From 8c5d152b53d127486891bfce425fc18c7381f6d1 Mon Sep 17 00:00:00 2001
From: drh <drh@noemail.net>
Date: Fri, 10 Apr 2009 00:56:28 +0000
Subject: [PATCH] Force 8-byte alignment of sqlite3_value objects in the
 sqlite3VdbeUnpackRecord() primitive.  Ticket #3777. (CVS 6479)

FossilOrigin-Name: 2cc68272b1f70701268075cfa82fa64bb2a8179d
---
 manifest      | 18 +++++++++---------
 manifest.uuid |  2 +-
 src/btree.c   |  5 +++--
 src/vdbe.c    |  6 ++++--
 src/vdbe.h    |  5 ++---
 src/vdbeaux.c | 23 ++++++++++++++---------
 6 files changed, 33 insertions(+), 26 deletions(-)

diff --git a/manifest b/manifest
index 249ee59258..75150435e8 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Increase\sthe\sversion\snumber\sto\s3.6.13\sin\spreparation\sfor\sthe\snext\srelease.\s(CVS\s6478)
-D 2009-04-09T21:02:30
+C Force\s8-byte\salignment\sof\ssqlite3_value\sobjects\sin\sthe\nsqlite3VdbeUnpackRecord()\sprimitive.\s\sTicket\s#3777.\s(CVS\s6479)
+D 2009-04-10T00:56:28
 F Makefile.arm-wince-mingw32ce-gcc fcd5e9cd67fe88836360bb4f9ef4cb7f8e2fb5a0
 F Makefile.in 583e87706abc3026960ed759aff6371faf84c211
 F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654
@@ -103,7 +103,7 @@ F src/auth.c c8b2ab5c8bad4bd90ed7c294694f48269162c627
 F src/backup.c 0082d0e5a63f04e88faee0dff0a7d63d3e92a78d
 F src/bitvec.c ef370407e03440b0852d05024fb016b14a471d3d
 F src/btmutex.c 341502bc496dc0840dcb00cde65680fb0e85c3ab
-F src/btree.c 0d02176d76c6e202cff0788929e8eee71bf60e88
+F src/btree.c 02c902db5527fc20b74a9ffdf1fc296ee3437964
 F src/btree.h 8007018c1753944790c39610280894ab280210b8
 F src/btreeInt.h df64030d632f8c8ac217ed52e8b6b3eacacb33a5
 F src/build.c 2882f22078db1c3f887b1aca77ff460cf9461c62
@@ -200,11 +200,11 @@ F src/update.c 8ededddcde6f7b6da981dd0429a5d34518a475b7
 F src/utf.c 9541d28f40441812c0b40f00334372a0542c00ff
 F src/util.c 469d74f5bf09ed6398702c7da2ef8a34e979a1c1
 F src/vacuum.c 07121a727beeee88f27d704a00313ad6a7c9bef0
-F src/vdbe.c 3d252f70666a80fea2fb794b6fe154a282d11573
-F src/vdbe.h d70a68bee196ab228914a3902c79dbd24342a0f2
+F src/vdbe.c 146b72ae0783281b39049593c422a9a1527e82d3
+F src/vdbe.h 35a648bc3279a120da24f34d9a25213ec15daf8a
 F src/vdbeInt.h 53a2f4696871712646c77351904576cca6ad9752
 F src/vdbeapi.c d3c6f28dbf462187f3fd696f2357e0d23940abac
-F src/vdbeaux.c 570aaa5e15ae141115194d22443c73c8beb5032b
+F src/vdbeaux.c e1aa4cd6f4972f2420e38e195df4297349f109aa
 F src/vdbeblob.c e67757450ae8581a8b354d9d7e467e41502dfe38
 F src/vdbemem.c 9798905787baae83d0b53b62030e32ecf7a0586f
 F src/vtab.c f1aba5a6dc1f83b97a39fbbc58ff8cbc76311347
@@ -716,7 +716,7 @@ F tool/speedtest16.c c8a9c793df96db7e4933f0852abb7a03d48f2e81
 F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff
 F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224
 F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e
-P 5350a6586cd6504a0724631e4ef46245832435f9
-R 2ec114dc3d2165f8f5d965ab5f8ee1df
+P 9a09a47495d498a3372ead0eef5e3642a3ff30c2
+R 5607ab4efa85fc4682dba26b62f8935a
 U drh
-Z a0ccacb7742bd9172bd277d93321f496
+Z d8359058aa4314f29eca77f3a23b5b1c
diff --git a/manifest.uuid b/manifest.uuid
index b11f31ca2d..3a72b4506d 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-9a09a47495d498a3372ead0eef5e3642a3ff30c2
\ No newline at end of file
+2cc68272b1f70701268075cfa82fa64bb2a8179d
\ No newline at end of file
diff --git a/src/btree.c b/src/btree.c
index 57732c04f5..61fed3dca3 100644
--- a/src/btree.c
+++ b/src/btree.c
@@ -9,7 +9,7 @@
 **    May you share freely, never taking more than you give.
 **
 *************************************************************************
-** $Id: btree.c,v 1.592 2009/04/07 14:38:58 danielk1977 Exp $
+** $Id: btree.c,v 1.593 2009/04/10 00:56:28 drh Exp $
 **
 ** This file implements a external (disk-based) database using BTrees.
 ** See the header comment on "btreeInt.h" for additional information.
@@ -4079,7 +4079,8 @@ int sqlite3BtreeMoveto(
 ){
   int rc;                    /* Status code */
   UnpackedRecord *pIdxKey;   /* Unpacked index key */
-  UnpackedRecord aSpace[16]; /* Temp space for pIdxKey - to avoid a malloc */
+  char aSpace[150];          /* Temp space for pIdxKey - to avoid a malloc */
+
 
