Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Fix segfaults that can occur if a malloc failure happens just before a built-in function calls sqlite3_value_text(). (CVS 3874) |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
9cb0ed6ee9827bc6884a0195044d5b6a |
User & Date: | drh 2007-04-25 18:23:53.000 |
Context
2007-04-26
| ||
12:11 | In the pager, load the content of pages which were initialized with noContent==1 if they are subsequently requested with noContent==0. (CVS 3875) (check-in: d0745a43b6 user: drh tags: trunk) | |
2007-04-25
| ||
18:23 | Fix segfaults that can occur if a malloc failure happens just before a built-in function calls sqlite3_value_text(). (CVS 3874) (check-in: 9cb0ed6ee9 user: drh tags: trunk) | |
15:42 | Disable tests in misc7 that do not work on windows due to limitations of the windows file system. (CVS 3873) (check-in: 66646d6fda user: drh tags: trunk) | |
Changes
Changes to src/date.c.
︙ | ︙ | |||
12 13 14 15 16 17 18 | ** This file contains the C functions that implement date and time ** functions for SQLite. ** ** There is only one exported symbol in this file - the function ** sqlite3RegisterDateTimeFunctions() found at the bottom of the file. ** All other code has file scope. ** | | | 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | ** This file contains the C functions that implement date and time ** functions for SQLite. ** ** There is only one exported symbol in this file - the function ** sqlite3RegisterDateTimeFunctions() found at the bottom of the file. ** All other code has file scope. ** ** $Id: date.c,v 1.63 2007/04/25 18:23:53 drh Exp $ ** ** NOTES: ** ** SQLite processes all times and dates as Julian Day numbers. The ** dates and times are stored as the number of days since noon ** in Greenwich on November 24, 4714 B.C. according to the Gregorian ** calendar system. |
︙ | ︙ | |||
651 652 653 654 655 656 657 658 | ** Process time function arguments. argv[0] is a date-time stamp. ** argv[1] and following are modifiers. Parse them all and write ** the resulting time into the DateTime structure p. Return 0 ** on success and 1 if there are any errors. */ static int isDate(int argc, sqlite3_value **argv, DateTime *p){ int i; if( argc==0 ) return 1; | > | | > | | > | 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 | ** Process time function arguments. argv[0] is a date-time stamp. ** argv[1] and following are modifiers. Parse them all and write ** the resulting time into the DateTime structure p. Return 0 ** on success and 1 if there are any errors. */ static int isDate(int argc, sqlite3_value **argv, DateTime *p){ int i; const unsigned char *z; if( argc==0 ) return 1; if( (z = sqlite3_value_text(argv[0]))==0 || parseDateOrTime((char*)z, p) ){ return 1; } for(i=1; i<argc; i++){ if( (z = sqlite3_value_text(argv[i]))==0 || parseModifier((char*)z, p) ){ return 1; } } return 0; } /* ** The following routines implement the various date and time functions |
︙ | ︙ |
Changes to src/func.c.
︙ | ︙ | |||
12 13 14 15 16 17 18 | ** This file contains the C functions that implement various SQL ** functions of SQLite. ** ** There is only one exported symbol in this file - the function ** sqliteRegisterBuildinFunctions() found at the bottom of the file. ** All other code has file scope. ** | | | 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | ** This file contains the C functions that implement various SQL ** functions of SQLite. ** ** There is only one exported symbol in this file - the function ** sqliteRegisterBuildinFunctions() found at the bottom of the file. ** All other code has file scope. ** ** $Id: func.c,v 1.140 2007/04/25 18:23:53 drh Exp $ */ #include "sqliteInt.h" #include <ctype.h> /* #include <math.h> */ #include <stdlib.h> #include <assert.h> #include "vdbeInt.h" |
