/ Check-in [990237e2]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Where possible, avoid freeing buffers allocated for vdbe memory cells in case they can be reused. (CVS 4783)
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 990237e27e417aff3dbf05784b716c21f3761a3a
User & Date: danielk1977 2008-02-13 18:25:27
Context
2008-02-13
23:48
always use random access mode when opening files (like on Windows) (CVS 4784) check-in: 9f4da101 user: pweilbacher tags: trunk
18:25
Where possible, avoid freeing buffers allocated for vdbe memory cells in case they can be reused. (CVS 4783) check-in: 990237e2 user: danielk1977 tags: trunk
2008-02-12
16:52
When materializing a view for an UPDATE or DELETE make use of the WHERE clause to limit the number of rows materialized. Ticket #2938. (CVS 4782) check-in: 5ab71c3a user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/attach.c.

     7      7   **    May you do good and not evil.
     8      8   **    May you find forgiveness for yourself and forgive others.
     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   ** This file contains code used to implement the ATTACH and DETACH commands.
    13     13   **
    14         -** $Id: attach.c,v 1.71 2008/02/06 14:11:35 drh Exp $
           14  +** $Id: attach.c,v 1.72 2008/02/13 18:25:27 danielk1977 Exp $
    15     15   */
    16     16   #include "sqliteInt.h"
    17     17   
    18     18   #ifndef SQLITE_OMIT_ATTACH
    19     19   /*
    20     20   ** Resolve an expression that was part of an ATTACH or DETACH statement. This
    21     21   ** is slightly different from resolving a normal SQL expression, because simple
................................................................................
   324    324         SQLITE_OK!=(rc = resolveAttachExpr(&sName, pKey))
   325    325     ){
   326    326       pParse->nErr++;
   327    327       goto attach_end;
   328    328     }
   329    329   
   330    330     v = sqlite3GetVdbe(pParse);
   331         -  regArgs = sqlite3GetTempRange(pParse, 3);
          331  +  regArgs = sqlite3GetTempRange(pParse, 4);
   332    332     sqlite3ExprCode(pParse, pFilename, regArgs);
   333    333     sqlite3ExprCode(pParse, pDbname, regArgs+1);
   334    334     sqlite3ExprCode(pParse, pKey, regArgs+2);
   335    335   
   336    336     assert( v || db->mallocFailed );
   337    337     if( v ){
   338         -    sqlite3VdbeAddOp3(v, OP_Function, 0, regArgs+3-nFunc, regArgs);
          338  +    sqlite3VdbeAddOp3(v, OP_Function, 0, regArgs+3-nFunc, regArgs+3);
   339    339       sqlite3VdbeChangeP5(v, nFunc);
   340    340       pFunc = sqlite3FindFunction(db, zFunc, strlen(zFunc), nFunc, SQLITE_UTF8,0);
   341    341       sqlite3VdbeChangeP4(v, -1, (char *)pFunc, P4_FUNCDEF);
   342    342   
   343    343       /* Code an OP_Expire. For an ATTACH statement, set P1 to true (expire this
   344    344       ** statement only). For DETACH, set it to false (expire all existing
   345    345       ** statements).

Changes to src/insert.c.

     8      8   **    May you find forgiveness for yourself and forgive others.
     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   ** This file contains C code routines that are called by the parser
    13     13   ** to handle INSERT statements in SQLite.
    14     14   **
    15         -** $Id: insert.c,v 1.228 2008/01/25 15:04:50 drh Exp $
           15  +** $Id: insert.c,v 1.229 2008/02/13 18:25:27 danielk1977 Exp $
    16     16   */
    17     17   #include "sqliteInt.h"
    18     18   
    19     19   /*
    20     20   ** Set P4 of the most recently inserted opcode to a column affinity
    21     21   ** string for index pIdx. A column affinity string has one character
    22     22   ** for each column in the table, according to the affinity of the column:
................................................................................
   214    214     int memId          /* Memory cell holding the maximum rowid */
   215    215   ){
   216    216     if( pTab->autoInc ){
   217    217       int iCur = pParse->nTab;
   218    218       Vdbe *v = pParse->pVdbe;
   219    219       Db *pDb = &pParse->db->aDb[iDb];
   220    220       int j1;
          221  +    int iRec = ++pParse->nMem;    /* Memory cell used for record */
   221    222   
   222    223       assert( v );
   223    224       sqlite3OpenTable(pParse, iCur, iDb, pDb->pSchema->pSeqTab, OP_OpenWrite);
   224    225       j1 = sqlite3VdbeAddOp1(v, OP_NotNull, memId+1);
   225    226       sqlite3VdbeAddOp2(v, OP_NewRowid, iCur, memId+1);
   226    227       sqlite3VdbeJumpHere(v, j1);
   227         -    sqlite3VdbeAddOp3(v, OP_MakeRecord, memId-1, 2, memId-1);
   228         -    sqlite3VdbeAddOp3(v, OP_Insert, iCur, memId-1, memId+1);
          228  +    sqlite3VdbeAddOp3(v, OP_MakeRecord, memId-1, 2, iRec);
          229  +    sqlite3VdbeAddOp3(v, OP_Insert, iCur, iRec, memId+1);
   229    230       sqlite3VdbeChangeP5(v, OPFLAG_APPEND);
   230    231       sqlite3VdbeAddOp1(v, OP_Close, iCur);
   231    232     }
   232    233   }
   233    234   #else
   234    235   /*
   235    236   ** If SQLITE_OMIT_AUTOINCREMENT is defined, then the three routines

Changes to src/legacy.c.

    10     10   **
    11     11   *************************************************************************
    12     12   ** Main file for the SQLite library.  The routines in this file
    13     13   ** implement the programmer interface to the library.  Routines in
    14     14   ** other files are for internal use by SQLite and should not be
    15     15   ** accessed by users of the library.
    16     16   **
    17         -** $Id: legacy.c,v 1.22 2007/08/29 12:31:26 danielk1977 Exp $
           17  +** $Id: legacy.c,v 1.23 2008/02/13 18:25:27 danielk1977 Exp $
    18     18   */
    19     19   
    20     20   #include "sqliteInt.h"
    21     21   #include <ctype.h>
    22     22   
    23     23   /*
    24     24   ** Execute SQL code.  Return one of the SQLITE_ success/failure
................................................................................
    78     78   
    79     79         /* Invoke the callback function if required */
    80     80         if( xCallback && (SQLITE_ROW==rc || 
    81     81             (SQLITE_DONE==rc && !nCallback && db->flags&SQLITE_NullCallback)) ){
    82     82           if( 0==nCallback ){
    83     83             for(i=0; i<nCol; i++){
    84     84               azCols[i] = (char *)sqlite3_column_name(pStmt, i);
           85  +            if( !azCols[i] ){
           86  +              db->mallocFailed = 1;
           87  +              goto exec_out;
           88  +            }
    85     89             }
    86     90             nCallback++;
    87     91           }
    88     92           if( rc==SQLITE_ROW ){
    89     93             azVals = &azCols[nCol];
    90     94             for(i=0; i<nCol; i++){
    91     95               azVals[i] = (char *)sqlite3_column_text(pStmt, i);
           96  +            if( !azVals[i] && sqlite3_column_type(pStmt, i)!=SQLITE_NULL ){
           97  +              db->mallocFailed = 1;
           98  +              goto exec_out;
           99  +            }
    92    100             }
    93    101           }
    94    102           if( xCallback(pArg, nCol, azVals, azCols) ){
    95    103             rc = SQLITE_ABORT;
    96    104             goto exec_out;
    97    105           }
    98    106         }

Changes to src/mem1.c.

     8      8   **    May you find forgiveness for yourself and forgive others.
     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   ** This file contains the C functions that implement a memory
    13     13   ** allocation subsystem for use by SQLite.  
    14     14   **
    15         -** $Id: mem1.c,v 1.14 2007/11/29 18:36:49 drh Exp $
           15  +** $Id: mem1.c,v 1.15 2008/02/13 18:25:27 danielk1977 Exp $
    16     16   */
    17     17   
    18     18   /*
    19     19   ** This version of the memory allocator is the default.  It is
    20     20   ** used when no other memory allocator is specified using compile-time
    21     21   ** macros.
    22     22   */
................................................................................
   184    184     p--;
   185    185     nByte = (int)*p;
   186    186     sqlite3_mutex_enter(mem.mutex);
   187    187     mem.nowUsed -= nByte;
   188    188     free(p);
   189    189     sqlite3_mutex_leave(mem.mutex);  
   190    190   }
          191  +
          192  +/*
          193  +** Return the number of bytes allocated at p.
          194  +*/
          195  +int sqlite3MallocSize(void *p){
          196  +  sqlite3_int64 *pInt;
          197  +  if( !p ) return 0;
          198  +  pInt = p;
          199  +  return pInt[-1];
          200  +}
   191    201   
   192    202   /*
   193    203   ** Change the size of an existing memory allocation
   194    204   */
   195    205   void *sqlite3_realloc(void *pPrior, int nBytes){
   196    206     int nOld;
   197    207     sqlite3_int64 *p;

Changes to src/mem2.c.

     8      8   **    May you find forgiveness for yourself and forgive others.
     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   ** This file contains the C functions that implement a memory
    13     13   ** allocation subsystem for use by SQLite.  
    14     14   **
    15         -** $Id: mem2.c,v 1.19 2008/01/22 21:30:53 drh Exp $
           15  +** $Id: mem2.c,v 1.20 2008/02/13 18:25:27 danielk1977 Exp $
    16     16   */
    17     17   
    18     18   /*
    19     19   ** This version of the memory allocator is used only if the
    20     20   ** SQLITE_MEMDEBUG macro is defined and SQLITE_OMIT_MEMORY_ALLOCATION
    21     21   ** is not defined.
    22     22   */
................................................................................
   238    238     p--;
   239    239     assert( p->iForeGuard==FOREGUARD );
   240    240     assert( (p->iSize & 3)==0 );
   241    241     pInt = (int*)pAllocation;
   242    242     assert( pInt[p->iSize/sizeof(int)]==REARGUARD );
   243    243     return p;
   244    244   }
          245  +
          246  +/*
          247  +** Return the number of bytes currently allocated at address p.
          248  +*/
          249  +int sqlite3MallocSize(void *p){
          250  +  struct MemBlockHdr *pHdr;
          251  +  if( !p ){
          252  +    return 0;
          253  +  }
          254  +  pHdr = sqlite3MemsysGetHeader(p);
          255  +  return pHdr->iSize;
          256  +}
   245    257   
   246    258   /*
   247    259   ** Allocate nByte bytes of memory.
   248    260   */
   249    261   void *sqlite3_malloc(int nByte){
   250    262     struct MemBlockHdr *pHdr;
   251    263     void **pBt;
................................................................................
   447    459       }
   448    460     }
   449    461     if( mem.sizeCnt[NCSIZE-1] ){
   450    462       fprintf(out, "  >%3d: %d\n", NCSIZE*8, mem.sizeCnt[NCSIZE-1]);
   451    463     }
   452    464     fclose(out);
   453    465   }
          466  +
          467  +/*
          468  +** Return the number of times sqlite3_malloc() has been called.
          469  +*/
          470  +int sqlite3_memdebug_malloc_count(){
          471  +  int i;
          472  +  int nTotal = 0;
          473  +  for(i=0; i<NCSIZE; i++){
          474  +    nTotal += mem.sizeCnt[i];
          475  +  }
          476  +  return nTotal;
          477  +}
   454    478   
   455    479   
   456    480   #endif /* SQLITE_MEMDEBUG && !SQLITE_OMIT_MEMORY_ALLOCATION */

Changes to src/mem3.c.

    16     16   ** use of malloc().  All dynamically allocatable memory is
    17     17   ** contained in a static array, mem.aPool[].  The size of this
    18     18   ** fixed memory pool is SQLITE_MEMORY_SIZE bytes.
    19     19   **
    20     20   ** This version of the memory allocation subsystem is used if
    21     21   ** and only if SQLITE_MEMORY_SIZE is defined.
    22     22   **
    23         -** $Id: mem3.c,v 1.8 2007/12/29 13:18:22 drh Exp $
           23  +** $Id: mem3.c,v 1.9 2008/02/13 18:25:27 danielk1977 Exp $
    24     24   */
    25     25   
    26     26   /*
    27     27   ** This version of the memory allocator is used only when 
    28     28   ** SQLITE_MEMORY_SIZE is defined.
    29     29   */
    30     30   #if defined(SQLITE_MEMORY_SIZE)
................................................................................
   287    287   }
   288    288   
   289    289   /*
   290    290   ** Return the size of an outstanding allocation, in bytes.  The
   291    291   ** size returned omits the 8-byte header overhead.  This only
   292    292   ** works for chunks that are currently checked out.
   293    293   */
   294         -static int memsys3Size(void *p){
          294  +int sqlite3MallocSize(void *p){
   295    295     Mem3Block *pBlock = (Mem3Block*)p;
   296    296     assert( (pBlock[-1].u.hdr.size4x&1)!=0 );
   297    297     return (pBlock[-1].u.hdr.size4x&~3)*2 - 4;
   298    298   }
   299    299   
   300    300   /*
   301    301   ** Chunk i is a free chunk that has been unlinked.  Adjust its 
................................................................................
   552    552       return sqlite3_malloc(nBytes);
   553    553     }
   554    554     if( nBytes<=0 ){
   555    555       sqlite3_free(pPrior);
   556    556       return 0;
   557    557     }
   558    558     assert( mem.mutex!=0 );
   559         -  nOld = memsys3Size(pPrior);
          559  +  nOld = sqlite3MallocSize(pPrior);
   560    560     if( nBytes<=nOld && nBytes>=nOld-128 ){
   561    561       return pPrior;
   562    562     }
   563    563     sqlite3_mutex_enter(mem.mutex);
   564    564     p = memsys3Malloc(nBytes);
   565    565     if( p ){
   566    566       if( nOld<nBytes ){

Changes to src/os.c.

     1         - /*
            1  +/*
     2      2   ** 2005 November 29
     3      3   **
     4      4   ** The author disclaims copyright to this source code.  In place of
     5      5   ** a legal notice, here is a blessing:
     6      6   **
     7      7   **    May you do good and not evil.
     8      8   **    May you find forgiveness for yourself and forgive others.

Changes to src/pragma.c.

     7      7   **    May you do good and not evil.
     8      8   **    May you find forgiveness for yourself and forgive others.
     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   ** This file contains code used to implement the PRAGMA command.
    13     13   **
    14         -** $Id: pragma.c,v 1.169 2008/01/22 01:48:09 drh Exp $
           14  +** $Id: pragma.c,v 1.170 2008/02/13 18:25:27 danielk1977 Exp $
    15     15   */
    16     16   #include "sqliteInt.h"
    17     17   #include <ctype.h>
    18     18   
    19     19   /* Ignore this whole file if pragmas are disabled
    20     20   */
    21     21   #if !defined(SQLITE_OMIT_PRAGMA) && !defined(SQLITE_OMIT_PARSER)
................................................................................
   890    890             sqlite3VdbeAddOp2(v, OP_Integer, pIdx->tnum, 2+cnt);
   891    891             cnt++;
   892    892           }
   893    893         }
   894    894         if( cnt==0 ) continue;
   895    895   
   896    896         /* Make sure sufficient number of registers have been allocated */
   897         -      if( pParse->nMem < cnt+3 ){
   898         -        pParse->nMem = cnt+3;
          897  +      if( pParse->nMem < cnt+4 ){
          898  +        pParse->nMem = cnt+4;
   899    899         }
   900    900   
   901    901         /* Do the b-tree integrity checks */
   902    902         sqlite3VdbeAddOp3(v, OP_IntegrityCk, 2, cnt, 1);
   903    903         sqlite3VdbeChangeP5(v, i);
   904    904         addr = sqlite3VdbeAddOp1(v, OP_IsNull, 2);
   905    905         sqlite3VdbeAddOp4(v, OP_String8, 0, 3, 0,
   906    906            sqlite3MPrintf(db, "*** in database %s ***\n", db->aDb[i].zName),
   907    907            P4_DYNAMIC);
   908         -      sqlite3VdbeAddOp3(v, OP_Concat, 2, 3, 2);
          908  +      sqlite3VdbeAddOp2(v, OP_Move, 2, 4);
          909  +      sqlite3VdbeAddOp3(v, OP_Concat, 4, 3, 2);
   909    910         sqlite3VdbeAddOp2(v, OP_ResultRow, 2, 1);
   910    911         sqlite3VdbeJumpHere(v, addr);
   911    912   
   912    913         /* Make sure all the indices are constructed correctly.
   913    914         */
   914    915         for(x=sqliteHashFirst(pTbls); x && !isQuick; x=sqliteHashNext(x)){
   915    916           Table *pTab = sqliteHashData(x);

Changes to src/select.c.

     8      8   **    May you find forgiveness for yourself and forgive others.
     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   ** This file contains C code routines that are called by the parser
    13     13   ** to handle SELECT statements in SQLite.
    14     14   **
    15         -** $Id: select.c,v 1.412 2008/02/06 23:52:37 drh Exp $
           15  +** $Id: select.c,v 1.413 2008/02/13 18:25:27 danielk1977 Exp $
    16     16   */
    17     17   #include "sqliteInt.h"
    18     18   
    19     19   
    20     20   /*
    21     21   ** Delete all the content of a Select structure but do not deallocate
    22     22   ** the select structure itself.
................................................................................
   806    806         break;
   807    807       }
   808    808   #ifndef SQLITE_OMIT_SUBQUERY
   809    809       case SRT_Set: {
   810    810         int j1;
   811    811         assert( nColumn==1 );
   812    812         j1 = sqlite3VdbeAddOp1(v, OP_IsNull, regRow);
   813         -      sqlite3VdbeAddOp4(v, OP_MakeRecord, regRow, 1, regRow, &p->affinity, 1);
   814         -      sqlite3VdbeAddOp2(v, OP_IdxInsert, iParm, regRow);
          813  +      sqlite3VdbeAddOp4(v, OP_MakeRecord, regRow, 1, regRowid, &p->affinity, 1);
          814  +      sqlite3VdbeAddOp2(v, OP_IdxInsert, iParm, regRowid);
   815    815         sqlite3VdbeJumpHere(v, j1);
   816    816         break;
   817    817       }
   818    818       case SRT_Mem: {
   819    819         assert( nColumn==1 );
   820    820         sqlite3VdbeAddOp2(v, OP_Move, regRow, iParm);
   821    821         /* The LIMIT clause will terminate the loop for us */

Changes to src/sqliteInt.h.

