/ Check-in [653df0af]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a bug in sqlite3_realloc() - if called with a size of more than 2147483392 it returns 0 but it also releases the prior allocation. (CVS 6827)
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 653df0afcc58de82c8c1b5f6a7b2f4829ff69792
User & Date: drh 2009-06-27 00:48:33
Context
2009-06-27
11:17
Fix an instance where sqlite3JumpHere() might be called with a negative address following an OOM fault. (CVS 6828) check-in: 49f22e55 user: drh tags: trunk
00:48
Fix a bug in sqlite3_realloc() - if called with a size of more than 2147483392 it returns 0 but it also releases the prior allocation. (CVS 6827) check-in: 653df0af user: drh tags: trunk
2009-06-26
18:35
Remove incorrect NEVER() macros from malloc.c. The allocations can be exceeded using sqlite3_malloc() and sqlite3_realloc(). (CVS 6826) check-in: 0d345e59 user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/malloc.c.

     8      8   **    May you find forgiveness for yourself and forgive others.
     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   **
    13     13   ** Memory allocation functions used throughout sqlite.
    14     14   **
    15         -** $Id: malloc.c,v 1.63 2009/06/26 18:35:17 drh Exp $
           15  +** $Id: malloc.c,v 1.64 2009/06/27 00:48:33 drh Exp $
    16     16   */
    17     17   #include "sqliteInt.h"
    18     18   #include <stdarg.h>
    19     19   
    20     20   /*
    21     21   ** This routine runs when the memory allocator sees that the
    22     22   ** total memory allocation is about to exceed the soft heap
................................................................................
   469    469   */
   470    470   void *sqlite3Realloc(void *pOld, int nBytes){
   471    471     int nOld, nNew;
   472    472     void *pNew;
   473    473     if( pOld==0 ){
   474    474       return sqlite3Malloc(nBytes);
   475    475     }
   476         -  if( nBytes<=0 || nBytes>=0x7fffff00 ){
   477         -    /* The 0x7ffff00 limit term is explained in comments on sqlite3Malloc() */
          476  +  if( nBytes<=0 ){
   478    477       sqlite3_free(pOld);
   479    478       return 0;
          479  +  }
          480  +  if( nBytes>=0x7fffff00 ){
          481  +    /* The 0x7ffff00 limit term is explained in comments on sqlite3Malloc() */
          482  +    return 0;
   480    483     }
   481    484     nOld = sqlite3MallocSize(pOld);
   482    485     if( sqlite3GlobalConfig.bMemstat ){
   483    486       sqlite3_mutex_enter(mem0.mutex);
   484    487       sqlite3StatusSet(SQLITE_STATUS_MALLOC_SIZE, nBytes);
   485    488       nNew = sqlite3GlobalConfig.m.xRoundup(nBytes);
   486    489       if( nOld==nNew ){