︙ | ︙ | |||
98 99 100 101 102 103 104 105 106 107 108 109 110 111 | case SQLITE_INTEGER: case SQLITE_FLOAT: { sqlite3_result_int(context, sqlite3_value_bytes(argv[0])); break; } case SQLITE_TEXT: { const unsigned char *z = sqlite3_value_text(argv[0]); for(len=0; *z; z++){ if( (0xc0&*z)!=0x80 ) len++; } sqlite3_result_int(context, len); break; } default: { sqlite3_result_null(context); break; | > | 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 | case SQLITE_INTEGER: case SQLITE_FLOAT: { sqlite3_result_int(context, sqlite3_value_bytes(argv[0])); break; } case SQLITE_TEXT: { const unsigned char *z = sqlite3_value_text(argv[0]); if( z==0 ) return; for(len=0; *z; z++){ if( (0xc0&*z)!=0x80 ) len++; } sqlite3_result_int(context, len); break; } default: { sqlite3_result_null(context); break; |
︙ | ︙ | |||
208 209 210 211 212 213 214 | sqlite3_result_double(context, r); } /* ** Implementation of the upper() and lower() SQL functions. */ static void upperFunc(sqlite3_context *context, int argc, sqlite3_value **argv){ | | > > > | | | | | | | < | > > | > > > | | | | | | | < > > | 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 | sqlite3_result_double(context, r); } /* ** Implementation of the upper() and lower() SQL functions. */ static void upperFunc(sqlite3_context *context, int argc, sqlite3_value **argv){ char *z1; const char *z2; int i; if( argc<1 || SQLITE_NULL==sqlite3_value_type(argv[0]) ) return; z2 = (char*)sqlite3_value_text(argv[0]); if( z2 ){ z1 = sqlite3_malloc(sqlite3_value_bytes(argv[0])+1); if( z1 ){ strcpy(z1, z2); for(i=0; z1[i]; i++){ z1[i] = toupper(z1[i]); } sqlite3_result_text(context, z1, -1, sqlite3_free); } } } static void lowerFunc(sqlite3_context *context, int argc, sqlite3_value **argv){ char *z1; const char *z2; int i; if( argc<1 || SQLITE_NULL==sqlite3_value_type(argv[0]) ) return; z2 = (char*)sqlite3_value_text(argv[0]); if( z2 ){ z1 = sqlite3_malloc(sqlite3_value_bytes(argv[0])+1); if( z1 ){ strcpy(z1, z2); for(i=0; z1[i]; i++){ z1[i] = tolower(z1[i]); } sqlite3_result_text(context, z1, -1, sqlite3_free); } } } /* ** Implementation of the IFNULL(), NVL(), and COALESCE() functions. ** All three do the same thing. They return the first non-NULL ** argument. */ |
︙ | ︙ | |||
519 520 521 522 523 524 525 526 527 528 529 530 531 532 | const unsigned char *zB = sqlite3_value_text(argv[1]); int escape = 0; if( argc==3 ){ /* The escape character string must consist of a single UTF-8 character. ** Otherwise, return an error. */ const unsigned char *zEsc = sqlite3_value_text(argv[2]); if( sqlite3utf8CharLen((char*)zEsc, -1)!=1 ){ sqlite3_result_error(context, "ESCAPE expression must be a single character", -1); return; } escape = sqlite3ReadUtf8(zEsc); } | > | 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 | const unsigned char *zB = sqlite3_value_text(argv[1]); int escape = 0; if( argc==3 ){ /* The escape character string must consist of a single UTF-8 character. ** Otherwise, return an error. */ const unsigned char *zEsc = sqlite3_value_text(argv[2]); if( zEsc==0 ) return; if( sqlite3utf8CharLen((char*)zEsc, -1)!=1 ){ sqlite3_result_error(context, "ESCAPE expression must be a single character", -1); return; } escape = sqlite3ReadUtf8(zEsc); } |
︙ | ︙ | |||
621 622 623 624 625 626 627 628 629 630 631 632 633 634 | break; } case SQLITE_TEXT: { int i,j,n; const unsigned char *zArg = sqlite3_value_text(argv[0]); char *z; for(i=n=0; zArg[i]; i++){ if( zArg[i]=='\'' ) n++; } z = sqliteMalloc( i+n+3 ); if( z==0 ) return; z[0] = '\''; for(i=0, j=1; zArg[i]; i++){ z[j++] = zArg[i]; if( zArg[i]=='\'' ){ | > | 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 | break; } case SQLITE_TEXT: { int i,j,n; const unsigned char *zArg = sqlite3_value_text(argv[0]); char *z; if( zArg==0 ) return; for(i=n=0; zArg[i]; i++){ if( zArg[i]=='\'' ) n++; } z = sqliteMalloc( i+n+3 ); if( z==0 ) return; z[0] = '\''; for(i=0, j=1; zArg[i]; i++){ z[j++] = zArg[i]; if( zArg[i]=='\'' ){ |
