ac2d92ef4238fb238551 +P 48529508cfe2f9445a6940222fe5ff7cc92aef78 +R 9c03e40230b03e031df69c10ef418c3a +U dan +Z 6fc3046bbfc50216164c29da1582b526 diff --git a/manifest.uuid b/manifest.uuid index fd74438f99..8545445ac7 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -48529508cfe2f9445a6940222fe5ff7cc92aef78 \ No newline at end of file +194c90db637ad4197a54be83a665feb2a9c96014 \ No newline at end of file diff --git a/src/analyze.c b/src/analyze.c index 7d36f01318..e655aaa50c 100644 --- a/src/analyze.c +++ b/src/analyze.c @@ -1591,7 +1591,7 @@ static void initAvgEq(Index *pIdx){ i64 nSum100 = 0; /* Number of terms contributing to sumEq */ i64 nDist100; /* Number of distinct values in index */ - if( pIdx->aiRowEst==0 || pIdx->aiRowEst[iCol+1]==0 ){ + if( !pIdx->aiRowEst || iCol>=pIdx->nKeyCol || pIdx->aiRowEst[iCol+1]==0 ){ nRow = pFinal->anLt[iCol]; nDist100 = (i64)100 * pFinal->anDLt[iCol]; nSample--; -- 2.47.2