From: drh <drh@noemail.net>
Date: Mon, 11 Jun 2018 13:10:45 +0000 (+0000)
Subject: Strengthen the sqlite3VdbeMemAboutToChange() run-time verification mechanism
X-Git-Tag: version-3.25.0~197
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=8d7b212c4c6ef492c55ce9ea9de2ed4e8d738ef4;p=thirdparty%2Fsqlite.git

Strengthen the sqlite3VdbeMemAboutToChange() run-time verification mechanism
to better detect missed calls to AboutToChange().

FossilOrigin-Name: 793e942205a12eedb7ecc5ad8a27e3e52bbd4e1d50a0d1453d04a83ba728884e
---

diff --git a/manifest b/manifest
index cba3248157..6170904da3 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Always\sinitialize\sthe\sWhereClause.hasOr\sfield\sthat\swas\sadded\sby\scheck-in\n[292724ffc4].\s\sError\sdetected\sby\sOSSFuzz.
-D 2018-06-11T01:30:03.585
+C Strengthen\sthe\ssqlite3VdbeMemAboutToChange()\srun-time\sverification\smechanism\nto\sbetter\sdetect\smissed\scalls\sto\sAboutToChange().
+D 2018-06-11T13:10:45.872
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F Makefile.in bfc40f350586923e0419d2ea4b559c37ec10ee4b6e210e08c14401f8e340f0da
@@ -566,12 +566,12 @@ F src/utf.c 810fbfebe12359f10bc2a011520a6e10879ab2a163bcb26c74768eab82ea62a5
 F src/util.c d9eb0a6c4aae1b00a7369eadd7ca0bbe946cb4c953b6751aa20d357c2f482157
 F src/vacuum.c 36e7d21a20c0bf6ef4ef7c399d192b5239410b7c4d3c1070fba4e30810d0b855
 F src/vdbe.c d7a475cec51c83daf0d348301a1aec77f535832ea946632b5738ff9f087c0edb
-F src/vdbe.h e3f43bcc27ff30b0f25a6104d0cb5657e1c4b5e1b5cd2dd2216d5bcc2156a746
+F src/vdbe.h c58fa2d8fff2a235a685687340ee555269f5421e4ec2ee758a5550961d3b25a4
 F src/vdbeInt.h d299d7a19853463dac418de0d97f2dd9cb4ddb495a45c93364e2daee109ba0ef
 F src/vdbeapi.c 765a0bbe01311626417de6cb743f7f25f9f98435c98a9df4bb0714d11014633d
-F src/vdbeaux.c daecbbefaf0adfc428cddbfa5164c1d744496ba5dd19f840845ecac652913802
+F src/vdbeaux.c ea0b7821dd74068cb8b232d1ba3dc457ecaca302d2cf67e1f24ff3bcc7d94c52
 F src/vdbeblob.c f5c70f973ea3a9e915d1693278a5f890dc78594300cf4d54e64f2b0917c94191
-F src/vdbemem.c 803323406d8623a7619ea5d5f74016697eeaed19c02b98ce9c3013e77dbe1c38
+F src/vdbemem.c 8f5cd24151c87294c2fb31c9e9353b074786c10cb9e7ef74d93c2e1ec85d1ee1
 F src/vdbesort.c 731a09e5cb9e96b70c394c1b7cf3860fbe84acca7682e178615eb941a3a0ef2f
 F src/vdbetrace.c 79d6dbbc479267b255a7de8080eee6e729928a0ef93ed9b0bfa5618875b48392
 F src/vtab.c 10ea07dec111de6fb0a4fc87a7ffa4c65fdc088a19dbfaf7d6f2b128f2e8eb7b
@@ -1731,7 +1731,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P de0857f39620b7f5c921ddf8d11b11723b4ba3cfe52e43cf77e883697b7c1c4c
-R d9b050cc4bb9b1726f913fdb83de4b6b
+P 9faf41713e865f26485d9e90918d77c25be211384941eadda6a36237f52c25de
+R 846e9acb3549bc01ad42c2408534b9d1
 U drh
-Z 56f73bab2b8437d13f6f85f70d26e7dd
+Z 5f45d155d5f89ae268c81c641f0e97a0
diff --git a/manifest.uuid b/manifest.uuid
index 2e3a89e74f..5504e2c63e 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-9faf41713e865f26485d9e90918d77c25be211384941eadda6a36237f52c25de
\ No newline at end of file
+793e942205a12eedb7ecc5ad8a27e3e52bbd4e1d50a0d1453d04a83ba728884e
\ No newline at end of file
diff --git a/src/vdbe.h b/src/vdbe.h
index 51bbdf96cc..b7f960f766 100644
--- a/src/vdbe.h
+++ b/src/vdbe.h
@@ -261,6 +261,7 @@ void sqlite3VdbeSetVarmask(Vdbe*, int);
   char *sqlite3VdbeExpandSql(Vdbe*, const char*);
 #endif
 int sqlite3MemCompare(const Mem*, const Mem*, const CollSeq*);
+int sqlite3BlobCompare(const Mem*, const Mem*);
 
 void sqlite3VdbeRecordUnpack(KeyInfo*,int,const void*,UnpackedRecord*);
 int sqlite3VdbeRecordCompare(int,const void*,UnpackedRecord*);
diff --git a/src/vdbeaux.c b/src/vdbeaux.c
index 7f0448ec1f..c0984317b9 100644
--- a/src/vdbeaux.c
+++ b/src/vdbeaux.c
@@ -3912,7 +3912,7 @@ static int isAllZero(const char *z, int n){
 ** is less than, equal to, or greater than the second, respectively.
 ** If one blob is a prefix of the other, then the shorter is the lessor.
 */
-static SQLITE_NOINLINE int sqlite3BlobCompare(const Mem *pB1, const Mem *pB2){
+SQLITE_NOINLINE int sqlite3BlobCompare(const Mem *pB1, const Mem *pB2){
   int c;
   int n1 = pB1->n;
   int n2 = pB2->n;
diff --git a/src/vdbemem.c b/src/vdbemem.c
index 933eee0b53..4759823417 100644
--- a/src/vdbemem.c
+++ b/src/vdbemem.c
@@ -886,7 +886,21 @@ void sqlite3VdbeMemAboutToChange(Vdbe *pVdbe, Mem *pMem){
   Mem *pX;
   for(i=0, pX=pVdbe->aMem; i<pVdbe->nMem; i++, pX++){
     if( pX->pScopyFrom==pMem ){
-      pX->flags |= MEM_Undefined;
+      /* If pX is marked as a shallow copy of pMem, then verify that
+      ** no significant changes have been made to pX since the OP_SCopy.
+      ** A significant change would indicated a missed call to this
+      ** function for pX.  Minor changes, such as adding or removing a
+      ** dual type, are allowed, as long as the underlying value is the
+      ** same. */
+      u16 mFlags = pMem->flags & pX->flags;
+      assert( (mFlags&MEM_Int)==0 || pMem->u.i==pX->u.i );
+      assert( (mFlags&MEM_Real)==0 || pMem->u.r==pX->u.r );
+      assert( (mFlags&MEM_Str)==0  || (pMem->n==pX->n && pMem->z==pX->z) );
+      assert( (mFlags&MEM_Blob)==0  || sqlite3BlobCompare(pMem,pX)==0 );
+      
+      /* pMem is the register that is changing.  But also mark pX as
+      ** undefined so that we can quickly detect the shallow-copy error */
+      pX->flags = MEM_Undefined;
       pX->pScopyFrom = 0;
     }
   }