Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Fix a potential use-after-free error during parsing of malformed CREATE TABLE statement. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | branch-3.15 |
| Files: | files | file ages | folders |
| SHA1: |
0f956597995ca0007c51a32c71cf5fb7 |
| User & Date: | drh 2016-11-23 20:44:04 |
Context
|
2016-11-23
| ||
| 21:01 | Disable the query flattener optimization for SELECT statements that are on the RHS of vector IN operators. This is a hack that fixes the bug described in ticket [da7841375186386c]. A better solution that does not disable the query flattener is needed, but this will server for the time being. (check-in: 27438fb4 user: drh tags: branch-3.15) | |
| 20:44 | Fix a potential use-after-free error during parsing of malformed CREATE TABLE statement. (check-in: 0f956597 user: drh tags: branch-3.15) | |
| 20:37 | Fix an fts5 problem causing a crash in phrase queries where the first token of the phrase matches one or more rows but some other token within the phrase matches zero. (check-in: 4efd331e user: drh tags: branch-3.15) | |
|
2016-11-14
| ||
| 20:08 | Fix a potential use-after-free error during parsing of malformed CREATE TABLE statement. (check-in: c5dbc599 user: drh tags: trunk) | |
Changes
Changes to src/sqliteInt.h.
2942 2942 u8 tempReg; /* iReg is a temp register that needs to be freed */ 2943 2943 int iLevel; /* Nesting level */ 2944 2944 int iReg; /* Reg with value of this column. 0 means none. */ 2945 2945 int lru; /* Least recently used entry has the smallest value */ 2946 2946 } aColCache[SQLITE_N_COLCACHE]; /* One for each column cache entry */ 2947 2947 int aTempReg[8]; /* Holding area for temporary registers */ 2948 2948 Token sNameToken; /* Token with unqualified schema object name */ 2949 - Token sLastToken; /* The last token parsed */ 2950 2949 2951 2950 /************************************************************************ 2952 2951 ** Above is constant between recursions. Below is reset before and after 2953 2952 ** each recursion. The boundary between these two regions is determined 2954 - ** using offsetof(Parse,nVar) so the nVar field must be the first field 2955 - ** in the recursive region. 2953 + ** using offsetof(Parse,sLastToken) so the sLastToken field must be the 2954 + ** first field in the recursive region. 2956 2955 ************************************************************************/ 2957 2956 2957 + Token sLastToken; /* The last token parsed */ 2958 2958 ynVar nVar; /* Number of '?' variables seen in the SQL so far */ 2959 2959 int nzVar; /* Number of available slots in azVar[] */ 2960 2960 u8 iPkSortOrder; /* ASC or DESC for INTEGER PRIMARY KEY */ 2961 2961 u8 explain; /* True if the EXPLAIN flag is found on the query */ 2962 2962 #ifndef SQLITE_OMIT_VIRTUALTABLE 2963 2963 u8 declareVtab; /* True if inside sqlite3_declare_vtab() */ 2964 2964 int nVtabLock; /* Number of virtual tables to lock */ ................................................................................ 2984 2984 With *pWithToFree; /* Free this WITH object at the end of the parse */ 2985 2985 }; 2986 2986 2987 2987 /* 2988 2988 ** Sizes and pointers of various parts of the Parse object. 2989 2989 */ 2990 2990 #define PARSE_HDR_SZ offsetof(Parse,aColCache) /* Recursive part w/o aColCache*/ 2991 -#define PARSE_RECURSE_SZ offsetof(Parse,nVar) /* Recursive part */ 2991 +#define PARSE_RECURSE_SZ offsetof(Parse,sLastToken) /* Recursive part */ 2992 2992 #define PARSE_TAIL_SZ (sizeof(Parse)-PARSE_RECURSE_SZ) /* Non-recursive part */ 2993 2993 #define PARSE_TAIL(X) (((char*)(X))+PARSE_RECURSE_SZ) /* Pointer to tail */ 2994 2994 2995 2995 /* 2996 2996 ** Return true if currently inside an sqlite3_declare_vtab() call. 2997 2997 */ 2998 2998 #ifdef SQLITE_OMIT_VIRTUALTABLE