SQLite

Check-in [8d27e3e16a]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a potential NULL pointer dereference following a syntax error.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 8d27e3e16a9be79fe227e833f4770ebe09a9d90b
User & Date: drh 2015-03-22 10:23:17.264
Context
2015-03-23
19:03
Fix datetype size asserts in btree.c. (check-in: ff4812d0e8 user: drh tags: trunk)
17:25
Add the sqlite3_status64() interface. Make the new interface and the legacy sqlite3_status() both atomic and threadsafe. Check threadsafety using assert()s. (check-in: 1ce8e8fa4b user: drh tags: status64)
2015-03-22
10:23
Fix a potential NULL pointer dereference following a syntax error. (check-in: 8d27e3e16a user: drh tags: trunk)
2015-03-21
23:38
Fix harmless compiler warnings with MSVC when assert() and SQLITE_MEMDEBUG are both enabled. (check-in: 9513dbd486 user: mistachkin tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/expr.c.
393
394
395
396
397
398
399

400
401
402
403
404
405
406
** the height is greater than the maximum allowed expression depth,
** leave an error in pParse.
**
** Also propagate all EP_Propagate flags from the Expr.x.pList into
** Expr.flags. 
*/
void sqlite3ExprSetHeightAndFlags(Parse *pParse, Expr *p){

  exprSetHeight(p);
  sqlite3ExprCheckHeight(pParse, p->nHeight);
}

/*
** Return the maximum height of any expression tree referenced
** by the select statement passed as an argument.







>







393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
** the height is greater than the maximum allowed expression depth,
** leave an error in pParse.
**
** Also propagate all EP_Propagate flags from the Expr.x.pList into
** Expr.flags. 
*/
void sqlite3ExprSetHeightAndFlags(Parse *pParse, Expr *p){
  if( pParse->nErr ) return;
  exprSetHeight(p);
  sqlite3ExprCheckHeight(pParse, p->nHeight);
}

/*
** Return the maximum height of any expression tree referenced
** by the select statement passed as an argument.
Changes to test/misc1.test.
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
#
#***********************************************************************
# This file implements regression tests for SQLite library.
#
# This file implements tests for miscellanous features that were
# left out of other test files.
#
# $Id: misc1.test,v 1.42 2007/11/05 14:58:23 drh Exp $

set testdir [file dirname $argv0]
source $testdir/tester.tcl

# Mimic the SQLite 2 collation type NUMERIC.
db collate numeric numeric_collate
proc numeric_collate {lhs rhs} {







<







9
10
11
12
13
14
15

16
17
18
19
20
21
22
#
#***********************************************************************
# This file implements regression tests for SQLite library.
#
# This file implements tests for miscellanous features that were
# left out of other test files.
#


set testdir [file dirname $argv0]
source $testdir/tester.tcl

# Mimic the SQLite 2 collation type NUMERIC.
db collate numeric numeric_collate
proc numeric_collate {lhs rhs} {
626
627
628
629
630
631
632
633









634
# presumably.
#
do_execsql_test misc1-20.1 {
  CREATE TABLE t0(x INTEGER DEFAULT(0==0) NOT NULL);
  REPLACE INTO t0(x) VALUES('');
  SELECT rowid, quote(x) FROM t0;
} {1 ''}










finish_test








>
>
>
>
>
>
>
>
>

625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
# presumably.
#
do_execsql_test misc1-20.1 {
  CREATE TABLE t0(x INTEGER DEFAULT(0==0) NOT NULL);
  REPLACE INTO t0(x) VALUES('');
  SELECT rowid, quote(x) FROM t0;
} {1 ''}

# 2015-03-22: NULL pointer dereference after a syntax error
#
do_catchsql_test misc1-21.1 {
  select''like''like''like#0;
} {1 {near "#0": syntax error}}
do_catchsql_test misc1-21.2 {
  VALUES(0,0x0MATCH#0;
} {1 {near ";": syntax error}}

finish_test