     7      7   **    May you do good and not evil.
     8      8   **    May you find forgiveness for yourself and forgive others.
     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   ** Internal interface definitions for SQLite.
    13     13   **
    14         -** @(#) $Id: sqliteInt.h,v 1.660 2008/02/12 16:52:14 drh Exp $
           14  +** @(#) $Id: sqliteInt.h,v 1.661 2008/02/13 18:25:27 danielk1977 Exp $
    15     15   */
    16     16   #ifndef _SQLITEINT_H_
    17     17   #define _SQLITEINT_H_
    18     18   
    19     19   /*
    20     20   ** The macro unlikely() is a hint that surrounds a boolean
    21     21   ** expression that is usually false.  Macro likely() surrounds
................................................................................
  1679   1679   void *sqlite3DbMallocRaw(sqlite3*, unsigned);
  1680   1680   char *sqlite3StrDup(const char*);
  1681   1681   char *sqlite3StrNDup(const char*, int);
  1682   1682   char *sqlite3DbStrDup(sqlite3*,const char*);
  1683   1683   char *sqlite3DbStrNDup(sqlite3*,const char*, int);
  1684   1684   void *sqlite3DbReallocOrFree(sqlite3 *, void *, int);
  1685   1685   void *sqlite3DbRealloc(sqlite3 *, void *, int);
         1686  +int sqlite3MallocSize(void *);
  1686   1687   
  1687   1688   char *sqlite3MPrintf(sqlite3*,const char*, ...);
  1688   1689   char *sqlite3VMPrintf(sqlite3*,const char*, va_list);
  1689   1690   #if defined(SQLITE_TEST) || defined(SQLITE_DEBUG)
  1690   1691     void sqlite3DebugPrintf(const char*, ...);
  1691   1692   #endif
  1692   1693   #if defined(SQLITE_TEST)

Changes to src/tclsqlite.c.

     8      8   **    May you find forgiveness for yourself and forgive others.
     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   ** A TCL Interface to SQLite.  Append this file to sqlite3.c and
    13     13   ** compile the whole thing to build a TCL-enabled version of SQLite.
    14     14   **
    15         -** $Id: tclsqlite.c,v 1.207 2007/11/14 06:48:48 danielk1977 Exp $
           15  +** $Id: tclsqlite.c,v 1.208 2008/02/13 18:25:27 danielk1977 Exp $
    16     16   */
    17     17   #include "tcl.h"
    18     18   #include <errno.h>
    19     19   
    20     20   /*
    21     21   ** Some additional include files are needed if this file is not
    22     22   ** appended to the amalgamation.
................................................................................
  1698   1698           for(i=0; i<nCol; i++){
  1699   1699             Tcl_Obj *pVal;
  1700   1700             
  1701   1701             /* Set pVal to contain the i'th column of this row. */
  1702   1702             switch( sqlite3_column_type(pStmt, i) ){
  1703   1703               case SQLITE_BLOB: {
  1704   1704                 int bytes = sqlite3_column_bytes(pStmt, i);
  1705         -              pVal = Tcl_NewByteArrayObj(sqlite3_column_blob(pStmt, i), bytes);
         1705  +              char *zBlob = sqlite3_column_blob(pStmt, i);
         1706  +              if( !zBlob ) bytes = 0;
         1707  +              pVal = Tcl_NewByteArrayObj(zBlob, bytes);
  1706   1708                 break;
  1707   1709               }
  1708   1710               case SQLITE_INTEGER: {
  1709   1711                 sqlite_int64 v = sqlite3_column_int64(pStmt, i);
  1710   1712                 if( v>=-2147483647 && v<=2147483647 ){
  1711   1713                   pVal = Tcl_NewIntObj(v);
  1712   1714                 }else{

Changes to src/test1.c.

     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   ** Code for testing all sorts of SQLite interfaces.  This code
    13     13   ** is not included in the SQLite library.  It is used for automated
    14     14   ** testing of the SQLite library.
    15     15   **
    16         -** $Id: test1.c,v 1.287 2008/01/23 14:51:50 drh Exp $
           16  +** $Id: test1.c,v 1.288 2008/02/13 18:25:27 danielk1977 Exp $
    17     17   */
    18     18   #include "sqliteInt.h"
    19     19   #include "tcl.h"
    20     20   #include <stdlib.h>
    21     21   #include <string.h>
    22     22   
    23     23   /*
................................................................................
   950    950             ptrChngFunction, 0, 0);
   951    951     }
   952    952   
   953    953   #ifndef SQLITE_OMIT_UTF16
   954    954     /* Use the sqlite3_create_function16() API here. Mainly for fun, but also 
   955    955     ** because it is not tested anywhere else. */
   956    956     if( rc==SQLITE_OK ){
          957  +    void *zUtf16;
   957    958       sqlite3_value *pVal;
   958    959       sqlite3_mutex_enter(db->mutex);
   959    960       pVal = sqlite3ValueNew(db);
   960    961       sqlite3ValueSetStr(pVal, -1, "x_sqlite_exec", SQLITE_UTF8, SQLITE_STATIC);
          962  +    zUtf16 = sqlite3ValueText(pVal, SQLITE_UTF16NATIVE);
   961    963       if( db->mallocFailed ){
   962    964         rc = SQLITE_NOMEM;
   963    965       }else{
   964         -      rc = sqlite3_create_function16(db, 
   965         -              sqlite3ValueText(pVal, SQLITE_UTF16NATIVE),
   966         -              1, SQLITE_UTF16, db, sqlite3ExecFunc, 0, 0);
          966  +      rc = sqlite3_create_function16(db, zUtf16, 
          967  +                1, SQLITE_UTF16, db, sqlite3ExecFunc, 0, 0);
   967    968       }
   968    969       sqlite3ValueFree(pVal);
   969    970       sqlite3_mutex_leave(db->mutex);
   970    971     }
   971    972   #endif
   972    973   
   973    974     if( sqlite3TestErrCode(interp, db, rc) ) return TCL_ERROR;
................................................................................
  2148   2149     pTestCollateInterp = interp;
  2149   2150     if( getDbPointer(interp, Tcl_GetString(objv[1]), &db) ) return TCL_ERROR;
  2150   2151   
  2151   2152     if( TCL_OK!=Tcl_GetBooleanFromObj(interp, objv[2], &val) ) return TCL_ERROR;
  2152   2153     rc = sqlite3_create_collation(db, "test_collate", SQLITE_UTF8, 
  2153   2154             (void *)SQLITE_UTF8, val?test_collate_func:0);
  2154   2155     if( rc==SQLITE_OK ){
         2156  +    void *zUtf16;
  2155   2157       if( TCL_OK!=Tcl_GetBooleanFromObj(interp, objv[3], &val) ) return TCL_ERROR;
  2156   2158       rc = sqlite3_create_collation(db, "test_collate", SQLITE_UTF16LE, 
  2157   2159               (void *)SQLITE_UTF16LE, val?test_collate_func:0);
  2158   2160       if( TCL_OK!=Tcl_GetBooleanFromObj(interp, objv[4], &val) ) return TCL_ERROR;
  2159   2161   
  2160   2162   #if 0
  2161   2163       if( sqlite3_iMallocFail>0 ){
  2162   2164         sqlite3_iMallocFail++;
  2163   2165       }
  2164   2166   #endif
  2165   2167       sqlite3_mutex_enter(db->mutex);
  2166   2168       pVal = sqlite3ValueNew(db);
  2167   2169       sqlite3ValueSetStr(pVal, -1, "test_collate", SQLITE_UTF8, SQLITE_STATIC);
         2170  +    zUtf16 = sqlite3ValueText(pVal, SQLITE_UTF16NATIVE);
  2168   2171       if( db->mallocFailed ){
  2169   2172         rc = SQLITE_NOMEM;
  2170   2173       }else{
  2171         -      rc = sqlite3_create_collation16(db, 
  2172         -          sqlite3ValueText(pVal, SQLITE_UTF16NATIVE), SQLITE_UTF16BE, 
         2174  +      rc = sqlite3_create_collation16(db, zUtf16, SQLITE_UTF16BE, 
  2173   2175             (void *)SQLITE_UTF16BE, val?test_collate_func:0);
  2174   2176       }
  2175   2177       sqlite3ValueFree(pVal);
  2176   2178       sqlite3_mutex_leave(db->mutex);
  2177   2179     }
  2178   2180     if( sqlite3TestErrCode(interp, db, rc) ) return TCL_ERROR;
  2179   2181     

Changes to src/test8.c.

     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   ** Code for testing the virtual table interfaces.  This code
    13     13   ** is not included in the SQLite library.  It is used for automated
    14     14   ** testing of the SQLite library.
    15     15   **
    16         -** $Id: test8.c,v 1.59 2008/01/22 21:30:53 drh Exp $
           16  +** $Id: test8.c,v 1.60 2008/02/13 18:25:27 danielk1977 Exp $
    17     17   */
    18     18   #include "sqliteInt.h"
    19     19   #include "tcl.h"
    20     20   #include <stdlib.h>
    21     21   #include <string.h>
    22     22   
    23     23   #ifndef SQLITE_OMIT_VIRTUALTABLE
................................................................................
   156    156       nCol = sqlite3_column_count(pStmt);
   157    157   
   158    158       /* Figure out how much space to allocate for the array of column names 
   159    159       ** (including space for the strings themselves). Then allocate it.
   160    160       */
   161    161       nBytes = sizeof(char *) * nCol;
   162    162       for(ii=0; ii<nCol; ii++){
   163         -      nBytes += (strlen(sqlite3_column_name(pStmt, ii)) + 1);
          163  +      const char *zName = sqlite3_column_name(pStmt, ii);
          164  +      if( !zName ){
          165  +        rc = SQLITE_NOMEM;
          166  +        goto out;
          167  +      }
          168  +      nBytes += strlen(zName)+1;
   164    169       }
   165    170       aCol = (char **)sqlite3MallocZero(nBytes);
   166    171       if( !aCol ){
   167    172         rc = SQLITE_NOMEM;
   168    173         goto out;
   169    174       }
   170    175   
................................................................................
   948    953     if( rc==SQLITE_OK ) {
   949    954       if( bindArgZero ){
   950    955         sqlite3_bind_value(pStmt, nData, apData[0]);
   951    956       }
   952    957       if( bindArgOne ){
   953    958         sqlite3_bind_value(pStmt, 1, apData[1]);
   954    959       }
   955         -    for(i=2; i<nData; i++){
   956         -      if( apData[i] ) sqlite3_bind_value(pStmt, i, apData[i]);
          960  +    for(i=2; i<nData && rc==SQLITE_OK; i++){
          961  +      if( apData[i] ) rc = sqlite3_bind_value(pStmt, i, apData[i]);
   957    962       }
   958         -    sqlite3_step(pStmt);
   959         -    rc = sqlite3_finalize(pStmt);
          963  +    if( rc==SQLITE_OK ){
          964  +      sqlite3_step(pStmt);
          965  +      rc = sqlite3_finalize(pStmt);
          966  +    }else{
          967  +      sqlite3_finalize(pStmt);
          968  +    }
   960    969     }
   961    970   
   962    971     if( pRowid && rc==SQLITE_OK ){
   963    972       *pRowid = sqlite3_last_insert_rowid(db);
   964    973     }
   965    974   
   966    975     return rc;

Changes to src/test_malloc.c.

     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   **
    13     13   ** This file contains code used to implement test interfaces to the
    14     14   ** memory allocation subsystem.
    15     15   **
    16         -** $Id: test_malloc.c,v 1.11 2008/01/31 14:43:24 drh Exp $
           16  +** $Id: test_malloc.c,v 1.12 2008/02/13 18:25:27 danielk1977 Exp $
    17     17   */
    18     18   #include "sqliteInt.h"
    19     19   #include "tcl.h"
    20     20   #include <stdlib.h>
    21     21   #include <string.h>
    22     22   #include <assert.h>
    23     23   
................................................................................
   339    339       extern void sqlite3_memdebug_dump(const char*);
   340    340       sqlite3_memdebug_dump(Tcl_GetString(objv[1]));
   341    341     }
   342    342   #endif
   343    343     return TCL_OK;
   344    344   }
   345    345   
          346  +/*
          347  +** Usage:    sqlite3_memdebug_malloc_count
          348  +**
          349  +** Return the total number of times malloc() has been called.
          350  +*/
          351  +static int test_memdebug_malloc_count(
          352  +  void * clientData,
          353  +  Tcl_Interp *interp,
          354  +  int objc,
          355  +  Tcl_Obj *CONST objv[]
          356  +){
          357  +  int nMalloc = -1;
          358  +  if( objc!=1 ){
          359  +    Tcl_WrongNumArgs(interp, 1, objv, "");
          360  +    return TCL_ERROR;
          361  +  }
          362  +#if defined(SQLITE_MEMDEBUG)
          363  +  {
          364  +    extern int sqlite3_memdebug_malloc_count();
          365  +    nMalloc = sqlite3_memdebug_malloc_count();
          366  +  }
          367  +#endif
          368  +  Tcl_SetObjResult(interp, Tcl_NewIntObj(nMalloc));
          369  +  return TCL_OK;
          370  +}
          371  +
   346    372   
   347    373   /*
   348    374   ** Usage:    sqlite3_memdebug_fail  COUNTER  ?OPTIONS?
   349    375   **
   350    376   ** where options are:
   351    377   **
   352    378   **     -repeat    <count>
................................................................................
   500    526        { "sqlite3_memory_used",        test_memory_used              },
   501    527        { "sqlite3_memory_highwater",   test_memory_highwater         },
   502    528        { "sqlite3_memdebug_backtrace", test_memdebug_backtrace       },
   503    529        { "sqlite3_memdebug_dump",      test_memdebug_dump            },
   504    530        { "sqlite3_memdebug_fail",      test_memdebug_fail            },
   505    531        { "sqlite3_memdebug_pending",   test_memdebug_pending         },
   506    532        { "sqlite3_memdebug_settitle",  test_memdebug_settitle        },
          533  +     { "sqlite3_memdebug_malloc_count", test_memdebug_malloc_count },
   507    534     };
   508    535     int i;
   509    536     for(i=0; i<sizeof(aObjCmd)/sizeof(aObjCmd[0]); i++){
   510    537       Tcl_CreateObjCommand(interp, aObjCmd[i].zName, aObjCmd[i].xProc, 0, 0);
   511    538     }
   512    539     return TCL_OK;
   513    540   }

Changes to src/utf.c.

     8      8   **    May you find forgiveness for yourself and forgive others.
     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   ** This file contains routines used to translate between UTF-8, 
    13     13   ** UTF-16, UTF-16BE, and UTF-16LE.
    14     14   **
    15         -** $Id: utf.c,v 1.59 2007/10/03 08:46:45 danielk1977 Exp $
           15  +** $Id: utf.c,v 1.60 2008/02/13 18:25:27 danielk1977 Exp $
    16     16   **
    17     17   ** Notes on UTF-8:
    18     18   **
    19     19   **   Byte-0    Byte-1    Byte-2    Byte-3    Value
    20     20   **  0xxxxxxx                                 00000000 00000000 0xxxxxxx
    21     21   **  110yyyyy  10xxxxxx                       00000000 00000yyy yyxxxxxx
    22     22   **  1110zzzz  10yyyyyy  10xxxxxx             00000000 zzzzyyyy yyxxxxxx
................................................................................
   184    184   #ifndef SQLITE_OMIT_UTF16
   185    185   /*
   186    186   ** This routine transforms the internal text encoding used by pMem to
   187    187   ** desiredEnc. It is an error if the string is already of the desired
   188    188   ** encoding, or if *pMem does not contain a string value.
   189    189   */
   190    190   int sqlite3VdbeMemTranslate(Mem *pMem, u8 desiredEnc){
   191         -  unsigned char zShort[NBFS]; /* Temporary short output buffer */
   192    191     int len;                    /* Maximum length of output string in bytes */
   193    192     unsigned char *zOut;                  /* Output buffer */
   194    193     unsigned char *zIn;                   /* Input iterator */
   195    194     unsigned char *zTerm;                 /* End of input */
   196    195     unsigned char *z;                     /* Output iterator */
   197    196     unsigned int c;
   198    197   
................................................................................
   250    249       */
   251    250       len = pMem->n * 2 + 2;
   252    251     }
   253    252   
   254    253     /* Set zIn to point at the start of the input buffer and zTerm to point 1
   255    254     ** byte past the end.
   256    255     **
   257         -  ** Variable zOut is set to point at the output buffer. This may be space
   258         -  ** obtained from sqlite3_malloc(), or Mem.zShort, if it large enough and
   259         -  ** not in use, or the zShort array on the stack (see above).
          256  +  ** Variable zOut is set to point at the output buffer, space obtained
          257  +  ** from sqlite3_malloc().
   260    258     */
   261    259     zIn = (u8*)pMem->z;
   262    260     zTerm = &zIn[pMem->n];
   263         -  if( len>NBFS ){
   264         -    zOut = sqlite3DbMallocRaw(pMem->db, len);
   265         -    if( !zOut ){
   266         -      return SQLITE_NOMEM;
   267         -    }
   268         -  }else{
   269         -    zOut = zShort;
          261  +  zOut = sqlite3DbMallocRaw(pMem->db, len);
          262  +  if( !zOut ){
          263  +    return SQLITE_NOMEM;
   270    264     }
   271    265     z = zOut;
   272    266   
   273    267     if( pMem->enc==SQLITE_UTF8 ){
   274    268       if( desiredEnc==SQLITE_UTF16LE ){
   275    269         /* UTF-8 -> UTF-16 Little-endian */
   276    270         while( zIn<zTerm ){
................................................................................
   304    298       }
   305    299       pMem->n = z - zOut;
   306    300     }
   307    301     *z = 0;
   308    302     assert( (pMem->n+(desiredEnc==SQLITE_UTF8?1:2))<=len );
   309    303   
   310    304     sqlite3VdbeMemRelease(pMem);
   311         -  pMem->flags &= ~(MEM_Static|MEM_Dyn|MEM_Ephem|MEM_Short);
          305  +  pMem->flags &= ~(MEM_Static|MEM_Dyn|MEM_Ephem);
   312    306     pMem->enc = desiredEnc;
   313         -  if( zOut==zShort ){
   314         -    memcpy(pMem->zShort, zOut, len);
   315         -    zOut = (u8*)pMem->zShort;
   316         -    pMem->flags |= (MEM_Term|MEM_Short);
   317         -  }else{
   318         -    pMem->flags |= (MEM_Term|MEM_Dyn);
   319         -  }
          307  +  pMem->flags |= (MEM_Term|MEM_Dyn);
   320    308     pMem->z = (char*)zOut;
   321    309   
   322    310   translate_out:
   323    311   #if defined(TRANSLATE_TRACE) && defined(SQLITE_DEBUG)
   324    312     {
   325    313       char zBuf[100];
   326    314       sqlite3VdbeMemPrettyPrint(pMem, zBuf);
................................................................................
   351    339       }
   352    340       if( b1==0xFF && b2==0xFE ){
   353    341         bom = SQLITE_UTF16LE;
   354    342       }
   355    343     }
   356    344     
   357    345     if( bom ){
   358         -    /* This function is called as soon as a string is stored in a Mem*,
   359         -    ** from within sqlite3VdbeMemSetStr(). At that point it is not possible
   360         -    ** for the string to be stored in Mem.zShort, or for it to be stored
   361         -    ** in dynamic memory with no destructor.
   362         -    */
   363         -    assert( !(pMem->flags&MEM_Short) );
   364         -    assert( !(pMem->flags&MEM_Dyn) || pMem->xDel );
   365         -    if( pMem->flags & MEM_Dyn ){
   366         -      void (*xDel)(void*) = pMem->xDel;
   367         -      char *z = pMem->z;
   368         -      pMem->z = 0;
   369         -      pMem->xDel = 0;
   370         -      rc = sqlite3VdbeMemSetStr(pMem, &z[2], pMem->n-2, bom, 
   371         -          SQLITE_TRANSIENT);
   372         -      xDel(z);
   373         -    }else{
   374         -      rc = sqlite3VdbeMemSetStr(pMem, &pMem->z[2], pMem->n-2, bom, 
   375         -          SQLITE_TRANSIENT);
          346  +    rc = sqlite3VdbeMemMakeWriteable(pMem);
          347  +    if( rc==SQLITE_OK ){
          348  +      pMem->n -= 2;
          349  +      memmove(pMem->z, &pMem->z[2], pMem->n);
          350  +      pMem->z[pMem->n] = '\0';
          351  +      pMem->z[pMem->n+1] = '\0';
          352  +      pMem->flags |= MEM_Term;
          353  +      pMem->enc = bom;
   376    354       }
   377    355     }
   378    356     return rc;
   379    357   }
   380    358   #endif /* SQLITE_OMIT_UTF16 */
   381    359   
   382    360   /*

