/ Check-in [d3e50226]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fixes for failures in fuzz_malloc.test. (CVS 4334)
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: d3e502263808c1fe0487fda02f16adcbb1279183
User & Date: danielk1977 2007-08-30 11:48:32
Context
2007-08-30
14:10
Bug fixes in the mutex header file. Tickets #2599 and #2600. (CVS 4335) check-in: 4bdfe141 user: drh tags: trunk
11:48
Fixes for failures in fuzz_malloc.test. (CVS 4334) check-in: d3e50226 user: danielk1977 tags: trunk
10:49
Fix some problems in async2.test. No code changes. (CVS 4333) check-in: d80d87c2 user: danielk1977 tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/printf.c.

714
715
716
717
718
719
720

721
722
723
724
725
726
727
728
729
730

731
732
733
734
735
736
737
738
739
740


741
742
743
744
745
746
747
748
749
750

751
752

753
754
755
756
757
758
759
...
777
778
779
780
781
782
783

784
785
786
787
788
789
790
struct sgMprintf {
  char *zBase;     /* A base allocation */
  char *zText;     /* The string collected so far */
  int  nChar;      /* Length of the string so far */
  int  nTotal;     /* Output size if unconstrained */
  int  nAlloc;     /* Amount of space allocated in zText */
  void *(*xRealloc)(void*,int);  /* Function used to realloc memory */

};

/* 
** This function implements the callback from vxprintf. 
**
** This routine add nNewChar characters of text in zNewText to
** the sgMprintf structure pointed to by "arg".
*/
static void mout(void *arg, const char *zNewText, int nNewChar){
  struct sgMprintf *pM = (struct sgMprintf*)arg;

  pM->nTotal += nNewChar;
  if( pM->zText ){
    if( pM->nChar + nNewChar + 1 > pM->nAlloc ){
      if( pM->xRealloc==0 ){
        nNewChar =  pM->nAlloc - pM->nChar - 1;
      }else{
        int nAlloc = pM->nChar + nNewChar*2 + 1;
        if( pM->zText==pM->zBase ){
          pM->zText = pM->xRealloc(0, nAlloc);
          if( pM->zText==0 ){


            return;
          }else if( pM->nChar ){
            memcpy(pM->zText, pM->zBase, pM->nChar);
          }
        }else{
          char *zNew;
          zNew = pM->xRealloc(pM->zText, nAlloc);
          if( zNew ){
            pM->zText = zNew;
          }else{

            pM->xRealloc(pM->zText, 0);
            pM->zText = 0;

            return;
          }
        }
        pM->nAlloc = nAlloc;
      }
    }
    if( nNewChar>0 ){
................................................................................
  va_list ap                      /* arguments */
){
  struct sgMprintf sM;
  sM.zBase = sM.zText = zInitBuf;
  sM.nChar = sM.nTotal = 0;
  sM.nAlloc = nInitBuf;
  sM.xRealloc = xRealloc;

  vxprintf(mout, &sM, useInternal, zFormat, ap);
  if( xRealloc ){
    if( sM.zText==sM.zBase ){
      sM.zText = xRealloc(0, sM.nChar+1);
      if( sM.zText ){
        memcpy(sM.zText, sM.zBase, sM.nChar+1);
      }







>










>










>
>










>


>







 







>







714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
...
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
struct sgMprintf {
  char *zBase;     /* A base allocation */
  char *zText;     /* The string collected so far */
  int  nChar;      /* Length of the string so far */
  int  nTotal;     /* Output size if unconstrained */
  int  nAlloc;     /* Amount of space allocated in zText */
  void *(*xRealloc)(void*,int);  /* Function used to realloc memory */
  int  iMallocFailed;            /* True if xRealloc() has failed */
};

