SQLite: Check-in [c1ae1268]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview

Comment:	Fix a buffer overread that might occur in analyze.c if SQLITE_ENABLE_STAT4 was defined.
Downloads:	Tarball \| ZIP archive \| SQL archive
Timelines:	family \| ancestors \| descendants \| both \| trunk
Files:	files \| file ages \| folders
SHA1:	c1ae1268b9023a771fda98f26bf451c6066fe70b
User & Date:	dan 2014-12-05 21:04:26

Context

2014-12-05
21:18		Avoid a potential NULL pointer deference in the sqlite3_stmt_scanstatus() logic. (check-in: 42d44adc user: drh tags: trunk)
21:04		Fix a buffer overread that might occur in analyze.c if SQLITE_ENABLE_STAT4 was defined. (check-in: c1ae1268 user: dan tags: trunk)
20:46		Add new test file e_walckpt.test. Still some tests to come. (check-in: e4db3db3 user: dan tags: trunk)
20:43		Fix a buffer overread that might occur in analyze.c if SQLITE_ENABLE_STAT4 was defined. (check-in: 194c90db user: dan tags: branch-3.8.7)

Changes

Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/analyze.c.

      int i;                    /* Used to iterate through samples */
      tRowcnt sumEq = 0;        /* Sum of the nEq values */
      tRowcnt avgEq = 0;
      tRowcnt nRow;             /* Number of rows in index */
      i64 nSum100 = 0;          /* Number of terms contributing to sumEq */
      i64 nDist100;             /* Number of distinct values in index */

      if( pIdx->aiRowEst==0 || pIdx->aiRowEst[iCol+1]==0 ){
        nRow = pFinal->anLt[iCol];
        nDist100 = (i64)100 * pFinal->anDLt[iCol];
        nSample--;
      }else{
        nRow = pIdx->aiRowEst[0];
        nDist100 = ((i64)100 * pIdx->aiRowEst[0]) / pIdx->aiRowEst[iCol+1];
      }

      int i;                    /* Used to iterate through samples */
      tRowcnt sumEq = 0;        /* Sum of the nEq values */
      tRowcnt avgEq = 0;
      tRowcnt nRow;             /* Number of rows in index */
      i64 nSum100 = 0;          /* Number of terms contributing to sumEq */
      i64 nDist100;             /* Number of distinct values in index */

      if( !pIdx->aiRowEst || iCol>=pIdx->nKeyCol || pIdx->aiRowEst[iCol+1]==0 ){
        nRow = pFinal->anLt[iCol];
        nDist100 = (i64)100 * pFinal->anDLt[iCol];
        nSample--;
      }else{
        nRow = pIdx->aiRowEst[0];
        nDist100 = ((i64)100 * pIdx->aiRowEst[0]) / pIdx->aiRowEst[iCol+1];
      }