Changes to src/vdbe.c.

    39     39   **
    40     40   ** Various scripts scan this source file in order to generate HTML
    41     41   ** documentation, headers files, or other derived files.  The formatting
    42     42   ** of the code in this file is, therefore, important.  See other comments
    43     43   ** in this file for details.  If in doubt, do not deviate from existing
    44     44   ** commenting and indentation practices when changing or adding code.
    45     45   **
    46         -** $Id: vdbe.c,v 1.708 2008/02/06 14:11:35 drh Exp $
           46  +** $Id: vdbe.c,v 1.709 2008/02/13 18:25:27 danielk1977 Exp $
    47     47   */
    48     48   #include "sqliteInt.h"
    49     49   #include <ctype.h>
    50     50   #include "vdbeInt.h"
    51     51   
    52     52   /*
    53     53   ** The following global variable is incremented every time a cursor
................................................................................
   232    232       int realnum;
   233    233       sqlite3VdbeMemNulTerminate(pRec);
   234    234       if( (pRec->flags&MEM_Str)
   235    235            && sqlite3IsNumber(pRec->z, &realnum, pRec->enc) ){
   236    236         i64 value;
   237    237         sqlite3VdbeChangeEncoding(pRec, SQLITE_UTF8);
   238    238         if( !realnum && sqlite3Atoi64(pRec->z, &value) ){
   239         -        sqlite3VdbeMemRelease(pRec);
   240    239           pRec->u.i = value;
   241         -        pRec->flags = MEM_Int;
          240  +        MemSetTypeFlag(pRec, MEM_Int);
   242    241         }else{
   243    242           sqlite3VdbeMemRealify(pRec);
   244    243         }
   245    244       }
   246    245     }
   247    246   }
   248    247   
................................................................................
   996    995   }
   997    996   
   998    997   /* Opcode: Concat P1 P2 P3 * *
   999    998   **
  1000    999   ** Add the text in register P1 onto the end of the text in
  1001   1000   ** register P2 and store the result in register P3.
  1002   1001   ** If either the P1 or P2 text are NULL then store NULL in P3.
         1002  +**
         1003  +**   P3 = P2 || P1
         1004  +**
         1005  +** It is illegal for P1 and P3 to be the same register. Sometimes,
         1006  +** if P3 is the same register as P2, the implementation is able
         1007  +** to avoid a memcpy().
  1003   1008   */
  1004   1009   case OP_Concat: {           /* same as TK_CONCAT, in1, in2, out3 */
  1005         -  char *zNew;
  1006   1010     i64 nByte;
  1007   1011   
         1012  +  assert( pIn1!=pOut );
  1008   1013     if( (pIn1->flags | pIn2->flags) & MEM_Null ){
  1009         -    Release(pOut);
  1010         -    pOut->flags = MEM_Null;
         1014  +    sqlite3VdbeMemSetNull(pOut);
  1011   1015       break;
  1012   1016     }
  1013   1017     ExpandBlob(pIn1);
  1014   1018     Stringify(pIn1, encoding);
  1015   1019     ExpandBlob(pIn2);
  1016   1020     Stringify(pIn2, encoding);
  1017   1021     nByte = pIn1->n + pIn2->n;
  1018   1022     if( nByte>SQLITE_MAX_LENGTH ){
  1019   1023       goto too_big;
  1020   1024     }
  1021         -  zNew = sqlite3DbMallocRaw(db, nByte+2);
  1022         -  if( zNew==0 ){
         1025  +  MemSetTypeFlag(pOut, MEM_Str);
         1026  +  if( sqlite3VdbeMemGrow(pOut, nByte+2, pOut==pIn2) ){
  1023   1027       goto no_mem;
  1024   1028     }
  1025         -  memcpy(zNew, pIn2->z, pIn2->n);
  1026         -  memcpy(&zNew[pIn2->n], pIn1->z, pIn1->n);
  1027         -  zNew[nByte] = 0;
  1028         -  zNew[nByte+1] = 0;
  1029         -  Release(pOut);
         1029  +  if( pOut!=pIn2 ){
         1030  +    memcpy(pOut->z, pIn2->z, pIn2->n);
         1031  +  }
         1032  +  memcpy(&pOut->z[pIn2->n], pIn1->z, pIn1->n);
         1033  +  pOut->z[nByte] = 0;
         1034  +  pOut->z[nByte+1] = 0;
         1035  +  pOut->flags |= MEM_Term;
  1030   1036     pOut->n = nByte;
  1031         -  pOut->flags = MEM_Str|MEM_Dyn|MEM_Term;
  1032         -  pOut->xDel = 0;
  1033   1037     pOut->enc = encoding;
  1034         -  pOut->z = zNew;
  1035   1038     UPDATE_MAX_BLOBSIZE(pOut);
  1036   1039     break;
  1037   1040   }
  1038   1041   
  1039   1042   /* Opcode: Add P1 P2 P3 * *
  1040   1043   **
  1041   1044   ** Add the value in register P1 to the value in register P2
................................................................................
  1101   1104         default: {
  1102   1105           if( a==0 ) goto arithmetic_result_is_null;
  1103   1106           if( a==-1 ) a = 1;
  1104   1107           b %= a;
  1105   1108           break;
  1106   1109         }
  1107   1110       }
  1108         -    Release(pOut);
  1109   1111       pOut->u.i = b;
  1110         -    pOut->flags = MEM_Int;
         1112  +    MemSetTypeFlag(pOut, MEM_Int);
  1111   1113     }else{
  1112   1114       double a, b;
  1113   1115       a = sqlite3VdbeRealValue(pIn1);
  1114   1116       b = sqlite3VdbeRealValue(pIn2);
  1115   1117       switch( pOp->opcode ){
  1116   1118         case OP_Add:         b += a;       break;
  1117   1119         case OP_Subtract:    b -= a;       break;
................................................................................
  1129   1131           b = ib % ia;
  1130   1132           break;
  1131   1133         }
  1132   1134       }
  1133   1135       if( sqlite3_isnan(b) ){
  1134   1136         goto arithmetic_result_is_null;
  1135   1137       }
  1136         -    Release(pOut);
  1137   1138       pOut->r = b;
  1138         -    pOut->flags = MEM_Real;
         1139  +    MemSetTypeFlag(pOut, MEM_Real);
  1139   1140       if( (flags & MEM_Real)==0 ){
  1140   1141         sqlite3VdbeIntegerAffinity(pOut);
  1141   1142       }
  1142   1143     }
  1143   1144     break;
  1144   1145   
  1145   1146   arithmetic_result_is_null:
................................................................................
  1164   1165   }
  1165   1166   
  1166   1167   /* Opcode: Function P1 P2 P3 P4 P5
  1167   1168   **
  1168   1169   ** Invoke a user function (P4 is a pointer to a Function structure that
  1169   1170   ** defines the function) with P5 arguments taken from register P2 and
  1170   1171   ** successors.  The result of the function is stored in register P3.
         1172  +** Register P3 must not be one of the function inputs.
  1171   1173   **
  1172   1174   ** P1 is a 32-bit bitmask indicating whether or not each argument to the 
  1173   1175   ** function was determined to be constant at compile time. If the first
  1174   1176   ** argument was constant then bit 0 of P1 is set. This is used to determine
  1175   1177   ** whether meta data associated with a user function argument using the
  1176   1178   ** sqlite3_set_auxdata() API may be safely retained until the next
  1177   1179   ** invocation of this opcode.
................................................................................
  1185   1187     sqlite3_value **apVal;
  1186   1188     int n = pOp->p5;
  1187   1189   
  1188   1190     apVal = p->apArg;
  1189   1191     assert( apVal || n==0 );
  1190   1192   
  1191   1193     assert( n==0 || (pOp->p2>0 && pOp->p2+n<=p->nMem) );
         1194  +  assert( pOp->p3<pOp->p2 || pOp->p3>=pOp->p2+n );
  1192   1195     pArg = &p->aMem[pOp->p2];
  1193   1196     for(i=0; i<n; i++, pArg++){
  1194   1197       apVal[i] = pArg;
  1195   1198       storeTypeInfo(pArg, encoding);
  1196   1199       REGISTER_TRACE(pOp->p2, pArg);
  1197   1200     }
  1198   1201   
................................................................................
  1201   1204       ctx.pFunc = pOp->p4.pFunc;
  1202   1205       ctx.pVdbeFunc = 0;
  1203   1206     }else{
  1204   1207       ctx.pVdbeFunc = (VdbeFunc*)pOp->p4.pVdbeFunc;
  1205   1208       ctx.pFunc = ctx.pVdbeFunc->pFunc;
  1206   1209     }
  1207   1210   
         1211  +  assert( pOp->p3>0 && pOp->p3<=p->nMem );
         1212  +  pOut = &p->aMem[pOp->p3];
  1208   1213     ctx.s.flags = MEM_Null;
  1209         -  ctx.s.z = 0;
  1210         -  ctx.s.xDel = 0;
  1211         -  ctx.s.db = db;
         1214  +  ctx.s.db = 0;
         1215  +
         1216  +  /* The output cell may already have a buffer allocated. Move
         1217  +  ** the pointer to ctx.s so in case the user-function can use
         1218  +  ** the already allocated buffer instead of allocating a new one.
         1219  +  */
         1220  +  sqlite3VdbeMemMove(&ctx.s, pOut);
         1221  +  MemSetTypeFlag(&ctx.s, MEM_Null);
         1222  +
  1212   1223     ctx.isError = 0;
  1213   1224     if( ctx.pFunc->needCollSeq ){
  1214   1225       assert( pOp>p->aOp );
  1215   1226       assert( pOp[-1].p4type==P4_COLLSEQ );
  1216   1227       assert( pOp[-1].opcode==OP_CollSeq );
  1217   1228       ctx.pColl = pOp[-1].p4.pColl;
  1218   1229     }
................................................................................
  1246   1257     if( ctx.isError ){
  1247   1258       sqlite3SetString(&p->zErrMsg, sqlite3_value_text(&ctx.s), (char*)0);
  1248   1259       rc = ctx.isError;
  1249   1260     }
  1250   1261   
  1251   1262     /* Copy the result of the function into register P3 */
  1252   1263     sqlite3VdbeChangeEncoding(&ctx.s, encoding);
  1253         -  assert( pOp->p3>0 && pOp->p3<=p->nMem );
  1254         -  pOut = &p->aMem[pOp->p3];
  1255   1264     sqlite3VdbeMemMove(pOut, &ctx.s);
  1256   1265     if( sqlite3VdbeMemTooBig(pOut) ){
  1257   1266       goto too_big;
  1258   1267     }
  1259   1268     REGISTER_TRACE(pOp->p3, pOut);
  1260   1269     UPDATE_MAX_BLOBSIZE(pOut);
  1261   1270     break;
................................................................................
  1302   1311     switch( pOp->opcode ){
  1303   1312       case OP_BitAnd:      a &= b;     break;
  1304   1313       case OP_BitOr:       a |= b;     break;
  1305   1314       case OP_ShiftLeft:   a <<= b;    break;
  1306   1315       default:  assert( pOp->opcode==OP_ShiftRight );
  1307   1316                            a >>= b;    break;
  1308   1317     }
  1309         -  Release(pOut);
  1310   1318     pOut->u.i = a;
  1311         -  pOut->flags = MEM_Int;
         1319  +  MemSetTypeFlag(pOut, MEM_Int);
  1312   1320     break;
  1313   1321   }
  1314   1322   
  1315   1323   /* Opcode: AddImm  P1 P2 * * *
  1316   1324   ** 
  1317   1325   ** Add the constant P2 the value in register P1.
  1318   1326   ** The result is always an integer.
................................................................................
  1346   1354       v = pIn1->u.i + (pOp->p3!=0);
  1347   1355     }else{
  1348   1356       assert( pIn1->flags & MEM_Real );
  1349   1357       v = (sqlite3_int64)pIn1->r;
  1350   1358       if( pIn1->r>(double)v ) v++;
  1351   1359       if( pOp->p3 && pIn1->r==(double)v ) v++;
  1352   1360     }
  1353         -  Release(pIn1);
  1354   1361     pIn1->u.i = v;
  1355         -  pIn1->flags = MEM_Int;
         1362  +  MemSetTypeFlag(pIn1, MEM_Int);
  1356   1363     break;
  1357   1364   }
  1358   1365   
  1359   1366   /* Opcode: MustBeInt P1 P2 * * *
  1360   1367   ** 
  1361   1368   ** Force the value in register P1 to be an integer.  If the value
  1362   1369   ** in P1 is not an integer and cannot be converted into an integer
................................................................................
  1369   1376       if( pOp->p2==0 ){
  1370   1377         rc = SQLITE_MISMATCH;
  1371   1378         goto abort_due_to_error;
  1372   1379       }else{
  1373   1380         pc = pOp->p2 - 1;
  1374   1381       }
  1375   1382     }else{
  1376         -    Release(pIn1);
  1377         -    pIn1->flags = MEM_Int;
         1383  +    MemSetTypeFlag(pIn1, MEM_Int);
  1378   1384     }
  1379   1385     break;
  1380   1386   }
  1381   1387   
  1382   1388   /* Opcode: RealAffinity P1 * * * *
  1383   1389   **
  1384   1390   ** If register P1 holds an integer convert it to a real value.
................................................................................
  1407   1413   */
  1408   1414   case OP_ToText: {                  /* same as TK_TO_TEXT, in1 */
  1409   1415     if( pIn1->flags & MEM_Null ) break;
  1410   1416     assert( MEM_Str==(MEM_Blob>>3) );
  1411   1417     pIn1->flags |= (pIn1->flags&MEM_Blob)>>3;
  1412   1418     applyAffinity(pIn1, SQLITE_AFF_TEXT, encoding);
  1413   1419     rc = ExpandBlob(pIn1);
  1414         -  assert( pIn1->flags & MEM_Str );
         1420  +  assert( pIn1->flags & MEM_Str || db->mallocFailed );
  1415   1421     pIn1->flags &= ~(MEM_Int|MEM_Real|MEM_Blob);
  1416   1422     UPDATE_MAX_BLOBSIZE(pIn1);
  1417   1423     break;
  1418   1424   }
  1419   1425   
  1420   1426   /* Opcode: ToBlob P1 * * * *
  1421   1427   **
................................................................................
  1426   1432   **
  1427   1433   ** A NULL value is not changed by this routine.  It remains NULL.
  1428   1434   */
  1429   1435   case OP_ToBlob: {                  /* same as TK_TO_BLOB, in1 */
  1430   1436     if( pIn1->flags & MEM_Null ) break;
  1431   1437     if( (pIn1->flags & MEM_Blob)==0 ){
  1432   1438       applyAffinity(pIn1, SQLITE_AFF_TEXT, encoding);
  1433         -    assert( pIn1->flags & MEM_Str );
  1434         -    pIn1->flags |= MEM_Blob;
         1439  +    assert( pIn1->flags & MEM_Str || db->mallocFailed );
  1435   1440     }
  1436         -  pIn1->flags &= ~(MEM_Int|MEM_Real|MEM_Str);
         1441  +  MemSetTypeFlag(pIn1, MEM_Blob);
  1437   1442     UPDATE_MAX_BLOBSIZE(pIn1);
  1438   1443     break;
  1439   1444   }
  1440   1445   
  1441   1446   /* Opcode: ToNumeric P1 * * * *
  1442   1447   **
  1443   1448   ** Force the value in register P1 to be numeric (either an
................................................................................
  1587   1592       }else{
  1588   1593         /* If the SQLITE_NULLEQUAL bit is clear and either operand is NULL then
  1589   1594         ** the result is always NULL.  The jump is taken if the 
  1590   1595         ** SQLITE_JUMPIFNULL bit is set.
  1591   1596         */
  1592   1597         if( pOp->p5 & SQLITE_STOREP2 ){
  1593   1598           pOut = &p->aMem[pOp->p2];
  1594         -        Release(pOut);
  1595         -        pOut->flags = MEM_Null;
         1599  +        MemSetTypeFlag(pOut, MEM_Null);
  1596   1600           REGISTER_TRACE(pOp->p2, pOut);
  1597   1601         }else if( pOp->p5 & SQLITE_JUMPIFNULL ){
  1598   1602           pc = pOp->p2-1;
  1599   1603         }
  1600   1604         break;
  1601   1605       }
  1602   1606     }
................................................................................
  1618   1622       case OP_Le:    res = res<=0;     break;
  1619   1623       case OP_Gt:    res = res>0;      break;
  1620   1624       default:       res = res>=0;     break;
  1621   1625     }
  1622   1626   
  1623   1627     if( pOp->p5 & SQLITE_STOREP2 ){
  1624   1628       pOut = &p->aMem[pOp->p2];
  1625         -    Release(pOut);
  1626         -    pOut->flags = MEM_Int;
         1629  +    MemSetTypeFlag(pOut, MEM_Int);
  1627   1630       pOut->u.i = res;
  1628   1631       REGISTER_TRACE(pOp->p2, pOut);
  1629   1632     }else if( res ){
  1630   1633       pc = pOp->p2-1;
  1631   1634     }
  1632   1635     break;
  1633   1636   }
................................................................................
  1667   1670     if( pOp->opcode==OP_And ){
  1668   1671       static const unsigned char and_logic[] = { 0, 0, 0, 0, 1, 2, 0, 2, 2 };
  1669   1672       v1 = and_logic[v1*3+v2];
  1670   1673     }else{
  1671   1674       static const unsigned char or_logic[] = { 0, 1, 2, 1, 1, 1, 2, 1, 2 };
  1672   1675       v1 = or_logic[v1*3+v2];
  1673   1676     }
  1674         -  Release(pOut);
  1675   1677     if( v1==2 ){
  1676         -    pOut->flags = MEM_Null;
         1678  +    MemSetTypeFlag(pOut, MEM_Null);
  1677   1679     }else{
  1678   1680       pOut->u.i = v1;
  1679         -    pOut->flags = MEM_Int;
         1681  +    MemSetTypeFlag(pOut, MEM_Int);
  1680   1682     }
  1681   1683     break;
  1682   1684   }
  1683   1685   
  1684   1686   /* Opcode: Not P1 * * * *
  1685   1687   **
  1686   1688   ** Interpret the value in register P1 as a boolean value.  Replace it
................................................................................
  1687   1689   ** with its complement.  If the value in register P1 is NULL its value
  1688   1690   ** is unchanged.
  1689   1691   */
  1690   1692   case OP_Not: {                /* same as TK_NOT, in1 */
  1691   1693     if( pIn1->flags & MEM_Null ) break;  /* Do nothing to NULLs */
  1692   1694     sqlite3VdbeMemIntegerify(pIn1);
  1693   1695     pIn1->u.i = !pIn1->u.i;
  1694         -  assert( pIn1->flags==MEM_Int );
         1696  +  assert( pIn1->flags&MEM_Int );
  1695   1697     break;
  1696   1698   }
  1697   1699   
  1698   1700   /* Opcode: BitNot P1 * * * *
  1699   1701   **
  1700   1702   ** Interpret the content of register P1 as an integer.  Replace it
  1701   1703   ** with its ones-complement.  If the value is originally NULL, leave
  1702   1704   ** it unchanged.
  1703   1705   */
  1704   1706   case OP_BitNot: {             /* same as TK_BITNOT, in1 */
  1705   1707     if( pIn1->flags & MEM_Null ) break;  /* Do nothing to NULLs */
  1706   1708     sqlite3VdbeMemIntegerify(pIn1);
  1707   1709     pIn1->u.i = ~pIn1->u.i;
  1708         -  assert( pIn1->flags==MEM_Int );
         1710  +  assert( pIn1->flags&MEM_Int );
  1709   1711     break;
  1710   1712   }
  1711   1713   
  1712   1714   /* Opcode: If P1 P2 P3 * *
  1713   1715   **
  1714   1716   ** Jump to P2 if the value in register P1 is true.  The value is
  1715   1717   ** is considered true if it is numeric and non-zero.  If the value
................................................................................
  1819   1821     int len;           /* The length of the serialized data for the column */
  1820   1822     int i;             /* Loop counter */
  1821   1823     char *zData;       /* Part of the record being decoded */
  1822   1824     Mem *pDest;        /* Where to write the extracted value */
  1823   1825     Mem sMem;          /* For storing the record being decoded */
  1824   1826   
  1825   1827     sMem.flags = 0;
         1828  +  sMem.db = 0;
  1826   1829     assert( p1<p->nCursor );
  1827   1830     assert( pOp->p3>0 && pOp->p3<=p->nMem );
  1828   1831     pDest = &p->aMem[pOp->p3];
  1829         -  sqlite3VdbeMemSetNull(pDest);
         1832  +  MemSetTypeFlag(pDest, MEM_Null);
  1830   1833   
  1831   1834     /* This block sets the variable payloadSize to be the total number of
  1832   1835     ** bytes in the record.
  1833   1836     **
  1834   1837     ** zRec is set to be the complete text of the record if it is available.
  1835   1838     ** The complete record text is always available for pseudo-tables
  1836   1839     ** If the record is stored in a cursor, the complete record text
................................................................................
  1873   1876       assert( payloadSize==0 || zRec!=0 );
  1874   1877       nField = pC->nField;
  1875   1878       pCrsr = 0;
  1876   1879     }
  1877   1880   
  1878   1881     /* If payloadSize is 0, then just store a NULL */
  1879   1882     if( payloadSize==0 ){
  1880         -    assert( pDest->flags==MEM_Null );
         1883  +    assert( pDest->flags&MEM_Null );
  1881   1884       goto op_column_out;
  1882   1885     }
  1883   1886     if( payloadSize>SQLITE_MAX_LENGTH ){
  1884   1887       goto too_big;
  1885   1888     }
  1886   1889   
  1887   1890     assert( p2<nField );
................................................................................
  1939   1942       /* The KeyFetch() or DataFetch() above are fast and will get the entire
  1940   1943       ** record header in most cases.  But they will fail to get the complete
  1941   1944       ** record header if the record header does not fit on a single page
  1942   1945       ** in the B-Tree.  When that happens, use sqlite3VdbeMemFromBtree() to
  1943   1946       ** acquire the complete header text.
  1944   1947       */
  1945   1948       if( !zRec && avail<offset ){
         1949  +      sMem.flags = 0;
         1950  +      sMem.db = 0;
  1946   1951         rc = sqlite3VdbeMemFromBtree(pCrsr, 0, offset, pC->isIndex, &sMem);
  1947   1952         if( rc!=SQLITE_OK ){
  1948   1953           goto op_column_out;
  1949   1954         }
  1950   1955         zData = sMem.z;
  1951   1956       }
  1952   1957       zEndHdr = (u8 *)&zData[offset];
................................................................................
  1990   1995     ** then there are not enough fields in the record to satisfy the
  1991   1996     ** request.  In this case, set the value NULL or to P4 if P4 is
  1992   1997     ** a pointer to a Mem object.
  1993   1998     */
  1994   1999     if( aOffset[p2] ){
  1995   2000       assert( rc==SQLITE_OK );
  1996   2001       if( zRec ){
  1997         -      zData = &zRec[aOffset[p2]];
         2002  +      if( pDest->flags&MEM_Dyn ){
         2003  +        sqlite3VdbeSerialGet((u8 *)&zRec[aOffset[p2]], aType[p2], &sMem);
         2004  +        sMem.db = db; 
         2005  +        sqlite3VdbeMemCopy(pDest, &sMem);
         2006  +        assert( !(sMem.flags&MEM_Dyn) );
         2007  +      }else{
         2008  +        sqlite3VdbeSerialGet((u8 *)&zRec[aOffset[p2]], aType[p2], pDest);
         2009  +      }
  1998   2010       }else{
  1999   2011         len = sqlite3VdbeSerialTypeLen(aType[p2]);
         2012  +      sqlite3VdbeMemMove(&sMem, pDest);
  2000   2013         rc = sqlite3VdbeMemFromBtree(pCrsr, aOffset[p2], len, pC->isIndex, &sMem);
