SQLite

Check-in [f91471e723]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix some segfaults that could occur in obscure circumstances where error messages contained characters that could be mistaken for printf format specifiers.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: f91471e7234db490f97298b1ccb8d6c7fc45b089
User & Date: dan 2010-10-21 15:12:44.000
Context
2010-10-21
22:58
Make sure the estimated row count for ephemeral tables is initialized so that automatic indices can be used on those tables. (check-in: d30f7b2def user: drh tags: trunk)
15:49
Merge trunk changes into experimental branch. (check-in: fd1e5cade0 user: dan tags: experimental)
15:12
Fix some segfaults that could occur in obscure circumstances where error messages contained characters that could be mistaken for printf format specifiers. (check-in: f91471e723 user: dan tags: trunk)
12:34
Fix a typo-bug that prevented --disable-amalgamation from working in Makefile.in. Also fix an overly long line in Makfile.in. (check-in: 2c3c4ba035 user: drh tags: trunk)
Changes
Side-by-Side Diff Ignore Whitespace Patch
Changes to src/vdbeblob.c.
227
228
229
230
231
232
233
234

235
236
237
238
239
240
241
227
228
229
230
231
232
233

234
235
236
237
238
239
240
241







-
+








    sqlite3_bind_int64((sqlite3_stmt *)v, 1, iRow);
    rc = sqlite3_step((sqlite3_stmt *)v);
    if( rc!=SQLITE_ROW ){
      nAttempt++;
      rc = sqlite3_finalize((sqlite3_stmt *)v);
      sqlite3DbFree(db, zErr);
      zErr = sqlite3MPrintf(db, sqlite3_errmsg(db));
      zErr = sqlite3MPrintf(db, "%s", sqlite3_errmsg(db));
      v = 0;
    }
  } while( nAttempt<5 && rc==SQLITE_SCHEMA );

  if( rc==SQLITE_ROW ){
    /* The row-record has been opened successfully. Check that the
    ** column in question contains text or a blob. If it contains
274
275
276
277
278
279
280
281

282
283
284
285
286
287
288
274
275
276
277
278
279
280

281
282
283
284
285
286
287
288







-
+







    rc = SQLITE_ERROR;
  }

blob_open_out:
  if( v && (rc!=SQLITE_OK || db->mallocFailed) ){
    sqlite3VdbeFinalize(v);
  }
  sqlite3Error(db, rc, zErr);
  sqlite3Error(db, rc, (zErr ? "%s" : 0), zErr);
  sqlite3DbFree(db, zErr);
  sqlite3StackFree(db, pParse);
  rc = sqlite3ApiExit(db, rc);
  sqlite3_mutex_leave(db->mutex);
  return rc;
}

Changes to src/vtab.c.
668
669
670
671
672
673
674
675

676
677
678
679
680
681
682
668
669
670
671
672
673
674

675
676
677
678
679
680
681
682







-
+







        pTab->aCol = pParse->pNewTable->aCol;
        pTab->nCol = pParse->pNewTable->nCol;
        pParse->pNewTable->nCol = 0;
        pParse->pNewTable->aCol = 0;
      }
      db->pVTab = 0;
    }else{
      sqlite3Error(db, SQLITE_ERROR, zErr);
      sqlite3Error(db, SQLITE_ERROR, (zErr ? "%s" : 0), zErr);
      sqlite3DbFree(db, zErr);
      rc = SQLITE_ERROR;
    }
    pParse->declareVtab = 0;
  
    if( pParse->pVdbe ){
      sqlite3VdbeFinalize(pParse->pVdbe);
Changes to test/incrblob.test.
672
673
674
675
676
677
678









679
680
681
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690







+
+
+
+
+
+
+
+
+



do_test incrblob-8.6 {
  set rc [catch {sqlite3_blob_write $::b 0 etilqs 6} msg]
  lappend rc $msg
} {0 {}}
do_test incrblob-8.7 {
  execsql {SELECT b FROM t1 WHERE a = 314159}
} {etilqs}

# The following test case exposes an instance in the blob code where
# an error message was set using a call similar to sqlite3_mprintf(zErr),
# where zErr is an arbitrary string. This is no good if the string contains
# characters that can be mistaken for printf() formatting directives.
#
do_test incrblob-9.1 {
  list [catch { db incrblob t1 "A tricky column name %s%s" 1 } msg] $msg
} {1 {no such column: "A tricky column name %s%s"}}


finish_test
Changes to test/vtab1.test.
1158
1159
1160
1161
1162
1163
1164















1165
1166
1167
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182







+
+
+
+
+
+
+
+
+
+
+
+
+
+
+



  do_test vtab1-16.$tn {
    set echo_module_fail(xRename,t2) "the xRename method has failed"
    catchsql { ALTER TABLE echo_t2 RENAME TO another_name }
  } "1 {echo-vtab-error: the xRename method has failed}"
  unset echo_module_fail(xRename,t2)
  incr tn
}

# The following test case exposes an instance in sqlite3_declare_vtab()
# an error message was set using a call similar to sqlite3_mprintf(zErr),
# where zErr is an arbitrary string. This is no good if the string contains
# characters that can be mistaken for printf() formatting directives.
#
do_test vtab1-17.1 {
  execsql { 
    PRAGMA writable_schema = 1;
    INSERT INTO sqlite_master VALUES(
      'table', 't3', 't3', 0, 'INSERT INTO "%s%s" VALUES(1)'
    );
  }
  catchsql { CREATE VIRTUAL TABLE t4 USING echo(t3); }
} {1 {vtable constructor failed: t4}}

unset -nocomplain echo_module_begin_fail
finish_test