From: drh <drh@noemail.net>
Date: Fri, 10 Feb 2006 14:02:07 +0000 (+0000)
Subject: Clean up pointer misuse in vdbe.c. (CVS 3078)
X-Git-Tag: version-3.6.10~3089
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0ac07190870ab33cf9dd9c6fb4a5345049db3f99;p=thirdparty%2Fsqlite.git

Clean up pointer misuse in vdbe.c. (CVS 3078)

FossilOrigin-Name: 9e82b927490bc152f61c4ee3e95b6d08ea16c858
---

diff --git a/manifest b/manifest
index eb66d42585..10d77c0e92 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Minor\stest\sfile\smodifications\sfor\sbuilds\scompiled\swith\sOMIT\soptions.\s(CVS\s3077)
-D 2006-02-10T13:33:31
+C Clean\sup\spointer\smisuse\sin\svdbe.c.\s(CVS\s3078)
+D 2006-02-10T14:02:07
 F Makefile.in 5d8dff443383918b700e495de42ec65bc1c8865b
 F Makefile.linux-gcc 74ba0eadf88748a9ce3fd03d2a3ede2e6715baec
 F README 9c4e2d6706bdcc3efdd773ce752a8cdab4f90028
@@ -89,7 +89,7 @@ F src/update.c 050a7e0ddaac03dec5271712eee62f1a9e699049
 F src/utf.c 1199766bbb0157931a83aa6eede6b6381177be64
 F src/util.c 405f46fef062b476826d2c171ec21def29563b75
 F src/vacuum.c 3865673cc66acd0717ecd517f6b8fdb2a5e7924b
-F src/vdbe.c c92d7a4d3476136b8ab440f1e0547fab24112b34
+F src/vdbe.c 0a7fd81609429bae2b3c326687b02a60a9c01c49
 F src/vdbe.h 80ba1c391ec28180dd07a630577f50b22c2062da
 F src/vdbeInt.h eb3f86ab08ef11635bc78eb88c3ff13f923c233b
 F src/vdbeapi.c 7dc662e7c905ce666bb506dced932e0307115cbf
@@ -352,7 +352,7 @@ F www/tclsqlite.tcl bb0d1357328a42b1993d78573e587c6dcbc964b9
 F www/vdbe.tcl 87a31ace769f20d3627a64fa1fade7fed47b90d0
 F www/version3.tcl a99cf5f6d8bd4d5537584a2b342f0fb9fa601d8b
 F www/whentouse.tcl 97e2b5cd296f7d8057e11f44427dea8a4c2db513
-P 84c2a5c4d753d1e39136ac7e80ac816442af0a49
-R 3b5f77c65783323e18ca74eb7ebf8d91
-U danielk1977
-Z ad1ff9bbe1c59dd9d2009c7724c25ca8
+P c468aa349db4e6571711bf94781b88aa3c811d03
+R 51d8d35bd9f658825f6805cd6b33762d
+U drh
+Z dc1199c71c73b605a01499c9907f4b4c
diff --git a/manifest.uuid b/manifest.uuid
index 5be70f9b32..c589788d80 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-c468aa349db4e6571711bf94781b88aa3c811d03
\ No newline at end of file
+9e82b927490bc152f61c4ee3e95b6d08ea16c858
\ No newline at end of file
diff --git a/src/vdbe.c b/src/vdbe.c
index f8d5af1630..e8c86951ad 100644
--- a/src/vdbe.c
+++ b/src/vdbe.c
@@ -43,7 +43,7 @@
 ** in this file for details.  If in doubt, do not deviate from existing
 ** commenting and indentation practices when changing or adding code.
 **
-** $Id: vdbe.c,v 1.542 2006/02/09 22:13:42 drh Exp $
+** $Id: vdbe.c,v 1.543 2006/02/10 14:02:07 drh Exp $
 */
 #include "sqliteInt.h"
 #include "os.h"
@@ -1987,6 +1987,7 @@ case OP_Column: {
     u8 *zIdx;        /* Index into header */
     u8 *zEndHdr;     /* Pointer to first byte after the header */
     u32 offset;      /* Offset into the data */
+    int szHdrSz;     /* Size of the header size field at start of record */
     int avail;       /* Number of bytes of available data */
     if( pC && pC->aType ){
       aType = pC->aType;
@@ -2019,7 +2020,8 @@ case OP_Column: {
         pC->aRow = 0;
       }
     }
-    zIdx = (u8 *)GetVarint((u8*)zData, offset);
+    assert( zRec!=0 || avail>=payloadSize || avail>=9 );
+    szHdrSz = GetVarint((u8*)zData, offset);
 
     /* The KeyFetch() or DataFetch() above are fast and will get the entire
     ** record header in most cases.  But they will fail to get the complete
@@ -2034,8 +2036,8 @@ case OP_Column: {
       }
       zData = sMem.z;
     }
-    zEndHdr = (u8 *)zData + offset;
-    zIdx = (u8 *)zData + (int)zIdx;
+    zEndHdr = (u8 *)&zData[offset];
+    zIdx = (u8 *)&zData[szHdrSz];
 
     /* Scan the header and use it to fill in the aType[] and aOffset[]
     ** arrays.  aType[i] will contain the type integer for the i-th