Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Fix a problem in fts3_write.c causing stack memory to be referenced after it is out of scope. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
f9c4a7c8f4e5821b47c1393d6272e324 |
| User & Date: | dan 2011-12-22 15:30:46 |
References
|
2011-12-23
| ||
| 11:07 | Fix a problem with [f9c4a7c8f4] as applied to this branch. (Leaf check-in: e6a04bf9 user: dan tags: branch-3.7.6) | |
|
2011-12-22
| ||
| 18:44 | Backport the fixes for Coverity-discovered problems in [1c27d84216], [676acce274], and [f9c4a7c8f4] from trunk to the 3.7.6 branch. (check-in: a61786e7 user: drh tags: branch-3.7.6) | |
Context
|
2011-12-22
| ||
| 17:10 | Check the return code from sqlite3_initialize() called from within sqlite3_soft_heap_limit64() and return an error from sqlite3_soft_heap_limit64() if sqlite3_initialize() fails. (check-in: 676acce2 user: drh tags: trunk) | |
| 15:30 | Fix a problem in fts3_write.c causing stack memory to be referenced after it is out of scope. (check-in: f9c4a7c8 user: dan tags: trunk) | |
|
2011-12-21
| ||
| 18:04 | Fix other problems where 32-bit integer overflow may cause a problem. Two that require an improbably large sub-journal and two in test harness code. Ticket [ac0ff496b7e2] (check-in: c723e3e1 user: dan tags: trunk) | |
Changes
Changes to ext/fts3/fts3_write.c.
| ︙ | ︙ | |||
1466 1467 1468 1469 1470 1471 1472 1473 1474 1475 1476 1477 1478 1479 1480 |
int iIndex, /* Index for p->aIndex */
const char *zTerm, /* Term to search for */
int nTerm, /* Size of buffer zTerm */
int bPrefix, /* True for a prefix iterator */
Fts3SegReader **ppReader /* OUT: SegReader for pending-terms */
){
Fts3SegReader *pReader = 0; /* Fts3SegReader object to return */
Fts3HashElem **aElem = 0; /* Array of term hash entries to scan */
int nElem = 0; /* Size of array at aElem */
int rc = SQLITE_OK; /* Return Code */
Fts3Hash *pHash;
pHash = &p->aIndex[iIndex].hPending;
if( bPrefix ){
int nAlloc = 0; /* Size of allocated array at aElem */
| > < | 1466 1467 1468 1469 1470 1471 1472 1473 1474 1475 1476 1477 1478 1479 1480 1481 1482 1483 1484 1485 1486 1487 1488 |
int iIndex, /* Index for p->aIndex */
const char *zTerm, /* Term to search for */
int nTerm, /* Size of buffer zTerm */
int bPrefix, /* True for a prefix iterator */
Fts3SegReader **ppReader /* OUT: SegReader for pending-terms */
){
Fts3SegReader *pReader = 0; /* Fts3SegReader object to return */
Fts3HashElem *pE; /* Iterator variable */
Fts3HashElem **aElem = 0; /* Array of term hash entries to scan */
int nElem = 0; /* Size of array at aElem */
int rc = SQLITE_OK; /* Return Code */
Fts3Hash *pHash;
pHash = &p->aIndex[iIndex].hPending;
if( bPrefix ){
int nAlloc = 0; /* Size of allocated array at aElem */
for(pE=fts3HashFirst(pHash); pE; pE=fts3HashNext(pE)){
char *zKey = (char *)fts3HashKey(pE);
int nKey = fts3HashKeysize(pE);
if( nTerm==0 || (nKey>=nTerm && 0==memcmp(zKey, zTerm, nTerm)) ){
if( nElem==nAlloc ){
Fts3HashElem **aElem2;
|
| ︙ | ︙ | |||
1508 1509 1510 1511 1512 1513 1514 |
*/
if( nElem>1 ){
qsort(aElem, nElem, sizeof(Fts3HashElem *), fts3CompareElemByTerm);
}
}else{
/* The query is a simple term lookup that matches at most one term in
| | > > > > > | | 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 1528 |
*/
if( nElem>1 ){
qsort(aElem, nElem, sizeof(Fts3HashElem *), fts3CompareElemByTerm);
}
}else{
/* The query is a simple term lookup that matches at most one term in
** the index. All that is required is a straight hash-lookup.
**
** Because the stack address of pE may be accessed via the aElem pointer
** below, the "Fts3HashElem *pE" must be declared so that it is valid
** within this entire function, not just this "else{...}" block.
*/
pE = fts3HashFindElem(pHash, zTerm, nTerm);
if( pE ){
aElem = &pE;
nElem = 1;
}
}
if( nElem>0 ){
|
| ︙ | ︙ |