︙ | ︙ | |||
688 689 690 691 692 693 694 | int nPattern; /* Size of zPattern */ int nRep; /* Size of zRep */ int nOut; /* Maximum size of zOut */ int loopLimit; /* Last zStr[] that might match zPattern[] */ int i, j; /* Loop counters */ assert( argc==3 ); | < < < < < > > > | 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 | int nPattern; /* Size of zPattern */ int nRep; /* Size of zRep */ int nOut; /* Maximum size of zOut */ int loopLimit; /* Last zStr[] that might match zPattern[] */ int i, j; /* Loop counters */ assert( argc==3 ); zStr = sqlite3_value_text(argv[0]); if( zStr==0 ) return; nStr = sqlite3_value_bytes(argv[0]); zPattern = sqlite3_value_text(argv[1]); if( zPattern==0 ) return; nPattern = sqlite3_value_bytes(argv[1]); zRep = sqlite3_value_text(argv[2]); if( zRep==0 ) return; nRep = sqlite3_value_bytes(argv[2]); if( nPattern>=nRep ){ nOut = nStr; }else{ nOut = (nStr/nPattern + 1)*nRep; } zOut = sqlite3_malloc(nOut+1); |
︙ | ︙ | |||
742 743 744 745 746 747 748 749 750 751 752 | int flags; int i; unsigned char cFirst, cNext; if( sqlite3_value_type(argv[0])==SQLITE_NULL ){ return; } zIn = sqlite3_value_text(argv[0]); nIn = sqlite3_value_bytes(argv[0]); if( argc==1 ){ static const unsigned char zSpace[] = " "; zCharSet = zSpace; | > | < < | 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 | int flags; int i; unsigned char cFirst, cNext; if( sqlite3_value_type(argv[0])==SQLITE_NULL ){ return; } zIn = sqlite3_value_text(argv[0]); if( zIn==0 ) return; nIn = sqlite3_value_bytes(argv[0]); if( argc==1 ){ static const unsigned char zSpace[] = " "; zCharSet = zSpace; }else if( (zCharSet = sqlite3_value_text(argv[1]))==0 ){ return; } cFirst = zCharSet[0]; if( cFirst ){ flags = (int)sqlite3_user_data(context); if( flags & 1 ){ for(; nIn>0; nIn--, zIn++){ if( cFirst==zIn[0] ) continue; |
︙ | ︙ | |||
830 831 832 833 834 835 836 | #ifndef SQLITE_OMIT_LOAD_EXTENSION /* ** A function that loads a shared-library extension then returns NULL. */ static void loadExt(sqlite3_context *context, int argc, sqlite3_value **argv){ const char *zFile = (const char *)sqlite3_value_text(argv[0]); | | > > | | 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 | #ifndef SQLITE_OMIT_LOAD_EXTENSION /* ** A function that loads a shared-library extension then returns NULL. */ static void loadExt(sqlite3_context *context, int argc, sqlite3_value **argv){ const char *zFile = (const char *)sqlite3_value_text(argv[0]); const char *zProc; sqlite3 *db = sqlite3_user_data(context); char *zErrMsg = 0; if( argc==2 ){ zProc = (const char *)sqlite3_value_text(argv[1]); }else{ zProc = 0; } if( zFile && sqlite3_load_extension(db, zFile, zProc, &zErrMsg) ){ sqlite3_result_error(context, zErrMsg, -1); sqlite3_free(zErrMsg); } } #endif #ifdef SQLITE_TEST |
︙ | ︙ |
Changes to src/vdbeapi.c.
︙ | ︙ | |||
439 440 441 442 443 444 445 | ** If iCol is not valid, return a pointer to a Mem which has a value ** of NULL. */ static Mem *columnMem(sqlite3_stmt *pStmt, int i){ Vdbe *pVm = (Vdbe *)pStmt; int vals = sqlite3_data_count(pStmt); if( i>=vals || i<0 ){ | | | 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 | ** If iCol is not valid, return a pointer to a Mem which has a value ** of NULL. */ static Mem *columnMem(sqlite3_stmt *pStmt, int i){ Vdbe *pVm = (Vdbe *)pStmt; int vals = sqlite3_data_count(pStmt); if( i>=vals || i<0 ){ static const Mem nullMem = {{0}, 0.0, "", 0, MEM_Null, SQLITE_NULL }; sqlite3Error(pVm->db, SQLITE_RANGE, 0); return (Mem*)&nullMem; } return &pVm->pTos[(1-vals)+i]; } /* |
︙ | ︙ |
Added test/malloc8.test.
