/ Check-in [2df6bbf1]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a memory leak in the processing of nested row values. This problem has existed every since row values support was added (version 3.15.0, 2016-10-14) but was only just now detected by OSSFuzz.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 2df6bbf1b8ca881c8a465d6624de66fde4c5975ccae6b2f2dda392b137f577de
User & Date: drh 2018-02-18 17:50:03
Context
2018-02-19
13:53
Fix an assert so that it compares two CellInfo objects field by field instead of using memcmp(). Memcmp() does not work on x86 because of uninitialized padding bytes. check-in: 88258770 user: drh tags: trunk
2018-02-18
17:50
Fix a memory leak in the processing of nested row values. This problem has existed every since row values support was added (version 3.15.0, 2016-10-14) but was only just now detected by OSSFuzz. check-in: 2df6bbf1 user: drh tags: trunk
00:54
Port mutex enhancments from check-in [f53b8a573b] to the Win32 implementation. check-in: 74bb7225 user: mistachkin tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/whereexpr.c.

  1287   1287   
  1288   1288         pNew = sqlite3PExpr(pParse, pExpr->op, pLeft, pRight);
  1289   1289         transferJoinMarkings(pNew, pExpr);
  1290   1290         idxNew = whereClauseInsert(pWC, pNew, TERM_DYNAMIC);
  1291   1291         exprAnalyze(pSrc, pWC, idxNew);
  1292   1292       }
  1293   1293       pTerm = &pWC->a[idxTerm];
  1294         -    pTerm->wtFlags = TERM_CODED|TERM_VIRTUAL;  /* Disable the original */
         1294  +    pTerm->wtFlags |= TERM_CODED|TERM_VIRTUAL;  /* Disable the original */
  1295   1295       pTerm->eOperator = 0;
  1296   1296     }
  1297   1297   
  1298   1298     /* If there is a vector IN term - e.g. "(a, b) IN (SELECT ...)" - create
  1299   1299     ** a virtual term for each vector component. The expression object
  1300   1300     ** used by each such virtual term is pExpr (the full vector IN(...) 
  1301   1301     ** expression). The WhereTerm.iField variable identifies the index within

Changes to test/rowvalue.test.

   535    535   } {2 22 1 11}
   536    536   do_execsql_test 19.35 {
   537    537     SELECT * FROM t1 WHERE (3,33)>=(a,b) ORDER BY a DESC;
   538    538   } {3 33 2 22 1 11}
   539    539   do_execsql_test 19.36 {
   540    540     SELECT * FROM t1 WHERE (3,32)>=(a,b) ORDER BY a DESC;
   541    541   } {2 22 1 11}
          542  +
          543  +# 2018-02-18: Memory leak nexted row-value.  Detected by OSSFuzz.
          544  +#
          545  +do_catchsql_test 20.1 {
          546  +  SELECT 1 WHERE (2,(2,0)) IS (2,(2,0));
          547  +} {0 1}
   542    548   
   543    549   finish_test