Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Prevent a possible NULL pointer dereference in the OP_Found opcode that can follow an OOM error. Problem found by OSS-Fuzz. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | branch-3.19 |
| Files: | files | file ages | folders |
| SHA3-256: |
50ad60ded54aa22dfdf519ed5da6451d |
| User & Date: | drh 2017-05-19 23:04:04 |
Context
|
2017-05-22
| ||
| 13:06 | Include the "msvc.h" header file in the amalgamation tarball. (check-in: 3dd6fe53 user: drh tags: branch-3.19) | |
|
2017-05-19
| ||
| 23:04 | Prevent a possible NULL pointer dereference in the OP_Found opcode that can follow an OOM error. Problem found by OSS-Fuzz. (check-in: 50ad60de user: drh tags: branch-3.19) | |
| 22:51 | Prevent a possible NULL pointer dereference in the OP_Found opcode that can follow an OOM error. Problem found by OSS-Fuzz. (check-in: c2de178f user: drh tags: trunk) | |
| 20:46 | Branch for the 3.19 release. (check-in: f2b829ec user: drh tags: branch-3.19) | |
Changes
Changes to src/vdbe.c.
4102 4102 assert( (r.aMem[ii].flags & MEM_Zero)==0 || r.aMem[ii].n==0 ); 4103 4103 if( ii ) REGISTER_TRACE(pOp->p3+ii, &r.aMem[ii]); 4104 4104 } 4105 4105 #endif 4106 4106 pIdxKey = &r; 4107 4107 pFree = 0; 4108 4108 }else{ 4109 + assert( pIn3->flags & MEM_Blob ); 4110 + rc = ExpandBlob(pIn3); 4111 + assert( rc==SQLITE_OK || rc==SQLITE_NOMEM ); 4112 + if( rc ) goto no_mem; 4109 4113 pFree = pIdxKey = sqlite3VdbeAllocUnpackedRecord(pC->pKeyInfo); 4110 4114 if( pIdxKey==0 ) goto no_mem; 4111 - assert( pIn3->flags & MEM_Blob ); 4112 - (void)ExpandBlob(pIn3); 4113 4115 sqlite3VdbeRecordUnpack(pC->pKeyInfo, pIn3->n, pIn3->z, pIdxKey); 4114 4116 } 4115 4117 pIdxKey->default_rc = 0; 4116 4118 takeJump = 0; 4117 4119 if( pOp->opcode==OP_NoConflict ){ 4118 4120 /* For the OP_NoConflict opcode, take the jump if any of the 4119 4121 ** input fields are NULL, since any key with a NULL will not