/ Check-in [7f3943fb]
Login
SQLite training in Houston TX on 2019-11-05 (details)
Part of the 2019 Tcl Conference

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a potential NULL pointer deference on a corrupt database schema. Cherrypick of [dc61b292d8ea].
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | branch-3.8.6
Files: files | file ages | folders
SHA1: 7f3943fb01490180055312363cdd8a47642f4e9d
User & Date: dan 2015-05-20 20:24:10
Context
2015-05-20
20:27
Fix an obscure problem with "INSERT INTO tbl(cols) SELECT" statements where the SELECT is a compound with an ORDER BY and "cols" is a strict subset of tbl's columns. Cherrypick of [718d5d0eab04]. check-in: 3cd2b772 user: dan tags: branch-3.8.6
20:24
Fix a potential NULL pointer deference on a corrupt database schema. Cherrypick of [dc61b292d8ea]. check-in: 7f3943fb user: dan tags: branch-3.8.6
20:21
Fix a bug caused by cherrypicking from a branch that assumes sqlite3_stricmp() can handle NULL arguments. check-in: 2c649cdf user: dan tags: branch-3.8.6
2015-04-19
19:21
Fix a potential NULL pointer deference on a corrupt database schema. check-in: dc61b292 user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/expr.c.

1206
1207
1208
1209
1210
1211
1212
















1213
1214
1215
1216



1217
1218
1219
1220
1221
1222
1223
    sqlite3DbFree(db, pItem->zSpan);
  }
  sqlite3DbFree(db, pList->a);
  sqlite3DbFree(db, pList);
}

/*
















** These routines are Walker callbacks.  Walker.u.pi is a pointer
** to an integer.  These routines are checking an expression to see
** if it is a constant.  Set *Walker.u.pi to 0 if the expression is
** not constant.



**
** These callback routines are used to implement the following:
**
**     sqlite3ExprIsConstant()
**     sqlite3ExprIsConstantNotJoin()
**     sqlite3ExprIsConstantOrFunction()
**







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
<
<
<
>
>
>







1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229



1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
    sqlite3DbFree(db, pItem->zSpan);
  }
  sqlite3DbFree(db, pList->a);
  sqlite3DbFree(db, pList);
}

/*
** Return the bitwise-OR of all Expr.flags fields in the given
** ExprList.
*/
u32 sqlite3ExprListFlags(const ExprList *pList){
  int i;
  u32 m = 0;
  if( pList ){
    for(i=0; i<pList->nExpr; i++){
       Expr *pExpr = pList->a[i].pExpr;
       if( pExpr ) m |= pList->a[i].pExpr->flags;
    }
  }
  return m;
}

/*
** These routines are Walker callbacks used to check expressions to



** see if they are "constant" for some definition of constant.  The
** Walker.eCode value determines the type of "constant" we are looking
** for.
**
** These callback routines are used to implement the following:
**
**     sqlite3ExprIsConstant()
**     sqlite3ExprIsConstantNotJoin()
**     sqlite3ExprIsConstantOrFunction()
**

Changes to test/misc1.test.

622
623
624
625
626
627
628
629














630
} {0}

do_catchsql_test misc1-20.1 {
  create table t0(o CHar(0)CHECK(0&O>O));
  insert into t0 select randomblob(0)-trim(0);
} {1 {CHECK constraint failed: t0}}
















finish_test








>
>
>
>
>
>
>
>
>
>
>
>
>
>

622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
} {0}

do_catchsql_test misc1-20.1 {
  create table t0(o CHar(0)CHECK(0&O>O));
  insert into t0 select randomblob(0)-trim(0);
} {1 {CHECK constraint failed: t0}}


# 2015-04-19: NULL pointer dereference on a corrupt schema
#
do_execsql_test misc1-23.1 {
  DROP TABLE IF EXISTS t1;
  DROP TABLE IF EXISTS t2;
  CREATE TABLE t1(x);
  PRAGMA writable_schema=ON;
  UPDATE sqlite_master SET sql='CREATE table t(d CHECK(T(#0)';
  BEGIN;
  CREATE TABLE t2(y);
  ROLLBACK;
  DROP TABLE IF EXISTS t3;
} {}

finish_test