/ Check-in [907f7965]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:An improved fix for the dbsqlfuzz-discovered ALWAYS() failure following OOM in sqlite3ExprCollSeq(). This time with a test case (engineered by Dan).
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 907f7965b335d8d5441f2e386bb190d1f93ffcd45ca98d2d1c621dede491fc5e
User & Date: drh 2019-10-09 15:37:58
Context
2019-10-09
18:36
Do not allow users to effectively disable fts5 crisismerge operations by setting the crisismerge threshold to higher than the maximum allowable segment b-trees on a single level. Fix for [d392017c]. check-in: 86e49720 user: dan tags: trunk
17:38
Merge recent fixes and enhancements from trunk. check-in: 553258c2 user: drh tags: 2-size-lookaside
15:37
An improved fix for the dbsqlfuzz-discovered ALWAYS() failure following OOM in sqlite3ExprCollSeq(). This time with a test case (engineered by Dan). check-in: 907f7965 user: drh tags: trunk
15:26
Disallow fts5 page sizes greater than 65536 bytes - as there are 16-bit offsets used in the page header. Fix for [81a7f7b9]. check-in: 75775c5a user: dan tags: trunk
15:00
Change sqlite3SelectDup() to always return NULL if an OOM has occurred. check-in: 01ba4641 user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/alter.c.

  1412   1412   /*
  1413   1413   ** Walker select callback used by "RENAME TABLE". 
  1414   1414   */
  1415   1415   static int renameTableSelectCb(Walker *pWalker, Select *pSelect){
  1416   1416     int i;
  1417   1417     RenameCtx *p = pWalker->u.pRename;
  1418   1418     SrcList *pSrc = pSelect->pSrc;
  1419         -  if( NEVER(pSrc==0) ){
         1419  +  if( pSrc==0 ){
         1420  +    assert( pWalker->pParse->db->mallocFailed );
  1420   1421       return WRC_Abort;
  1421   1422     }
  1422   1423     for(i=0; i<pSrc->nSrc; i++){
  1423   1424       struct SrcList_item *pItem = &pSrc->a[i];
  1424   1425       if( pItem->pTab==p->pTab ){
  1425   1426         renameTokenFind(pWalker->pParse, p, pItem->zName);
  1426   1427       }

Changes to src/build.c.

  4139   4139   
  4140   4140   /*
  4141   4141   ** Assign VdbeCursor index numbers to all tables in a SrcList
  4142   4142   */
  4143   4143   void sqlite3SrcListAssignCursors(Parse *pParse, SrcList *pList){
  4144   4144     int i;
  4145   4145     struct SrcList_item *pItem;
  4146         -  if( ALWAYS(pList) ){
         4146  +  assert(pList || pParse->db->mallocFailed );
         4147  +  if( pList ){
  4147   4148       for(i=0, pItem=pList->a; i<pList->nSrc; i++, pItem++){
  4148   4149         if( pItem->iCursor>=0 ) break;
  4149   4150         pItem->iCursor = pParse->nTab++;
  4150   4151         if( pItem->pSelect ){
  4151   4152           sqlite3SrcListAssignCursors(pParse, pItem->pSelect->pSrc);
  4152   4153         }
  4153   4154       }

Changes to src/expr.c.

   182    182         }else{
   183    183           Expr *pNext  = p->pRight;
   184    184           /* The Expr.x union is never used at the same time as Expr.pRight */
   185    185           assert( p->x.pList==0 || p->pRight==0 );
   186    186           /* p->flags holds EP_Collate and p->pLeft->flags does not.  And
   187    187           ** p->x.pSelect cannot.  So if p->x.pLeft exists, it must hold at
   188    188           ** least one EP_Collate. Thus the following two ALWAYS. */
   189         -        if( p->x.pList!=0 && ALWAYS(!ExprHasProperty(p, EP_xIsSelect)) ){
          189  +        if( p->x.pList!=0 
          190  +         && !db->mallocFailed
          191  +         && ALWAYS(!ExprHasProperty(p, EP_xIsSelect))
          192  +        ){
   190    193             int i;
   191    194             for(i=0; ALWAYS(i<p->x.pList->nExpr); i++){
   192    195               if( ExprHasProperty(p->x.pList->a[i].pExpr, EP_Collate) ){
   193    196                 pNext = p->x.pList->a[i].pExpr;
   194    197                 break;
   195    198               }
   196    199             }
................................................................................
  1526   1529   #endif
  1527   1530       pNew->selId = p->selId;
  1528   1531       *pp = pNew;
  1529   1532       pp = &pNew->pPrior;
  1530   1533       pNext = pNew;
  1531   1534     }
  1532   1535   
  1533         -  if( db->mallocFailed ){
  1534         -    sqlite3SelectDelete(db, pRet);
  1535         -    pRet = 0;
  1536         -  }
  1537   1536     return pRet;
  1538   1537   }
  1539   1538   #else
  1540   1539   Select *sqlite3SelectDup(sqlite3 *db, Select *p, int flags){
  1541   1540     assert( p==0 );
  1542   1541     return 0;
  1543   1542   }

Changes to test/collate1.test.

   412    412   do_execsql_test 8.2 {
   413    413     DROP TABLE IF EXISTS t0;
   414    414     CREATE TABLE t0(c0 COLLATE RTRIM, c1 BLOB UNIQUE,
   415    415                     PRIMARY KEY (c0, c1)) WITHOUT ROWID;
   416    416     INSERT INTO t0 VALUES (123, 3), (' ', 1), ('	', 2), ('', 4);
   417    417     SELECT * FROM t0 WHERE c1 = 1;
   418    418   } {{ } 1}
          419  +
          420  +# 2019-10-09
          421  +# ALWAYS() macro fails following OOM
          422  +# Problem detected by dbsqlfuzz.
          423  +#
          424  +do_execsql_test 9.0 {
          425  +  CREATE TABLE t1(a, b);
          426  +  CREATE TABLE t2(c, d);
          427  +}
          428  +
          429  +do_faultsim_test 9.1 -faults oom* -body {
          430  +  execsql {
          431  +    SELECT * FROM (
          432  +        SELECT b COLLATE nocase IN (SELECT c FROM t2) FROM t1
          433  +    );
          434  +  }
          435  +} -test {
          436  +  faultsim_test_result {0 {}}
          437  +}
   419    438   
   420    439   finish_test