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 | # 2006 July 26 # # The author disclaims copyright to this source code. In place of # a legal notice, here is a blessing: # # May you do good and not evil. # May you find forgiveness for yourself and forgive others. # May you share freely, never taking more than you give. # #*********************************************************************** # This file contains additional out-of-memory checks (see malloc.tcl) # added to expose a bug in out-of-memory handling for sqlite3_value_text() # # $Id: malloc8.test,v 1.1 2007/04/25 18:23:53 drh Exp $ set testdir [file dirname $argv0] source $testdir/tester.tcl # Only run these tests if memory debugging is turned on. # if {[info command sqlite_malloc_stat]==""} { puts "Skipping malloc tests: not compiled with -DSQLITE_MEMDEBUG..." finish_test return } # Usage: do_malloc_test <test number> <options...> # # The first argument, <test number>, is an integer used to name the # tests executed by this proc. Options are as follows: # # -tclprep TCL script to run to prepare test. # -sqlprep SQL script to run to prepare test. # -tclbody TCL script to run with malloc failure simulation. # -sqlbody TCL script to run with malloc failure simulation. # -cleanup TCL script to run after the test. # # This command runs a series of tests to verify SQLite's ability # to handle an out-of-memory condition gracefully. It is assumed # that if this condition occurs a malloc() call will return a # NULL pointer. Linux, for example, doesn't do that by default. See # the "BUGS" section of malloc(3). # # Each iteration of a loop, the TCL commands in any argument passed # to the -tclbody switch, followed by the SQL commands in any argument # passed to the -sqlbody switch are executed. Each iteration the # Nth call to sqliteMalloc() is made to fail, where N is increased # each time the loop runs starting from 1. When all commands execute # successfully, the loop ends. # proc do_malloc_test {tn args} { array unset ::mallocopts array set ::mallocopts $args set ::go 1 for {set ::n 1} {$::go && $::n < 50000} {incr ::n} { do_test malloc8-$tn.$::n { sqlite_malloc_fail 0 catch {db close} sqlite3 db test.db set ::DB [sqlite3_connection_pointer db] # Execute any -tclprep and -sqlprep scripts. # if {[info exists ::mallocopts(-tclprep)]} { eval $::mallocopts(-tclprep) } if {[info exists ::mallocopts(-sqlprep)]} { execsql $::mallocopts(-sqlprep) } # Now set the ${::n}th malloc() to fail and execute the -tclbody and # -sqlbody scripts. # sqlite_malloc_fail $::n set ::mallocbody {} if {[info exists ::mallocopts(-tclbody)]} { append ::mallocbody "$::mallocopts(-tclbody)\n" } if {[info exists ::mallocopts(-sqlbody)]} { append ::mallocbody "db eval {$::mallocopts(-sqlbody)}" } set v [catch $::mallocbody msg] # If the test fails (if $v!=0) and the database connection actually # exists, make sure the failure code is SQLITE_NOMEM. if {$v && [info command db]=="db" && [info exists ::mallocopts(-sqlbody)] && [db errorcode]!=7} { set v 999 } set leftover [lindex [sqlite_malloc_stat] 2] if {$leftover>0} { if {$leftover>1} {puts "\nLeftover: $leftover\nReturn=$v Message=$msg"} set ::go 0 if {$v} { puts "\nError message returned: $msg" } else { set v {1 1} } } else { set v2 [expr {$msg=="" || $msg=="out of memory"}] if {!$v2} {puts "\nError message returned: $msg"} lappend v $v2 } } {1 1} if {[info exists ::mallocopts(-cleanup)]} { catch [list uplevel #0 $::mallocopts(-cleanup)] msg } } unset ::mallocopts } # The setup is a database with UTF-16 encoding that contains a single # large string. We will be running lots of queries against this # database. Because we will be extracting the string as UTF-8, there # is a type conversion that occurs and thus an opportunity for malloc() # to fail and for sqlite3_value_text() to return 0 even though # sqlite3_value_type() returns SQLITE_TEXT. # db close file delete -force test.db test.db-journal sqlite3 db test.db db eval { PRAGMA encoding='UTF-16'; CREATE TABLE t1(a); INSERT INTO t1 VALUES('0123456789aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ'); } do_malloc_test 1 -sqlbody { SELECT lower(a), upper(a), quote(a), trim(a), trim('x',a) FROM t1; } do_malloc_test 2 -sqlbody { SELECT replace(a,'x','y'), replace('x',a,'y'), replace('x','y',a) FROM t1; } do_malloc_test 3 -sqlbody { SELECT length(a), substr(a, 4, 4) FROM t1; } do_malloc_test 4 -sqlbody { SELECT julianday(a,a) FROM t1; } do_malloc_test 5 -sqlbody { SELECT 1 FROM t1 WHERE a LIKE 'hello' ESCAPE NULL; } # Ensure that no file descriptors were leaked. do_test malloc-99.X { catch {db close} set sqlite_open_file_count } {0} sqlite_malloc_fail 0 finish_test |