Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Fix a potential use-after-free error during parsing of malformed CREATE TABLE statement. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
c5dbc599b910c02a961675b12b273b8d |
| User & Date: | drh 2016-11-14 20:08:00 |
Context
|
2016-11-23
| ||
| 20:44 | Fix a potential use-after-free error during parsing of malformed CREATE TABLE statement. (check-in: 0f956597 user: drh tags: branch-3.15) | |
|
2016-11-14
| ||
| 20:47 | Add 8794 new test cases received from the OSS-FUZZ project. (check-in: 03f75a67 user: drh tags: trunk) | |
| 20:08 | Fix a potential use-after-free error during parsing of malformed CREATE TABLE statement. (check-in: c5dbc599 user: drh tags: trunk) | |
| 18:27 | Enhance fuzzcheck.c to accept database-specific configuration parameters in the option CONFIG table. Add the fuzzdata5.db fuzz database containing test cases from OSS-FUZZ. (check-in: a71fad45 user: drh tags: trunk) | |
Changes
Changes to src/sqliteInt.h.
| ︙ | ︙ | |||
2943 2944 2945 2946 2947 2948 2949 |
u8 tempReg; /* iReg is a temp register that needs to be freed */
int iLevel; /* Nesting level */
int iReg; /* Reg with value of this column. 0 means none. */
int lru; /* Least recently used entry has the smallest value */
} aColCache[SQLITE_N_COLCACHE]; /* One for each column cache entry */
int aTempReg[8]; /* Holding area for temporary registers */
Token sNameToken; /* Token with unqualified schema object name */
| < | | > | 2943 2944 2945 2946 2947 2948 2949 2950 2951 2952 2953 2954 2955 2956 2957 2958 2959 2960 2961 2962 2963 2964 2965 |
u8 tempReg; /* iReg is a temp register that needs to be freed */
int iLevel; /* Nesting level */
int iReg; /* Reg with value of this column. 0 means none. */
int lru; /* Least recently used entry has the smallest value */
} aColCache[SQLITE_N_COLCACHE]; /* One for each column cache entry */
int aTempReg[8]; /* Holding area for temporary registers */
Token sNameToken; /* Token with unqualified schema object name */
/************************************************************************
** Above is constant between recursions. Below is reset before and after
** each recursion. The boundary between these two regions is determined
** using offsetof(Parse,sLastToken) so the sLastToken field must be the
** first field in the recursive region.
************************************************************************/
Token sLastToken; /* The last token parsed */
ynVar nVar; /* Number of '?' variables seen in the SQL so far */
int nzVar; /* Number of available slots in azVar[] */
u8 iPkSortOrder; /* ASC or DESC for INTEGER PRIMARY KEY */
u8 explain; /* True if the EXPLAIN flag is found on the query */
#ifndef SQLITE_OMIT_VIRTUALTABLE
u8 declareVtab; /* True if inside sqlite3_declare_vtab() */
int nVtabLock; /* Number of virtual tables to lock */
|
| ︙ | ︙ | |||
2985 2986 2987 2988 2989 2990 2991 | With *pWithToFree; /* Free this WITH object at the end of the parse */ }; /* ** Sizes and pointers of various parts of the Parse object. */ #define PARSE_HDR_SZ offsetof(Parse,aColCache) /* Recursive part w/o aColCache*/ | | | 2985 2986 2987 2988 2989 2990 2991 2992 2993 2994 2995 2996 2997 2998 2999 | With *pWithToFree; /* Free this WITH object at the end of the parse */ }; /* ** Sizes and pointers of various parts of the Parse object. */ #define PARSE_HDR_SZ offsetof(Parse,aColCache) /* Recursive part w/o aColCache*/ #define PARSE_RECURSE_SZ offsetof(Parse,sLastToken) /* Recursive part */ #define PARSE_TAIL_SZ (sizeof(Parse)-PARSE_RECURSE_SZ) /* Non-recursive part */ #define PARSE_TAIL(X) (((char*)(X))+PARSE_RECURSE_SZ) /* Pointer to tail */ /* ** Return true if currently inside an sqlite3_declare_vtab() call. */ #ifdef SQLITE_OMIT_VIRTUALTABLE |
| ︙ | ︙ |
Changes to test/fuzzdata5.db.
cannot compute difference between binary files