/* 
** This function implements the callback from vxprintf. 
**
** This routine add nNewChar characters of text in zNewText to
** the sgMprintf structure pointed to by "arg".
*/
static void mout(void *arg, const char *zNewText, int nNewChar){
  struct sgMprintf *pM = (struct sgMprintf*)arg;
  if( pM->iMallocFailed ) return;
  pM->nTotal += nNewChar;
  if( pM->zText ){
    if( pM->nChar + nNewChar + 1 > pM->nAlloc ){
      if( pM->xRealloc==0 ){
        nNewChar =  pM->nAlloc - pM->nChar - 1;
      }else{
        int nAlloc = pM->nChar + nNewChar*2 + 1;
        if( pM->zText==pM->zBase ){
          pM->zText = pM->xRealloc(0, nAlloc);
          if( pM->zText==0 ){
            pM->nAlloc = 0;
            pM->iMallocFailed = 0;
            return;
          }else if( pM->nChar ){
            memcpy(pM->zText, pM->zBase, pM->nChar);
          }
        }else{
          char *zNew;
          zNew = pM->xRealloc(pM->zText, nAlloc);
          if( zNew ){
            pM->zText = zNew;
          }else{
            pM->iMallocFailed = 0;
            pM->xRealloc(pM->zText, 0);
            pM->zText = 0;
            pM->nAlloc = 0;
            return;
          }
        }
        pM->nAlloc = nAlloc;
      }
    }
    if( nNewChar>0 ){
................................................................................
  va_list ap                      /* arguments */
){
  struct sgMprintf sM;
  sM.zBase = sM.zText = zInitBuf;
  sM.nChar = sM.nTotal = 0;
  sM.nAlloc = nInitBuf;
  sM.xRealloc = xRealloc;
  sM.iMallocFailed = 0;
  vxprintf(mout, &sM, useInternal, zFormat, ap);
  if( xRealloc ){
    if( sM.zText==sM.zBase ){
      sM.zText = xRealloc(0, sM.nChar+1);
      if( sM.zText ){
        memcpy(sM.zText, sM.zBase, sM.nChar+1);
      }

Changes to src/select.c.

8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
....
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135

1136
1137
1138
1139
1140
1141
1142
**    May you find forgiveness for yourself and forgive others.
**    May you share freely, never taking more than you give.
**
*************************************************************************
** This file contains C code routines that are called by the parser
** to handle SELECT statements in SQLite.
**
** $Id: select.c,v 1.357 2007/08/29 12:31:27 danielk1977 Exp $
*/
#include "sqliteInt.h"


/*
** Delete all the content of a Select structure but do not deallocate
** the select structure itself.
................................................................................
    }else if( p->span.z && p->span.z[0] ){
      /* Use the original text of the column expression as its name */
      zName = sqlite3MPrintf(db, "%T", &p->span);
    }else{
      /* If all else fails, make up a name */
      zName = sqlite3MPrintf(db, "column%d", i+1);
    }
    sqlite3Dequote(zName);
    if( db->mallocFailed ){
      sqlite3_free(zName);
      sqlite3DeleteTable(pTab);
      return 0;
    }


    /* Make sure the column name is unique.  If the name is not unique,
    ** append a integer to the name so that it becomes unique.
    */
    nName = strlen(zName);
    for(j=cnt=0; j<i; j++){
      if( sqlite3StrICmp(aCol[j].zName, zName)==0 ){







|







 







|
|




>







8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
....
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
**    May you find forgiveness for yourself and forgive others.
**    May you share freely, never taking more than you give.
**
*************************************************************************
** This file contains C code routines that are called by the parser
** to handle SELECT statements in SQLite.
**
** $Id: select.c,v 1.358 2007/08/30 11:48:32 danielk1977 Exp $
*/
#include "sqliteInt.h"


/*
** Delete all the content of a Select structure but do not deallocate
** the select structure itself.
................................................................................
    }else if( p->span.z && p->span.z[0] ){
      /* Use the original text of the column expression as its name */
      zName = sqlite3MPrintf(db, "%T", &p->span);
    }else{
      /* If all else fails, make up a name */
      zName = sqlite3MPrintf(db, "column%d", i+1);
    }
    if( !zName || db->mallocFailed ){
      db->mallocFailed = 1;
      sqlite3_free(zName);
      sqlite3DeleteTable(pTab);
      return 0;
    }
    sqlite3Dequote(zName);

    /* Make sure the column name is unique.  If the name is not unique,
    ** append a integer to the name so that it becomes unique.
    */
    nName = strlen(zName);
    for(j=cnt=0; j<i; j++){
      if( sqlite3StrICmp(aCol[j].zName, zName)==0 ){

Changes to src/vdbe.c.

