From 8867e38aab61b567d6ce671b2d2e04b5f03c27d2 Mon Sep 17 00:00:00 2001
From: drh <drh@noemail.net>
Date: Sat, 11 Oct 2008 17:06:04 +0000
Subject: [PATCH] Fix a OOM segfault in the BETWEEN operator parsing -
 discovered while using SQLITE_OMIT_LOOKASIDE. Add SQLITE_OMIT_LOOKASIDE to
 test_config.c and bypass lookaside.test when defined. (CVS 5803)

FossilOrigin-Name: 2a21d52c651ba113c472b6686dcf8ba009924305
---
 manifest            | 18 +++++++++---------
 manifest.uuid       |  2 +-
 src/parse.y         |  6 ++++--
 src/test_config.c   |  8 +++++++-
 test/lookaside.test |  7 ++++++-
 5 files changed, 27 insertions(+), 14 deletions(-)

diff --git a/manifest b/manifest
index 52ab9416a6..698e37295e 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Add\s"nolookaside"\scase\sto\spermutations.test.\s(CVS\s5802)
-D 2008-10-11T17:04:04
+C Fix\sa\sOOM\ssegfault\sin\sthe\sBETWEEN\soperator\sparsing\s-\sdiscovered\swhile\nusing\sSQLITE_OMIT_LOOKASIDE.\sAdd\sSQLITE_OMIT_LOOKASIDE\sto\stest_config.c\sand\nbypass\slookaside.test\swhen\sdefined.\s(CVS\s5803)
+D 2008-10-11T17:06:04
 F Makefile.arm-wince-mingw32ce-gcc fcd5e9cd67fe88836360bb4f9ef4cb7f8e2fb5a0
 F Makefile.in 7fc26e087207e7a4a7723583dbd7997477af3b13
 F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654
@@ -140,7 +140,7 @@ F src/os_unix.c f33b69d8a85372b270fe37ee664a4c2140a5217d
 F src/os_win.c 04033a86a39f49cb8e348f515eb0116aa9d36678
 F src/pager.c d98f56128e849083f2f612196efebd982c491fea
 F src/pager.h 9c1917be28fff58118e1fe0ddbc7adfb8dd4f44d
-F src/parse.y e8620c7efd46659fd7a9cbad13b51225af7f600c
+F src/parse.y e73dc4137eaf060c5836e04f7caf6ad54158dc8a
 F src/pcache.c f8d7beceba164a34441ac37e88abb3a404f968a7
 F src/pcache.h 28d9ce2d66909db1f01652586450b62b64793093
 F src/pragma.c f0f48d0d50e9d8fa785178fc2410244c06f6a287
@@ -169,7 +169,7 @@ F src/test9.c 904ebe0ed1472d6bad17a81e2ecbfc20017dc237
 F src/test_async.c 45024094ed7cf780c5d5dccda645145f95cf78ef
 F src/test_autoext.c f53b0cdf7bf5f08100009572a5d65cdb540bd0ad
 F src/test_btree.c d7b8716544611c323860370ee364e897c861f1b0
-F src/test_config.c 91ae677efad9ee440ea42565ec675f204dd5fb3a
+F src/test_config.c 84004386841bb4738da0d03e372baf2f999aeda8
 F src/test_devsym.c 802d10e65b4217208cb47059b84adf46318bcdf4
 F src/test_func.c a55c4d5479ff2eb5c0a22d4d88e9528ab59c953b
 F src/test_hexio.c 2f1122aa3f012fa0142ee3c36ce5c902a70cd12f
@@ -406,7 +406,7 @@ F test/lock2.test 018b846f6f3b3b695fad07e317b7988442b556f4
 F test/lock3.test 615111293cf32aa2ed16d01c6611737651c96fb9
 F test/lock4.test 09d97d52cae18fadfe631552af9880dac6b3ae90
 F test/lock5.test 904c20aec51d5dbff0a3aec6a4d35c5ae0257449
-F test/lookaside.test 4a6a3336ef4259b0003d582330a901bc8d8d367a
+F test/lookaside.test e69f822f13745f1d5c445c6e30e30f059f30c8e5
 F test/main.test 187a9a1b5248ed74a83838c581c15ec6023b555b
 F test/malloc.test 2fa351108503f0da80e9183a8157fbd943c5d533
 F test/malloc3.test 094f8195fe8e409bd4da0f1d769f7745faec62c8
@@ -648,7 +648,7 @@ F tool/speedtest16.c c8a9c793df96db7e4933f0852abb7a03d48f2e81
 F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff
 F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224
 F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e
-P d2c252d6bbde4ae14da6c9e6c2683d763d11c59f
-R fc3d10320d4a4962e4ddb73e72840350
-U danielk1977
-Z d2b1875d229b42484fcc2b21da2a0d73
+P 56fb7a22864774fcbd8cd00195359dc0f223ec8b
+R 2158ce4512a57fd4db4ca2df18c87ec3
+U drh
+Z 074e8ac5d86169b627d2bfca4057a8c5
diff --git a/manifest.uuid b/manifest.uuid
index 7082632c64..bccca9d100 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-56fb7a22864774fcbd8cd00195359dc0f223ec8b
\ No newline at end of file
+2a21d52c651ba113c472b6686dcf8ba009924305
\ No newline at end of file
diff --git a/src/parse.y b/src/parse.y
index 3959269ccf..0ffcc28685 100644
--- a/src/parse.y
+++ b/src/parse.y
@@ -14,7 +14,7 @@
 ** the parser.  Lemon will also generate a header file containing
 ** numeric codes for all of the tokens.
 **
-** @(#) $Id: parse.y,v 1.259 2008/10/10 18:25:46 shane Exp $
+** @(#) $Id: parse.y,v 1.260 2008/10/11 17:06:04 drh Exp $
 */
 
