/ Check-in [7f3943fb]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a potential NULL pointer deference on a corrupt database schema. Cherrypick of [dc61b292d8ea].
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | branch-3.8.6
Files: files | file ages | folders
SHA1: 7f3943fb01490180055312363cdd8a47642f4e9d
User & Date: dan 2015-05-20 20:24:10
Context
2015-05-20
20:27
Fix an obscure problem with "INSERT INTO tbl(cols) SELECT" statements where the SELECT is a compound with an ORDER BY and "cols" is a strict subset of tbl's columns. Cherrypick of [718d5d0eab04]. check-in: 3cd2b772 user: dan tags: branch-3.8.6
20:24
Fix a potential NULL pointer deference on a corrupt database schema. Cherrypick of [dc61b292d8ea]. check-in: 7f3943fb user: dan tags: branch-3.8.6
20:21
Fix a bug caused by cherrypicking from a branch that assumes sqlite3_stricmp() can handle NULL arguments. check-in: 2c649cdf user: dan tags: branch-3.8.6
2015-04-19
19:21
Fix a potential NULL pointer deference on a corrupt database schema. check-in: dc61b292 user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/expr.c.

  1206   1206       sqlite3DbFree(db, pItem->zSpan);
  1207   1207     }
  1208   1208     sqlite3DbFree(db, pList->a);
  1209   1209     sqlite3DbFree(db, pList);
  1210   1210   }
  1211   1211   
  1212   1212   /*
  1213         -** These routines are Walker callbacks.  Walker.u.pi is a pointer
  1214         -** to an integer.  These routines are checking an expression to see
  1215         -** if it is a constant.  Set *Walker.u.pi to 0 if the expression is
  1216         -** not constant.
         1213  +** Return the bitwise-OR of all Expr.flags fields in the given
         1214  +** ExprList.
         1215  +*/
         1216  +u32 sqlite3ExprListFlags(const ExprList *pList){
         1217  +  int i;
         1218  +  u32 m = 0;
         1219  +  if( pList ){
         1220  +    for(i=0; i<pList->nExpr; i++){
         1221  +       Expr *pExpr = pList->a[i].pExpr;
         1222  +       if( pExpr ) m |= pList->a[i].pExpr->flags;
         1223  +    }
         1224  +  }
         1225  +  return m;
         1226  +}
         1227  +
         1228  +/*
         1229  +** These routines are Walker callbacks used to check expressions to
         1230  +** see if they are "constant" for some definition of constant.  The
         1231  +** Walker.eCode value determines the type of "constant" we are looking
         1232  +** for.
  1217   1233   **
  1218   1234   ** These callback routines are used to implement the following:
  1219   1235   **
  1220   1236   **     sqlite3ExprIsConstant()
  1221   1237   **     sqlite3ExprIsConstantNotJoin()
  1222   1238   **     sqlite3ExprIsConstantOrFunction()
  1223   1239   **

Changes to test/misc1.test.

   622    622   } {0}
   623    623   
   624    624   do_catchsql_test misc1-20.1 {
   625    625     create table t0(o CHar(0)CHECK(0&O>O));
   626    626     insert into t0 select randomblob(0)-trim(0);
   627    627   } {1 {CHECK constraint failed: t0}}
   628    628   
          629  +
          630  +# 2015-04-19: NULL pointer dereference on a corrupt schema
          631  +#
          632  +do_execsql_test misc1-23.1 {
          633  +  DROP TABLE IF EXISTS t1;
          634  +  DROP TABLE IF EXISTS t2;
          635  +  CREATE TABLE t1(x);
          636  +  PRAGMA writable_schema=ON;
          637  +  UPDATE sqlite_master SET sql='CREATE table t(d CHECK(T(#0)';
          638  +  BEGIN;
          639  +  CREATE TABLE t2(y);
          640  +  ROLLBACK;
          641  +  DROP TABLE IF EXISTS t3;
          642  +} {}
   629    643   
   630    644   finish_test