/ Check-in [04abab71]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix an instance of signed arithmetic overflow and an one bit-shift overflow. Mark six other signed arithmetic overflow locations that need fixing.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 04abab71ecd52f6070b9f84781a3df3d6dba7722
User & Date: drh 2011-03-05 13:54:15
Context
2011-03-05
20:59
Fix all known instances of signed-integer overflow. Within SQL expressions, integer overflow now forces coercion to floating point. The shift operators work with any integer right-hand operand with negative values reversing the direction of the shift. check-in: abf21394 user: drh tags: trunk
13:54
Fix an instance of signed arithmetic overflow and an one bit-shift overflow. Mark six other signed arithmetic overflow locations that need fixing. check-in: 04abab71 user: drh tags: trunk
2011-03-04
00:56
Do a better job of choosing the join table order when the tables having very different numbers of rows. check-in: 952f5e8c user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

install-sh became a regular file.


Changes to src/expr.c.

  1960   1960       int c;
  1961   1961       i64 value;
  1962   1962       const char *z = pExpr->u.zToken;
  1963   1963       assert( z!=0 );
  1964   1964       c = sqlite3Atoi64(z, &value, sqlite3Strlen30(z), SQLITE_UTF8);
  1965   1965       if( c==0 || (c==2 && negFlag) ){
  1966   1966         char *zV;
  1967         -      if( negFlag ){ value = -value; }
         1967  +      if( negFlag ){ value = -value; } /* CLANG */
  1968   1968         zV = dup8bytes(v, (char*)&value);
  1969   1969         sqlite3VdbeAddOp4(v, OP_Int64, 0, iMem, 0, zV, P4_INT64);
  1970   1970       }else{
  1971   1971   #ifdef SQLITE_OMIT_FLOATING_POINT
  1972   1972         sqlite3ErrorMsg(pParse, "oversized integer: %s%s", negFlag ? "-" : "", z);
  1973   1973   #else
  1974   1974         codeReal(v, z, negFlag, iMem);

Changes to src/func.c.

  1236   1236     type = sqlite3_value_numeric_type(argv[0]);
  1237   1237     if( p && type!=SQLITE_NULL ){
  1238   1238       p->cnt++;
  1239   1239       if( type==SQLITE_INTEGER ){
  1240   1240         i64 v = sqlite3_value_int64(argv[0]);
  1241   1241         p->rSum += v;
  1242   1242         if( (p->approx|p->overflow)==0 ){
  1243         -        i64 iNewSum = p->iSum + v;
         1243  +        i64 iNewSum = p->iSum + v;    /* CLANG */
  1244   1244           int s1 = (int)(p->iSum >> (sizeof(i64)*8-1));
  1245   1245           int s2 = (int)(v       >> (sizeof(i64)*8-1));
  1246   1246           int s3 = (int)(iNewSum >> (sizeof(i64)*8-1));
  1247   1247           p->overflow = ((s1&s2&~s3) | (~s1&~s2&s3))?1:0;
  1248   1248           p->iSum = iNewSum;
  1249   1249         }
  1250   1250       }else{

Changes to src/printf.c.

   396    396               v = va_arg(ap,i64);
   397    397             }else if( flag_long ){
   398    398               v = va_arg(ap,long int);
   399    399             }else{
   400    400               v = va_arg(ap,int);
   401    401             }
   402    402             if( v<0 ){
   403         -            longvalue = -v;
          403  +            longvalue = -v;  /* CLANG */
   404    404               prefix = '-';
   405    405             }else{
   406    406               longvalue = v;
   407    407               if( flag_plussign )        prefix = '+';
   408    408               else if( flag_blanksign )  prefix = ' ';
   409    409               else                       prefix = 0;
   410    410             }

Changes to src/update.c.

