/ Check-in [0d345e59]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Remove incorrect NEVER() macros from malloc.c. The allocations can be exceeded using sqlite3_malloc() and sqlite3_realloc(). (CVS 6826)
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 0d345e5923ff92a87195f6c04a29a56bf67ee43c
User & Date: drh 2009-06-26 18:35:17
Context
2009-06-27
00:48
Fix a bug in sqlite3_realloc() - if called with a size of more than 2147483392 it returns 0 but it also releases the prior allocation. (CVS 6827) check-in: 653df0af user: drh tags: trunk
2009-06-26
18:35
Remove incorrect NEVER() macros from malloc.c. The allocations can be exceeded using sqlite3_malloc() and sqlite3_realloc(). (CVS 6826) check-in: 0d345e59 user: drh tags: trunk
16:32
Removed a few compiler warnings under MSVC. (CVS 6825) check-in: f01a9fc3 user: shane tags: trunk
Changes
Hide Diffs Unified Diffs Show Whitespace Changes Patch

Changes to src/malloc.c.

8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
...
262
263
264
265
266
267
268
269
270
271
272
273


274
275
276
277
278
279
280
281
282
283
284
...
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
**    May you find forgiveness for yourself and forgive others.
**    May you share freely, never taking more than you give.
**
*************************************************************************
**
** Memory allocation functions used throughout sqlite.
**
** $Id: malloc.c,v 1.62 2009/05/03 20:23:54 drh Exp $
*/
#include "sqliteInt.h"
#include <stdarg.h>

/*
** This routine runs when the memory allocator sees that the
** total memory allocation is about to exceed the soft heap
................................................................................

/*
** Allocate memory.  This routine is like sqlite3_malloc() except that it
** assumes the memory subsystem has already been initialized.
*/
void *sqlite3Malloc(int n){
  void *p;
  if( n<=0 || NEVER(n>=0x7fffff00) ){
    /* The NEVER(n>=0x7fffff00) term is added out of paranoia.  We want to make
    ** absolutely sure that there is nothing within SQLite that can cause a
    ** memory allocation of a number of bytes which is near the maximum signed
    ** integer value and thus cause an integer overflow inside of the xMalloc()


    ** implementation.  The n>=0x7fffff00 gives us 255 bytes of headroom.  The
    ** test should never be true because SQLITE_MAX_LENGTH should be much
    ** less than 0x7fffff00 and it should catch large memory allocations
    ** before they reach this point. */
    p = 0;
  }else if( sqlite3GlobalConfig.bMemstat ){
    sqlite3_mutex_enter(mem0.mutex);
    mallocWithAlarm(n, &p);
    sqlite3_mutex_leave(mem0.mutex);
  }else{
    p = sqlite3GlobalConfig.m.xMalloc(n);
................................................................................
*/
void *sqlite3Realloc(void *pOld, int nBytes){
  int nOld, nNew;
  void *pNew;
  if( pOld==0 ){
    return sqlite3Malloc(nBytes);
  }
  if( nBytes<=0 || NEVER(nBytes>=0x7fffff00) ){
    /* The NEVER(...) term is explained in comments on sqlite3Malloc() */
    sqlite3_free(pOld);
    return 0;
  }
  nOld = sqlite3MallocSize(pOld);
  if( sqlite3GlobalConfig.bMemstat ){
    sqlite3_mutex_enter(mem0.mutex);
    sqlite3StatusSet(SQLITE_STATUS_MALLOC_SIZE, nBytes);







|







 







|
<
<
|
|
>
>
|
<
<
<







 







|
|







8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
...
262
263
264
265
266
267
268
269


270
271
272
273
274



275
276
277
278
279
280
281
...
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
**    May you find forgiveness for yourself and forgive others.
**    May you share freely, never taking more than you give.
**
*************************************************************************
**
** Memory allocation functions used throughout sqlite.
**
** $Id: malloc.c,v 1.63 2009/06/26 18:35:17 drh Exp $
*/
#include "sqliteInt.h"
#include <stdarg.h>

/*
** This routine runs when the memory allocator sees that the
** total memory allocation is about to exceed the soft heap
................................................................................

/*
** Allocate memory.  This routine is like sqlite3_malloc() except that it
** assumes the memory subsystem has already been initialized.
*/
void *sqlite3Malloc(int n){
  void *p;
  if( n<=0 || n>=0x7fffff00 ){


    /* A memory allocation of a number of bytes which is near the maximum
    ** signed integer value might cause an integer overflow inside of the
    ** xMalloc().  Hence we limit the maximum size to 0x7fffff00, giving
    ** 255 bytes of overhead.  SQLite itself will never use anything near
    ** this amount.  The only way to reach the limit is with sqlite3_malloc() */



    p = 0;
  }else if( sqlite3GlobalConfig.bMemstat ){
    sqlite3_mutex_enter(mem0.mutex);
    mallocWithAlarm(n, &p);
    sqlite3_mutex_leave(mem0.mutex);
  }else{
    p = sqlite3GlobalConfig.m.xMalloc(n);
................................................................................
*/
void *sqlite3Realloc(void *pOld, int nBytes){
  int nOld, nNew;
  void *pNew;
  if( pOld==0 ){
    return sqlite3Malloc(nBytes);
  }
  if( nBytes<=0 || nBytes>=0x7fffff00 ){
    /* The 0x7ffff00 limit term is explained in comments on sqlite3Malloc() */
    sqlite3_free(pOld);
    return 0;
  }
  nOld = sqlite3MallocSize(pOld);
  if( sqlite3GlobalConfig.bMemstat ){
    sqlite3_mutex_enter(mem0.mutex);
    sqlite3StatusSet(SQLITE_STATUS_MALLOC_SIZE, nBytes);