SQLite

Check-in [0f95659799]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a potential use-after-free error during parsing of malformed CREATE TABLE statement.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | branch-3.15
Files: files | file ages | folders
SHA1: 0f956597995ca0007c51a32c71cf5fb723ed4134
User & Date: drh 2016-11-23 20:44:04.507
Context
2016-11-23
21:01
Disable the query flattener optimization for SELECT statements that are on the RHS of vector IN operators. This is a hack that fixes the bug described in ticket [da7841375186386c]. A better solution that does not disable the query flattener is needed, but this will server for the time being. (check-in: 27438fb43d user: drh tags: branch-3.15)
20:44
Fix a potential use-after-free error during parsing of malformed CREATE TABLE statement. (check-in: 0f95659799 user: drh tags: branch-3.15)
20:37
Fix an fts5 problem causing a crash in phrase queries where the first token of the phrase matches one or more rows but some other token within the phrase matches zero. (check-in: 4efd331e9c user: drh tags: branch-3.15)
2016-11-14
20:08
Fix a potential use-after-free error during parsing of malformed CREATE TABLE statement. (check-in: c5dbc599b9 user: drh tags: trunk)
Changes
Side-by-Side Diff Show Whitespace Changes Patch
Changes to src/sqliteInt.h. 
2942
2943
2944
2945
2946
2947
2948
2949
2950
2951
2952
2953
2954
2955


2956
2957

2958
2959
2960
2961
2962
2963
2964

2942
2943
2944
2945
2946
2947
2948

2949
2950
2951
2952


2953
2954
2955
2956
2957
2958
2959
2960
2961
2962
2963
2964








-




-
-
+
+


+








    u8 tempReg;           /* iReg is a temp register that needs to be freed */
    int iLevel;           /* Nesting level */
    int iReg;             /* Reg with value of this column. 0 means none. */
    int lru;              /* Least recently used entry has the smallest value */
  } aColCache[SQLITE_N_COLCACHE];  /* One for each column cache entry */
  int aTempReg[8];        /* Holding area for temporary registers */
  Token sNameToken;       /* Token with unqualified schema object name */
  Token sLastToken;       /* The last token parsed */

  /************************************************************************
  ** Above is constant between recursions.  Below is reset before and after
  ** each recursion.  The boundary between these two regions is determined
  ** using offsetof(Parse,nVar) so the nVar field must be the first field
  ** in the recursive region.
  ** using offsetof(Parse,sLastToken) so the sLastToken field must be the
  ** first field in the recursive region.
  ************************************************************************/

  Token sLastToken;       /* The last token parsed */
  ynVar nVar;               /* Number of '?' variables seen in the SQL so far */
  int nzVar;                /* Number of available slots in azVar[] */
  u8 iPkSortOrder;          /* ASC or DESC for INTEGER PRIMARY KEY */
  u8 explain;               /* True if the EXPLAIN flag is found on the query */
#ifndef SQLITE_OMIT_VIRTUALTABLE
  u8 declareVtab;           /* True if inside sqlite3_declare_vtab() */
  int nVtabLock;            /* Number of virtual tables to lock */

2984
2985
2986
2987
2988
2989
2990
2991

2992
2993
2994
2995
2996
2997
2998

2984
2985
2986
2987
2988
2989
2990

2991
2992
2993
2994
2995
2996
2997
2998








-
+








  With *pWithToFree;        /* Free this WITH object at the end of the parse */
};

/*
** Sizes and pointers of various parts of the Parse object.
*/
#define PARSE_HDR_SZ offsetof(Parse,aColCache) /* Recursive part w/o aColCache*/
#define PARSE_RECURSE_SZ offsetof(Parse,nVar)  /* Recursive part */
#define PARSE_RECURSE_SZ offsetof(Parse,sLastToken)    /* Recursive part */
#define PARSE_TAIL_SZ (sizeof(Parse)-PARSE_RECURSE_SZ) /* Non-recursive part */
#define PARSE_TAIL(X) (((char*)(X))+PARSE_RECURSE_SZ)  /* Pointer to tail */

/*
** Return true if currently inside an sqlite3_declare_vtab() call.
*/
#ifdef SQLITE_OMIT_VIRTUALTABLE