  2001   2014         if( rc!=SQLITE_OK ){
  2002   2015           goto op_column_out;
  2003   2016         }
  2004   2017         zData = sMem.z;
         2018  +      sqlite3VdbeSerialGet((u8*)zData, aType[p2], pDest);
  2005   2019       }
  2006         -    sqlite3VdbeSerialGet((u8*)zData, aType[p2], pDest);
  2007   2020       pDest->enc = encoding;
  2008   2021     }else{
  2009   2022       if( pOp->p4type==P4_MEM ){
  2010   2023         sqlite3VdbeMemShallowCopy(pDest, pOp->p4.pMem, MEM_Static);
  2011   2024       }else{
  2012         -      assert( pDest->flags==MEM_Null );
         2025  +      assert( pDest->flags&MEM_Null );
  2013   2026       }
  2014   2027     }
  2015   2028   
  2016   2029     /* If we dynamically allocated space to hold the data (in the
  2017   2030     ** sqlite3VdbeMemFromBtree() call above) then transfer control of that
  2018   2031     ** dynamically allocated space over to the pDest structure.
  2019   2032     ** This prevents a memory copy.
  2020   2033     */
  2021   2034     if( (sMem.flags & MEM_Dyn)!=0 ){
  2022         -    assert( pDest->flags & MEM_Ephem );
  2023         -    assert( pDest->flags & (MEM_Str|MEM_Blob) );
  2024         -    assert( pDest->z==sMem.z );
  2025         -    assert( sMem.flags & MEM_Term );
  2026         -    pDest->flags &= ~MEM_Ephem;
         2035  +    assert( !sMem.xDel );
         2036  +    assert( !(pDest->flags & MEM_Dyn) );
         2037  +    assert( !(pDest->flags & (MEM_Blob|MEM_Str)) || pDest->z==sMem.z );
         2038  +    pDest->flags &= ~(MEM_Ephem|MEM_Static);
  2027   2039       pDest->flags |= MEM_Dyn|MEM_Term;
         2040  +    pDest->z = sMem.z;
  2028   2041     }
  2029   2042   
  2030         -  /* pDest->z might be pointing to sMem.zShort[].  Fix that so that we
  2031         -  ** can abandon sMem */
  2032   2043     rc = sqlite3VdbeMemMakeWriteable(pDest);
  2033   2044   
  2034   2045   op_column_out:
  2035   2046     UPDATE_MAX_BLOBSIZE(pDest);
  2036   2047     REGISTER_TRACE(pOp->p3, pDest);
  2037   2048     break;
  2038   2049   }
................................................................................
  2082   2093     u32 serial_type;       /* Type field */
  2083   2094     Mem *pData0;           /* First field to be combined into the record */
  2084   2095     Mem *pLast;            /* Last field of the record */
  2085   2096     int nField;            /* Number of fields in the record */
  2086   2097     char *zAffinity;       /* The affinity string for the record */
  2087   2098     int file_format;       /* File format to use for encoding */
  2088   2099     int i;                 /* Space used in zNewRecord[] */
  2089         -  char zTemp[NBFS];      /* Space to hold small records */
  2090   2100   
  2091   2101     nField = pOp->p1;
  2092   2102     zAffinity = pOp->p4.z;
  2093   2103     assert( nField>0 && pOp->p2>0 && pOp->p2+nField<=p->nMem );
  2094   2104     pData0 = &p->aMem[nField];
  2095   2105     nField = pOp->p2;
  2096   2106     pLast = &pData0[nField-1];
................................................................................
  2126   2136       nHdr++;
  2127   2137     }
  2128   2138     nByte = nHdr+nData-nZero;
  2129   2139     if( nByte>SQLITE_MAX_LENGTH ){
  2130   2140       goto too_big;
  2131   2141     }
  2132   2142   
  2133         -  /* Allocate space for the new record. */
  2134         -  if( nByte>sizeof(zTemp) ){
  2135         -    zNewRecord = sqlite3DbMallocRaw(db, nByte);
  2136         -    if( !zNewRecord ){
  2137         -      goto no_mem;
  2138         -    }
  2139         -  }else{
  2140         -    zNewRecord = (u8*)zTemp;
         2143  +  /* Make sure the output register has a buffer large enough to store 
         2144  +  ** the new record. The output register (pOp->p3) is not allowed to
         2145  +  ** be one of the input registers (because the following call to
         2146  +  ** sqlite3VdbeMemGrow() could clobber the value before it is used).
         2147  +  */
         2148  +  assert( pOp->p3<pOp->p1 || pOp->p3>=pOp->p1+pOp->p2 );
         2149  +  pOut = &p->aMem[pOp->p3];
         2150  +  if( sqlite3VdbeMemGrow(pOut, nByte, 0) ){
         2151  +    goto no_mem;
  2141   2152     }
         2153  +  zNewRecord = (u8 *)pOut->z;
  2142   2154   
  2143   2155     /* Write the record */
  2144   2156     i = sqlite3PutVarint(zNewRecord, nHdr);
  2145   2157     for(pRec=pData0; pRec<=pLast; pRec++){
  2146   2158       serial_type = sqlite3VdbeSerialType(pRec, file_format);
  2147   2159       i += sqlite3PutVarint(&zNewRecord[i], serial_type);      /* serial type */
  2148   2160     }
  2149   2161     for(pRec=pData0; pRec<=pLast; pRec++){  /* serial data */
  2150   2162       i += sqlite3VdbeSerialPut(&zNewRecord[i], nByte-i, pRec, file_format);
  2151   2163     }
  2152   2164     assert( i==nByte );
  2153   2165   
  2154   2166     assert( pOp->p3>0 && pOp->p3<=p->nMem );
  2155         -  pOut = &p->aMem[pOp->p3];
  2156         -  Release(pOut);
  2157   2167     pOut->n = nByte;
  2158         -  if( nByte<=sizeof(zTemp) ){
  2159         -    assert( zNewRecord==(unsigned char *)zTemp );
  2160         -    pOut->z = pOut->zShort;
  2161         -    memcpy(pOut->zShort, zTemp, nByte);
  2162         -    pOut->flags = MEM_Blob | MEM_Short;
  2163         -  }else{
  2164         -    assert( zNewRecord!=(unsigned char *)zTemp );
  2165         -    pOut->z = (char*)zNewRecord;
  2166         -    pOut->flags = MEM_Blob | MEM_Dyn;
  2167         -    pOut->xDel = 0;
  2168         -  }
         2168  +  pOut->flags = MEM_Blob | MEM_Dyn;
         2169  +  pOut->xDel = 0;
  2169   2170     if( nZero ){
  2170   2171       pOut->u.i = nZero;
  2171   2172       pOut->flags |= MEM_Zero;
  2172   2173     }
  2173   2174     pOut->enc = SQLITE_UTF8;  /* In case the blob is ever converted to text */
  2174   2175     REGISTER_TRACE(pOp->p3, pOut);
  2175   2176     UPDATE_MAX_BLOBSIZE(pOut);
................................................................................
  2339   2340     ** be the number of free pages in the database (a read-only value)
  2340   2341     ** and meta[1] to be the schema cookie.  The schema layer considers
  2341   2342     ** meta[1] to be the schema cookie.  So we have to shift the index
  2342   2343     ** by one in the following statement.
  2343   2344     */
  2344   2345     rc = sqlite3BtreeGetMeta(db->aDb[iDb].pBt, 1 + iCookie, (u32 *)&iMeta);
  2345   2346     pOut->u.i = iMeta;
  2346         -  pOut->flags = MEM_Int;
         2347  +  MemSetTypeFlag(pOut, MEM_Int);
  2347   2348     break;
  2348   2349   }
  2349   2350   
  2350   2351   /* Opcode: SetCookie P1 P2 P3 * *
  2351   2352   **
  2352   2353   ** Write the content of register P3 (interpreted as an integer)
  2353   2354   ** into cookie number P2 of database P1.
................................................................................
  2892   2893     /* Pop the value R off the top of the stack
  2893   2894     */
  2894   2895     assert( pOp->p4type==P4_INT32 );
  2895   2896     assert( pOp->p4.i>0 && pOp->p4.i<=p->nMem );
  2896   2897     pK = &p->aMem[pOp->p4.i];
  2897   2898     sqlite3VdbeMemIntegerify(pIn3);
  2898   2899     R = pIn3->u.i;
  2899         -  assert( (pIn3->flags & MEM_Dyn)==0 );
  2900   2900     assert( i>=0 && i<p->nCursor );
  2901   2901     pCx = p->apCsr[i];
  2902   2902     assert( pCx!=0 );
  2903   2903     pCrsr = pCx->pCursor;
  2904   2904     if( pCrsr!=0 ){
  2905   2905       int res;
  2906   2906       i64 v;         /* The record number on the P1 entry that matches K */
................................................................................
  2956   2956       }
  2957   2957   
  2958   2958       /* The final varint of the key is different from R.  Store it back
  2959   2959       ** into register R3.  (The record number of an entry that violates
  2960   2960       ** a UNIQUE constraint.)
  2961   2961       */
  2962   2962       pIn3->u.i = v;
  2963         -    assert( pIn3->flags==MEM_Int );
         2963  +    assert( pIn3->flags&MEM_Int );
  2964   2964     }
  2965   2965     break;
  2966   2966   }
  2967   2967   
  2968   2968   /* Opcode: NotExists P1 P2 P3 * *
  2969   2969   **
  2970   2970   ** Use the content of register P3 as a integer key.  If a record 
................................................................................
  3017   3017   ** instruction.  
  3018   3018   */
  3019   3019   case OP_Sequence: {           /* out2-prerelease */
  3020   3020     int i = pOp->p1;
  3021   3021     assert( i>=0 && i<p->nCursor );
  3022   3022     assert( p->apCsr[i]!=0 );
  3023   3023     pOut->u.i = p->apCsr[i]->seqCount++;
  3024         -  pOut->flags = MEM_Int;
         3024  +  MemSetTypeFlag(pOut, MEM_Int);
  3025   3025     break;
  3026   3026   }
  3027   3027   
  3028   3028   
  3029   3029   /* Opcode: NewRowid P1 P2 P3 * *
  3030   3030   **
  3031   3031   ** Get a new integer record number (a.k.a "rowid") used as the key to a table.
................................................................................
  3170   3170           goto abort_due_to_error;
  3171   3171         }
  3172   3172       }
  3173   3173       pC->rowidIsValid = 0;
  3174   3174       pC->deferredMoveto = 0;
  3175   3175       pC->cacheStatus = CACHE_STALE;
  3176   3176     }
  3177         -  pOut->flags = MEM_Int;
         3177  +  MemSetTypeFlag(pOut, MEM_Int);
  3178   3178     pOut->u.i = v;
  3179   3179     break;
  3180   3180   }
  3181   3181   
  3182   3182   /* Opcode: Insert P1 P2 P3 P4 P5
  3183   3183   **
  3184   3184   ** Write an entry into the table of cursor P1.  A new entry is
................................................................................
  3364   3364   ** There is no interpretation of the data.  
  3365   3365   ** The key is copied onto the P3 register exactly as 
  3366   3366   ** it is found in the database file.
  3367   3367   **
  3368   3368   ** If the P1 cursor must be pointing to a valid row (not a NULL row)
  3369   3369   ** of a real table, not a pseudo-table.
  3370   3370   */
  3371         -case OP_RowKey:             /* out2-prerelease */
  3372         -case OP_RowData: {          /* out2-prerelease */
         3371  +case OP_RowKey:
         3372  +case OP_RowData: {
  3373   3373     int i = pOp->p1;
  3374   3374     Cursor *pC;
  3375   3375     BtCursor *pCrsr;
  3376   3376     u32 n;
         3377  +
         3378  +  pOut = &p->aMem[pOp->p2];
  3377   3379   
  3378   3380     /* Note that RowKey and RowData are really exactly the same instruction */
  3379   3381     assert( i>=0 && i<p->nCursor );
  3380   3382     pC = p->apCsr[i];
  3381   3383     assert( pC->isTable || pOp->opcode==OP_RowKey );
  3382   3384     assert( pC->isIndex || pOp->opcode==OP_RowData );
  3383   3385     assert( pC!=0 );
................................................................................
  3397   3399       n = n64;
  3398   3400     }else{
  3399   3401       sqlite3BtreeDataSize(pCrsr, &n);
  3400   3402       if( n>SQLITE_MAX_LENGTH ){
  3401   3403         goto too_big;
  3402   3404       }
  3403   3405     }
         3406  +  if( sqlite3VdbeMemGrow(pOut, n, 0) ){
         3407  +    goto no_mem;
         3408  +  }
  3404   3409     pOut->n = n;
  3405         -  if( n<=NBFS ){
  3406         -    pOut->flags = MEM_Blob | MEM_Short;
  3407         -    pOut->z = pOut->zShort;
  3408         -  }else{
  3409         -    char *z = sqlite3_malloc( n );
  3410         -    if( z==0 ) goto no_mem;
  3411         -    pOut->flags = MEM_Blob | MEM_Dyn;
  3412         -    pOut->xDel = 0;
  3413         -    pOut->z = z;
  3414         -  }
         3410  +  MemSetTypeFlag(pOut, MEM_Blob);
  3415   3411     if( pC->isIndex ){
  3416   3412       rc = sqlite3BtreeKey(pCrsr, 0, n, pOut->z);
  3417   3413     }else{
  3418   3414       rc = sqlite3BtreeData(pCrsr, 0, n, pOut->z);
  3419   3415     }
  3420   3416     pOut->enc = SQLITE_UTF8;  /* In case the blob is ever cast to text */
  3421   3417     UPDATE_MAX_BLOBSIZE(pOut);
................................................................................
  3446   3442       break;
  3447   3443     }else{
  3448   3444       assert( pC->pCursor!=0 );
  3449   3445       sqlite3BtreeKeySize(pC->pCursor, &v);
  3450   3446       v = keyToInt(v);
  3451   3447     }
  3452   3448     pOut->u.i = v;
  3453         -  pOut->flags = MEM_Int;
         3449  +  MemSetTypeFlag(pOut, MEM_Int);
  3454   3450     break;
  3455   3451   }
  3456   3452   
  3457   3453   /* Opcode: NullRow P1 * * * *
  3458   3454   **
  3459   3455   ** Move the cursor P1 to a null row.  Any OP_Column operations
  3460   3456   ** that occur while the cursor is on the null row will always
................................................................................
  3638   3634       }
  3639   3635     }
  3640   3636     break;
  3641   3637   }
  3642   3638   
  3643   3639   /* Opcode: IdxDelete P1 P2 * * *
  3644   3640   **
  3645         -** The content of register P2 is an index key built using the either the
  3646         -** MakeIdxRec opcode.  Removes that entry from the index.
         3641  +** The content of register P2 is an index key built using the 
         3642  +** MakeIdxRec opcode. This opcode removes that entry from the 
         3643  +** index opened by cursor P1.
  3647   3644   */
  3648   3645   case OP_IdxDelete: {        /* in2 */
  3649   3646     int i = pOp->p1;
  3650   3647     Cursor *pC;
  3651   3648     BtCursor *pCrsr;
  3652   3649     assert( pIn2->flags & MEM_Blob );
  3653   3650     assert( i>=0 && i<p->nCursor );
................................................................................
  3685   3682       assert( pC->deferredMoveto==0 );
  3686   3683       assert( pC->isTable==0 );
  3687   3684       if( !pC->nullRow ){
  3688   3685         rc = sqlite3VdbeIdxRowid(pCrsr, &rowid);
  3689   3686         if( rc!=SQLITE_OK ){
  3690   3687           goto abort_due_to_error;
  3691   3688         }
  3692         -      pOut->flags = MEM_Int;
         3689  +      MemSetTypeFlag(pOut, MEM_Int);
  3693   3690         pOut->u.i = rowid;
  3694   3691       }
  3695   3692     }
  3696   3693     break;
  3697   3694   }
  3698   3695   
  3699   3696   /* Opcode: IdxGE P1 P2 P3 * P5
................................................................................
  3797   3794       rc = SQLITE_LOCKED;
  3798   3795       p->errorAction = OE_Abort;
  3799   3796     }else{
  3800   3797       int iDb = pOp->p3;
  3801   3798       assert( iCnt==1 );
  3802   3799       assert( (p->btreeMask & (1<<iDb))!=0 );
  3803   3800       rc = sqlite3BtreeDropTable(db->aDb[iDb].pBt, pOp->p1, &iMoved);
  3804         -    pOut->flags = MEM_Int;
         3801  +    MemSetTypeFlag(pOut, MEM_Int);
  3805   3802       pOut->u.i = iMoved;
  3806   3803   #ifndef SQLITE_OMIT_AUTOVACUUM
  3807   3804       if( rc==SQLITE_OK && iMoved!=0 ){
  3808   3805         sqlite3RootPageMoved(&db->aDb[iDb], iMoved, pOp->p1);
  3809   3806       }
  3810   3807   #endif
  3811   3808     }
................................................................................
  3866   3863       flags = BTREE_LEAFDATA|BTREE_INTKEY;
  3867   3864     }else{
  3868   3865       flags = BTREE_ZERODATA;
  3869   3866     }
  3870   3867     rc = sqlite3BtreeCreateTable(pDb->pBt, &pgno, flags);
  3871   3868     if( rc==SQLITE_OK ){
  3872   3869       pOut->u.i = pgno;
  3873         -    pOut->flags = MEM_Int;
         3870  +    MemSetTypeFlag(pOut, MEM_Int);
  3874   3871     }
  3875   3872     break;
  3876   3873   }
  3877   3874   
  3878   3875   /* Opcode: ParseSchema P1 P2 * P4 *
  3879   3876   **
  3880   3877   ** Read and parse all entries from the SQLITE_MASTER table of database P1
................................................................................
  4019   4016     z = sqlite3BtreeIntegrityCheck(db->aDb[pOp->p5].pBt, aRoot, nRoot,
  4020   4017                                    pnErr->u.i, &nErr);
  4021   4018     pnErr->u.i -= nErr;
  4022   4019     sqlite3VdbeMemSetNull(pIn1);
  4023   4020     if( nErr==0 ){
  4024   4021       assert( z==0 );
  4025   4022     }else{
  4026         -    pIn1->z = z;
  4027         -    pIn1->n = strlen(z);
  4028         -    pIn1->flags = MEM_Str | MEM_Dyn | MEM_Term;
  4029         -    pIn1->xDel = 0;
         4023  +    sqlite3VdbeMemSetStr(pIn1, z, -1, SQLITE_UTF8, sqlite3_free);
  4030   4024     }
  4031         -  pIn1->enc = SQLITE_UTF8;
  4032   4025     UPDATE_MAX_BLOBSIZE(pIn1);
  4033   4026     sqlite3VdbeChangeEncoding(pIn1, encoding);
  4034   4027     sqlite3_free(aRoot);
  4035   4028     break;
  4036   4029   }
  4037   4030   #endif /* SQLITE_OMIT_INTEGRITY_CHECK */
  4038   4031   
................................................................................
  4054   4047   ** 
  4055   4048   ** If the Fifo is empty jump to P2.
  4056   4049   */
  4057   4050   case OP_FifoRead: {         /* jump */
  4058   4051     CHECK_FOR_INTERRUPT;
  4059   4052     assert( pOp->p1>0 && pOp->p1<=p->nMem );
  4060   4053     pOut = &p->aMem[pOp->p1];
  4061         -  Release(pOut);
  4062         -  pOut->flags = MEM_Int;
         4054  +  MemSetTypeFlag(pOut, MEM_Int);
  4063   4055     if( sqlite3VdbeFifoPop(&p->sFifo, &pOut->u.i)==SQLITE_DONE ){
  4064   4056       pc = pOp->p2 - 1;
  4065   4057     }
  4066   4058     break;
  4067   4059   }
  4068   4060   
  4069   4061   #ifndef SQLITE_OMIT_TRIGGER
................................................................................
  4133   4125   **
  4134   4126   ** If the value of register P1 is 1 or greater, jump to P2.
  4135   4127   **
  4136   4128   ** It is illegal to use this instruction on a register that does
  4137   4129   ** not contain an integer.  An assertion fault will result if you try.
  4138   4130   */
  4139   4131   case OP_IfPos: {        /* jump, in1 */
  4140         -  assert( pIn1->flags==MEM_Int );
         4132  +  assert( pIn1->flags&MEM_Int );
  4141   4133     if( pIn1->u.i>0 ){
  4142   4134        pc = pOp->p2 - 1;
  4143   4135     }
  4144   4136     break;
  4145   4137   }
  4146   4138   
  4147   4139   /* Opcode: IfNeg P1 P2 * * *
................................................................................
  4148   4140   **
  4149   4141   ** If the value of register P1 is less than zero, jump to P2. 
  4150   4142   **
  4151   4143   ** It is illegal to use this instruction on a register that does
  4152   4144   ** not contain an integer.  An assertion fault will result if you try.
  4153   4145   */
  4154   4146   case OP_IfNeg: {        /* jump, in1 */
  4155         -  assert( pIn1->flags==MEM_Int );
         4147  +  assert( pIn1->flags&MEM_Int );
  4156   4148     if( pIn1->u.i<0 ){
  4157   4149        pc = pOp->p2 - 1;
  4158   4150     }
  4159   4151     break;
  4160   4152   }
  4161   4153   
  4162   4154   /* Opcode: IfZero P1 P2 * * *
................................................................................
  4163   4155   **
  4164   4156   ** If the value of register P1 is exactly 0, jump to P2. 
  4165   4157   **
  4166   4158   ** It is illegal to use this instruction on a register that does
  4167   4159   ** not contain an integer.  An assertion fault will result if you try.
  4168   4160   */
  4169   4161   case OP_IfZero: {        /* jump, in1 */
  4170         -  assert( pIn1->flags==MEM_Int );
         4162  +  assert( pIn1->flags&MEM_Int );
  4171   4163     if( pIn1->u.i==0 ){
  4172   4164        pc = pOp->p2 - 1;
  4173   4165     }
  4174   4166     break;
  4175   4167   }
  4176   4168   
  4177   4169   /* Opcode: AggStep * P2 P3 P4 P5
................................................................................
  4498   4490       break;
  4499   4491     }
  4500   4492     pModule = pCur->pVtabCursor->pVtab->pModule;
  4501   4493     assert( pModule->xRowid );
  4502   4494     if( sqlite3SafetyOff(db) ) goto abort_due_to_misuse;
  4503   4495     rc = pModule->xRowid(pCur->pVtabCursor, &iRow);
  4504   4496     if( sqlite3SafetyOn(db) ) goto abort_due_to_misuse;
  4505         -  pOut->flags = MEM_Int;
         4497  +  MemSetTypeFlag(pOut, MEM_Int);
  4506   4498     pOut->u.i = iRow;
  4507   4499     break;
  4508   4500   }
  4509   4501   #endif /* SQLITE_OMIT_VIRTUALTABLE */
  4510   4502   
  4511   4503   #ifndef SQLITE_OMIT_VIRTUALTABLE
  4512   4504   /* Opcode: VColumn P1 P2 P3 * *
................................................................................
  4527   4519     if( pCur->nullRow ){
  4528   4520       sqlite3VdbeMemSetNull(pDest);
  4529   4521       break;
  4530   4522     }
  4531   4523     pModule = pCur->pVtabCursor->pVtab->pModule;
  4532   4524     assert( pModule->xColumn );
  4533   4525     memset(&sContext, 0, sizeof(sContext));
  4534         -  sContext.s.flags = MEM_Null;
  4535         -  sContext.s.db = db;
         4526  +
         4527  +  /* The output cell may already have a buffer allocated. Move
         4528  +  ** the current contents to sContext.s so in case the user-function 
         4529  +  ** can use the already allocated buffer instead of allocating a 
         4530  +  ** new one.
         4531  +  */
         4532  +  sqlite3VdbeMemMove(&sContext.s, pDest);
         4533  +  MemSetTypeFlag(&sContext.s, MEM_Null);
         4534  +
  4536   4535     if( sqlite3SafetyOff(db) ) goto abort_due_to_misuse;
  4537   4536     rc = pModule->xColumn(pCur->pVtabCursor, &sContext, pOp->p2);
  4538   4537   
  4539   4538     /* Copy the result of the function to the P3 register. We
  4540   4539     ** do this regardless of whether or not an error occured to ensure any
  4541   4540     ** dynamic allocation in sContext.s (a Mem struct) is  released.
  4542   4541     */

