Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Fix a bug in where.c that could cause SQLite to write to freed memory while compiling a query with many terms in the WHERE clause. (CVS 6952) |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
8161af840e8fd2b06457e75023f934e1 |
User & Date: | danielk1977 2009-07-31 06:14:52.000 |
Context
2009-08-01
| ||
15:04 | Increment the version number in preparation for the next release. (CVS 6953) (check-in: 12d9b87316 user: drh tags: trunk) | |
2009-07-31
| ||
06:14 | Fix a bug in where.c that could cause SQLite to write to freed memory while compiling a query with many terms in the WHERE clause. (CVS 6952) (check-in: 8161af840e user: danielk1977 tags: trunk) | |
2009-07-29
| ||
06:04 | Add a test to mallocI.test to show that a shared lock is correctly released if an OOM condition occurs while parsing a database schema. (CVS 6951) (check-in: 5a82620efa user: danielk1977 tags: trunk) | |
Changes
Changes to src/where.c.
︙ | ︙ | |||
12 13 14 15 16 17 18 | ** This module contains C code that generates VDBE code used to process ** the WHERE clause of SQL statements. This module is responsible for ** generating the code that loops through a table looking for applicable ** rows. Indices are selected and used to speed the search when doing ** so is applicable. Because this module is responsible for selecting ** indices, you might also think of this module as the "query optimizer". ** | | | 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | ** This module contains C code that generates VDBE code used to process ** the WHERE clause of SQL statements. This module is responsible for ** generating the code that loops through a table looking for applicable ** rows. Indices are selected and used to speed the search when doing ** so is applicable. Because this module is responsible for selecting ** indices, you might also think of this module as the "query optimizer". ** ** $Id: where.c,v 1.411 2009/07/31 06:14:52 danielk1977 Exp $ */ #include "sqliteInt.h" /* ** Trace output macros */ #if defined(SQLITE_TEST) || defined(SQLITE_DEBUG) |
︙ | ︙ | |||
1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 | #if !defined(SQLITE_OMIT_OR_OPTIMIZATION) && !defined(SQLITE_OMIT_SUBQUERY) /* Analyze a term that is composed of two or more subterms connected by ** an OR operator. */ else if( pExpr->op==TK_OR ){ assert( pWC->op==TK_AND ); exprAnalyzeOrTerm(pSrc, pWC, idxTerm); } #endif /* SQLITE_OMIT_OR_OPTIMIZATION */ #ifndef SQLITE_OMIT_LIKE_OPTIMIZATION /* Add constraints to reduce the search space on a LIKE or GLOB ** operator. ** | > | 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 | #if !defined(SQLITE_OMIT_OR_OPTIMIZATION) && !defined(SQLITE_OMIT_SUBQUERY) /* Analyze a term that is composed of two or more subterms connected by ** an OR operator. */ else if( pExpr->op==TK_OR ){ assert( pWC->op==TK_AND ); exprAnalyzeOrTerm(pSrc, pWC, idxTerm); pTerm = &pWC->a[idxTerm]; } #endif /* SQLITE_OMIT_OR_OPTIMIZATION */ #ifndef SQLITE_OMIT_LIKE_OPTIMIZATION /* Add constraints to reduce the search space on a LIKE or GLOB ** operator. ** |
︙ | ︙ |
Changes to test/where8.test.
︙ | ︙ | |||
8 9 10 11 12 13 14 | # May you share freely, never taking more than you give. # #*********************************************************************** # This file implements regression tests for SQLite library. The focus # is testing of where.c. More specifically, the focus is the optimization # of WHERE clauses that feature the OR operator. # | | | 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | # May you share freely, never taking more than you give. # #*********************************************************************** # This file implements regression tests for SQLite library. The focus # is testing of where.c. More specifically, the focus is the optimization # of WHERE clauses that feature the OR operator. # # $Id: where8.test,v 1.9 2009/07/31 06:14:52 danielk1977 Exp $ set testdir [file dirname $argv0] source $testdir/tester.tcl # Test organization: # # where8-1.*: Tests to demonstrate simple cases work with a single table |
︙ | ︙ | |||
649 650 651 652 653 654 655 | list } {} do_test where8-4.$A.$B.2 { lsort $R } [lsort $results($B)] } incr A } | < > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 | list } {} do_test where8-4.$A.$B.2 { lsort $R } [lsort $results($B)] } incr A } catch {unset results} catch {unset A} catch {unset B} # At one point the following tests provoked an invalid write error (writing # to memory that had already been freed). It was not possible to demonstrate # that this bug could cause a query to return bad data. # do_test where8-5.1 { db close sqlite3 db test.db sqlite3_db_config_lookaside db 0 0 0 execsql { CREATE TABLE tA( a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p ); } execsql { SELECT * FROM tA WHERE a=1 AND b=2 AND c=3 AND d=4 AND e=5 AND f=6 AND g=7 AND h=8 AND i=1 AND j=2 AND k=3 AND l=4 AND m=5 AND n=6 AND o=7 AND (p = 1 OR p = 2 OR p = 3) } } {} do_test where8-5.2 { execsql { SELECT * FROM tA WHERE a=1 AND b=2 AND c=3 AND d=4 AND e=5 AND f=6 AND g=7 AND h=8 AND i=1 AND j=2 AND k=3 AND l=4 AND m=5 AND (p = 1 OR p = 2 OR p = 3) AND n=6 AND o=7 } } {} do_test where8-5.3 { execsql { INSERT INTO tA VALUES(1, 2, 3, 4, 5, 6, 7, 8, 1, 2, 3, 4, 5, 6, 7, 8); CREATE UNIQUE INDEX tAI ON tA(p); CREATE TABLE tB(x); INSERT INTO tB VALUES('x'); } execsql { SELECT a, x FROM tA LEFT JOIN tB ON ( a=1 AND b=2 AND c=3 AND d=4 AND e=5 AND f=6 AND g=7 AND h=8 AND i=1 AND j=2 AND k=3 AND l=4 AND m=5 AND n=6 AND o=7 AND (p = 1 OR p = 2 OR p = 3) ) } } {1 {}} finish_test |