From f2b9d7c60502581bfd2908fbdb0dd00017d26cb0 Mon Sep 17 00:00:00 2001 From: drh Date: Fri, 1 Nov 2019 16:37:53 +0000 Subject: [PATCH] Fix a potential use-after-free bug that follows an OOM error in code added two days ago by check-in [84e02d773d60cffe]. Problem discovered by OSSFuzz. FossilOrigin-Name: 0a2eb949f8a759e5745d9468c8183d3c0b4b30e0fa2a14b3062620eb9e1d5c1d --- manifest | 12 ++++++------ manifest.uuid | 2 +- src/vdbeaux.c | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/manifest b/manifest index 35b6c2896f..17570b187e 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Add\sanother\smissing\scolumn\snumber\stranslation\sto\sthe\sforeign\skey\slogic. -D 2019-11-01T16:08:20.952 +C Fix\sa\spotential\suse-after-free\sbug\sthat\sfollows\san\sOOM\serror\sin\scode\nadded\stwo\sdays\sago\sby\scheck-in\s[84e02d773d60cffe].\s\sProblem\sdiscovered\nby\sOSSFuzz. +D 2019-11-01T16:37:53.191 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -602,7 +602,7 @@ F src/vdbe.c b67d6af853e03c3dd6d1116351567f62d8a2c10d3bd6db5f7f366e75d11c6653 F src/vdbe.h fdbc0a11e5768a702b46ce63286f60e22e71351a29bd98b3666405e1fccc7802 F src/vdbeInt.h bd589b8b7273286858950717e0e1ec5c88b18af45079a3366dc1371865cea704 F src/vdbeapi.c 1252d80c548711e47a6d84dae88ed4e95d3fbb4e7bd0eaa1347299af7efddf02 -F src/vdbeaux.c ab10ec13e61cffacf26024aa10053e66285d175b3d88d87966674b6b9b8820c4 +F src/vdbeaux.c 75fa4792b6bc327751018ecd1516c189184d7224b8f3dfeda20c09112ef31a68 F src/vdbeblob.c 253ed82894924c362a7fa3079551d3554cd1cdace39aa833da77d3bc67e7c1b1 F src/vdbemem.c d8e10d1773806105e62094c4ede0a4684f46caaf07667a45e6d461e94306b530 F src/vdbesort.c a3be032cc3fee0e3af31773af4a7a6f931b7230a34f53282ccf1d9a2a72343be @@ -1849,7 +1849,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P e6c96ed91e7a96d2bd30ea9df132644ac02d5a321a62f81f8f3984a8e49ed94b -R 3ab52f0e710580b54aac492242a1edc3 +P 32df5edcfef2605009f45d6ef1b97c63a99df07c7b4e00dc70f93001cfb8d81f +R d43c58ef1fe087aa7eb409f8964655f5 U drh -Z 4e3a2664d2b976593cf31430f3790c9d +Z 51a0b480453b8134aa91c2e503e48e63 diff --git a/manifest.uuid b/manifest.uuid index 6d269be404..5a5634c037 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -32df5edcfef2605009f45d6ef1b97c63a99df07c7b4e00dc70f93001cfb8d81f \ No newline at end of file +0a2eb949f8a759e5745d9468c8183d3c0b4b30e0fa2a14b3062620eb9e1d5c1d \ No newline at end of file diff --git a/src/vdbeaux.c b/src/vdbeaux.c index 9596e163b0..21b396b364 100644 --- a/src/vdbeaux.c +++ b/src/vdbeaux.c @@ -368,10 +368,10 @@ int sqlite3VdbeAddFunctionCall( pCtx->pVdbe = 0; pCtx->isError = 0; pCtx->argc = nArg; + pCtx->iOp = sqlite3VdbeCurrentAddr(v); addr = sqlite3VdbeAddOp4(v, eCallCtx ? OP_PureFunc : OP_Function, p1, p2, p3, (char*)pCtx, P4_FUNCCTX); sqlite3VdbeChangeP5(v, eCallCtx & NC_SelfRef); - pCtx->iOp = addr; return addr; } -- 2.47.2