Changes to src/vdbeInt.h.

    90     90     int payloadSize;      /* Total number of bytes in the record */
    91     91     u32 *aType;           /* Type values for all entries in the record */
    92     92     u32 *aOffset;         /* Cached offsets to the start of each columns data */
    93     93     u8 *aRow;             /* Data for the current row, if all on one page */
    94     94   };
    95     95   typedef struct Cursor Cursor;
    96     96   
    97         -/*
    98         -** Number of bytes of string storage space available to each stack
    99         -** layer without having to malloc.  NBFS is short for Number of Bytes
   100         -** For Strings.
   101         -*/
   102         -#define NBFS 32
   103         -
   104     97   /*
   105     98   ** A value for Cursor.cacheValid that means the cache is always invalid.
   106     99   */
   107    100   #define CACHE_STALE 0
   108    101   
   109    102   /*
   110    103   ** Internally, the vdbe manipulates nearly all SQL values as Mem
................................................................................
   126    119     sqlite3 *db;        /* The associated database connection */
   127    120     char *z;            /* String or BLOB value */
   128    121     int n;              /* Number of characters in string value, excluding '\0' */
   129    122     u16 flags;          /* Some combination of MEM_Null, MEM_Str, MEM_Dyn, etc. */
   130    123     u8  type;           /* One of SQLITE_NULL, SQLITE_TEXT, SQLITE_INTEGER, etc */
   131    124     u8  enc;            /* SQLITE_UTF8, SQLITE_UTF16BE, SQLITE_UTF16LE */
   132    125     void (*xDel)(void *);  /* If not null, call this function to delete Mem.z */
   133         -  char zShort[NBFS];  /* Space for short strings */
   134    126   };
   135    127   
   136    128   /* One or more of the following flags are set to indicate the validOK
   137    129   ** representations of the value stored in the Mem struct.
   138    130   **
   139    131   ** If the MEM_Null flag is set, then the value is an SQL NULL value.
   140    132   ** No other flags may be set in this case.
................................................................................
   150    142   */
   151    143   #define MEM_Null      0x0001   /* Value is NULL */
   152    144   #define MEM_Str       0x0002   /* Value is a string */
   153    145   #define MEM_Int       0x0004   /* Value is an integer */
   154    146   #define MEM_Real      0x0008   /* Value is a real number */
   155    147   #define MEM_Blob      0x0010   /* Value is a BLOB */
   156    148   
          149  +#define MemSetTypeFlag(p, f) \
          150  +  ((p)->flags = ((p)->flags&~(MEM_Int|MEM_Real|MEM_Null|MEM_Blob|MEM_Str))|f)
          151  +
   157    152   /* Whenever Mem contains a valid string or blob representation, one of
   158    153   ** the following flags must be set to determine the memory management
   159    154   ** policy for Mem.z.  The MEM_Term flag tells us whether or not the
   160    155   ** string is \000 or \u0000 terminated
   161    156   */
   162    157   #define MEM_Term      0x0020   /* String rep is nul terminated */
   163    158   #define MEM_Dyn       0x0040   /* Need to call sqliteFree() on Mem.z */
   164    159   #define MEM_Static    0x0080   /* Mem.z points to a static string */
   165    160   #define MEM_Ephem     0x0100   /* Mem.z points to an ephemeral string */
   166         -#define MEM_Short     0x0200   /* Mem.z points to Mem.zShort */
   167    161   #define MEM_Agg       0x0400   /* Mem.z points to an agg function context */
   168    162   #define MEM_Zero      0x0800   /* Mem.i contains count of 0s appended to blob */
   169    163   
   170    164   #ifdef SQLITE_OMIT_INCRBLOB
   171    165     #undef MEM_Zero
   172    166     #define MEM_Zero 0x0000
   173    167   #endif
................................................................................
   394    388   int sqlite3VdbeMemRealify(Mem*);
   395    389   int sqlite3VdbeMemNumerify(Mem*);
   396    390   int sqlite3VdbeMemFromBtree(BtCursor*,int,int,int,Mem*);
   397    391   void sqlite3VdbeMemRelease(Mem *p);
   398    392   int sqlite3VdbeMemFinalize(Mem*, FuncDef*);
   399    393   const char *sqlite3OpcodeName(int);
   400    394   int sqlite3VdbeOpcodeHasProperty(int, int);
          395  +int sqlite3VdbeMemGrow(Mem *pMem, int n, int preserve);
   401    396   
   402    397   #ifndef NDEBUG
   403    398     void sqlite3VdbeMemSanity(Mem*);
   404    399   #endif
   405    400   int sqlite3VdbeMemTranslate(Mem*, u8);
   406    401   #ifdef SQLITE_DEBUG
   407    402     void sqlite3VdbePrintSql(Vdbe*);

Changes to src/vdbeapi.c.

