From 8d99363c1b9fcd12950f693fccd76d12c442434c Mon Sep 17 00:00:00 2001 From: drh Date: Thu, 4 Dec 2008 22:17:55 +0000 Subject: [PATCH] Fix a segfault that can occur in the RowSet object following a malloc failure. (CVS 5978) FossilOrigin-Name: cb0f1658d3db7ccf80843d66fa85af8de44710d0 --- manifest | 14 +++++++------- manifest.uuid | 2 +- src/vdbe.c | 3 ++- src/vdbemem.c | 8 +++++--- 4 files changed, 15 insertions(+), 12 deletions(-) diff --git a/manifest b/manifest index 10cdf8435d..ad640ea59f 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Replace\sthe\sVDBE\sFifo\sobject\swith\sthe\snew\sRowSet\sobject.\s(CVS\s5977) -D 2008-12-04T20:40:10 +C Fix\sa\ssegfault\sthat\scan\soccur\sin\sthe\sRowSet\sobject\sfollowing\sa\smalloc\nfailure.\s(CVS\s5978) +D 2008-12-04T22:17:56 F Makefile.arm-wince-mingw32ce-gcc fcd5e9cd67fe88836360bb4f9ef4cb7f8e2fb5a0 F Makefile.in f7e4c81c347b04f7b0f1c1b081a168645d7b8af7 F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654 @@ -194,13 +194,13 @@ F src/update.c 7143ac31d26dee156277126e9a7c5be953b18347 F src/utf.c 86dc0f8076f606432a01f1498ae054c32de1f9d2 F src/util.c b9a5d1c4c1a433e17d5828f9717fac763016a2cb F src/vacuum.c 383d6297bddc011ab04a9eed110db6eaf523e8e9 -F src/vdbe.c 5c46d3742f36599e615ce57164e44c64df5d0470 +F src/vdbe.c 3e849f1cffda97280d36b88e0980bdbe8128be7e F src/vdbe.h 03516f28bf5aca00a53c4dccd6c313f96adb94f6 F src/vdbeInt.h 1df957ab0f6a129735513d528c930dddfb4b23ef F src/vdbeapi.c 20722164e7701a0747eaea03cddbbe0de5cb37bf F src/vdbeaux.c 33ba6b66bc595f5522e6a6995a86799bacd8961b F src/vdbeblob.c b0dcebfafedcf9c0addc7901ad98f6f986c08935 -F src/vdbemem.c 2f386accfa1f4f11f0f12c2b6dcd4948e6df9c1f +F src/vdbemem.c 360396ac77b2da36a8cfc280e7c055482f0254e8 F src/vtab.c 02c51eac45dbff1a1d6e73f58febf92ecb563f7f F src/walker.c 488c2660e13224ff70c0c82761118efb547f8f0d F src/where.c 96f7c2bd9e83c252d90ee2794f7a902fc5ba505b @@ -662,7 +662,7 @@ F tool/speedtest16.c c8a9c793df96db7e4933f0852abb7a03d48f2e81 F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224 F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e -P 4697249fcc6041ba7d2fb89589c855a8bec71eb2 -R 854bd2622f9c32e838b36a1ab2f599ef +P 39a0750b49cf55e9c0927169ca47db909f5c16ea +R 4a7599da73fd5a79c2dfb0d9f2d60746 U drh -Z 79aa37bffdc9ab8f785db1e32012837b +Z 69484d9ad61e9734a4c2ad4dd121e991 diff --git a/manifest.uuid b/manifest.uuid index 3ff0380ac7..b47ea0be37 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -39a0750b49cf55e9c0927169ca47db909f5c16ea \ No newline at end of file +cb0f1658d3db7ccf80843d66fa85af8de44710d0 \ No newline at end of file diff --git a/src/vdbe.c b/src/vdbe.c index 191b3c58f5..bde57f587c 100644 --- a/src/vdbe.c +++ b/src/vdbe.c @@ -43,7 +43,7 @@ ** in this file for details. If in doubt, do not deviate from existing ** commenting and indentation practices when changing or adding code. ** -** $Id: vdbe.c,v 1.790 2008/12/04 20:40:10 drh Exp $ +** $Id: vdbe.c,v 1.791 2008/12/04 22:17:56 drh Exp $ */ #include "sqliteInt.h" #include @@ -4302,6 +4302,7 @@ case OP_RowSetAdd: { /* in2 */ assert( (pVal->flags & MEM_Int)!=0 ); if( (pIdx->flags & MEM_RowSet)==0 ){ sqlite3VdbeMemSetRowSet(pIdx); + if( (pIdx->flags & MEM_RowSet)==0 ) goto no_mem; } sqlite3RowSetInsert(pIdx->u.pRowSet, pVal->u.i); break; diff --git a/src/vdbemem.c b/src/vdbemem.c index d9ec059e8e..ffe2e15437 100644 --- a/src/vdbemem.c +++ b/src/vdbemem.c @@ -15,7 +15,7 @@ ** only within the VDBE. Interface routines refer to a Mem using the ** name sqlite_value ** -** $Id: vdbemem.c,v 1.127 2008/12/04 20:40:10 drh Exp $ +** $Id: vdbemem.c,v 1.128 2008/12/04 22:17:56 drh Exp $ */ #include "sqliteInt.h" #include @@ -510,12 +510,14 @@ void sqlite3VdbeMemSetRowSet(Mem *pMem){ sqlite3VdbeMemRelease(pMem); pMem->zMalloc = sqlite3DbMallocRaw(db, 32); } - if( !db->mallocFailed ){ + if( db->mallocFailed ){ + pMem->flags = MEM_Null; + }else{ assert( pMem->zMalloc ); pMem->u.pRowSet = sqlite3RowSetInit(db, pMem->zMalloc, sqlite3DbMallocSize(db, pMem->zMalloc)); assert( pMem->u.pRowSet!=0 ); - pMem->flags = MEM_RowSet|MEM_Dyn; + pMem->flags = MEM_RowSet; } } -- 2.47.2