Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Fix a buffer overrun in the code for handling IN(...) operators when the LHS of the operator contains indexed columns or expressions. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | rowvalue |
| Files: | files | file ages | folders |
| SHA1: |
f41a0391b732a8c4ad188163f34a0f4a |
| User & Date: | dan 2016-08-24 12:22:17.962 |
Context
|
2016-08-24
| ||
| 15:37 | Add a NEVER() on an unreachable branch in comparisonAffinity(). (check-in: 505a2f20ea user: drh tags: rowvalue) | |
| 12:22 | Fix a buffer overrun in the code for handling IN(...) operators when the LHS of the operator contains indexed columns or expressions. (check-in: f41a0391b7 user: dan tags: rowvalue) | |
| 00:51 | The previous OOM fix was bad. Back it out and replace it with a better one. (check-in: 1e3bc3698a user: drh tags: rowvalue) | |
Changes
Changes to src/wherecode.c.
| ︙ | ︙ | |||
467 468 469 470 471 472 473 |
pLevel->u.in.aInLoop =
sqlite3DbReallocOrFree(pParse->db, pLevel->u.in.aInLoop,
sizeof(pLevel->u.in.aInLoop[0])*pLevel->u.in.nIn);
pIn = pLevel->u.in.aInLoop;
if( pIn ){
int iMap = 0; /* Index in aiMap[] */
pIn += i;
| | > | 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 |
pLevel->u.in.aInLoop =
sqlite3DbReallocOrFree(pParse->db, pLevel->u.in.aInLoop,
sizeof(pLevel->u.in.aInLoop[0])*pLevel->u.in.nIn);
pIn = pLevel->u.in.aInLoop;
if( pIn ){
int iMap = 0; /* Index in aiMap[] */
pIn += i;
for(i=iEq;i<pLoop->nLTerm; i++){
int iOut = iReg;
if( pLoop->aLTerm[i]->pExpr==pX ){
if( eType==IN_INDEX_ROWID ){
assert( nEq==1 && i==iEq );
pIn->addrInTop = sqlite3VdbeAddOp2(v, OP_Rowid, iTab, iReg);
}else{
int iCol = aiMap ? aiMap[iMap++] : 0;
iOut = iReg + i - iEq;
pIn->addrInTop = sqlite3VdbeAddOp3(v,OP_Column,iTab, iCol, iOut);
}
sqlite3VdbeAddOp1(v, OP_IsNull, iOut); VdbeCoverage(v);
if( i==iEq ){
pIn->iCur = iTab;
pIn->eEndLoopOp = bRev ? OP_PrevIfOpen : OP_NextIfOpen;
}else{
pIn->eEndLoopOp = OP_Noop;
}
pIn++;
}
}
}else{
pLevel->u.in.nIn = 0;
}
sqlite3DbFree(pParse->db, aiMap);
#endif
|
| ︙ | ︙ |
Changes to test/rowvalue.test.
| ︙ | ︙ | |||
215 216 217 218 219 220 221 222 223 |
2 "(a, b) > (2, 2)" {3 4 5}
3 "(a, b) < (4, 5)" {1 2 3 4}
4 "(a, b) < (4, 3)" {1 2 3}
} {
do_execsql_test 9.$tn "SELECT c FROM t2 WHERE $q" $res
}
finish_test
| > > > > > > > > > | 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 |
2 "(a, b) > (2, 2)" {3 4 5}
3 "(a, b) < (4, 5)" {1 2 3 4}
4 "(a, b) < (4, 3)" {1 2 3}
} {
do_execsql_test 9.$tn "SELECT c FROM t2 WHERE $q" $res
}
do_execsql_test 10.0 {
CREATE TABLE dual(dummy); INSERT INTO dual(dummy) VALUES('X');
CREATE TABLE t3(a TEXT,b TEXT,c TEXT,d TEXT,e TEXT,f TEXT);
CREATE INDEX t3x ON t3(b,c,d,e,f);
SELECT a FROM t3
WHERE (c,d) IN (SELECT 'c','d' FROM dual)
AND (a,b,e) IN (SELECT 'a','b','d' FROM dual);
}
finish_test
|