Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Avoid signed integer overflow when dealing with a LIMIT and OFFSET whose sum exceeds the maximum integer value. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
c9bdf7adb4745cfaf23d9afd496e71fa |
| User & Date: | drh 2016-12-10 04:06:49 |
Context
|
2016-12-10
| ||
| 12:58 | Reorder the fields in the VdbeCursor object so that those that need to be bulk zeroed on allocation are grouped at the beginning, and the memset() only runs over those fields that really need it. (check-in: 8165f88b user: drh tags: trunk) | |
| 04:06 | Avoid signed integer overflow when dealing with a LIMIT and OFFSET whose sum exceeds the maximum integer value. (check-in: c9bdf7ad user: drh tags: trunk) | |
|
2016-12-09
| ||
| 19:42 | When doing the sqlite3BtreeInsert() overwrite optimization, make sure the memcpy() does not extend off the end of the page. (check-in: 684ef458 user: drh tags: trunk) | |
Changes
Changes to src/vdbe.c.
5987 5988 5989 5990 5991 5992 5993 5994 5995 5996 5997 5998 5999 6000 6001 6002 6003 6004 6005 6006 |
**
** if r[P1] is zero or negative, that means there is no LIMIT
** and r[P2] is set to -1.
**
** Otherwise, r[P2] is set to the sum of r[P1] and r[P3].
*/
case OP_OffsetLimit: { /* in1, out2, in3 */
pIn1 = &aMem[pOp->p1];
pIn3 = &aMem[pOp->p3];
pOut = out2Prerelease(p, pOp);
assert( pIn1->flags & MEM_Int );
assert( pIn3->flags & MEM_Int );
pOut->u.i = pIn1->u.i<=0 ? -1 : pIn1->u.i+(pIn3->u.i>0?pIn3->u.i:0);
break;
}
/* Opcode: IfNotZero P1 P2 P3 * *
** Synopsis: if r[P1]!=0 then r[P1]-=P3, goto P2
**
** Register P1 must contain an integer. If the content of register P1 is
|
> > | > > > > > > > > > > > |
5987 5988 5989 5990 5991 5992 5993 5994 5995 5996 5997 5998 5999 6000 6001 6002 6003 6004 6005 6006 6007 6008 6009 6010 6011 6012 6013 6014 6015 6016 6017 6018 6019 |
**
** if r[P1] is zero or negative, that means there is no LIMIT
** and r[P2] is set to -1.
**
** Otherwise, r[P2] is set to the sum of r[P1] and r[P3].
*/
case OP_OffsetLimit: { /* in1, out2, in3 */
i64 x;
pIn1 = &aMem[pOp->p1];
pIn3 = &aMem[pOp->p3];
pOut = out2Prerelease(p, pOp);
assert( pIn1->flags & MEM_Int );
assert( pIn3->flags & MEM_Int );
x = pIn1->u.i;
if( x<=0 || sqlite3AddInt64(&x, pIn3->u.i>0?pIn3->u.i:0) ){
/* If the LIMIT is less than or equal to zero, loop forever. This
** is documented. But also, if the LIMIT+OFFSET exceeds 2^63 then
** also loop forever. This is undocumented. In fact, one could argue
** that the loop should terminate. But assuming 1 billion iterations
** per second (far exceeding the capabilities of any current hardware)
** it would take nearly 300 years to actually reach the limit. So
** looping forever is a reasonable approximation. */
pOut->u.i = -1;
}else{
pOut->u.i = x;
}
break;
}
/* Opcode: IfNotZero P1 P2 P3 * *
** Synopsis: if r[P1]!=0 then r[P1]-=P3, goto P2
**
** Register P1 must contain an integer. If the content of register P1 is
|