   940    940     int rc;
   941    941     Vdbe *p = (Vdbe *)pStmt;
   942    942     sqlite3_mutex_enter(p->db->mutex);
   943    943     rc = vdbeUnbind(p, i);
   944    944     if( rc==SQLITE_OK ){
   945    945       rc = sqlite3VdbeMemCopy(&p->aVar[i-1], pValue);
   946    946     }
          947  +  rc = sqlite3ApiExit(p->db, rc);
   947    948     sqlite3_mutex_leave(p->db->mutex);
   948    949     return rc;
   949    950   }
   950    951   int sqlite3_bind_zeroblob(sqlite3_stmt *pStmt, int i, int n){
   951    952     int rc;
   952    953     Vdbe *p = (Vdbe *)pStmt;
   953    954     sqlite3_mutex_enter(p->db->mutex);

Changes to src/vdbeaux.c.

   731    731   }
   732    732   #endif
   733    733   
   734    734   /*
   735    735   ** Release an array of N Mem elements
   736    736   */
   737    737   static void releaseMemArray(Mem *p, int N){
   738         -  if( p ){
          738  +  if( p && N ){
          739  +    sqlite3 *db = p->db;
          740  +    int malloc_failed = db->mallocFailed;
   739    741       while( N-->0 ){
   740    742         assert( N<2 || p[0].db==p[1].db );
   741         -      sqlite3VdbeMemSetNull(p++);
          743  +      sqlite3VdbeMemRelease(p);
          744  +      p++->flags = MEM_Null;
   742    745       }
          746  +    db->mallocFailed = malloc_failed;
   743    747     }
   744    748   }
   745    749   
   746    750   #ifndef SQLITE_OMIT_EXPLAIN
   747    751   /*
   748    752   ** Give a listing of the program in the virtual machine.
   749    753   **
................................................................................
   782    786       p->rc = SQLITE_OK;
   783    787       rc = SQLITE_DONE;
   784    788     }else if( db->u1.isInterrupted ){
   785    789       p->rc = SQLITE_INTERRUPT;
   786    790       rc = SQLITE_ERROR;
   787    791       sqlite3SetString(&p->zErrMsg, sqlite3ErrStr(p->rc), (char*)0);
   788    792     }else{
          793  +    char *z;
   789    794       Op *pOp = &p->aOp[i];
   790    795       if( p->explain==1 ){
   791    796         pMem->flags = MEM_Int;
   792    797         pMem->type = SQLITE_INTEGER;
   793    798         pMem->u.i = i;                                /* Program counter */
   794    799         pMem++;
   795    800     
................................................................................
   815    820       if( p->explain==1 ){
   816    821         pMem->flags = MEM_Int;
   817    822         pMem->u.i = pOp->p3;                          /* P3 */
   818    823         pMem->type = SQLITE_INTEGER;
   819    824         pMem++;
   820    825       }
   821    826   
   822         -    pMem->flags = MEM_Ephem|MEM_Str|MEM_Term;     /* P4 */
   823         -    pMem->z = displayP4(pOp, pMem->zShort, sizeof(pMem->zShort));
   824         -    assert( pMem->z!=0 );
   825         -    pMem->n = strlen(pMem->z);
          827  +    if( sqlite3VdbeMemGrow(pMem, 32, 0) ){            /* P4 */
          828  +      p->db->mallocFailed = 1;
          829  +      return SQLITE_NOMEM;
          830  +    }
          831  +    pMem->flags = MEM_Dyn|MEM_Str|MEM_Term;
          832  +    z = displayP4(pOp, pMem->z, 32);
          833  +    if( z!=pMem->z ){
          834  +      sqlite3VdbeMemSetStr(pMem, z, -1, SQLITE_UTF8, 0);
          835  +    }else{
          836  +      assert( pMem->z!=0 );
          837  +      pMem->n = strlen(pMem->z);
          838  +      pMem->enc = SQLITE_UTF8;
          839  +    }
   826    840       pMem->type = SQLITE_TEXT;
   827         -    pMem->enc = SQLITE_UTF8;
   828    841       pMem++;
   829    842   
   830    843       if( p->explain==1 ){
   831         -      pMem->flags = MEM_Str|MEM_Term|MEM_Short;
   832         -      pMem->n = sprintf(pMem->zShort, "%.2x", pOp->p5);   /* P5 */
   833         -      pMem->z = pMem->zShort;
          844  +      if( sqlite3VdbeMemGrow(pMem, 32, 0) ){
          845  +        p->db->mallocFailed = 1;
          846  +        return SQLITE_NOMEM;
          847  +      }
          848  +      pMem->flags = MEM_Dyn|MEM_Str|MEM_Term;
          849  +      pMem->n = sprintf(pMem->z, "%.2x", pOp->p5);   /* P5 */
   834    850         pMem->type = SQLITE_TEXT;
   835    851         pMem->enc = SQLITE_UTF8;
   836    852         pMem++;
   837    853     
   838    854         pMem->flags = MEM_Null;                       /* Comment */
   839    855   #ifdef SQLITE_DEBUG
   840    856         if( pOp->zComment ){
................................................................................
  1054   1070   ** This routine will automatically close any cursors, lists, and/or
  1055   1071   ** sorters that were left open.  It also deletes the values of
  1056   1072   ** variables in the aVar[] array.
  1057   1073   */
  1058   1074   static void Cleanup(Vdbe *p){
  1059   1075     int i;
  1060   1076     closeAllCursorsExceptActiveVtabs(p);
         1077  +  for(i=1; i<=p->nMem; i++){
         1078  +    MemSetTypeFlag(&p->aMem[i], MEM_Null);
         1079  +  }
  1061   1080     releaseMemArray(&p->aMem[1], p->nMem);
  1062   1081     sqlite3VdbeFifoClear(&p->sFifo);
  1063   1082     if( p->contextStack ){
  1064   1083       for(i=0; i<p->contextStackTop; i++){
  1065   1084         sqlite3VdbeFifoClear(&p->contextStack[i].sFifo);
  1066   1085       }
  1067   1086       sqlite3_free(p->contextStack);
................................................................................
  2129   2148     const unsigned char *aKey1 = (const unsigned char *)pKey1;
  2130   2149     const unsigned char *aKey2 = (const unsigned char *)pKey2;
  2131   2150   
  2132   2151     Mem mem1;
  2133   2152     Mem mem2;
  2134   2153     mem1.enc = pKeyInfo->enc;
  2135   2154     mem1.db = pKeyInfo->db;
         2155  +  mem1.flags = 0;
  2136   2156     mem2.enc = pKeyInfo->enc;
  2137   2157     mem2.db = pKeyInfo->db;
         2158  +  mem2.flags = 0;
  2138   2159     
  2139   2160     idx1 = GetVarint(aKey1, szHdr1);
  2140   2161     d1 = szHdr1;
  2141   2162     idx2 = GetVarint(aKey2, szHdr2);
  2142   2163     d2 = szHdr2;
  2143   2164     nField = pKeyInfo->nField;
  2144   2165     while( idx1<szHdr1 && idx2<szHdr2 ){
................................................................................
  2155   2176       */
  2156   2177       d1 += sqlite3VdbeSerialGet(&aKey1[d1], serial_type1, &mem1);
  2157   2178       d2 += sqlite3VdbeSerialGet(&aKey2[d2], serial_type2, &mem2);
  2158   2179   
  2159   2180       /* Do the comparison
  2160   2181       */
  2161   2182       rc = sqlite3MemCompare(&mem1, &mem2, i<nField ? pKeyInfo->aColl[i] : 0);
  2162         -    if( mem1.flags & MEM_Dyn ) sqlite3VdbeMemRelease(&mem1);
  2163         -    if( mem2.flags & MEM_Dyn ) sqlite3VdbeMemRelease(&mem2);
         2183  +    if( mem1.flags&MEM_Dyn ) sqlite3VdbeMemRelease(&mem1);
         2184  +    if( mem2.flags&MEM_Dyn ) sqlite3VdbeMemRelease(&mem2);
  2164   2185       if( rc!=0 ){
  2165   2186         break;
  2166   2187       }
  2167   2188       i++;
  2168   2189     }
  2169   2190   
  2170   2191     /* One of the keys ran out of fields, but all the fields up to that point
................................................................................
  2218   2239     u32 lenRowid;     /* Size of the rowid */
  2219   2240     Mem m, v;
  2220   2241   
  2221   2242     sqlite3BtreeKeySize(pCur, &nCellKey);
  2222   2243     if( nCellKey<=0 ){
  2223   2244       return SQLITE_CORRUPT_BKPT;
  2224   2245     }
         2246  +  m.flags = 0;
         2247  +  m.db = 0;
  2225   2248     rc = sqlite3VdbeMemFromBtree(pCur, 0, nCellKey, 1, &m);
  2226   2249     if( rc ){
  2227   2250       return rc;
  2228   2251     }
  2229   2252     sqlite3GetVarint32((u8*)m.z, &szHdr);
  2230   2253     sqlite3GetVarint32((u8*)&m.z[szHdr-1], &typeRowid);
  2231   2254     lenRowid = sqlite3VdbeSerialTypeLen(typeRowid);
................................................................................
  2257   2280     Mem m;
  2258   2281   
  2259   2282     sqlite3BtreeKeySize(pCur, &nCellKey);
  2260   2283     if( nCellKey<=0 ){
  2261   2284       *res = 0;
  2262   2285       return SQLITE_OK;
  2263   2286     }
         2287  +  m.db = 0;
         2288  +  m.flags = 0;
  2264   2289     rc = sqlite3VdbeMemFromBtree(pC->pCursor, 0, nCellKey, 1, &m);
  2265   2290     if( rc ){
  2266   2291       return rc;
  2267   2292     }
  2268   2293     lenRowid = sqlite3VdbeIdxRowidLen((u8*)m.z);
  2269   2294     *res = sqlite3VdbeRecordCompare(pC->pKeyInfo, m.n-lenRowid, m.z, nKey, pKey);
  2270   2295     sqlite3VdbeMemRelease(&m);

Changes to src/vdbemem.c.

