]> git.ipfire.org Git - thirdparty/sqlite.git/commitdiff
projects / thirdparty / sqlite.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: aa12f00)
Fix a possible user-after free following OOM in the EXISTS-to-JOIN
authordrh <>
Tue, 8 Jul 2025 22:11:39 +0000 (22:11 +0000)
committerdrh <>
Tue, 8 Jul 2025 22:11:39 +0000 (22:11 +0000)
optimization.

FossilOrigin-Name: 498ee8d514e64cdc93a8d68e1971b6326c6132daf25067936bec921c42494caa

manifest patch | blob | blame | history
manifest.uuid patch | blob | blame | history
src/select.c patch | blob | blame | history

diff --git a/manifest b/manifest
index ef930db58fc5de2a72f76b3a52c8d2c9901b81c5..58cfe31140a51c7d7a19c7eee9d85039b11c4451 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Adjustments\sto\stest/incrblob4.test\sso\sthat\sit\sworks\son\sboth\sLinux\sand\sMac\nin\sspite\sof\serror\smessage\sdifferences\sbetween\sthose\splatforms.\s\sMinor\schange\nto\stermIsEquivalent()\sto\sprovide\s100%\sMC/DC.
-D 2025-07-08T20:28:35.779
+C Fix\sa\spossible\suser-after\sfree\sfollowing\sOOM\sin\sthe\sEXISTS-to-JOIN\noptimization.
+D 2025-07-08T22:11:39.260
 F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
@@ -785,7 +785,7 @@ F src/printf.c 71b6d3a0093bf23f473e25480ca0024e8962681506c75f4ffd3d343a3f0ab113
 F src/random.c 606b00941a1d7dd09c381d3279a058d771f406c5213c9932bbd93d5587be4b9c
 F src/resolve.c d3ee7ed308d46f4ee6d3bb6316d8d6f87158f93a7fd616732138cc953cf364f0
 F src/rowset.c 8432130e6c344b3401a8874c3cb49fefe6873fec593294de077afea2dce5ec97
-F src/select.c 244f2fba5f73c7ea937333bd54280e83e218a0b652fc4540cbd72d33b0f7b4d8
+F src/select.c 33a46f68191ac6cb00409417593adb03be68c8078d36ebe079a3a0914b220d93
 F src/shell.c.in 73c0eeb7c265d59b99219d5aa055f412f07842088d8036b6d259927d85dd1bbf
 F src/sqlite.h.in 5c54f2461a1ea529bab8499148a2b238e2d4bb571d59e8ea5322d0c190abb693
 F src/sqlite3.rc 015537e6ac1eec6c7050e17b616c2ffe6f70fca241835a84a4f0d5937383c479
@@ -2211,8 +2211,8 @@ F tool/version-info.c 3b36468a90faf1bbd59c65fd0eb66522d9f941eedd364fabccd7227350
 F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee87c1b31a7
 F tool/warnings.sh 1ad0169b022b280bcaaf94a7fa231591be96b514230ab5c98fbf15cd7df842dd
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
-P e33da6d5dc964db817d1bc63c9083aecd93d49ee14d5198600b47eaf7c5b9331
-R 78682a3b3c6b0a6c29f5de1434b5f502
+P 720387f8604f7cd997f1850ed62ce6ab32608155d7f02a89c695041caafc4067
+R 06654310fbfa0a3e107f5e62dfa928dd
 U drh
-Z 9e6d5e7b5a33e381b6fe52bba2b5d309
+Z d3919178e62d3c6ffc666ec27b2d4fc8
 # Remove this line to create a well-formed Fossil manifest.
diff --git a/manifest.uuid b/manifest.uuid
index 46b6f92afb94886589b442d89bdca8fb2a01c571..bedccbe899ed41e80d614de8832b5b19c9730e16 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-720387f8604f7cd997f1850ed62ce6ab32608155d7f02a89c695041caafc4067
+498ee8d514e64cdc93a8d68e1971b6326c6132daf25067936bec921c42494caa
diff --git a/src/select.c b/src/select.c
index 2dd8fc7725d1eec7a78a03f3c2f265fc3e508b24..99b05c76a35af3d55eee20e86aef1f0d5026dbc7 100644 (file)
--- a/src/select.c
+++ b/src/select.c
@@ -7430,10 +7430,11 @@ static SQLITE_NOINLINE void existsToJoin(
   Select *p,      /* The SELECT statement being optimized */
   Expr *pWhere    /* part of the WHERE clause currently being examined */
 ){
-  if( pWhere 
+  if( pParse->nErr==0
+   && pWhere!=0
    && !ExprHasProperty(pWhere, EP_OuterON|EP_InnerON) 
+   && ALWAYS(p->pSrc!=0)
    && p->pSrc->nSrc<BMS
-   && pParse->db->mallocFailed==0 
   ){
     if( pWhere->op==TK_AND ){
       Expr *pRight = pWhere->pRight;
Mirror of https://github.com/sqlite/sqlite.git