39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
....
3083
3084
3085
3086
3087
3088
3089
3090
3091
3092
3093
3094



3095
3096
3097
3098
3099
3100
3101
3102
**
** Various scripts scan this source file in order to generate HTML
** documentation, headers files, or other derived files.  The formatting
** of the code in this file is, therefore, important.  See other comments
** in this file for details.  If in doubt, do not deviate from existing
** commenting and indentation practices when changing or adding code.
**
** $Id: vdbe.c,v 1.648 2007/08/30 01:19:59 drh Exp $
*/
#include "sqliteInt.h"
#include <ctype.h>
#include <math.h>
#include "vdbeInt.h"

/*
................................................................................
  int i = pOp->p1;
  int alreadyExists = 0;
  Cursor *pC;
  assert( pTos>=p->aStack );
  assert( i>=0 && i<p->nCursor );
  assert( p->apCsr[i]!=0 );
  if( (pC = p->apCsr[i])->pCursor!=0 ){
    int res, rx;
    assert( pC->isTable==0 );
    assert( pTos->flags & MEM_Blob );
    Stringify(pTos, encoding);
    rx = sqlite3BtreeMoveto(pC->pCursor, pTos->z, pTos->n, 0, &res);



    alreadyExists = rx==SQLITE_OK && res==0;
    pC->deferredMoveto = 0;
    pC->cacheStatus = CACHE_STALE;
  }
  if( pOp->opcode==OP_Found ){
    if( alreadyExists ) pc = pOp->p2 - 1;
  }else{
    if( !alreadyExists ) pc = pOp->p2 - 1;







|







 







|



|
>
>
>
|







39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
....
3083
3084
3085
3086
3087
3088
3089
3090
3091
3092
3093
3094
3095
3096
3097
3098
3099
3100
3101
3102
3103
3104
3105
**
** Various scripts scan this source file in order to generate HTML
** documentation, headers files, or other derived files.  The formatting
** of the code in this file is, therefore, important.  See other comments
** in this file for details.  If in doubt, do not deviate from existing
** commenting and indentation practices when changing or adding code.
**
** $Id: vdbe.c,v 1.649 2007/08/30 11:48:32 danielk1977 Exp $
*/
#include "sqliteInt.h"
#include <ctype.h>
#include <math.h>
#include "vdbeInt.h"

/*
................................................................................
  int i = pOp->p1;
  int alreadyExists = 0;
  Cursor *pC;
  assert( pTos>=p->aStack );
  assert( i>=0 && i<p->nCursor );
  assert( p->apCsr[i]!=0 );
  if( (pC = p->apCsr[i])->pCursor!=0 ){
    int res;
    assert( pC->isTable==0 );
    assert( pTos->flags & MEM_Blob );
    Stringify(pTos, encoding);
    rc = sqlite3BtreeMoveto(pC->pCursor, pTos->z, pTos->n, 0, &res);
    if( rc!=SQLITE_OK ){
      break;
    }
    alreadyExists = (res==0);
    pC->deferredMoveto = 0;
    pC->cacheStatus = CACHE_STALE;
  }
  if( pOp->opcode==OP_Found ){
    if( alreadyExists ) pc = pOp->p2 - 1;
  }else{
    if( !alreadyExists ) pc = pOp->p2 - 1;

Changes to test/fuzz_malloc.test.

8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
..
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
..
81
82
83
84
85
86
87
88
89
#    May you find forgiveness for yourself and forgive others.
#    May you share freely, never taking more than you give.
#
#***********************************************************************
#
# This file tests malloc failures in concert with fuzzy SQL generation.
#
# $Id: fuzz_malloc.test,v 1.7 2007/08/29 19:15:09 drh Exp $

set testdir [file dirname $argv0]
source $testdir/tester.tcl

source $testdir/malloc_common.tcl
source $testdir/fuzz_common.tcl

................................................................................
#     -repeats
#     
proc do_fuzzy_malloc_test {testname args} {
  set ::fuzzyopts(-repeats) $::REPEATS
  set ::fuzzyopts(-sqlprep) {}
  array set ::fuzzyopts $args

  sqlite3_memdebug_fail -1 -repeat 0
  db close
  file delete test.db test.db-journal
  sqlite3 db test.db
  set ::prep $::fuzzyopts(-sqlprep)
  execsql $::prep
  set jj 0
  for {set ii 0} {$ii < $::fuzzyopts(-repeats)} {incr ii} {
................................................................................
set ::TableList  [list abc def ghi]
set ::ColumnList [list a b c]

do_fuzzy_malloc_test fuzzy_malloc-3 \
  -template {[Select]}              \
  -sqlprep $::SQLPREP

sqlite3_memdebug_fail -1
finish_test







|







 







|







 







