SQLite Forum

no check for a failled malloc
Login

no check for a failled malloc

(1) By anonymous on 2021-09-13 13:19:24

hello!

as subject says, it looks like you missed some malloc checks a few times.

* [here](https://github.com/sqlite/sqlite/blob/31aa366293757e845ddbe7742958d17f148b987a/src/window.c#L1073) `pSub` is dereferenced and unchecked. you may claim that allocation of `p->pSrc` is checked before and therefore there's no chance that `pSub` is not allocated but size of `struct SrcList` (which is `sizeof(*p->pSrc)`) is MUCH smaller than size of `struct Select` (which is `sizeof(*pSub)`) therefore one could succeed and one could not. to me it would be better if a condition on a [line 1069](https://github.com/sqlite/sqlite/blob/31aa366293757e845ddbe7742958d17f148b987a/src/window.c#L1069) would check state of the flag `db->mallocFailed`.

* [here](https://github.com/sqlite/sqlite/blob/31aa366293757e845ddbe7742958d17f148b987a/src/select.c#L354) you may see that `pE2` is unchecked. yeah, here it is _very unlikely_ that pE2 allocation would fail and pEq allocation would succeed because they have the same size but to me it looks like juggling with knives to some extent. to me it would also be better if in the condition on [line 350](https://github.com/sqlite/sqlite/blob/31aa366293757e845ddbe7742958d17f148b987a/src/select.c#L350) you would check for a flag `db->mallocFailed`

(2) By Richard Hipp (drh) on 2021-09-13 18:02:56 in reply to 1 updated by 2.1 [link]

Thanks for the report.

The first bullet is not possible because of [this line][1] that forces
p->pSrc to be NULL if pSub is NULL.  Similarly the second bullet is not
possible because the test of db->mallocFailed down inside of
sqlite3DbMallocRawNN() causes pEq to be NULL if pE2 is NULL.

[1]:  src:/file?ln=602&ci=8c4b1482eeb31856&name=src%2Fmalloc.c

So, neither of these cases are actual problems.  No action required.

(2.1) By Richard Hipp (drh) on 2021-09-13 18:17:35 edited from 2.0 in reply to 1 [link]

Thanks for the report.

The first bullet is not possible because of [this line][1] that forces
p->pSrc to be NULL if pSub is NULL.  Similarly the second bullet is not
possible because the test of db->mallocFailed down inside of
sqlite3DbMallocRawNN() causes pEq to be NULL if pE2 is NULL.

[1]:  src:/file?ln=602&ci=8c4b1482eeb31856&name=src%2Fmalloc.c

So, neither of these cases are actual problems.  No action required.

Edit:  See also [check-in 83a83475c5064ea6][2].

[2]: src:/info/83a83475c5064ea6