   392    392     ** with the required old.* column data.  */
   393    393     if( hasFK || pTrigger ){
   394    394       u32 oldmask = (hasFK ? sqlite3FkOldmask(pParse, pTab) : 0);
   395    395       oldmask |= sqlite3TriggerColmask(pParse, 
   396    396           pTrigger, pChanges, 0, TRIGGER_BEFORE|TRIGGER_AFTER, pTab, onError
   397    397       );
   398    398       for(i=0; i<pTab->nCol; i++){
   399         -      if( aXRef[i]<0 || oldmask==0xffffffff || (oldmask & (1<<i)) ){
          399  +      if( aXRef[i]<0 || oldmask==0xffffffff || (i<32 && (oldmask & (1<<i))) ){
   400    400           sqlite3ExprCodeGetColumnOfTable(v, pTab, iCur, i, regOld+i);
   401    401         }else{
   402    402           sqlite3VdbeAddOp2(v, OP_Null, 0, regOld+i);
   403    403         }
   404    404       }
   405    405       if( chngRowid==0 ){
   406    406         sqlite3VdbeAddOp2(v, OP_Copy, regOldRowid, regNewRowid);

Changes to src/util.c.

   471    471     }else if( *zNum=='+' ){
   472    472       zNum+=incr;
   473    473     }
   474    474   do_atoi_calc:
   475    475     zStart = zNum;
   476    476     while( zNum<zEnd && zNum[0]=='0' ){ zNum+=incr; } /* Skip leading zeros. */
   477    477     for(i=0; &zNum[i]<zEnd && (c=zNum[i])>='0' && c<='9'; i+=incr){
   478         -    v = v*10 + c - '0';
          478  +    v = v*10 + c - '0';  /* CLANG */
   479    479     }
   480         -  *pNum = neg ? -v : v;
          480  +  *pNum = neg ? -v : v;  /* CLANG */
   481    481     testcase( i==18 );
   482    482     testcase( i==19 );
   483    483     testcase( i==20 );
   484    484     if( (c!=0 && &zNum[i]<zEnd) || (i==0 && zStart==zNum) || i>19*incr ){
   485    485       /* zNum is empty or contains non-numeric text or is longer
   486    486       ** than 19 digits (thus guaranteeing that it is too large) */
   487    487       return 1;

Changes to src/vdbe.c.

  1242   1242     pOut = &aMem[pOp->p3];
  1243   1243     flags = pIn1->flags | pIn2->flags;
  1244   1244     if( (flags & MEM_Null)!=0 ) goto arithmetic_result_is_null;
  1245   1245     if( (pIn1->flags & pIn2->flags & MEM_Int)==MEM_Int ){
  1246   1246       iA = pIn1->u.i;
  1247   1247       iB = pIn2->u.i;
  1248   1248       switch( pOp->opcode ){
  1249         -      case OP_Add:         iB += iA;       break;
         1249  +      case OP_Add:         iB += iA;       break;   /* CLANG */
  1250   1250         case OP_Subtract:    iB -= iA;       break;
  1251   1251         case OP_Multiply:    iB *= iA;       break;
  1252   1252         case OP_Divide: {
  1253   1253           if( iA==0 ) goto arithmetic_result_is_null;
  1254   1254           /* Dividing the largest possible negative 64-bit integer (1<<63) by 
  1255   1255           ** -1 returns an integer too large to store in a 64-bit data-type. On
  1256   1256           ** some architectures, the value overflows to (1<<63). On others,

Changes to src/vdbeaux.c.

  2493   2493       /* Figure out whether to use 1, 2, 4, 6 or 8 bytes. */
  2494   2494   #   define MAX_6BYTE ((((i64)0x00008000)<<32)-1)
  2495   2495       i64 i = pMem->u.i;
  2496   2496       u64 u;
  2497   2497       if( file_format>=4 && (i&1)==i ){
  2498   2498         return 8+(u32)i;
  2499   2499       }
  2500         -    u = i<0 ? -i : i;
         2500  +    if( i<0 ){
         2501  +      if( i<(-MAX_6BYTE) ) return 6;
         2502  +      /* Previous test prevents:  u = -(-9223372036854775808) */
         2503  +      u = -i;
         2504  +    }else{
         2505  +      u = i;
         2506  +    }
  2501   2507       if( u<=127 ) return 1;
  2502   2508       if( u<=32767 ) return 2;
  2503   2509       if( u<=8388607 ) return 3;
  2504   2510       if( u<=2147483647 ) return 4;
  2505   2511       if( u<=MAX_6BYTE ) return 5;
  2506   2512       return 6;
  2507   2513     }

test/progress.test became executable.


tool/mkopts.tcl became executable.