/ Check-in [2846458a]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:In the constraint resolution logic, be careful not to cache column values in registers whose initialization might be bypassed by an OP_NoConflict opcode. Fix for ticket [dc3f932f5a147771] reported by OSSFuzz.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 2846458af5d029a8e4fdcc8f50873a44e57897bbfe6aee8a23a01ffc34c5579f
User & Date: drh 2018-01-02 18:11:11
References
2018-01-03
01:47
Add another test case (found by OSSFuzz) for the problem fixed in check-in [2846458a] and described by ticket [dc3f932f5a147771]. No changes to code. check-in: 4165fae9 user: drh tags: trunk
Context
2018-01-02
21:29
Fix code indentation. No logic changes. check-in: e115f258 user: drh tags: trunk
18:11
In the constraint resolution logic, be careful not to cache column values in registers whose initialization might be bypassed by an OP_NoConflict opcode. Fix for ticket [dc3f932f5a147771] reported by OSSFuzz. check-in: 2846458a user: drh tags: trunk
16:02
Enhance the memvfs extension so that it can be read/write. check-in: 04c9197d user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/insert.c.

  1567   1567            (0==pTab->pFKey && 0==sqlite3FkReferences(pTab)))
  1568   1568       ){
  1569   1569         sqlite3VdbeResolveLabel(v, addrUniqueOk);
  1570   1570         continue;
  1571   1571       }
  1572   1572   
  1573   1573       /* Check to see if the new index entry will be unique */
         1574  +    sqlite3ExprCachePush(pParse);
  1574   1575       sqlite3VdbeAddOp4Int(v, OP_NoConflict, iThisCur, addrUniqueOk,
  1575   1576                            regIdx, pIdx->nKeyCol); VdbeCoverage(v);
  1576   1577   
  1577   1578       /* Generate code to handle collisions */
  1578   1579       regR = (pIdx==pPk) ? regIdx : sqlite3GetTempRange(pParse, nPkField);
  1579   1580       if( isUpdate || onError==OE_Replace ){
  1580   1581         if( HasRowid(pTab) ){
................................................................................
  1655   1656               regR, nPkField, 0, OE_Replace,
  1656   1657               (pIdx==pPk ? ONEPASS_SINGLE : ONEPASS_OFF), iThisCur);
  1657   1658           seenReplace = 1;
  1658   1659           break;
  1659   1660         }
  1660   1661       }
  1661   1662       sqlite3VdbeResolveLabel(v, addrUniqueOk);
         1663  +    sqlite3ExprCachePop(pParse);
  1662   1664       if( regR!=regIdx ) sqlite3ReleaseTempRange(pParse, regR, nPkField);
  1663   1665     }
  1664   1666     if( ipkTop ){
  1665   1667       sqlite3VdbeGoto(v, ipkTop+1);
  1666   1668       sqlite3VdbeJumpHere(v, ipkBottom);
  1667   1669     }
  1668   1670     

Changes to test/indexexpr1.test.

   397    397   } {1 1}
   398    398   do_execsql_test indexexpr1-1430 {
   399    399     DROP INDEX t1400x;
   400    400     CREATE INDEX t1400x ON t1400(abs(15+3));
   401    401     SELECT abs(15+3) IN (SELECT 17 UNION ALL SELECT 18) FROM t1;
   402    402   } {1 1}
   403    403   
          404  +# 2018-01-02 ticket https://sqlite.org/src/info/dc3f932f5a147771
          405  +# A REPLACE into a table that uses an index on an expression causes
          406  +# an assertion fault.  Problem discovered by OSSFuzz.
          407  +#
          408  +do_execsql_test indexexpr1-1500 {
          409  +  CREATE TABLE t1500(a INT PRIMARY KEY, b INT UNIQUE);
          410  +  CREATE INDEX t1500ab ON t1500(a*b);
          411  +  INSERT INTO t1500(a,b) VALUES(1,2);
          412  +  REPLACE INTO t1500(a,b) VALUES(1,3);  -- formerly caused assertion fault
          413  +  SELECT * FROM t1500;
          414  +} {1 3}
   404    415   
   405    416   finish_test