<

8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
..
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
..
81
82
83
84
85
86
87

88
#    May you find forgiveness for yourself and forgive others.
#    May you share freely, never taking more than you give.
#
#***********************************************************************
#
# This file tests malloc failures in concert with fuzzy SQL generation.
#
# $Id: fuzz_malloc.test,v 1.8 2007/08/30 11:48:32 danielk1977 Exp $

set testdir [file dirname $argv0]
source $testdir/tester.tcl

source $testdir/malloc_common.tcl
source $testdir/fuzz_common.tcl

................................................................................
#     -repeats
#     
proc do_fuzzy_malloc_test {testname args} {
  set ::fuzzyopts(-repeats) $::REPEATS
  set ::fuzzyopts(-sqlprep) {}
  array set ::fuzzyopts $args

  sqlite3_memdebug_fail -1
  db close
  file delete test.db test.db-journal
  sqlite3 db test.db
  set ::prep $::fuzzyopts(-sqlprep)
  execsql $::prep
  set jj 0
  for {set ii 0} {$ii < $::fuzzyopts(-repeats)} {incr ii} {
................................................................................
set ::TableList  [list abc def ghi]
set ::ColumnList [list a b c]

do_fuzzy_malloc_test fuzzy_malloc-3 \
  -template {[Select]}              \
  -sqlprep $::SQLPREP


finish_test

Changes to test/incrblob_err.test.

5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
..
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
#
#    May you do good and not evil.
#    May you find forgiveness for yourself and forgive others.
#    May you share freely, never taking more than you give.
#
#***********************************************************************
#
# $Id: incrblob_err.test,v 1.6 2007/08/29 12:31:29 danielk1977 Exp $
#

set testdir [file dirname $argv0]
source $testdir/tester.tcl

ifcapable {!incrblob  || !memdebug} {
  finish_test
  return
}

# Only run these tests if memory debugging is turned on.
#
if {[info command sqlite3_memdebug_fail]==""} {
   puts "Skipping incrblob_err tests: not compiled with -DSQLITE_MEMDEBUG..."
   finish_test
   return
}

source $testdir/malloc_common.tcl

set ::fd [open [info script]]
set ::data [read $::fd]
close $::fd

do_malloc_test 1 -tclprep {
................................................................................
    error "Bad data read..."
  }
  set rc [catch {close $::blob}]
  if {$rc} { 
    error "out of memory" 
  }
} 
sqlite3_memdebug_fail -1

do_ioerr_test incrblob_err-4 -cksum 1 -sqlprep {
  CREATE TABLE blobs(k, v BLOB);
  INSERT INTO blobs VALUES(1, $::data);
} -tclbody {
  set ::blob [db incrblob blobs v 1]
  read $::blob







|










<
<
<
<
<
<
<
<







 







<







5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22








23
24
25
26
27
28
29
..
67
68
69
70
71
72
73

74
75
76
77
78
79
80
#
#    May you do good and not evil.
#    May you find forgiveness for yourself and forgive others.
#    May you share freely, never taking more than you give.
#
#***********************************************************************
#
# $Id: incrblob_err.test,v 1.7 2007/08/30 11:48:32 danielk1977 Exp $
#

set testdir [file dirname $argv0]
source $testdir/tester.tcl

ifcapable {!incrblob  || !memdebug} {
  finish_test
  return
}









source $testdir/malloc_common.tcl

set ::fd [open [info script]]
set ::data [read $::fd]
close $::fd

do_malloc_test 1 -tclprep {
................................................................................
    error "Bad data read..."
  }
  set rc [catch {close $::blob}]
  if {$rc} { 
    error "out of memory" 
  }
} 


do_ioerr_test incrblob_err-4 -cksum 1 -sqlprep {
  CREATE TABLE blobs(k, v BLOB);
  INSERT INTO blobs VALUES(1, $::data);
} -tclbody {
  set ::blob [db incrblob blobs v 1]
  read $::blob

Changes to test/malloc4.test.