    54     54     rc = sqlite3VdbeMemTranslate(pMem, desiredEnc);
    55     55     assert(rc==SQLITE_OK    || rc==SQLITE_NOMEM);
    56     56     assert(rc==SQLITE_OK    || pMem->enc!=desiredEnc);
    57     57     assert(rc==SQLITE_NOMEM || pMem->enc==desiredEnc);
    58     58     return rc;
    59     59   #endif
    60     60   }
           61  +
           62  +/*
           63  +** Make sure pMem->z points to a writable allocation of at least 
           64  +** n bytes.
           65  +**
           66  +** If the memory cell currently contains string or blob data
           67  +** and the third argument passed to this function is true, the 
           68  +** current content of the cell is preserved. Otherwise, it may
           69  +** be discarded.  
           70  +**
           71  +** This function sets the MEM_Dyn flag and clears any xDel callback.
           72  +** It also clears MEM_Ephem and MEM_Static. If the preserve flag is 
           73  +** not set, Mem.n is zeroed.
           74  +*/
           75  +int sqlite3VdbeMemGrow(Mem *pMem, int n, int preserve){
           76  +  int f = pMem->flags;
           77  +
           78  +  assert( (f & (MEM_Dyn|MEM_Static|MEM_Ephem))==0 
           79  +       || (f & (MEM_Dyn|MEM_Static|MEM_Ephem))==MEM_Dyn 
           80  +       || (f & (MEM_Dyn|MEM_Static|MEM_Ephem))==MEM_Ephem 
           81  +       || (f & (MEM_Dyn|MEM_Static|MEM_Ephem))==MEM_Static 
           82  +  );
           83  +
           84  +  if( ((f&MEM_Dyn)==0 || pMem->xDel || sqlite3MallocSize(pMem->z)<n) ){
           85  +
           86  +    /* Allocate the new buffer. The minimum allocation size is 32 bytes. */
           87  +    char *z = 0;
           88  +    if( n>0 ){
           89  +      if( preserve && (f&MEM_Dyn) && !pMem->xDel ){
           90  +        z = sqlite3DbReallocOrFree(pMem->db, pMem->z, n);
           91  +        pMem->z = 0;
           92  +        preserve = 0;
           93  +      }else{
           94  +        z = sqlite3DbMallocRaw(pMem->db, (n>32?n:32));
           95  +      }
           96  +      if( !z ){
           97  +        return SQLITE_NOMEM;
           98  +      }
           99  +    }
          100  +
          101  +    /* If the value is currently a string or blob and the preserve flag
          102  +    ** is true, copy the content to the new buffer. 
          103  +    */
          104  +    if( pMem->flags&(MEM_Blob|MEM_Str) && preserve ){
          105  +      int nCopy = (pMem->n>n?n:pMem->n);
          106  +      memcpy(z, pMem->z, nCopy);
          107  +    }
          108  + 
          109  +    /* Release the old buffer. */
          110  +    sqlite3VdbeMemRelease(pMem);
          111  +
          112  +    pMem->z = z;
          113  +    pMem->flags |= MEM_Dyn;
          114  +    pMem->flags &= ~(MEM_Ephem|MEM_Static);
          115  +    pMem->xDel = 0;
          116  +  }
          117  +  return SQLITE_OK;
          118  +}
    61    119   
    62    120   /*
    63    121   ** Make the given Mem object MEM_Dyn.
    64    122   **
    65    123   ** Return SQLITE_OK on success or SQLITE_NOMEM if malloc fails.
    66    124   */
    67    125   int sqlite3VdbeMemDynamicify(Mem *pMem){
    68         -  int n;
    69         -  u8 *z;
          126  +  int f;
    70    127     assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
    71    128     expandBlob(pMem);
    72         -  if( (pMem->flags & (MEM_Ephem|MEM_Static|MEM_Short))==0 ){
    73         -    return SQLITE_OK;
          129  +  f = pMem->flags;
          130  +  if( (f&(MEM_Str|MEM_Blob)) && ((f&MEM_Dyn)==0 || pMem->xDel) ){
          131  +    if( sqlite3VdbeMemGrow(pMem, pMem->n + 2, 1) ){
          132  +      return SQLITE_NOMEM;
          133  +    }
          134  +    pMem->z[pMem->n] = 0;
          135  +    pMem->z[pMem->n+1] = 0;
          136  +    pMem->flags |= MEM_Term;
    74    137     }
    75         -  assert( (pMem->flags & MEM_Dyn)==0 );
    76         -  n = pMem->n;
    77         -  assert( pMem->flags & (MEM_Str|MEM_Blob) );
    78         -  z = sqlite3DbMallocRaw(pMem->db, n+2 );
    79         -  if( z==0 ){
    80         -    return SQLITE_NOMEM;
    81         -  }
    82         -  pMem->flags |= MEM_Dyn|MEM_Term;
    83         -  pMem->xDel = 0;
    84         -  memcpy(z, pMem->z, n );
    85         -  z[n] = 0;
    86         -  z[n+1] = 0;
    87         -  pMem->z = (char*)z;
    88         -  pMem->flags &= ~(MEM_Ephem|MEM_Static|MEM_Short);
          138  +
    89    139     return SQLITE_OK;
    90    140   }
    91    141   
    92    142   /*
    93    143   ** If the given Mem* has a zero-filled tail, turn it into an ordinary
    94    144   ** blob stored in dynamically allocated space.
    95    145   */
    96    146   #ifndef SQLITE_OMIT_INCRBLOB
    97    147   int sqlite3VdbeMemExpandBlob(Mem *pMem){
    98    148     if( pMem->flags & MEM_Zero ){
    99         -    char *pNew;
   100    149       int nByte;
   101         -    assert( (pMem->flags & MEM_Blob)!=0 );
          150  +    assert( pMem->flags&MEM_Blob );
          151  +    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
          152  +
          153  +    /* Set nByte to the number of bytes required to store the expanded blob. */
   102    154       nByte = pMem->n + pMem->u.i;
   103         -    if( nByte<=0 ) nByte = 1;
   104         -    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
   105         -    pNew = sqlite3DbMallocRaw(pMem->db, nByte);
   106         -    if( pNew==0 ){
          155  +    if( nByte<=0 ){
          156  +      nByte = 1;
          157  +    }
          158  +    if( sqlite3VdbeMemGrow(pMem, nByte, 1) ){
   107    159         return SQLITE_NOMEM;
   108    160       }
   109         -    memcpy(pNew, pMem->z, pMem->n);
   110         -    memset(&pNew[pMem->n], 0, pMem->u.i);
   111         -    sqlite3VdbeMemRelease(pMem);
   112         -    pMem->z = pNew;
          161  +
          162  +    memset(&pMem->z[pMem->n], 0, pMem->u.i);
   113    163       pMem->n += pMem->u.i;
   114         -    pMem->u.i = 0;
   115         -    pMem->flags &= ~(MEM_Zero|MEM_Static|MEM_Ephem|MEM_Short|MEM_Term);
   116         -    pMem->flags |= MEM_Dyn;
          164  +    pMem->flags &= ~(MEM_Zero|MEM_Term);
   117    165     }
   118    166     return SQLITE_OK;
   119    167   }
   120    168   #endif
   121    169   
   122    170   
   123    171   /*
   124    172   ** Make the given Mem object either MEM_Short or MEM_Dyn so that bytes
   125    173   ** of the Mem.z[] array can be modified.
   126    174   **
   127    175   ** Return SQLITE_OK on success or SQLITE_NOMEM if malloc fails.
   128    176   */
   129    177   int sqlite3VdbeMemMakeWriteable(Mem *pMem){
   130         -  int n;
   131         -  u8 *z;
   132         -  assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
   133         -  expandBlob(pMem);
   134         -  if( (pMem->flags & (MEM_Ephem|MEM_Static))==0 ){
   135         -    return SQLITE_OK;
   136         -  }
   137         -  assert( (pMem->flags & MEM_Dyn)==0 );
   138         -  assert( pMem->flags & (MEM_Str|MEM_Blob) );
   139         -  if( (n = pMem->n)+2<sizeof(pMem->zShort) ){
   140         -    z = (u8*)pMem->zShort;
   141         -    pMem->flags |= MEM_Short|MEM_Term;
   142         -  }else{
   143         -    z = sqlite3DbMallocRaw(pMem->db, n+2 );
   144         -    if( z==0 ){
   145         -      return SQLITE_NOMEM;
   146         -    }
   147         -    pMem->flags |= MEM_Dyn|MEM_Term;
   148         -    pMem->xDel = 0;
   149         -  }
   150         -  memcpy(z, pMem->z, n );
   151         -  z[n] = 0;
   152         -  z[n+1] = 0;
   153         -  pMem->z = (char*)z;
   154         -  pMem->flags &= ~(MEM_Ephem|MEM_Static);
   155         -  assert(0==(1&(int)pMem->z));
   156         -  return SQLITE_OK;
          178  +  return sqlite3VdbeMemDynamicify(pMem);
   157    179   }
   158    180   
   159    181   /*
   160    182   ** Make sure the given Mem is \u0000 terminated.
   161    183   */
   162    184   int sqlite3VdbeMemNulTerminate(Mem *pMem){
   163    185     assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
   164    186     if( (pMem->flags & MEM_Term)!=0 || (pMem->flags & MEM_Str)==0 ){
   165    187       return SQLITE_OK;   /* Nothing to do */
   166    188     }
   167         -  if( pMem->flags & (MEM_Static|MEM_Ephem) ){
   168         -    return sqlite3VdbeMemMakeWriteable(pMem);
   169         -  }else{
   170         -    char *z; 
   171         -    sqlite3VdbeMemExpandBlob(pMem);
   172         -    z = sqlite3DbMallocRaw(pMem->db, pMem->n+2);
   173         -    if( !z ){
   174         -       return SQLITE_NOMEM;
   175         -    }
   176         -    memcpy(z, pMem->z, pMem->n);
   177         -    z[pMem->n] = 0;
   178         -    z[pMem->n+1] = 0;
   179         -    if( pMem->xDel ){
   180         -      pMem->xDel(pMem->z);
   181         -    }else{
   182         -      sqlite3_free(pMem->z);
   183         -    }
   184         -    pMem->xDel = 0;
   185         -    pMem->z = z;
   186         -    pMem->flags |= MEM_Term;
          189  +  if( sqlite3VdbeMemGrow(pMem, pMem->n+2, 1) ){
          190  +    return SQLITE_NOMEM;
   187    191     }
          192  +  pMem->z[pMem->n] = 0;
          193  +  pMem->z[pMem->n+1] = 0;
          194  +  pMem->flags |= MEM_Term;
   188    195     return SQLITE_OK;
   189    196   }
   190    197   
   191    198   /*
   192    199   ** Add MEM_Str to the set of representations for the given Mem.  Numbers
   193    200   ** are converted using sqlite3_snprintf().  Converting a BLOB to a string
   194    201   ** is a no-op.
................................................................................
   200    207   ** sqlite3_value_text()), or for ensuring that values to be used as btree
   201    208   ** keys are strings. In the former case a NULL pointer is returned the
   202    209   ** user and the later is an internal programming error.
   203    210   */
   204    211   int sqlite3VdbeMemStringify(Mem *pMem, int enc){
   205    212     int rc = SQLITE_OK;
   206    213     int fg = pMem->flags;
   207         -  char *z = pMem->zShort;
          214  +  const int nByte = 32;
   208    215   
   209    216     assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
   210    217     assert( !(fg&MEM_Zero) );
   211    218     assert( !(fg&(MEM_Str|MEM_Blob)) );
   212    219     assert( fg&(MEM_Int|MEM_Real) );
   213    220   
   214         -  /* For a Real or Integer, use sqlite3_snprintf() to produce the UTF-8
          221  +  if( sqlite3VdbeMemGrow(pMem, nByte, 0) ){
          222  +    return SQLITE_NOMEM;
          223  +  }
          224  +
          225  +  /* For a Real or Integer, use sqlite3_mprintf() to produce the UTF-8
   215    226     ** string representation of the value. Then, if the required encoding
   216    227     ** is UTF-16le or UTF-16be do a translation.
   217    228     ** 
   218    229     ** FIX ME: It would be better if sqlite3_snprintf() could do UTF-16.
   219    230     */
   220    231     if( fg & MEM_Int ){
   221         -    sqlite3_snprintf(NBFS, z, "%lld", pMem->u.i);
          232  +    sqlite3_snprintf(nByte, pMem->z, "%lld", pMem->u.i);
   222    233     }else{
   223    234       assert( fg & MEM_Real );
   224         -    sqlite3_snprintf(NBFS, z, "%!.15g", pMem->r);
          235  +    sqlite3_snprintf(nByte, pMem->z, "%!.15g", pMem->r);
   225    236     }
   226         -  pMem->n = strlen(z);
   227         -  pMem->z = z;
          237  +  pMem->n = strlen(pMem->z);
   228    238     pMem->enc = SQLITE_UTF8;
   229         -  pMem->flags |= MEM_Str | MEM_Short | MEM_Term;
          239  +  pMem->flags |= MEM_Str|MEM_Term;
   230    240     sqlite3VdbeChangeEncoding(pMem, enc);
   231    241     return rc;
   232    242   }
   233    243   
   234    244   /*
   235    245   ** Memory cell pMem contains the context of an aggregate function.
   236    246   ** This routine calls the finalize method for that function.  The
................................................................................
   242    252   int sqlite3VdbeMemFinalize(Mem *pMem, FuncDef *pFunc){
   243    253     int rc = SQLITE_OK;
   244    254     if( pFunc && pFunc->xFinalize ){
   245    255       sqlite3_context ctx;
   246    256       assert( (pMem->flags & MEM_Null)!=0 || pFunc==pMem->u.pDef );
   247    257       assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
   248    258       ctx.s.flags = MEM_Null;
   249         -    ctx.s.z = pMem->zShort;
   250    259       ctx.s.db = pMem->db;
   251    260       ctx.pMem = pMem;
   252    261       ctx.pFunc = pFunc;
   253    262       ctx.isError = 0;
   254    263       pFunc->xFinalize(&ctx);
   255         -    if( pMem->z && pMem->z!=pMem->zShort ){
          264  +    if( pMem->z ){
   256    265         sqlite3_free( pMem->z );
   257    266       }
   258    267       *pMem = ctx.s;
   259         -    if( pMem->flags & MEM_Short ){
   260         -      pMem->z = pMem->zShort;
   261         -    }
   262    268       rc = (ctx.isError?SQLITE_ERROR:SQLITE_OK);
   263    269     }
   264    270     return rc;
   265    271   }
   266    272   
   267    273   /*
   268    274   ** Release any memory held by the Mem. This may leave the Mem in an
................................................................................
   389    395     assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
   390    396   
   391    397     pMem->u.i = doubleToInt64(pMem->r);
   392    398     if( pMem->r==(double)pMem->u.i ){
   393    399       pMem->flags |= MEM_Int;
   394    400     }
   395    401   }
          402  +
          403  +static void setTypeFlag(Mem *pMem, int f){
          404  +  MemSetTypeFlag(pMem, f);
          405  +}
   396    406   
   397    407   /*
   398    408   ** Convert pMem to type integer.  Invalidate any prior representations.
   399    409   */
   400    410   int sqlite3VdbeMemIntegerify(Mem *pMem){
   401    411     assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
   402    412     pMem->u.i = sqlite3VdbeIntValue(pMem);
   403         -  sqlite3VdbeMemRelease(pMem);
   404         -  pMem->flags = MEM_Int;
          413  +  setTypeFlag(pMem, MEM_Int);
   405    414     return SQLITE_OK;
   406    415   }
   407    416   
   408    417   /*
   409    418   ** Convert pMem so that it is of type MEM_Real.
   410    419   ** Invalidate any prior representations.
   411    420   */
   412    421   int sqlite3VdbeMemRealify(Mem *pMem){
   413    422     assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
   414    423     pMem->r = sqlite3VdbeRealValue(pMem);
   415         -  sqlite3VdbeMemRelease(pMem);
   416         -  pMem->flags = MEM_Real;
          424  +  setTypeFlag(pMem, MEM_Real);
   417    425     return SQLITE_OK;
   418    426   }
   419    427   
   420    428   /*
   421    429   ** Convert pMem so that it has types MEM_Real or MEM_Int or both.
   422    430   ** Invalidate any prior representations.
   423    431   */
................................................................................
   430    438     r1 = sqlite3VdbeRealValue(pMem);
   431    439     i = doubleToInt64(r1);
   432    440     r2 = (double)i;
   433    441     if( r1==r2 ){
   434    442       sqlite3VdbeMemIntegerify(pMem);
   435    443     }else{
   436    444       pMem->r = r1;
   437         -    pMem->flags = MEM_Real;
   438         -    sqlite3VdbeMemRelease(pMem);
          445  +    setTypeFlag(pMem, MEM_Real);
   439    446     }
   440    447     return SQLITE_OK;
   441    448   }
   442    449   
   443    450   /*
   444    451   ** Delete any previous value and set the value stored in *pMem to NULL.
   445    452   */
   446    453   void sqlite3VdbeMemSetNull(Mem *pMem){
   447         -  sqlite3VdbeMemRelease(pMem);
   448         -  pMem->flags = MEM_Null;
          454  +  setTypeFlag(pMem, MEM_Null);
   449    455     pMem->type = SQLITE_NULL;
   450         -  pMem->n = 0;
   451    456   }
   452    457   
   453    458   /*
   454    459   ** Delete any previous value and set the value to be a BLOB of length
   455    460   ** n containing all zeros.
   456    461   */
   457    462   void sqlite3VdbeMemSetZeroBlob(Mem *pMem, int n){
   458    463     sqlite3VdbeMemRelease(pMem);
   459         -  pMem->flags = MEM_Blob|MEM_Zero|MEM_Short;
          464  +  setTypeFlag(pMem, MEM_Blob);
          465  +  pMem->flags = MEM_Blob|MEM_Zero;
   460    466     pMem->type = SQLITE_BLOB;
   461    467     pMem->n = 0;
   462    468     if( n<0 ) n = 0;
   463    469     pMem->u.i = n;
   464         -  pMem->z = pMem->zShort;
   465    470     pMem->enc = SQLITE_UTF8;
   466    471   }
   467    472   
   468    473   /*
   469    474   ** Delete any previous value and set the value stored in *pMem to val,
   470    475   ** manifest type INTEGER.
   471    476   */
................................................................................
   510    515   ** Make an shallow copy of pFrom into pTo.  Prior contents of
   511    516   ** pTo are freed.  The pFrom->z field is not duplicated.  If
   512    517   ** pFrom->z is used, then pTo->z points to the same thing as pFrom->z
   513    518   ** and flags gets srcType (either MEM_Ephem or MEM_Static).
   514    519   */
   515    520   void sqlite3VdbeMemShallowCopy(Mem *pTo, const Mem *pFrom, int srcType){
   516    521     sqlite3VdbeMemRelease(pTo);
   517         -  memcpy(pTo, pFrom, sizeof(*pFrom)-sizeof(pFrom->zShort));
          522  +  memcpy(pTo, pFrom, sizeof(*pFrom));
   518    523     pTo->xDel = 0;
   519         -  if( pTo->flags & (MEM_Str|MEM_Blob) ){
   520         -    pTo->flags &= ~(MEM_Dyn|MEM_Static|MEM_Short|MEM_Ephem);
          524  +  if( pTo->flags&MEM_Dyn ){
          525  +    pTo->flags &= ~(MEM_Dyn|MEM_Static|MEM_Ephem);
   521    526       assert( srcType==MEM_Ephem || srcType==MEM_Static );
   522    527       pTo->flags |= srcType;
   523    528     }
   524    529   }
   525    530   
   526    531   /*
   527    532   ** Make a full copy of pFrom into pTo.  Prior contents of pTo are
   528    533   ** freed before the copy is made.
   529    534   */
   530    535   int sqlite3VdbeMemCopy(Mem *pTo, const Mem *pFrom){
   531         -  int rc;
   532         -  sqlite3VdbeMemShallowCopy(pTo, pFrom, MEM_Ephem);
   533         -  if( pTo->flags & MEM_Ephem ){
   534         -    rc = sqlite3VdbeMemMakeWriteable(pTo);
          536  +  int rc = SQLITE_OK;
          537  +  char *zBuf = 0;
          538  +
          539  +  /* If cell pTo currently has a reusable buffer, save a pointer to it
          540  +  ** in local variable zBuf. This function attempts to avoid freeing
          541  +  ** this buffer.
          542  +  */
          543  +  if( pTo->xDel ){
          544  +    sqlite3VdbeMemRelease(pTo);
          545  +  }else if( pTo->flags&MEM_Dyn ){
          546  +    zBuf = pTo->z;
          547  +  }
          548  +
          549  +  /* Copy the contents of *pFrom to *pTo */
          550  +  memcpy(pTo, pFrom, sizeof(*pFrom));
          551  +
          552  +  if( pTo->flags&(MEM_Str|MEM_Blob) && pTo->flags&MEM_Static ){
          553  +    /* pFrom contained a pointer to a static string. In this case,
          554  +    ** free any dynamically allocated buffer associated with pTo.
          555  +    */
          556  +    sqlite3_free(zBuf);
   535    557     }else{
   536         -    rc = SQLITE_OK;
          558  +    char *zData = pTo->z;
          559  +
          560  +    pTo->z = zBuf;
          561  +    pTo->flags &= ~(MEM_Static|MEM_Ephem);
          562  +    pTo->flags |= MEM_Dyn;
          563  +    pTo->xDel = 0;
          564  + 
          565  +    if( pTo->flags&(MEM_Str|MEM_Blob) ){
          566  +      if( sqlite3VdbeMemGrow(pTo, pTo->n+2, 0) ){
          567  +        pTo->n = 0;
          568  +        rc = SQLITE_NOMEM;
          569  +      }else{
          570  +        memcpy(pTo->z, zData, pTo->n);
          571  +        pTo->z[pTo->n] = '\0';
          572  +        pTo->z[pTo->n+1] = '\0';
          573  +        pTo->flags |= MEM_Term;
          574  +      }
          575  +    }
   537    576     }
   538    577     return rc;
   539    578   }
   540    579   
   541    580   /*
   542    581   ** Transfer the contents of pFrom to pTo. Any existing value in pTo is
   543    582   ** freed. If pFrom contains ephemeral data, a copy is made.
................................................................................
   548    587     assert( pFrom->db==0 || sqlite3_mutex_held(pFrom->db->mutex) );
   549    588     assert( pTo->db==0 || sqlite3_mutex_held(pTo->db->mutex) );
   550    589     assert( pFrom->db==0 || pTo->db==0 || pFrom->db==pTo->db );
   551    590     if( pTo->flags & MEM_Dyn ){
   552    591       sqlite3VdbeMemRelease(pTo);
   553    592     }
   554    593     memcpy(pTo, pFrom, sizeof(Mem));
   555         -  if( pFrom->flags & MEM_Short ){
   556         -    pTo->z = pTo->zShort;
   557         -  }
   558    594     pFrom->flags = MEM_Null;
   559    595     pFrom->xDel = 0;
   560    596   }
   561    597   
   562    598   /*
   563    599   ** Change the value of a Mem to be a string or a BLOB.
          600  +**
          601  +** The memory management strategy depends on the value of the xDel
          602  +** parameter. If the value passed is SQLITE_TRANSIENT, then the 
          603  +** string is copied into a (possibly existing) buffer managed by the 
          604  +** Mem structure. Otherwise, any existing buffer is freed and the
          605  +** pointer copied.
   564    606   */
   565    607   int sqlite3VdbeMemSetStr(
   566    608     Mem *pMem,          /* Memory cell to set to string value */
   567    609     const char *z,      /* String pointer */
   568    610     int n,              /* Bytes in string, or negative */
   569    611     u8 enc,             /* Encoding of z.  0 for BLOBs */
   570    612     void (*xDel)(void*) /* Destructor function */
   571    613   ){
          614  +  int nByte = n;      /* New value for pMem->n */
          615  +  int flags = 0;      /* New value for pMem->flags */
          616  +
   572    617     assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
   573         -  sqlite3VdbeMemRelease(pMem);
          618  +
          619  +  /* If z is a NULL pointer, set pMem to contain an SQL NULL. */
   574    620     if( !z ){
   575         -    pMem->flags = MEM_Null;
   576         -    pMem->type = SQLITE_NULL;
          621  +    sqlite3VdbeMemSetNull(pMem);
   577    622       return SQLITE_OK;
   578    623     }
   579         -  pMem->z = (char *)z;
   580         -  if( xDel==SQLITE_STATIC ){
   581         -    pMem->flags = MEM_Static;
   582         -  }else if( xDel==SQLITE_TRANSIENT ){
   583         -    pMem->flags = MEM_Ephem;
          624  +
          625  +  flags = (enc==0?MEM_Blob:MEM_Str);
          626  +  if( nByte<0 ){
          627  +    assert( enc!=0 );
          628  +    nByte = ((enc==SQLITE_UTF8)?strlen(z):sqlite3Utf16ByteLen(z, -1));
          629  +    flags |= MEM_Term;
          630  +  }
          631  +
          632  +  /* The following block sets the new values of Mem.z and Mem.xDel. It
          633  +  ** also sets a flag in local variable "flags" to indicate the memory
          634  +  ** management (one of MEM_Dyn or MEM_Static).
          635  +  */
          636  +  if( xDel==SQLITE_TRANSIENT ){
          637  +    int nAlloc = nByte;
          638  +    if( flags&MEM_Term ){
          639  +      nAlloc += (enc==SQLITE_UTF8?1:2);
          640  +    }
          641  +    if( sqlite3VdbeMemGrow(pMem, nAlloc, 0) ){
          642  +      return SQLITE_NOMEM;
          643  +    }
          644  +    memcpy(pMem->z, z, nAlloc);
          645  +    flags |= MEM_Dyn;
   584    646     }else{
   585         -    pMem->flags = MEM_Dyn;
          647  +    sqlite3VdbeMemRelease(pMem);
          648  +    pMem->z = (char *)z;
   586    649       pMem->xDel = xDel;
          650  +    flags |= ((xDel==SQLITE_STATIC)?MEM_Static:MEM_Dyn);
   587    651     }
   588    652   
   589         -  pMem->enc = enc;
   590         -  pMem->type = enc==0 ? SQLITE_BLOB : SQLITE_TEXT;
   591         -  pMem->n = n;
   592         -
   593         -  assert( enc==0 || enc==SQLITE_UTF8 || enc==SQLITE_UTF16LE 
   594         -      || enc==SQLITE_UTF16BE );
   595         -  switch( enc ){
   596         -    case 0:
   597         -      pMem->flags |= MEM_Blob;
   598         -      pMem->enc = SQLITE_UTF8;
   599         -      break;
   600         -
   601         -    case SQLITE_UTF8:
   602         -      pMem->flags |= MEM_Str;
   603         -      if( n<0 ){
   604         -        pMem->n = strlen(z);
   605         -        pMem->flags |= MEM_Term;
   606         -      }
   607         -      break;
          653  +  pMem->n = nByte;
          654  +  pMem->flags = flags;
          655  +  pMem->enc = (enc==0 ? SQLITE_UTF8 : enc);
          656  +  pMem->type = (enc==0 ? SQLITE_BLOB : SQLITE_TEXT);
   608    657   
   609    658   #ifndef SQLITE_OMIT_UTF16
   610         -    case SQLITE_UTF16LE:
   611         -    case SQLITE_UTF16BE:
   612         -      pMem->flags |= MEM_Str;
   613         -      if( pMem->n<0 ){
   614         -        pMem->n = sqlite3Utf16ByteLen(pMem->z,-1);
   615         -        pMem->flags |= MEM_Term;
   616         -      }
   617         -      if( sqlite3VdbeMemHandleBom(pMem) ){
   618         -        return SQLITE_NOMEM;
   619         -      }
   620         -#endif /* SQLITE_OMIT_UTF16 */
          659  +  if( pMem->enc!=SQLITE_UTF8 && sqlite3VdbeMemHandleBom(pMem) ){
          660  +    return SQLITE_NOMEM;
   621    661     }
   622         -  if( pMem->flags&MEM_Ephem ){
   623         -    return sqlite3VdbeMemMakeWriteable(pMem);
   624         -  }
          662  +#endif
          663  +
   625    664     return SQLITE_OK;
   626    665   }
   627    666   
   628    667   /*
   629    668   ** Compare the values contained by the two memory cells, returning
   630    669   ** negative, zero or positive if pMem1 is less than, equal to, or greater
   631    670   ** than pMem2. Sorting order is NULL's first, followed by numbers (integers
................................................................................
   765    804     int amt,          /* Number of bytes to return. */
   766    805     int key,          /* If true, retrieve from the btree key, not data. */
   767    806     Mem *pMem         /* OUT: Return data in this Mem structure. */
   768    807   ){
   769    808     char *zData;       /* Data from the btree layer */
   770    809     int available = 0; /* Number of bytes available on the local btree page */
   771    810     sqlite3 *db;       /* Database connection */
          811  +  int rc = SQLITE_OK;
   772    812   
   773    813     db = sqlite3BtreeCursorDb(pCur);
   774    814     assert( sqlite3_mutex_held(db->mutex) );
   775    815     if( key ){
   776    816       zData = (char *)sqlite3BtreeKeyFetch(pCur, &available);
   777    817     }else{
   778    818       zData = (char *)sqlite3BtreeDataFetch(pCur, &available);
   779    819     }
   780    820     assert( zData!=0 );
   781    821   
   782         -  pMem->db = db;
   783         -  pMem->n = amt;
   784         -  if( offset+amt<=available ){
          822  +  if( offset+amt<=available && ((pMem->flags&MEM_Dyn)==0 || pMem->xDel) ){
          823  +    sqlite3VdbeMemRelease(pMem);
   785    824       pMem->z = &zData[offset];
   786    825       pMem->flags = MEM_Blob|MEM_Ephem;
   787         -  }else{
   788         -    int rc;
   789         -    if( amt>NBFS-2 ){
   790         -      zData = (char *)sqlite3DbMallocRaw(db, amt+2);
   791         -      if( !zData ){
   792         -        return SQLITE_NOMEM;
   793         -      }
   794         -      pMem->flags = MEM_Blob|MEM_Dyn|MEM_Term;
   795         -      pMem->xDel = 0;
   796         -    }else{
   797         -      zData = &(pMem->zShort[0]);
   798         -      pMem->flags = MEM_Blob|MEM_Short|MEM_Term;
   799         -    }
   800         -    pMem->z = zData;
          826  +  }else if( SQLITE_OK==(rc = sqlite3VdbeMemGrow(pMem, amt+2, 0)) ){
          827  +    pMem->flags = MEM_Blob|MEM_Dyn|MEM_Term;
   801    828       pMem->enc = 0;
   802    829       pMem->type = SQLITE_BLOB;
   803         -
   804    830       if( key ){
   805         -      rc = sqlite3BtreeKey(pCur, offset, amt, zData);
          831  +      rc = sqlite3BtreeKey(pCur, offset, amt, pMem->z);
   806    832       }else{
   807         -      rc = sqlite3BtreeData(pCur, offset, amt, zData);
          833  +      rc = sqlite3BtreeData(pCur, offset, amt, pMem->z);
   808    834       }
   809         -    zData[amt] = 0;
   810         -    zData[amt+1] = 0;
          835  +    pMem->z[amt] = 0;
          836  +    pMem->z[amt+1] = 0;
   811    837       if( rc!=SQLITE_OK ){
   812         -      if( amt>NBFS-2 ){
   813         -        assert( zData!=pMem->zShort );
   814         -        assert( pMem->flags & MEM_Dyn );
   815         -        sqlite3_free(zData);
   816         -      } else {
   817         -        assert( zData==pMem->zShort );
   818         -        assert( pMem->flags & MEM_Short );
   819         -      }
   820         -      return rc;
          838  +      sqlite3VdbeMemRelease(pMem);
   821    839       }
   822    840     }
          841  +  pMem->n = amt;
   823    842   
   824         -  return SQLITE_OK;
          843  +  return rc;
   825    844   }
   826    845   
   827    846   #if 0
   828    847   /*
   829    848   ** Perform various checks on the memory cell pMem. An assert() will
   830    849   ** fail if pMem is internally inconsistent.
   831    850   */
................................................................................
  1015   1034   }
  1016   1035   
  1017   1036   /*
  1018   1037   ** Free an sqlite3_value object
  1019   1038   */
  1020   1039   void sqlite3ValueFree(sqlite3_value *v){
  1021   1040     if( !v ) return;
  1022         -  sqlite3ValueSetStr(v, 0, 0, SQLITE_UTF8, SQLITE_STATIC);
         1041  +  sqlite3VdbeMemRelease((Mem *)v);
  1023   1042     sqlite3_free(v);
  1024   1043   }
  1025   1044   
  1026   1045   /*
  1027   1046   ** Return the number of bytes in the sqlite3_value object assuming
  1028   1047   ** that it uses the encoding "enc"
  1029   1048   */

