/ Check-in [d9c9fe9f]
Login
Home Timeline Branches

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix an overzealous assert() statement discovered by OSSFuzz.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: d9c9fe9f5ad3fc9123ad29ebafcb7f40dcecd448fb7a928bb31bea8181d81ec1
User & Date: drh 2018-08-06 01:21:53
References
2019-12-22
18:23
Back out the asserts of check-ins [a500893b6f64aced] and [d9c9fe9f5ad3fc91] as ticket [1b06916e01c82b66] demonstrates a case that refutes them. (check-in: ddb17d92 user: drh tags: trunk)
Context
2018-08-06
01:39
Add the --info option to the fuzzcheck test utility. (check-in: 1caaaaa7 user: drh tags: trunk)
01:21
Fix an overzealous assert() statement discovered by OSSFuzz. (check-in: d9c9fe9f user: drh tags: trunk)
2018-08-04
20:30
Remove the column-cache from the code generator. The column-cache has been a persistent source of bugs for years and with recent improvements in the performance of OP_Column, it no longer provides a benefit. After the column cache is removed, the binary is almost 2KB smaller and the speed-check.sh performance test is over 3 million cycles faster. (check-in: cdff3af7 user: drh tags: trunk)
Changes
Hide Diffs Unified Diffs Show Whitespace Changes Patch

Changes to src/vdbe.c. 

1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
....
1960
1961
1962
1963
1964
1965
1966

1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977

case OP_Gt:               /* same as TK_GT, jump, in1, in3 */
case OP_Ge: {             /* same as TK_GE, jump, in1, in3 */
  int res, res2;      /* Result of the comparison of pIn1 against pIn3 */
  char affinity;      /* Affinity to use for comparison */
  u16 flags1;         /* Copy of initial value of pIn1->flags */
  u16 flags3;         /* Copy of initial value of pIn3->flags */

  /* The only way for P1 and P3 to be the same is when comparing constants.
  ** But in that case, the affinities will always be SQLITE_AFF_BLOB or none */
  assert( pOp->p1!=pOp->p3 || (pOp->p5 & SQLITE_AFF_MASK)<=SQLITE_AFF_BLOB );
  testcase( pOp->p1==pOp->p3 );

  pIn1 = &aMem[pOp->p1];
  pIn3 = &aMem[pOp->p3];
  flags1 = pIn1->flags;
  flags3 = pIn3->flags;
  if( (flags1 | flags3)&MEM_Null ){
    /* One or both operands are NULL */
    if( pOp->p5 & SQLITE_NULLEQ ){
................................................................................
  }else{
    /* Neither operand is NULL.  Do a comparison. */
    affinity = pOp->p5 & SQLITE_AFF_MASK;
    if( affinity>=SQLITE_AFF_NUMERIC ){
      if( (flags1 | flags3)&MEM_Str ){
        if( (flags1 & (MEM_Int|MEM_Real|MEM_Str))==MEM_Str ){
          applyNumericAffinity(pIn1,0);

          /* testcase( flags3!=pIn3->flags );
          ** this used to be possible with pIn1==pIn3, but not since
          ** the column cache was removed.  The following assignment
          ** is essentially a no-op.  But, it prevents defense-in-depth
          ** in case our analysis is incorrect, so it is left in. */
          flags3 = pIn3->flags;
        }
        if( (flags3 & (MEM_Int|MEM_Real|MEM_Str))==MEM_Str ){
          applyNumericAffinity(pIn3,0);
        }
      }








<
<
<
<
<







 







>



|








1908
1909
1910
1911
1912
1913
1914





1915
1916
1917
1918
1919
1920
1921
....
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973

case OP_Gt:               /* same as TK_GT, jump, in1, in3 */
case OP_Ge: {             /* same as TK_GE, jump, in1, in3 */
  int res, res2;      /* Result of the comparison of pIn1 against pIn3 */
  char affinity;      /* Affinity to use for comparison */
  u16 flags1;         /* Copy of initial value of pIn1->flags */
  u16 flags3;         /* Copy of initial value of pIn3->flags */






  pIn1 = &aMem[pOp->p1];
  pIn3 = &aMem[pOp->p3];
  flags1 = pIn1->flags;
  flags3 = pIn3->flags;
  if( (flags1 | flags3)&MEM_Null ){
    /* One or both operands are NULL */
    if( pOp->p5 & SQLITE_NULLEQ ){
................................................................................
  }else{
    /* Neither operand is NULL.  Do a comparison. */
    affinity = pOp->p5 & SQLITE_AFF_MASK;
    if( affinity>=SQLITE_AFF_NUMERIC ){
      if( (flags1 | flags3)&MEM_Str ){
        if( (flags1 & (MEM_Int|MEM_Real|MEM_Str))==MEM_Str ){
          applyNumericAffinity(pIn1,0);
          assert( flags3==pIn3->flags );
          /* testcase( flags3!=pIn3->flags );
          ** this used to be possible with pIn1==pIn3, but not since
          ** the column cache was removed.  The following assignment
          ** is essentially a no-op.  But, it provides defense-in-depth
          ** in case our analysis is incorrect, so it is left in. */
          flags3 = pIn3->flags;
        }
        if( (flags3 & (MEM_Int|MEM_Real|MEM_Str))==MEM_Str ){
          applyNumericAffinity(pIn3,0);
        }
      }

Changes to test/fuzzdata4.db.

cannot compute difference between binary files

This page was generated in about 0.027s by Fossil 2.12 [75b76efbba] 2020-07-02 01:56:03