 // All token codes are small integers with #defines that begin with "TK_"
@@ -803,7 +803,9 @@ expr(A) ::= expr(W) between_op(N) expr(X) AND expr(Y). [BETWEEN] {
     sqlite3ExprListDelete(pParse->db, pList);
   } 
   if( N ) A = sqlite3PExpr(pParse, TK_NOT, A, 0, 0);
-  sqlite3ExprSpan(A,&W->span,&Y->span);
+  if( !pParse->db->mallocFailed ){
+    sqlite3ExprSpan(A,&W->span,&Y->span);
+  }
 }
 %ifndef SQLITE_OMIT_SUBQUERY
   %type in_op {int}
diff --git a/src/test_config.c b/src/test_config.c
index 20f481d0a8..4780f640a5 100644
--- a/src/test_config.c
+++ b/src/test_config.c
@@ -16,7 +16,7 @@
 ** The focus of this file is providing the TCL testing layer
 ** access to compile-time constants.
 **
-** $Id: test_config.c,v 1.40 2008/10/10 23:48:26 drh Exp $
+** $Id: test_config.c,v 1.41 2008/10/11 17:06:04 drh Exp $
 */
 
 #include "sqliteLimit.h"
@@ -309,6 +309,12 @@ static void set_options(Tcl_Interp *interp){
   Tcl_SetVar2(interp, "sqlite_options", "localtime", "1", TCL_GLOBAL_ONLY);
 #endif
 
+#ifdef SQLITE_OMIT_LOOKASIDE
+  Tcl_SetVar2(interp, "sqlite_options", "lookaside", "0", TCL_GLOBAL_ONLY);
+#else
+  Tcl_SetVar2(interp, "sqlite_options", "lookaside", "1", TCL_GLOBAL_ONLY);
+#endif
+
 Tcl_SetVar2(interp, "sqlite_options", "long_double",
               sizeof(LONGDOUBLE_TYPE)>sizeof(double) ? "1" : "0",
               TCL_GLOBAL_ONLY);
diff --git a/test/lookaside.test b/test/lookaside.test
index 2f14aa610d..08c402c628 100644
--- a/test/lookaside.test
+++ b/test/lookaside.test
@@ -11,11 +11,16 @@
 #
 # Tests for the lookaside memory allocator.
 #
-# $Id: lookaside.test,v 1.7 2008/10/10 17:41:29 drh Exp $
+# $Id: lookaside.test,v 1.8 2008/10/11 17:06:04 drh Exp $
 
 set testdir [file dirname $argv0]
 source $testdir/tester.tcl
 
+ifcapable !lookaside {
+  finish_test
+  return
+}
+
 catch {db close}
 sqlite3_shutdown
 sqlite3_config_pagecache 0 0
-- 
2.47.2