/ Check-in [efd87ba1]
Login
SQLite training in Houston TX on 2019-11-05 (details)
Part of the 2019 Tcl Conference

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Avoid leaking Index.aiRowEst memory if an OOM causes a rollback which deletes the index before the aiRowEst deletion code in sqlite3AnalysisLoad() routine has a chance to run. Since the aiRowEst now might be deleted from freeIndex() which does not always have a db pointer, make sure the aiRowEst memory is not held in lookaside.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | stat4-avgeq
Files: files | file ages | folders
SHA1: efd87ba142723ba131fcc985db6eb45c5a3c637b
User & Date: drh 2014-10-04 00:07:44
Context
2014-10-04
10:22
Add a test to show that the change on this branch is effective. Closed-Leaf check-in: fc619be0 user: dan tags: stat4-avgeq
00:07
Avoid leaking Index.aiRowEst memory if an OOM causes a rollback which deletes the index before the aiRowEst deletion code in sqlite3AnalysisLoad() routine has a chance to run. Since the aiRowEst now might be deleted from freeIndex() which does not always have a db pointer, make sure the aiRowEst memory is not held in lookaside. check-in: efd87ba1 user: drh tags: stat4-avgeq
2014-10-03
19:29
Fix a division-by-zero error that might occur if the sqlite_stat1 table is corrupt. check-in: f9c053b2 user: dan tags: stat4-avgeq
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/analyze.c.

  1514   1514       pIndex = sqlite3FindIndex(pInfo->db, argv[1], pInfo->zDatabase);
  1515   1515     }
  1516   1516     z = argv[2];
  1517   1517   
  1518   1518     if( pIndex ){
  1519   1519       int nCol = pIndex->nKeyCol+1;
  1520   1520   #ifdef SQLITE_ENABLE_STAT3_OR_STAT4
  1521         -    tRowcnt * const aiRowEst = pIndex->aiRowEst = (tRowcnt*)sqlite3DbMallocZero(
  1522         -        pInfo->db, sizeof(tRowcnt) * nCol
         1521  +    tRowcnt * const aiRowEst = pIndex->aiRowEst = (tRowcnt*)sqlite3MallocZero(
         1522  +        sizeof(tRowcnt) * nCol
  1523   1523       );
         1524  +    if( aiRowEst==0 ) pInfo->db->mallocFailed = 1;
  1524   1525   #else
  1525   1526       tRowcnt * const aiRowEst = 0;
  1526   1527   #endif
  1527   1528       pIndex->bUnordered = 0;
  1528   1529       decodeIntArray((char*)z, nCol, aiRowEst, pIndex->aiRowLogEst, pIndex);
  1529   1530       if( pIndex->pPartIdxWhere==0 ) pTable->nRowLogEst = pIndex->aiRowLogEst[0];
  1530   1531     }else{
................................................................................
  1865   1866       int lookasideEnabled = db->lookaside.bEnabled;
  1866   1867       db->lookaside.bEnabled = 0;
  1867   1868       rc = loadStat4(db, sInfo.zDatabase);
  1868   1869       db->lookaside.bEnabled = lookasideEnabled;
  1869   1870     }
  1870   1871     for(i=sqliteHashFirst(&db->aDb[iDb].pSchema->idxHash);i;i=sqliteHashNext(i)){
  1871   1872       Index *pIdx = sqliteHashData(i);
  1872         -    sqlite3DbFree(db, pIdx->aiRowEst);
         1873  +    sqlite3_free(pIdx->aiRowEst);
  1873   1874       pIdx->aiRowEst = 0;
  1874   1875     }
  1875   1876   #endif
  1876   1877   
  1877   1878     if( rc==SQLITE_NOMEM ){
  1878   1879       db->mallocFailed = 1;
  1879   1880     }
  1880   1881     return rc;
  1881   1882   }
  1882   1883   
  1883   1884   
  1884   1885   #endif /* SQLITE_OMIT_ANALYZE */

Changes to src/build.c.

   431    431   #ifndef SQLITE_OMIT_ANALYZE
   432    432     sqlite3DeleteIndexSamples(db, p);
   433    433   #endif
   434    434     if( db==0 || db->pnBytesFreed==0 ) sqlite3KeyInfoUnref(p->pKeyInfo);
   435    435     sqlite3ExprDelete(db, p->pPartIdxWhere);
   436    436     sqlite3DbFree(db, p->zColAff);
   437    437     if( p->isResized ) sqlite3DbFree(db, p->azColl);
          438  +#ifdef SQLITE_ENABLE_STAT3_OR_STAT4
          439  +  sqlite3_free(p->aiRowEst);
          440  +#endif
   438    441     sqlite3DbFree(db, p);
   439    442   }
   440    443   
   441    444   /*
   442    445   ** For the index called zIdxName which is found in the database iDb,
   443    446   ** unlike that index from its Table then remove the index from
   444    447   ** the index hash table and free all memory structures associated