Overview
| SHA1 Hash: | cfba2c8dadbf1fa6f1602a327933570820a3b134 |
|---|---|
| Date: | 2013-02-16 02:41:01 |
| User: | drh |
| Comment: | Fix an unsafe VM register deallocation. |
Tags And Properties
- branch=trunk inherited from [704b122e53]
- sym-trunk inherited from [704b122e53]
Changes
Changes to src/select.c
2362 ** operator is UNION, EXCEPT, or INTERSECT (but not UNION ALL). 2362 ** operator is UNION, EXCEPT, or INTERSECT (but not UNION ALL). 2363 */ 2363 */ 2364 if( op==TK_ALL ){ 2364 if( op==TK_ALL ){ 2365 regPrev = 0; 2365 regPrev = 0; 2366 }else{ 2366 }else{ 2367 int nExpr = p->pEList->nExpr; 2367 int nExpr = p->pEList->nExpr; 2368 assert( nOrderBy>=nExpr || db->mallocFailed ); 2368 assert( nOrderBy>=nExpr || db->mallocFailed ); 2369 regPrev = sqlite3GetTempRange(pParse, nExpr+1); | 2369 regPrev = pParse->nMem+1; > 2370 pParse->nMem += nExpr+1; 2370 sqlite3VdbeAddOp2(v, OP_Integer, 0, regPrev); 2371 sqlite3VdbeAddOp2(v, OP_Integer, 0, regPrev); 2371 pKeyDup = sqlite3DbMallocZero(db, 2372 pKeyDup = sqlite3DbMallocZero(db, 2372 sizeof(*pKeyDup) + nExpr*(sizeof(CollSeq*)+1) ); 2373 sizeof(*pKeyDup) + nExpr*(sizeof(CollSeq*)+1) ); 2373 if( pKeyDup ){ 2374 if( pKeyDup ){ 2374 pKeyDup->aSortOrder = (u8*)&pKeyDup->aColl[nExpr]; 2375 pKeyDup->aSortOrder = (u8*)&pKeyDup->aColl[nExpr]; 2375 pKeyDup->nField = (u16)nExpr; 2376 pKeyDup->nField = (u16)nExpr; 2376 pKeyDup->enc = ENC(db); 2377 pKeyDup->enc = ENC(db); ................................................................................................................................................................................ 2544 sqlite3VdbeResolveLabel(v, labelCmpr); 2545 sqlite3VdbeResolveLabel(v, labelCmpr); 2545 sqlite3VdbeAddOp4(v, OP_Permutation, 0, 0, 0, (char*)aPermute, P4_INTARRAY); 2546 sqlite3VdbeAddOp4(v, OP_Permutation, 0, 0, 0, (char*)aPermute, P4_INTARRAY); 2546 sqlite3VdbeAddOp4(v, OP_Compare, destA.iSdst, destB.iSdst, nOrderBy, 2547 sqlite3VdbeAddOp4(v, OP_Compare, destA.iSdst, destB.iSdst, nOrderBy, 2547 (char*)pKeyMerge, P4_KEYINFO_HANDOFF); 2548 (char*)pKeyMerge, P4_KEYINFO_HANDOFF); 2548 sqlite3VdbeChangeP5(v, OPFLAG_PERMUTE); 2549 sqlite3VdbeChangeP5(v, OPFLAG_PERMUTE); 2549 sqlite3VdbeAddOp3(v, OP_Jump, addrAltB, addrAeqB, addrAgtB); 2550 sqlite3VdbeAddOp3(v, OP_Jump, addrAltB, addrAeqB, addrAgtB); 2550 2551 2551 /* Release temporary registers < 2552 */ < 2553 if( regPrev ){ < 2554 sqlite3ReleaseTempRange(pParse, regPrev, nOrderBy+1); < 2555 } < 2556 < 2557 /* Jump to the this point in order to terminate the query. 2552 /* Jump to the this point in order to terminate the query. 2558 */ 2553 */ 2559 sqlite3VdbeResolveLabel(v, labelEnd); 2554 sqlite3VdbeResolveLabel(v, labelEnd); 2560 2555 2561 /* Set the number of output columns 2556 /* Set the number of output columns 2562 */ 2557 */ 2563 if( pDest->eDest==SRT_Output ){ 2558 if( pDest->eDest==SRT_Output ){