SQLite

Check-in [d9c9fe9f5a]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix an overzealous assert() statement discovered by OSSFuzz.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: d9c9fe9f5ad3fc9123ad29ebafcb7f40dcecd448fb7a928bb31bea8181d81ec1
User & Date: drh 2018-08-06 01:21:53.563
References
2019-12-22
18:23
Back out the asserts of check-ins [a500893b6f64aced] and [d9c9fe9f5ad3fc91] as ticket [1b06916e01c82b66] demonstrates a case that refutes them. (check-in: ddb17d92df user: drh tags: trunk)
Context
2018-08-06
01:39
Add the --info option to the fuzzcheck test utility. (check-in: 1caaaaa70f user: drh tags: trunk)
01:21
Fix an overzealous assert() statement discovered by OSSFuzz. (check-in: d9c9fe9f5a user: drh tags: trunk)
2018-08-04
20:30
Remove the column-cache from the code generator. The column-cache has been a persistent source of bugs for years and with recent improvements in the performance of OP_Column, it no longer provides a benefit. After the column cache is removed, the binary is almost 2KB smaller and the speed-check.sh performance test is over 3 million cycles faster. (check-in: cdff3af7be user: drh tags: trunk)
Changes
Unified Diff Show Whitespace Changes Patch
Changes to src/vdbe.c.
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
case OP_Gt:               /* same as TK_GT, jump, in1, in3 */
case OP_Ge: {             /* same as TK_GE, jump, in1, in3 */
  int res, res2;      /* Result of the comparison of pIn1 against pIn3 */
  char affinity;      /* Affinity to use for comparison */
  u16 flags1;         /* Copy of initial value of pIn1->flags */
  u16 flags3;         /* Copy of initial value of pIn3->flags */

  /* The only way for P1 and P3 to be the same is when comparing constants.
  ** But in that case, the affinities will always be SQLITE_AFF_BLOB or none */
  assert( pOp->p1!=pOp->p3 || (pOp->p5 & SQLITE_AFF_MASK)<=SQLITE_AFF_BLOB );
  testcase( pOp->p1==pOp->p3 );

  pIn1 = &aMem[pOp->p1];
  pIn3 = &aMem[pOp->p3];
  flags1 = pIn1->flags;
  flags3 = pIn3->flags;
  if( (flags1 | flags3)&MEM_Null ){
    /* One or both operands are NULL */
    if( pOp->p5 & SQLITE_NULLEQ ){







<
<
<
<
<







1908
1909
1910
1911
1912
1913
1914





1915
1916
1917
1918
1919
1920
1921
case OP_Gt:               /* same as TK_GT, jump, in1, in3 */
case OP_Ge: {             /* same as TK_GE, jump, in1, in3 */
  int res, res2;      /* Result of the comparison of pIn1 against pIn3 */
  char affinity;      /* Affinity to use for comparison */
  u16 flags1;         /* Copy of initial value of pIn1->flags */
  u16 flags3;         /* Copy of initial value of pIn3->flags */






  pIn1 = &aMem[pOp->p1];
  pIn3 = &aMem[pOp->p3];
  flags1 = pIn1->flags;
  flags3 = pIn3->flags;
  if( (flags1 | flags3)&MEM_Null ){
    /* One or both operands are NULL */
    if( pOp->p5 & SQLITE_NULLEQ ){
1960
1961
1962
1963
1964
1965
1966

1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
  }else{
    /* Neither operand is NULL.  Do a comparison. */
    affinity = pOp->p5 & SQLITE_AFF_MASK;
    if( affinity>=SQLITE_AFF_NUMERIC ){
      if( (flags1 | flags3)&MEM_Str ){
        if( (flags1 & (MEM_Int|MEM_Real|MEM_Str))==MEM_Str ){
          applyNumericAffinity(pIn1,0);

          /* testcase( flags3!=pIn3->flags );
          ** this used to be possible with pIn1==pIn3, but not since
          ** the column cache was removed.  The following assignment
          ** is essentially a no-op.  But, it prevents defense-in-depth
          ** in case our analysis is incorrect, so it is left in. */
          flags3 = pIn3->flags;
        }
        if( (flags3 & (MEM_Int|MEM_Real|MEM_Str))==MEM_Str ){
          applyNumericAffinity(pIn3,0);
        }
      }







>



|







1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
  }else{
    /* Neither operand is NULL.  Do a comparison. */
    affinity = pOp->p5 & SQLITE_AFF_MASK;
    if( affinity>=SQLITE_AFF_NUMERIC ){
      if( (flags1 | flags3)&MEM_Str ){
        if( (flags1 & (MEM_Int|MEM_Real|MEM_Str))==MEM_Str ){
          applyNumericAffinity(pIn1,0);
          assert( flags3==pIn3->flags );
          /* testcase( flags3!=pIn3->flags );
          ** this used to be possible with pIn1==pIn3, but not since
          ** the column cache was removed.  The following assignment
          ** is essentially a no-op.  But, it provides defense-in-depth
          ** in case our analysis is incorrect, so it is left in. */
          flags3 = pIn3->flags;
        }
        if( (flags3 & (MEM_Int|MEM_Real|MEM_Str))==MEM_Str ){
          applyNumericAffinity(pIn3,0);
        }
      }
Changes to test/fuzzdata4.db.

cannot compute difference between binary files