/ Check-in [59669475]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Avoid a double-free in an out-of-memory situation with a USING clause or NATURAL JOIN. Ticket #2789. (CVS 4551)
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 596694752c5935ae50ad38d3b41bbda39ca999d8
User & Date: drh 2007-11-23 13:42:52
Context
2007-11-23
15:02
Make sure that INSERT INTO ... SELECT ... always uses an ephemeral intermediate table if the SELECT clause refers to the destination table, even if the SELECT clause is compound or uses the destination table in a subquery. This fixes a long-standing bug that can cause an infinite loop for some SQL statements. (CVS 4552) check-in: 492b39b6 user: drh tags: trunk
13:42
Avoid a double-free in an out-of-memory situation with a USING clause or NATURAL JOIN. Ticket #2789. (CVS 4551) check-in: 59669475 user: drh tags: trunk
2007-11-22
00:47
Change to sqlite3.pc.in recommended by ticket #2786. (CVS 4550) check-in: 247fa2ea user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/select.c.

8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
...
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
**    May you find forgiveness for yourself and forgive others.
**    May you share freely, never taking more than you give.
**
*************************************************************************
** This file contains C code routines that are called by the parser
** to handle SELECT statements in SQLite.
**
** $Id: select.c,v 1.362 2007/11/21 15:24:01 drh Exp $
*/
#include "sqliteInt.h"


/*
** Delete all the content of a Select structure but do not deallocate
** the select structure itself.
................................................................................
  pE1c = sqlite3PExpr(pParse, TK_DOT, pE1b, pE1a, 0);
  pE2c = sqlite3PExpr(pParse, TK_DOT, pE2b, pE2a, 0);
  pE = sqlite3PExpr(pParse, TK_EQ, pE1c, pE2c, 0);
  if( pE ){
    ExprSetProperty(pE, EP_FromJoin);
    pE->iRightJoinTable = iRightJoinTable;
  }
  pE = sqlite3ExprAnd(pParse->db,*ppExpr, pE);
  if( pE ){
    *ppExpr = pE;
  }
}

/*
** Set the EP_FromJoin property on all terms of the given expression.
** And set the Expr.iRightJoinTable to iTable for every term in the
** expression.
**







|







 







|
<
<
<







8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
...
244
245
246
247
248
249
250
251



252
253
254
255
256
257
258
**    May you find forgiveness for yourself and forgive others.
**    May you share freely, never taking more than you give.
**
*************************************************************************
** This file contains C code routines that are called by the parser
** to handle SELECT statements in SQLite.
**
** $Id: select.c,v 1.363 2007/11/23 13:42:52 drh Exp $
*/
#include "sqliteInt.h"


/*
** Delete all the content of a Select structure but do not deallocate
** the select structure itself.
................................................................................
  pE1c = sqlite3PExpr(pParse, TK_DOT, pE1b, pE1a, 0);
  pE2c = sqlite3PExpr(pParse, TK_DOT, pE2b, pE2a, 0);
  pE = sqlite3PExpr(pParse, TK_EQ, pE1c, pE2c, 0);
  if( pE ){
    ExprSetProperty(pE, EP_FromJoin);
    pE->iRightJoinTable = iRightJoinTable;
  }
  *ppExpr = sqlite3ExprAnd(pParse->db,*ppExpr, pE);



}

/*
** Set the EP_FromJoin property on all terms of the given expression.
** And set the Expr.iRightJoinTable to iTable for every term in the
** expression.
**

Changes to test/mallocE.test.

5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27


28
29
30
31
32
33
34
35
36
37
38








39
#
#    May you do good and not evil.
#    May you find forgiveness for yourself and forgive others.
#    May you share freely, never taking more than you give.
#
#***********************************************************************
#
# This test script checks that ticket #2784 has been fixed.
# 
# $Id: mallocE.test,v 1.1 2007/11/21 15:24:01 drh Exp $

set testdir [file dirname $argv0]
source $testdir/tester.tcl

# Only run these tests if memory debugging is turned on.
#
ifcapable !memdebug {
   puts "Skipping mallocE tests: not compiled with -DSQLITE_MEMDEBUG..."
   finish_test
   return
}
source $testdir/malloc_common.tcl



set PREP { 
  PRAGMA page_size = 1024;
  CREATE TABLE t1(a, b, c);
  CREATE TABLE t2(x, y, z);
}

do_malloc_test mallocE-1 -sqlprep $PREP -sqlbody { 
  SELECT p, q FROM (SELECT a+b AS p, b+c AS q FROM t1, t2 WHERE c>5)
              LEFT JOIN t2 ON p=x;
}









finish_test







|

|













>
>





<





>
>
>
>
>
>
>
>

5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

35
36
37
38
39
40
41
42
43
44
45
46
47
48
#
#    May you do good and not evil.
#    May you find forgiveness for yourself and forgive others.
#    May you share freely, never taking more than you give.
#
#***********************************************************************
#
# This test script checks that tickets #2784 and #2789 have been fixed.
# 
# $Id: mallocE.test,v 1.2 2007/11/23 13:42:53 drh Exp $

set testdir [file dirname $argv0]
source $testdir/tester.tcl

# Only run these tests if memory debugging is turned on.
#
ifcapable !memdebug {
   puts "Skipping mallocE tests: not compiled with -DSQLITE_MEMDEBUG..."
   finish_test
   return
}
source $testdir/malloc_common.tcl

# ticket #2784
#
set PREP { 
  PRAGMA page_size = 1024;
  CREATE TABLE t1(a, b, c);
  CREATE TABLE t2(x, y, z);
}

do_malloc_test mallocE-1 -sqlprep $PREP -sqlbody { 
  SELECT p, q FROM (SELECT a+b AS p, b+c AS q FROM t1, t2 WHERE c>5)
              LEFT JOIN t2 ON p=x;
}

# Ticket #2789
#
do_malloc_test mallocE-2 -sqlprep $PREP -sqlbody { 
  SELECT x, y2 FROM (SELECT a+b AS x, b+c AS y2 FROM t1, t2 WHERE c>5)
              LEFT JOIN t2 USING(x) WHERE y2>11;
}


finish_test