Fix a segfault that can occur in the RowSet object following a malloc

failure. (CVS 5978)

FossilOrigin-Name: cb0f1658d3db7ccf80843d66fa85af8de44710d0

diff --git a/manifest b/manifest
index 10cdf8435d641694a35f84cadd1adf556d97948e..ad640ea59f91316f22700bb955864cb927047dc7 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Replace\sthe\sVDBE\sFifo\sobject\swith\sthe\snew\sRowSet\sobject.\s(CVS\s5977)
-D 2008-12-04T20:40:10
+C Fix\sa\ssegfault\sthat\scan\soccur\sin\sthe\sRowSet\sobject\sfollowing\sa\smalloc\nfailure.\s(CVS\s5978)
+D 2008-12-04T22:17:56
 F Makefile.arm-wince-mingw32ce-gcc fcd5e9cd67fe88836360bb4f9ef4cb7f8e2fb5a0
 F Makefile.in f7e4c81c347b04f7b0f1c1b081a168645d7b8af7
 F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654
@@ -194,13 +194,13 @@ F src/update.c 7143ac31d26dee156277126e9a7c5be953b18347
 F src/utf.c 86dc0f8076f606432a01f1498ae054c32de1f9d2
 F src/util.c b9a5d1c4c1a433e17d5828f9717fac763016a2cb
 F src/vacuum.c 383d6297bddc011ab04a9eed110db6eaf523e8e9
-F src/vdbe.c 5c46d3742f36599e615ce57164e44c64df5d0470
+F src/vdbe.c 3e849f1cffda97280d36b88e0980bdbe8128be7e
 F src/vdbe.h 03516f28bf5aca00a53c4dccd6c313f96adb94f6
 F src/vdbeInt.h 1df957ab0f6a129735513d528c930dddfb4b23ef
 F src/vdbeapi.c 20722164e7701a0747eaea03cddbbe0de5cb37bf
 F src/vdbeaux.c 33ba6b66bc595f5522e6a6995a86799bacd8961b
 F src/vdbeblob.c b0dcebfafedcf9c0addc7901ad98f6f986c08935
-F src/vdbemem.c 2f386accfa1f4f11f0f12c2b6dcd4948e6df9c1f
+F src/vdbemem.c 360396ac77b2da36a8cfc280e7c055482f0254e8
 F src/vtab.c 02c51eac45dbff1a1d6e73f58febf92ecb563f7f
 F src/walker.c 488c2660e13224ff70c0c82761118efb547f8f0d
 F src/where.c 96f7c2bd9e83c252d90ee2794f7a902fc5ba505b
@@ -662,7 +662,7 @@ F tool/speedtest16.c c8a9c793df96db7e4933f0852abb7a03d48f2e81
 F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff
 F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224
 F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e
-P 4697249fcc6041ba7d2fb89589c855a8bec71eb2
-R 854bd2622f9c32e838b36a1ab2f599ef
+P 39a0750b49cf55e9c0927169ca47db909f5c16ea
+R 4a7599da73fd5a79c2dfb0d9f2d60746
 U drh
-Z 79aa37bffdc9ab8f785db1e32012837b
+Z 69484d9ad61e9734a4c2ad4dd121e991

diff --git a/manifest.uuid b/manifest.uuid
index 3ff0380ac7f53ce924b10e4c0871173c3725b683..b47ea0be37f0237faf93a531b8563b55b750db8c 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-39a0750b49cf55e9c0927169ca47db909f5c16ea
\ No newline at end of file
+cb0f1658d3db7ccf80843d66fa85af8de44710d0
\ No newline at end of file

diff --git a/src/vdbe.c b/src/vdbe.c
index 191b3c58f55b5c967c90c7439bb7eccee8d0f951..bde57f587c8a96cf4e51880fe41a9020123c5c2d 100644 (file)
--- a/src/vdbe.c
+++ b/src/vdbe.c
@@ -43,7 +43,7 @@
 ** in this file for details.  If in doubt, do not deviate from existing
 ** commenting and indentation practices when changing or adding code.
 **
-** $Id: vdbe.c,v 1.790 2008/12/04 20:40:10 drh Exp $
+** $Id: vdbe.c,v 1.791 2008/12/04 22:17:56 drh Exp $
 */
 #include "sqliteInt.h"
 #include <ctype.h>
@@ -4302,6 +4302,7 @@ case OP_RowSetAdd: {       /* in2 */
   assert( (pVal->flags & MEM_Int)!=0 );
   if( (pIdx->flags & MEM_RowSet)==0 ){
     sqlite3VdbeMemSetRowSet(pIdx);
+    if( (pIdx->flags & MEM_RowSet)==0 ) goto no_mem;
   }
   sqlite3RowSetInsert(pIdx->u.pRowSet, pVal->u.i);
   break;

diff --git a/src/vdbemem.c b/src/vdbemem.c
index d9ec059e8e1857b0a7583ec16ef97ead36ff33ab..ffe2e15437d1c14161914e06f6f9a5cbe62e2cef 100644 (file)
--- a/src/vdbemem.c
+++ b/src/vdbemem.c
@@ -15,7 +15,7 @@
 ** only within the VDBE.  Interface routines refer to a Mem using the
 ** name sqlite_value
 **
-** $Id: vdbemem.c,v 1.127 2008/12/04 20:40:10 drh Exp $
+** $Id: vdbemem.c,v 1.128 2008/12/04 22:17:56 drh Exp $
 */
 #include "sqliteInt.h"
 #include <ctype.h>
@@ -510,12 +510,14 @@ void sqlite3VdbeMemSetRowSet(Mem *pMem){
     sqlite3VdbeMemRelease(pMem);
     pMem->zMalloc = sqlite3DbMallocRaw(db, 32);
   }
-  if( !db->mallocFailed ){
+  if( db->mallocFailed ){
+    pMem->flags = MEM_Null;
+  }else{
     assert( pMem->zMalloc );
     pMem->u.pRowSet = sqlite3RowSetInit(db, pMem->zMalloc, 
                                        sqlite3DbMallocSize(db, pMem->zMalloc));
     assert( pMem->u.pRowSet!=0 );
-    pMem->flags = MEM_RowSet|MEM_Dyn;
+    pMem->flags = MEM_RowSet;
   }
 }