8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
..
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
#    May you share freely, never taking more than you give.
#
#***********************************************************************
#
# This file contains tests to ensure that the library handles malloc() failures
# correctly. The emphasis in this file is on sqlite3_column_XXX() APIs.
#
# $Id: malloc4.test,v 1.6 2007/08/29 12:31:29 danielk1977 Exp $

#---------------------------------------------------------------------------
# NOTES ON EXPECTED BEHAVIOUR
#
# [193] When a memory allocation failure occurs during sqlite3_column_name(),
#       sqlite3_column_name16(), sqlite3_column_decltype(), or
#       sqlite3_column_decltype16() the function shall return NULL.
................................................................................
      set mf1 [expr [sqlite3_memdebug_pending] < 0]
      set ::name8  [sqlite3_column_name $::STMT 0]
      set mf2 [expr [sqlite3_memdebug_pending] < 0]
      expr {$mf1 == $mf2 || $::name8 == ""}
    } {1}
    do_test ${testid}.2.2 {
      set mf1 [expr [sqlite3_memdebug_pending] < 0]
btree_breakpoint
      set ::name16 [sqlite3_column_name16 $::STMT 0]
      set ::name16 [encoding convertfrom unicode $::name16]
      set ::name16 [string range $::name16 0 end-1]
      set mf2 [expr [sqlite3_memdebug_pending] < 0]
puts [list $mf1 $mf2 $::name16]
      expr {$mf1 == $mf2 || $::name16 == ""}
    } {1}
    do_test ${testid}.2.3 {
      set mf1 [expr [sqlite3_memdebug_pending] < 0]
      set ::name8_2 [sqlite3_column_name $::STMT 0]
      set mf2 [expr [sqlite3_memdebug_pending] < 0]
      expr {$mf1 == $mf2 || $::name8_2 == ""}







|







 







<




<







8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
..
72
73
74
75
76
77
78

79
80
81
82

83
84
85
86
87
88
89
#    May you share freely, never taking more than you give.
#
#***********************************************************************
#
# This file contains tests to ensure that the library handles malloc() failures
# correctly. The emphasis in this file is on sqlite3_column_XXX() APIs.
#
# $Id: malloc4.test,v 1.7 2007/08/30 11:48:32 danielk1977 Exp $

#---------------------------------------------------------------------------
# NOTES ON EXPECTED BEHAVIOUR
#
# [193] When a memory allocation failure occurs during sqlite3_column_name(),
#       sqlite3_column_name16(), sqlite3_column_decltype(), or
#       sqlite3_column_decltype16() the function shall return NULL.
................................................................................
      set mf1 [expr [sqlite3_memdebug_pending] < 0]
      set ::name8  [sqlite3_column_name $::STMT 0]
      set mf2 [expr [sqlite3_memdebug_pending] < 0]
      expr {$mf1 == $mf2 || $::name8 == ""}
    } {1}
    do_test ${testid}.2.2 {
      set mf1 [expr [sqlite3_memdebug_pending] < 0]

      set ::name16 [sqlite3_column_name16 $::STMT 0]
      set ::name16 [encoding convertfrom unicode $::name16]
      set ::name16 [string range $::name16 0 end-1]
      set mf2 [expr [sqlite3_memdebug_pending] < 0]

      expr {$mf1 == $mf2 || $::name16 == ""}
    } {1}
    do_test ${testid}.2.3 {
      set mf1 [expr [sqlite3_memdebug_pending] < 0]
      set ::name8_2 [sqlite3_column_name $::STMT 0]
      set mf2 [expr [sqlite3_memdebug_pending] < 0]
      expr {$mf1 == $mf2 || $::name8_2 == ""}

Changes to test/malloc_common.tcl.

125
126
127
128
129
130
131

132
  
      if {[info exists ::mallocopts(-cleanup)]} {
        catch [list uplevel #0 $::mallocopts(-cleanup)] msg
      }
    }
  }
  unset ::mallocopts

}







>

125
126
127
128
129
130
131
132
133
  
      if {[info exists ::mallocopts(-cleanup)]} {
        catch [list uplevel #0 $::mallocopts(-cleanup)] msg
      }
    }
  }
  unset ::mallocopts
  sqlite3_memdebug_fail -1
}