SQLite

Check-in [50ad60ded5]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Prevent a possible NULL pointer dereference in the OP_Found opcode that can follow an OOM error. Problem found by OSS-Fuzz.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | branch-3.19
Files: files | file ages | folders
SHA3-256: 50ad60ded54aa22dfdf519ed5da6451de790e22a972ff299f7976fbdce7a0579
User & Date: drh 2017-05-19 23:04:04.031
Context
2017-05-22
13:06
Include the "msvc.h" header file in the amalgamation tarball. (check-in: 3dd6fe53c7 user: drh tags: branch-3.19)
2017-05-19
23:04
Prevent a possible NULL pointer dereference in the OP_Found opcode that can follow an OOM error. Problem found by OSS-Fuzz. (check-in: 50ad60ded5 user: drh tags: branch-3.19)
22:51
Prevent a possible NULL pointer dereference in the OP_Found opcode that can follow an OOM error. Problem found by OSS-Fuzz. (check-in: c2de178fe7 user: drh tags: trunk)
20:46
Branch for the 3.19 release. (check-in: f2b829ec52 user: drh tags: branch-3.19)
Changes
Side-by-Side Diff Ignore Whitespace Patch
Changes to src/vdbe.c.
4102
4103
4104
4105
4106
4107
4108




4109
4110
4111
4112
4113
4114
4115
4116
4117
4118
4119
4102
4103
4104
4105
4106
4107
4108
4109
4110
4111
4112
4113
4114


4115
4116
4117
4118
4119
4120
4121







+
+
+
+


-
-







      assert( (r.aMem[ii].flags & MEM_Zero)==0 || r.aMem[ii].n==0 );
      if( ii ) REGISTER_TRACE(pOp->p3+ii, &r.aMem[ii]);
    }
#endif
    pIdxKey = &r;
    pFree = 0;
  }else{
    assert( pIn3->flags & MEM_Blob );
    rc = ExpandBlob(pIn3);
    assert( rc==SQLITE_OK || rc==SQLITE_NOMEM );
    if( rc ) goto no_mem;
    pFree = pIdxKey = sqlite3VdbeAllocUnpackedRecord(pC->pKeyInfo);
    if( pIdxKey==0 ) goto no_mem;
    assert( pIn3->flags & MEM_Blob );
    (void)ExpandBlob(pIn3);
    sqlite3VdbeRecordUnpack(pC->pKeyInfo, pIn3->n, pIn3->z, pIdxKey);
  }
  pIdxKey->default_rc = 0;
  takeJump = 0;
  if( pOp->opcode==OP_NoConflict ){
    /* For the OP_NoConflict opcode, take the jump if any of the
    ** input fields are NULL, since any key with a NULL will not