/ Check-in [011e7db2]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix an NULL deref in the randomblob() function following a malloc failure. (CVS 3940)
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 011e7db253f9a60c19977215eab1687930f15637
User & Date: drh 2007-05-07 19:31:16
Context
2007-05-08
01:08
Begin implementing a new system of upper bounds on the capabilities of SQLite. By clearly defining the upper bounds, we make those upper bounds explicitly testable. This check-in is just infrastructure. The upper bounds are not yet enforced. (CVS 3941) check-in: 93b623b2 user: drh tags: trunk
2007-05-07
19:31
Fix an NULL deref in the randomblob() function following a malloc failure. (CVS 3940) check-in: 011e7db2 user: drh tags: trunk
16:58
Add a version of the LIKE operator to the icu extension. Requires optimisation. (CVS 3939) check-in: 3e96105c user: danielk1977 tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/func.c.

12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
...
293
294
295
296
297
298
299
300

301
302

303
304
305
306
307
308
309
** This file contains the C functions that implement various SQL
** functions of SQLite.  
**
** There is only one exported symbol in this file - the function
** sqliteRegisterBuildinFunctions() found at the bottom of the file.
** All other code has file scope.
**
** $Id: func.c,v 1.145 2007/05/04 13:15:56 drh Exp $
*/
#include "sqliteInt.h"
#include <ctype.h>
/* #include <math.h> */
#include <stdlib.h>
#include <assert.h>
#include "vdbeInt.h"
................................................................................
  sqlite3_value **argv
){
  int n;
  unsigned char *p;
  assert( argc==1 );
  n = sqlite3_value_int(argv[0]);
  if( n<1 ) n = 1;
  p = sqlite3_malloc(n);

  sqlite3Randomness(n, p);
  sqlite3_result_blob(context, (char*)p, n, sqlite3_free);

}

/*
** Implementation of the last_insert_rowid() SQL function.  The return
** value is the same as the sqlite3_last_insert_rowid() API function.
*/
static void last_insert_rowid(







|







 







|
>
|
|
>







12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
...
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
** This file contains the C functions that implement various SQL
** functions of SQLite.  
**
** There is only one exported symbol in this file - the function
** sqliteRegisterBuildinFunctions() found at the bottom of the file.
** All other code has file scope.
**
** $Id: func.c,v 1.146 2007/05/07 19:31:16 drh Exp $
*/
#include "sqliteInt.h"
#include <ctype.h>
/* #include <math.h> */
#include <stdlib.h>
#include <assert.h>
#include "vdbeInt.h"
................................................................................
  sqlite3_value **argv
){
  int n;
  unsigned char *p;
  assert( argc==1 );
  n = sqlite3_value_int(argv[0]);
  if( n<1 ) n = 1;
  p = sqliteMalloc(n);
  if( p ){
    sqlite3Randomness(n, p);
    sqlite3_result_blob(context, (char*)p, n, sqlite3FreeX);
  }
}

/*
** Implementation of the last_insert_rowid() SQL function.  The return
** value is the same as the sqlite3_last_insert_rowid() API function.
*/
static void last_insert_rowid(

Changes to test/malloc8.test.

7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
...
143
144
145
146
147
148
149



150
151
152
153
154
155
156
157
158
#    May you find forgiveness for yourself and forgive others.
#    May you share freely, never taking more than you give.
#
#***********************************************************************
# This file contains additional out-of-memory checks (see malloc.tcl)
# added to expose a bug in out-of-memory handling for sqlite3_value_text()
#
# $Id: malloc8.test,v 1.2 2007/04/30 21:39:16 drh Exp $

set testdir [file dirname $argv0]
source $testdir/tester.tcl

# Only run these tests if memory debugging is turned on.
#
if {[info command sqlite_malloc_stat]==""} {
................................................................................
}
do_malloc_test 4 -sqlbody {
  SELECT julianday(a,a) FROM t1;
}
do_malloc_test 5 -sqlbody {
  SELECT 1 FROM t1 WHERE a LIKE 'hello' ESCAPE NULL;
}




# Ensure that no file descriptors were leaked.
do_test malloc-99.X {
  catch {db close}
  set sqlite_open_file_count
} {0}

sqlite_malloc_fail 0
finish_test







|







 







>
>
>









7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
...
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
#    May you find forgiveness for yourself and forgive others.
#    May you share freely, never taking more than you give.
#
#***********************************************************************
# This file contains additional out-of-memory checks (see malloc.tcl)
# added to expose a bug in out-of-memory handling for sqlite3_value_text()
#
# $Id: malloc8.test,v 1.3 2007/05/07 19:31:17 drh Exp $

set testdir [file dirname $argv0]
source $testdir/tester.tcl

# Only run these tests if memory debugging is turned on.
#
if {[info command sqlite_malloc_stat]==""} {
................................................................................
}
do_malloc_test 4 -sqlbody {
  SELECT julianday(a,a) FROM t1;
}
do_malloc_test 5 -sqlbody {
  SELECT 1 FROM t1 WHERE a LIKE 'hello' ESCAPE NULL;
}
do_malloc_test 6 -sqlbody {
  SELECT hex(randomblob(100));
}

# Ensure that no file descriptors were leaked.
do_test malloc-99.X {
  catch {db close}
  set sqlite_open_file_count
} {0}

sqlite_malloc_fail 0
finish_test