Changes to test/mallocB.test.

     9      9   #
    10     10   #***********************************************************************
    11     11   # This file contains additional out-of-memory checks (see malloc.tcl).
    12     12   # These were all discovered by fuzzy generation of SQL. Apart from
    13     13   # that they have little in common.
    14     14   #
    15     15   #
    16         -# $Id: mallocB.test,v 1.7 2008/01/17 20:26:47 drh Exp $
           16  +# $Id: mallocB.test,v 1.8 2008/02/13 18:25:27 danielk1977 Exp $
    17     17   
    18     18   set testdir [file dirname $argv0]
    19     19   source $testdir/tester.tcl
    20     20   source $testdir/malloc_common.tcl
    21     21   
    22     22   # Only run these tests if memory debugging is turned on.
    23     23   #
................................................................................
    27     27      return
    28     28   }
    29     29   source $testdir/malloc_common.tcl
    30     30   
    31     31   do_malloc_test mallocB-1 -sqlbody {SELECT - 456}
    32     32   do_malloc_test mallocB-2 -sqlbody {SELECT - 456.1}
    33     33   do_malloc_test mallocB-3 -sqlbody {SELECT random()}
    34         -do_malloc_test mallocB-4 -sqlbody {SELECT zeroblob(1000)}
           34  +do_malloc_test mallocB-4 -sqlbody {SELECT length(zeroblob(1000))}
    35     35   ifcapable subquery {
    36     36     do_malloc_test mallocB-5 -sqlbody {SELECT * FROM (SELECT 1) GROUP BY 1;}
    37     37   }
    38     38   
    39     39   # The following test checks that there are no resource leaks following a
    40     40   # malloc() failure in sqlite3_set_auxdata().
    41     41   #

Changes to test/ptrchng.test.

    17     17   #
    18     18   #     sqlite3_value_text()
    19     19   #     sqlite3_value_text16()
    20     20   #     sqlite3_value_blob()
    21     21   #     sqlite3_value_bytes()
    22     22   #     sqlite3_value_bytes16()
    23     23   #
    24         -# $Id: ptrchng.test,v 1.2 2007/09/12 17:01:45 danielk1977 Exp $
           24  +# $Id: ptrchng.test,v 1.3 2008/02/13 18:25:27 danielk1977 Exp $
    25     25   
    26     26   set testdir [file dirname $argv0]
    27     27   source $testdir/tester.tcl
    28     28   
    29     29   ifcapable !bloblit {
    30     30     finish_test
    31     31     return
................................................................................
    48     48       SELECT count(*) FROM t1;
    49     49     }
    50     50   } {4}
    51     51   
    52     52   # For the short entries that fit in the Mem.zBuf[], the pointer should
    53     53   # never change regardless of what type conversions occur.
    54     54   #
           55  +# UPDATE: No longer true, as Mem.zBuf[] has been removed.
           56  +#
    55     57   do_test ptrchng-2.1 {
    56     58     execsql {
    57     59       SELECT pointer_change(y, 'text', 'noop', 'blob') FROM t1 WHERE x=1
    58     60     }
    59     61   } {0}
    60     62   do_test ptrchng-2.2 {
    61     63     execsql {
    62     64       SELECT pointer_change(y, 'blob', 'noop', 'text') FROM t1 WHERE x=1
    63     65     }
    64         -} {0}
           66  +} {1}
    65     67   ifcapable utf16 {
    66     68     do_test ptrchng-2.3 {
    67     69       execsql {
    68     70         SELECT pointer_change(y, 'text', 'noop', 'text16') FROM t1 WHERE x=1
    69     71       }
    70         -  } {0}
           72  +  } {1}
    71     73     do_test ptrchng-2.4 {
    72     74       execsql {
    73     75         SELECT pointer_change(y, 'blob', 'noop', 'text16') FROM t1 WHERE x=1
    74     76       }
    75         -  } {0}
           77  +  } {1}
    76     78     do_test ptrchng-2.5 {
    77     79       execsql {
    78     80         SELECT pointer_change(y, 'text16', 'noop', 'blob') FROM t1 WHERE x=1
    79     81       }
    80     82     } {0}
    81     83     do_test ptrchng-2.6 {
    82     84       execsql {
    83     85         SELECT pointer_change(y, 'text16', 'noop', 'text') FROM t1 WHERE x=1
    84     86       }
    85         -  } {0}
           87  +  } {1}
    86     88   }
    87     89   do_test ptrchng-2.11 {
    88     90     execsql {
    89     91       SELECT pointer_change(y, 'text', 'noop', 'blob') FROM t1 WHERE x=3
    90     92     }
    91     93   } {0}
    92     94   do_test ptrchng-2.12 {
    93     95     execsql {
    94     96       SELECT pointer_change(y, 'blob', 'noop', 'text') FROM t1 WHERE x=3
    95     97     }
    96         -} {0}
           98  +} {1}
    97     99   ifcapable utf16 {
    98    100     do_test ptrchng-2.13 {
    99    101       execsql {
   100    102         SELECT pointer_change(y, 'text', 'noop', 'text16') FROM t1 WHERE x=3
   101    103       }
   102         -  } {0}
          104  +  } {1}
   103    105     do_test ptrchng-2.14 {
   104    106       execsql {
   105    107         SELECT pointer_change(y, 'blob', 'noop', 'text16') FROM t1 WHERE x=3
   106    108       }
   107         -  } {0}
          109  +  } {1}
   108    110     do_test ptrchng-2.15 {
   109    111       execsql {
   110    112         SELECT pointer_change(y, 'text16', 'noop', 'blob') FROM t1 WHERE x=3
   111    113       }
   112    114     } {0}
   113    115     do_test ptrchng-2.16 {
   114    116   btree_breakpoint
   115    117       execsql {
   116    118         SELECT pointer_change(y, 'text16', 'noop', 'text') FROM t1 WHERE x=3
   117    119       }
   118         -  } {0}
          120  +  } {1}
   119    121   }
   120    122   
   121    123   # For the long entries that do not fit in the Mem.zBuf[], the pointer
   122    124   # should change sometimes.
   123    125   #
   124    126   do_test ptrchng-3.1 {
   125    127     execsql {
................................................................................
   126    128       SELECT pointer_change(y, 'text', 'noop', 'blob') FROM t1 WHERE x=2
   127    129     }
   128    130   } {0}
   129    131   do_test ptrchng-3.2 {
   130    132     execsql {
   131    133       SELECT pointer_change(y, 'blob', 'noop', 'text') FROM t1 WHERE x=2
   132    134     }
   133         -} {0}
          135  +} {1}
   134    136   ifcapable utf16 {
   135    137     do_test ptrchng-3.3 {
   136    138       execsql {
   137    139         SELECT pointer_change(y, 'text', 'noop', 'text16') FROM t1 WHERE x=2
   138    140       }
   139    141     } {1}
   140    142     do_test ptrchng-3.4 {
................................................................................
   158    160       SELECT pointer_change(y, 'text', 'noop', 'blob') FROM t1 WHERE x=4
   159    161     }
   160    162   } {0}
   161    163   do_test ptrchng-3.12 {
   162    164     execsql {
   163    165       SELECT pointer_change(y, 'blob', 'noop', 'text') FROM t1 WHERE x=4
   164    166     }
   165         -} {0}
          167  +} {1}
   166    168   ifcapable utf16 {
   167    169     do_test ptrchng-3.13 {
   168    170       execsql {
   169    171         SELECT pointer_change(y, 'text', 'noop', 'text16') FROM t1 WHERE x=4
   170    172       }
   171    173     } {1}
   172    174     do_test ptrchng-3.14 {

Changes to test/tester.tcl.

     7      7   #    May you find forgiveness for yourself and forgive others.
     8      8   #    May you share freely, never taking more than you give.
     9      9   #
    10     10   #***********************************************************************
    11     11   # This file implements some common TCL routines used for regression
    12     12   # testing the SQLite library
    13     13   #
    14         -# $Id: tester.tcl,v 1.103 2008/02/08 18:25:30 danielk1977 Exp $
           14  +# $Id: tester.tcl,v 1.104 2008/02/13 18:25:27 danielk1977 Exp $
    15     15   
    16     16   
    17     17   set tcl_precision 15
    18     18   set sqlite_pending_byte 0x0010000
    19     19   
    20     20   # 
    21     21   # Check the command-line arguments for a default soft-heap-limit.
................................................................................
   223    223       puts "All memory allocations freed - no leaks"
   224    224       ifcapable memdebug {
   225    225         sqlite3_memdebug_dump ./memusage.txt
   226    226       }
   227    227     }
   228    228     puts "Maximum memory usage: [sqlite3_memory_highwater 1] bytes"
   229    229     puts "Current memory usage: [sqlite3_memory_highwater] bytes"
          230  +  if {[info commands sqlite3_memdebug_malloc_count] ne ""} {
          231  +    puts "Number of malloc()  : [sqlite3_memdebug_malloc_count] calls"
          232  +  }
   230    233     foreach f [glob -nocomplain test.db-*-journal] {
   231    234       file delete -force $f
   232    235     }
   233    236     foreach f [glob -nocomplain test.db-mj*] {
   234    237       file delete -force $f
   235    238     }
   236    239     exit [expr {$nErr>0}]