SQLite

Check-in [a67cf5b7]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Early-out on the INTERSECT query processing following an out-of-memory error. This fixes a potential null pointer dereference found by sakura(@eternalsakura13) of Alpha Team, Qihoo 360.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: a67cf5b7d37d5b1484be32092635faafd8f76e5881898cd9435517c4b287d663
User & Date: drh 2020-02-20 14:08:51
Original Comment: Early-out on the INTERSECT query processing following an error.
Context
2020-02-20
14:11
Add test case for previous commit. (check-in: 14d14eb5 user: dan tags: trunk)
14:08
Early-out on the INTERSECT query processing following an out-of-memory error. This fixes a potential null pointer dereference found by sakura(@eternalsakura13) of Alpha Team, Qihoo 360. (check-in: a67cf5b7 user: drh tags: trunk)
2020-02-19
15:39
Fix a potential NULL pointer dereference following OOM. Problem discovered by dbsqlfuzz. Test case in TH3. (check-in: 5aeb5a2d user: drh tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/select.c.
2802
2803
2804
2805
2806
2807
2808

2809
2810
2811
2812
2813
2814
2815
        }
        sqlite3ExprDelete(db, p->pLimit);
        p->pLimit = pLimit;
  
        /* Generate code to take the intersection of the two temporary
        ** tables.
        */

        assert( p->pEList );
        iBreak = sqlite3VdbeMakeLabel(pParse);
        iCont = sqlite3VdbeMakeLabel(pParse);
        computeLimitRegisters(pParse, p, iBreak);
        sqlite3VdbeAddOp2(v, OP_Rewind, tab1, iBreak); VdbeCoverage(v);
        r1 = sqlite3GetTempReg(pParse);
        iStart = sqlite3VdbeAddOp2(v, OP_RowData, tab1, r1);







>







2802
2803
2804
2805
2806
2807
2808
2809
2810
2811
2812
2813
2814
2815
2816
        }
        sqlite3ExprDelete(db, p->pLimit);
        p->pLimit = pLimit;
  
        /* Generate code to take the intersection of the two temporary
        ** tables.
        */
        if( rc ) break;
        assert( p->pEList );
        iBreak = sqlite3VdbeMakeLabel(pParse);
        iCont = sqlite3VdbeMakeLabel(pParse);
        computeLimitRegisters(pParse, p, iBreak);
        sqlite3VdbeAddOp2(v, OP_Rewind, tab1, iBreak); VdbeCoverage(v);
        r1 = sqlite3GetTempReg(pParse);
        iStart = sqlite3VdbeAddOp2(v, OP_RowData, tab1, r1);