SQLite

Check-in [596694752c]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Avoid a double-free in an out-of-memory situation with a USING clause or NATURAL JOIN. Ticket #2789. (CVS 4551)
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 596694752c5935ae50ad38d3b41bbda39ca999d8
User & Date: drh 2007-11-23 13:42:52.000
Context
2007-11-23
15:02
Make sure that INSERT INTO ... SELECT ... always uses an ephemeral intermediate table if the SELECT clause refers to the destination table, even if the SELECT clause is compound or uses the destination table in a subquery. This fixes a long-standing bug that can cause an infinite loop for some SQL statements. (CVS 4552) (check-in: 492b39b6a8 user: drh tags: trunk)
13:42
Avoid a double-free in an out-of-memory situation with a USING clause or NATURAL JOIN. Ticket #2789. (CVS 4551) (check-in: 596694752c user: drh tags: trunk)
2007-11-22
00:47
Change to sqlite3.pc.in recommended by ticket #2786. (CVS 4550) (check-in: 247fa2eac0 user: drh tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/select.c. 
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

**    May you find forgiveness for yourself and forgive others.
**    May you share freely, never taking more than you give.
**
*************************************************************************
** This file contains C code routines that are called by the parser
** to handle SELECT statements in SQLite.
**
** $Id: select.c,v 1.362 2007/11/21 15:24:01 drh Exp $
*/
#include "sqliteInt.h"


/*
** Delete all the content of a Select structure but do not deallocate
** the select structure itself.








|








8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

**    May you find forgiveness for yourself and forgive others.
**    May you share freely, never taking more than you give.
**
*************************************************************************
** This file contains C code routines that are called by the parser
** to handle SELECT statements in SQLite.
**
** $Id: select.c,v 1.363 2007/11/23 13:42:52 drh Exp $
*/
#include "sqliteInt.h"


/*
** Delete all the content of a Select structure but do not deallocate
** the select structure itself.

244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261

  pE1c = sqlite3PExpr(pParse, TK_DOT, pE1b, pE1a, 0);
  pE2c = sqlite3PExpr(pParse, TK_DOT, pE2b, pE2a, 0);
  pE = sqlite3PExpr(pParse, TK_EQ, pE1c, pE2c, 0);
  if( pE ){
    ExprSetProperty(pE, EP_FromJoin);
    pE->iRightJoinTable = iRightJoinTable;
  }
  pE = sqlite3ExprAnd(pParse->db,*ppExpr, pE);
  if( pE ){
    *ppExpr = pE;
  }
}

/*
** Set the EP_FromJoin property on all terms of the given expression.
** And set the Expr.iRightJoinTable to iTable for every term in the
** expression.
**








|
<
<
<








244
245
246
247
248
249
250
251



252
253
254
255
256
257
258

  pE1c = sqlite3PExpr(pParse, TK_DOT, pE1b, pE1a, 0);
  pE2c = sqlite3PExpr(pParse, TK_DOT, pE2b, pE2a, 0);
  pE = sqlite3PExpr(pParse, TK_EQ, pE1c, pE2c, 0);
  if( pE ){
    ExprSetProperty(pE, EP_FromJoin);
    pE->iRightJoinTable = iRightJoinTable;
  }
  *ppExpr = sqlite3ExprAnd(pParse->db,*ppExpr, pE);



}

/*
** Set the EP_FromJoin property on all terms of the given expression.
** And set the Expr.iRightJoinTable to iTable for every term in the
** expression.
**
Changes to test/mallocE.test. 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27


28
29
30
31
32
33
34
35
36
37








38
39

# 2007 Aug 29
#
# The author disclaims copyright to this source code.  In place of
# a legal notice, here is a blessing:
#
#    May you do good and not evil.
#    May you find forgiveness for yourself and forgive others.
#    May you share freely, never taking more than you give.
#
#***********************************************************************
#
# This test script checks that ticket #2784 has been fixed.
# 
# $Id: mallocE.test,v 1.1 2007/11/21 15:24:01 drh Exp $

set testdir [file dirname $argv0]
source $testdir/tester.tcl

# Only run these tests if memory debugging is turned on.
#
ifcapable !memdebug {
   puts "Skipping mallocE tests: not compiled with -DSQLITE_MEMDEBUG..."
   finish_test
   return
}
source $testdir/malloc_common.tcl



set PREP { 
  PRAGMA page_size = 1024;
  CREATE TABLE t1(a, b, c);
  CREATE TABLE t2(x, y, z);
}

do_malloc_test mallocE-1 -sqlprep $PREP -sqlbody { 
  SELECT p, q FROM (SELECT a+b AS p, b+c AS q FROM t1, t2 WHERE c>5)
              LEFT JOIN t2 ON p=x;
}









finish_test












|

|













>
>





<




>
>
>
>
>
>
>
>



1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

35
36
37
38
39
40
41
42
43
44
45
46
47
48

# 2007 Aug 29
#
# The author disclaims copyright to this source code.  In place of
# a legal notice, here is a blessing:
#
#    May you do good and not evil.
#    May you find forgiveness for yourself and forgive others.
#    May you share freely, never taking more than you give.
#
#***********************************************************************
#
# This test script checks that tickets #2784 and #2789 have been fixed.
# 
# $Id: mallocE.test,v 1.2 2007/11/23 13:42:53 drh Exp $

set testdir [file dirname $argv0]
source $testdir/tester.tcl

# Only run these tests if memory debugging is turned on.
#
ifcapable !memdebug {
   puts "Skipping mallocE tests: not compiled with -DSQLITE_MEMDEBUG..."
   finish_test
   return
}
source $testdir/malloc_common.tcl

# ticket #2784
#
set PREP { 
  PRAGMA page_size = 1024;
  CREATE TABLE t1(a, b, c);
  CREATE TABLE t2(x, y, z);
}

do_malloc_test mallocE-1 -sqlprep $PREP -sqlbody { 
  SELECT p, q FROM (SELECT a+b AS p, b+c AS q FROM t1, t2 WHERE c>5)
              LEFT JOIN t2 ON p=x;
}

# Ticket #2789
#
do_malloc_test mallocE-2 -sqlprep $PREP -sqlbody { 
  SELECT x, y2 FROM (SELECT a+b AS x, b+c AS y2 FROM t1, t2 WHERE c>5)
              LEFT JOIN t2 USING(x) WHERE y2>11;
}


finish_test