From 3b9c321ab834f44a4afc371b9a7f7367cd254193 Mon Sep 17 00:00:00 2001 From: drh Date: Tue, 7 May 2019 02:57:28 +0000 Subject: [PATCH] Add the exprNodeCopy() routine that will safely memcpy() an Expr node that might be a size-reduced node. FossilOrigin-Name: ab2ba8e732d4a813a336e37e06bbc98842d22d4896120b1b97e8577684e9ea53 --- manifest | 16 ++++++++++------ manifest.uuid | 2 +- src/expr.c | 15 ++++++++++++--- 3 files changed, 23 insertions(+), 10 deletions(-) diff --git a/manifest b/manifest index f341467f0d..5919e9eadb 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Merge\schanges\sfrom\strunk. -D 2018-06-04T14:10:15.934 +C Add\sthe\sexprNodeCopy()\sroutine\sthat\swill\ssafely\smemcpy()\san\sExpr\snode\sthat\nmight\sbe\sa\ssize-reduced\snode. +D 2019-05-07T02:57:28.889 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F Makefile.in ab754e8fb9a83a308dfef344fd3a86bb93956d8ac0b4b461b96f6201a76f75f0 @@ -450,7 +450,7 @@ F src/date.c ebe1dc7c8a347117bb02570f1a931c62dd78f4a2b1b516f4837d45b7d6426957 F src/dbpage.c 8db4c97f630e7d83f884ea75caf1ffd0988c160e9d530194d93721c80821e0f6 F src/dbstat.c edabb82611143727511a45ca0859b8cd037851ebe756ae3db289859dd18b6f91 F src/delete.c 4c8c7604277a2041647f96b78f4b9a47858e9217e4fb333d35e7b5ab32c5b57f -F src/expr.c 16f90ae2af2a100bc430a89184afde54878d82f18267e8d00bc4f33e695a7c57 +F src/expr.c 2d96dc299acee05a59da770e9a276cceb54558d2767104d915d16d8a466b1c67 F src/fault.c 460f3e55994363812d9d60844b2a6de88826e007 F src/fkey.c b1da9ef8dc834603bb0d28972378a7ce65897847f9a1e89ab800bbdf24c788ee F src/func.c e2e3c02621a528a472933fd4733a5da635676f1461be73293f6e9f62f18d4eaa @@ -1735,7 +1735,11 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P a016144b0e0c41b89157ea7349aad376f34888edf9558f8fd0d529516c5d18fd 1ecb3aa13de5c8dc611b814ff34010de0bd90aae73d88aa37a59c4627be4cc2d -R 557c41f67aa18f7f87d15dd0b7e12f42 +P 95fbac39baaab1c3a84fdfc82ccb7f42398b2e92f18a2a57bce1d4a713cb0839 +Q +a874c649960ba2e2b2fd380d08c02a45884a1060d3922be8847729008ca6766e +R a6fae0d92c2131f849bdcaa6d55fc00a +T *branch * expr-node-copy-patch +T *sym-expr-node-copy-patch * +T -sym-apple-osx * U drh -Z d0ce8317712557e2078f98a40c913bfb +Z b6ed866304647254c009dac674727594 diff --git a/manifest.uuid b/manifest.uuid index c796e0bb28..7693271bdb 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -95fbac39baaab1c3a84fdfc82ccb7f42398b2e92f18a2a57bce1d4a713cb0839 \ No newline at end of file +ab2ba8e732d4a813a336e37e06bbc98842d22d4896120b1b97e8577684e9ea53 \ No newline at end of file diff --git a/src/expr.c b/src/expr.c index 91eb44b8eb..4747e09a82 100644 --- a/src/expr.c +++ b/src/expr.c @@ -1084,6 +1084,16 @@ static int exprStructSize(Expr *p){ return EXPR_FULLSIZE; } +/* +** Copy the complete content of an Expr node, taking care not to read +** past the end of the structure for a reduced-size version of the source +** Expr. +*/ +static void exprNodeCopy(Expr *pDest, Expr *pSrc){ + memset(pDest, 0, sizeof(Expr)); + memcpy(pDest, pSrc, exprStructSize(pSrc)); +} + /* ** The dupedExpr*Size() routines each return the number of bytes required ** to store a copy of an expression or expression tree. They differ in @@ -4107,7 +4117,7 @@ expr_code_doover: nExpr = pEList->nExpr; endLabel = sqlite3VdbeMakeLabel(v); if( (pX = pExpr->pLeft)!=0 ){ - tempX = *pX; + exprNodeCopy(&tempX, pX); testcase( pX->op==TK_COLUMN ); exprToRegister(&tempX, exprCodeVector(pParse, &tempX, ®Free1)); testcase( regFree1==0 ); @@ -4432,13 +4442,12 @@ static void exprCodeBetween( Expr exprX; /* The x subexpression */ int regFree1 = 0; /* Temporary use register */ - memset(&compLeft, 0, sizeof(Expr)); memset(&compRight, 0, sizeof(Expr)); memset(&exprAnd, 0, sizeof(Expr)); assert( !ExprHasProperty(pExpr, EP_xIsSelect) ); - exprX = *pExpr->pLeft; + exprNodeCopy(&exprX, pExpr->pLeft); exprAnd.op = TK_AND; exprAnd.pLeft = &compLeft; exprAnd.pRight = &compRight; -- 2.39.5