SQLite

Check-in [dc61b292d8]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a potential NULL pointer deference on a corrupt database schema.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: dc61b292d8eaf422ca8a2b18f1caccef1a5389fd
User & Date: drh 2015-04-19 19:21:19.025
References
2015-05-20
20:24
Fix a potential NULL pointer deference on a corrupt database schema. Cherrypick of [dc61b292d8ea]. (check-in: 7f3943fb01 user: dan tags: branch-3.8.6)
Context
2015-05-20
20:24
Fix a potential NULL pointer deference on a corrupt database schema. Cherrypick of [dc61b292d8ea]. (check-in: 7f3943fb01 user: dan tags: branch-3.8.6)
2015-04-19
20:39
Fix a faulty assert in the schema parsing logic. (check-in: b1ed949584 user: drh tags: trunk)
19:21
Fix a potential NULL pointer deference on a corrupt database schema. (check-in: dc61b292d8 user: drh tags: trunk)
18:32
Bring comments on the INSERT code generator up-to-date. Fix the INSERT code generator so that it correctly handles inserts from a SELECT into a virtual table with non-terminal hidden columns. (check-in: 4ac81fac6c user: drh tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/expr.c.
1247
1248
1249
1250
1251
1252
1253

1254
1255
1256
1257
1258
1259
1260
1261
** ExprList.
*/
u32 sqlite3ExprListFlags(const ExprList *pList){
  int i;
  u32 m = 0;
  if( pList ){
    for(i=0; i<pList->nExpr; i++){

       m |= pList->a[i].pExpr->flags;
    }
  }
  return m;
}

/*
** These routines are Walker callbacks used to check expressions to







>
|







1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
** ExprList.
*/
u32 sqlite3ExprListFlags(const ExprList *pList){
  int i;
  u32 m = 0;
  if( pList ){
    for(i=0; i<pList->nExpr; i++){
       Expr *pExpr = pList->a[i].pExpr;
       if( pExpr ) m |= pList->a[i].pExpr->flags;
    }
  }
  return m;
}

/*
** These routines are Walker callbacks used to check expressions to
Changes to test/misc1.test.
639
640
641
642
643
644
645














646
647
  VALUES(0,0x0MATCH#0;
} {1 {near ";": syntax error}}

# 2015-04-15
do_execsql_test misc1-22.1 {
  SELECT ""+3 FROM (SELECT ""+5);
} {3}















finish_test







>
>
>
>
>
>
>
>
>
>
>
>
>
>


639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
  VALUES(0,0x0MATCH#0;
} {1 {near ";": syntax error}}

# 2015-04-15
do_execsql_test misc1-22.1 {
  SELECT ""+3 FROM (SELECT ""+5);
} {3}

# 2015-04-19: NULL pointer dereference on a corrupt schema
#
do_execsql_test misc1-23.1 {
  DROP TABLE IF EXISTS t1;
  DROP TABLE IF EXISTS t2;
  CREATE TABLE t1(x);
  PRAGMA writable_schema=ON;
  UPDATE sqlite_master SET sql='CREATE table t(d CHECK(T(#0)';
  BEGIN;
  CREATE TABLE t2(y);
  ROLLBACK;
  DROP TABLE IF EXISTS t3;
} {}

finish_test