/ Check-in [c2de178f]
Login
Home Timeline Branches Tags Tickets Wiki More...

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Prevent a possible NULL pointer dereference in the OP_Found opcode that can follow an OOM error. Problem found by OSS-Fuzz.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: c2de178fe7e2e4e0d764e7e6ac637cfc8c053580c43f7246318dafad2974de3c
User & Date: drh 2017-05-19 22:51:00
Context
2017-05-22
00:45
When planning a query using sorting, resolve ties in the solver by selecting loop plans with the smaller unsorted cost. check-in: f261678c user: drh tags: trunk
2017-05-19
23:04
Prevent a possible NULL pointer dereference in the OP_Found opcode that can follow an OOM error. Problem found by OSS-Fuzz. check-in: 50ad60de user: drh tags: branch-3.19
22:51
Prevent a possible NULL pointer dereference in the OP_Found opcode that can follow an OOM error. Problem found by OSS-Fuzz. check-in: c2de178f user: drh tags: trunk
20:55
Improved comments on one routine in the query planner. Improved diagnostic output for ".wheretrace". No production code changes. check-in: 946b87a5 user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/vdbe.c. 

  4102   4102         assert( (r.aMem[ii].flags & MEM_Zero)==0 || r.aMem[ii].n==0 );
  4103   4103         if( ii ) REGISTER_TRACE(pOp->p3+ii, &r.aMem[ii]);
  4104   4104       }
  4105   4105   #endif
  4106   4106       pIdxKey = &r;
  4107   4107       pFree = 0;
  4108   4108     }else{
         4109  +    assert( pIn3->flags & MEM_Blob );
         4110  +    rc = ExpandBlob(pIn3);
         4111  +    assert( rc==SQLITE_OK || rc==SQLITE_NOMEM );
         4112  +    if( rc ) goto no_mem;
  4109   4113       pFree = pIdxKey = sqlite3VdbeAllocUnpackedRecord(pC->pKeyInfo);
  4110   4114       if( pIdxKey==0 ) goto no_mem;
  4111         -    assert( pIn3->flags & MEM_Blob );
  4112         -    (void)ExpandBlob(pIn3);
  4113   4115       sqlite3VdbeRecordUnpack(pC->pKeyInfo, pIn3->n, pIn3->z, pIdxKey);
  4114   4116     }
  4115   4117     pIdxKey->default_rc = 0;
  4116   4118     takeJump = 0;
  4117   4119     if( pOp->opcode==OP_NoConflict ){
  4118   4120       /* For the OP_NoConflict opcode, take the jump if any of the
  4119   4121       ** input fields are NULL, since any key with a NULL will not

This page was generated in about 0.014s by Fossil 2.11 [a92d5a514d] 2019-10-23 00:46:53