   if( pKey ){
     assert( nKey==(i64)(int)nKey );
diff --git a/src/vdbe.c b/src/vdbe.c
index e8de5881c4..7ef177a77b 100644
--- a/src/vdbe.c
+++ b/src/vdbe.c
@@ -43,7 +43,7 @@
 ** in this file for details.  If in doubt, do not deviate from existing
 ** commenting and indentation practices when changing or adding code.
 **
-** $Id: vdbe.c,v 1.830 2009/04/07 09:16:57 danielk1977 Exp $
+** $Id: vdbe.c,v 1.831 2009/04/10 00:56:29 drh Exp $
 */
 #include "sqliteInt.h"
 #include "vdbeInt.h"
@@ -562,7 +562,9 @@ int sqlite3VdbeExec(
 #ifndef SQLITE_OMIT_PROGRESS_CALLBACK
   int nProgressOps = 0;      /* Opcodes executed since progress callback. */
 #endif
-  UnpackedRecord aTempRec[16]; /* Space to hold a transient UnpackedRecord */
+
+  /* Temporary space into which to unpack a record. */
+  char aTempRec[ROUND8(sizeof(UnpackedRecord)) + sizeof(Mem)*3 + 7];
 
   assert( p->magic==VDBE_MAGIC_RUN );  /* sqlite3_step() verifies this */
   assert( db->magic==SQLITE_MAGIC_BUSY );
diff --git a/src/vdbe.h b/src/vdbe.h
index e8aad38629..64c440e513 100644
--- a/src/vdbe.h
+++ b/src/vdbe.h
@@ -15,7 +15,7 @@
 ** or VDBE.  The VDBE implements an abstract machine that runs a
 ** simple program to access and modify the underlying database.
 **
-** $Id: vdbe.h,v 1.140 2009/02/19 14:39:25 danielk1977 Exp $
+** $Id: vdbe.h,v 1.141 2009/04/10 00:56:29 drh Exp $
 */
 #ifndef _SQLITE_VDBE_H_
 #define _SQLITE_VDBE_H_
@@ -187,8 +187,7 @@ void sqlite3VdbeSwap(Vdbe*,Vdbe*);
 #ifdef SQLITE_ENABLE_MEMORY_MANAGEMENT
 int sqlite3VdbeReleaseMemory(int);
 #endif
-UnpackedRecord *sqlite3VdbeRecordUnpack(KeyInfo*,int,const void*,
-                                        UnpackedRecord*,int);
+UnpackedRecord *sqlite3VdbeRecordUnpack(KeyInfo*,int,const void*,char*,int);
 void sqlite3VdbeDeleteUnpackedRecord(UnpackedRecord*);
 int sqlite3VdbeRecordCompare(int,const void*,UnpackedRecord*);
 
diff --git a/src/vdbeaux.c b/src/vdbeaux.c
index d4ce83254a..61c0702f78 100644
--- a/src/vdbeaux.c
+++ b/src/vdbeaux.c
@@ -14,7 +14,7 @@
 ** to version 2.8.7, all this code was combined into the vdbe.c source file.
 ** But that file was getting too big so this subroutines were split out.
 **
-** $Id: vdbeaux.c,v 1.448 2009/04/06 11:11:43 drh Exp $
+** $Id: vdbeaux.c,v 1.449 2009/04/10 00:56:29 drh Exp $
 */
 #include "sqliteInt.h"
 #include "vdbeInt.h"
@@ -2320,30 +2320,35 @@ UnpackedRecord *sqlite3VdbeRecordUnpack(
   KeyInfo *pKeyInfo,     /* Information about the record format */
   int nKey,              /* Size of the binary record */
   const void *pKey,      /* The binary record */
-  UnpackedRecord *pSpace,/* Space available to hold resulting object */
+  char *pSpace,          /* Unaligned space available to hold the object */
   int szSpace            /* Size of pSpace[] in bytes */
 ){
   const unsigned char *aKey = (const unsigned char *)pKey;
-  UnpackedRecord *p;
-  int nByte, d;
+  UnpackedRecord *p;  /* The unpacked record that we will return */
+  int nByte;          /* Memory space needed to hold p, in bytes */
+  int d;
   u32 idx;
-  u16 u;                 /* Unsigned loop counter */
+  u16 u;              /* Unsigned loop counter */
   u32 szHdr;
   Mem *pMem;
+  int nOff;           /* Increase pSpace by this much to 8-byte align it */
   
-  assert( sizeof(Mem)>sizeof(*p) );
-  nByte = sizeof(Mem)*(pKeyInfo->nField+2);
+  nOff = (8 - ((pSpace - (char*)0)&7)) & 7;
+  pSpace += nOff;
+  szSpace -= nOff;
+  nByte = ROUND8(sizeof(UnpackedRecord)) + sizeof(Mem)*(pKeyInfo->nField+1);
   if( nByte>szSpace ){
     p = sqlite3DbMallocRaw(pKeyInfo->db, nByte);
     if( p==0 ) return 0;
     p->flags = UNPACKED_NEED_FREE | UNPACKED_NEED_DESTROY;
   }else{
-    p = pSpace;
+    p = (UnpackedRecord*)pSpace;
     p->flags = UNPACKED_NEED_DESTROY;
   }
   p->pKeyInfo = pKeyInfo;
   p->nField = pKeyInfo->nField + 1;
-  p->aMem = pMem = &((Mem*)p)[1];
+  p->aMem = pMem = (Mem*)&((char*)p)[ROUND8(sizeof(UnpackedRecord))];
+  assert( EIGHT_BYTE_ALIGNMENT(pMem) );
   idx = getVarint32(aKey, szHdr);
   d = szHdr;
   u = 0;
-- 
2.47.2