Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Fix some segfaults that could occur in obscure circumstances where error messages contained characters that could be mistaken for printf format specifiers. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
f91471e7234db490f97298b1ccb8d6c7 |
User & Date: | dan 2010-10-21 15:12:44.000 |
Context
2010-10-21
| ||
22:58 | Make sure the estimated row count for ephemeral tables is initialized so that automatic indices can be used on those tables. (check-in: d30f7b2def user: drh tags: trunk) | |
15:49 | Merge trunk changes into experimental branch. (check-in: fd1e5cade0 user: dan tags: experimental) | |
15:12 | Fix some segfaults that could occur in obscure circumstances where error messages contained characters that could be mistaken for printf format specifiers. (check-in: f91471e723 user: dan tags: trunk) | |
12:34 | Fix a typo-bug that prevented --disable-amalgamation from working in Makefile.in. Also fix an overly long line in Makfile.in. (check-in: 2c3c4ba035 user: drh tags: trunk) | |
Changes
Changes to src/vdbeblob.c.
︙ | ︙ | |||
227 228 229 230 231 232 233 | sqlite3_bind_int64((sqlite3_stmt *)v, 1, iRow); rc = sqlite3_step((sqlite3_stmt *)v); if( rc!=SQLITE_ROW ){ nAttempt++; rc = sqlite3_finalize((sqlite3_stmt *)v); sqlite3DbFree(db, zErr); | | | 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 | sqlite3_bind_int64((sqlite3_stmt *)v, 1, iRow); rc = sqlite3_step((sqlite3_stmt *)v); if( rc!=SQLITE_ROW ){ nAttempt++; rc = sqlite3_finalize((sqlite3_stmt *)v); sqlite3DbFree(db, zErr); zErr = sqlite3MPrintf(db, "%s", sqlite3_errmsg(db)); v = 0; } } while( nAttempt<5 && rc==SQLITE_SCHEMA ); if( rc==SQLITE_ROW ){ /* The row-record has been opened successfully. Check that the ** column in question contains text or a blob. If it contains |
︙ | ︙ | |||
274 275 276 277 278 279 280 | rc = SQLITE_ERROR; } blob_open_out: if( v && (rc!=SQLITE_OK || db->mallocFailed) ){ sqlite3VdbeFinalize(v); } | | | 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 | rc = SQLITE_ERROR; } blob_open_out: if( v && (rc!=SQLITE_OK || db->mallocFailed) ){ sqlite3VdbeFinalize(v); } sqlite3Error(db, rc, (zErr ? "%s" : 0), zErr); sqlite3DbFree(db, zErr); sqlite3StackFree(db, pParse); rc = sqlite3ApiExit(db, rc); sqlite3_mutex_leave(db->mutex); return rc; } |
︙ | ︙ |
Changes to src/vtab.c.
︙ | ︙ | |||
668 669 670 671 672 673 674 | pTab->aCol = pParse->pNewTable->aCol; pTab->nCol = pParse->pNewTable->nCol; pParse->pNewTable->nCol = 0; pParse->pNewTable->aCol = 0; } db->pVTab = 0; }else{ | | | 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 | pTab->aCol = pParse->pNewTable->aCol; pTab->nCol = pParse->pNewTable->nCol; pParse->pNewTable->nCol = 0; pParse->pNewTable->aCol = 0; } db->pVTab = 0; }else{ sqlite3Error(db, SQLITE_ERROR, (zErr ? "%s" : 0), zErr); sqlite3DbFree(db, zErr); rc = SQLITE_ERROR; } pParse->declareVtab = 0; if( pParse->pVdbe ){ sqlite3VdbeFinalize(pParse->pVdbe); |
︙ | ︙ |
Changes to test/incrblob.test.
︙ | ︙ | |||
672 673 674 675 676 677 678 679 680 681 | do_test incrblob-8.6 { set rc [catch {sqlite3_blob_write $::b 0 etilqs 6} msg] lappend rc $msg } {0 {}} do_test incrblob-8.7 { execsql {SELECT b FROM t1 WHERE a = 314159} } {etilqs} finish_test | > > > > > > > > > | 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 | do_test incrblob-8.6 { set rc [catch {sqlite3_blob_write $::b 0 etilqs 6} msg] lappend rc $msg } {0 {}} do_test incrblob-8.7 { execsql {SELECT b FROM t1 WHERE a = 314159} } {etilqs} # The following test case exposes an instance in the blob code where # an error message was set using a call similar to sqlite3_mprintf(zErr), # where zErr is an arbitrary string. This is no good if the string contains # characters that can be mistaken for printf() formatting directives. # do_test incrblob-9.1 { list [catch { db incrblob t1 "A tricky column name %s%s" 1 } msg] $msg } {1 {no such column: "A tricky column name %s%s"}} finish_test |
Changes to test/vtab1.test.
︙ | ︙ | |||
1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 | do_test vtab1-16.$tn { set echo_module_fail(xRename,t2) "the xRename method has failed" catchsql { ALTER TABLE echo_t2 RENAME TO another_name } } "1 {echo-vtab-error: the xRename method has failed}" unset echo_module_fail(xRename,t2) incr tn } unset -nocomplain echo_module_begin_fail finish_test | > > > > > > > > > > > > > > > | 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 | do_test vtab1-16.$tn { set echo_module_fail(xRename,t2) "the xRename method has failed" catchsql { ALTER TABLE echo_t2 RENAME TO another_name } } "1 {echo-vtab-error: the xRename method has failed}" unset echo_module_fail(xRename,t2) incr tn } # The following test case exposes an instance in sqlite3_declare_vtab() # an error message was set using a call similar to sqlite3_mprintf(zErr), # where zErr is an arbitrary string. This is no good if the string contains # characters that can be mistaken for printf() formatting directives. # do_test vtab1-17.1 { execsql { PRAGMA writable_schema = 1; INSERT INTO sqlite_master VALUES( 'table', 't3', 't3', 0, 'INSERT INTO "%s%s" VALUES(1)' ); } catchsql { CREATE VIRTUAL TABLE t4 USING echo(t3); } } {1 {vtable constructor failed: t4}} unset -nocomplain echo_module_begin_fail finish_test |