SQLite

Check-in [50ad60ded5]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Prevent a possible NULL pointer dereference in the OP_Found opcode that can follow an OOM error. Problem found by OSS-Fuzz.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | branch-3.19
Files: files | file ages | folders
SHA3-256: 50ad60ded54aa22dfdf519ed5da6451de790e22a972ff299f7976fbdce7a0579
User & Date: drh 2017-05-19 23:04:04.031
Context
2017-05-22
13:06
Include the "msvc.h" header file in the amalgamation tarball. (check-in: 3dd6fe53c7 user: drh tags: branch-3.19)
2017-05-19
23:04
Prevent a possible NULL pointer dereference in the OP_Found opcode that can follow an OOM error. Problem found by OSS-Fuzz. (check-in: 50ad60ded5 user: drh tags: branch-3.19)
22:51
Prevent a possible NULL pointer dereference in the OP_Found opcode that can follow an OOM error. Problem found by OSS-Fuzz. (check-in: c2de178fe7 user: drh tags: trunk)
20:46
Branch for the 3.19 release. (check-in: f2b829ec52 user: drh tags: branch-3.19)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/vdbe.c. 
4102
4103
4104
4105
4106
4107
4108




4109
4110
4111
4112
4113
4114
4115
4116
4117
4118
4119

      assert( (r.aMem[ii].flags & MEM_Zero)==0 || r.aMem[ii].n==0 );
      if( ii ) REGISTER_TRACE(pOp->p3+ii, &r.aMem[ii]);
    }
#endif
    pIdxKey = &r;
    pFree = 0;
  }else{




    pFree = pIdxKey = sqlite3VdbeAllocUnpackedRecord(pC->pKeyInfo);
    if( pIdxKey==0 ) goto no_mem;
    assert( pIn3->flags & MEM_Blob );
    (void)ExpandBlob(pIn3);
    sqlite3VdbeRecordUnpack(pC->pKeyInfo, pIn3->n, pIn3->z, pIdxKey);
  }
  pIdxKey->default_rc = 0;
  takeJump = 0;
  if( pOp->opcode==OP_NoConflict ){
    /* For the OP_NoConflict opcode, take the jump if any of the
    ** input fields are NULL, since any key with a NULL will not








>
>
>
>


<
<








4102
4103
4104
4105
4106
4107
4108
4109
4110
4111
4112
4113
4114


4115
4116
4117
4118
4119
4120
4121

      assert( (r.aMem[ii].flags & MEM_Zero)==0 || r.aMem[ii].n==0 );
      if( ii ) REGISTER_TRACE(pOp->p3+ii, &r.aMem[ii]);
    }
#endif
    pIdxKey = &r;
    pFree = 0;
  }else{
    assert( pIn3->flags & MEM_Blob );
    rc = ExpandBlob(pIn3);
    assert( rc==SQLITE_OK || rc==SQLITE_NOMEM );
    if( rc ) goto no_mem;
    pFree = pIdxKey = sqlite3VdbeAllocUnpackedRecord(pC->pKeyInfo);
    if( pIdxKey==0 ) goto no_mem;


    sqlite3VdbeRecordUnpack(pC->pKeyInfo, pIn3->n, pIn3->z, pIdxKey);
  }
  pIdxKey->default_rc = 0;
  takeJump = 0;
  if( pOp->opcode==OP_NoConflict ){
    /* For the OP_NoConflict opcode, take the jump if any of the
    ** input fields are NULL, since any key with a NULL will not