SQLite

Check-in [653df0afcc]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a bug in sqlite3_realloc() - if called with a size of more than 2147483392 it returns 0 but it also releases the prior allocation. (CVS 6827)
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 653df0afcc58de82c8c1b5f6a7b2f4829ff69792
User & Date: drh 2009-06-27 00:48:33.000
Context
2009-06-27
11:17
Fix an instance where sqlite3JumpHere() might be called with a negative address following an OOM fault. (CVS 6828) (check-in: 49f22e55d6 user: drh tags: trunk)
00:48
Fix a bug in sqlite3_realloc() - if called with a size of more than 2147483392 it returns 0 but it also releases the prior allocation. (CVS 6827) (check-in: 653df0afcc user: drh tags: trunk)
2009-06-26
18:35
Remove incorrect NEVER() macros from malloc.c. The allocations can be exceeded using sqlite3_malloc() and sqlite3_realloc(). (CVS 6826) (check-in: 0d345e5923 user: drh tags: trunk)
Changes
Side-by-Side Diff Ignore Whitespace Patch
Changes to src/malloc.c. 
8
9
10
11
12
13
14
15

16
17
18
19
20
21
22

8
9
10
11
12
13
14

15
16
17
18
19
20
21
22








-
+








**    May you find forgiveness for yourself and forgive others.
**    May you share freely, never taking more than you give.
**
*************************************************************************
**
** Memory allocation functions used throughout sqlite.
**
** $Id: malloc.c,v 1.63 2009/06/26 18:35:17 drh Exp $
** $Id: malloc.c,v 1.64 2009/06/27 00:48:33 drh Exp $
*/
#include "sqliteInt.h"
#include <stdarg.h>

/*
** This routine runs when the memory allocator sees that the
** total memory allocation is about to exceed the soft heap

469
470
471
472
473
474
475
476

477
478
479




480
481
482
483
484
485
486

469
470
471
472
473
474
475

476

477
478
479
480
481
482
483
484
485
486
487
488
489








-
+
-


+
+
+
+








*/
void *sqlite3Realloc(void *pOld, int nBytes){
  int nOld, nNew;
  void *pNew;
  if( pOld==0 ){
    return sqlite3Malloc(nBytes);
  }
  if( nBytes<=0 || nBytes>=0x7fffff00 ){
  if( nBytes<=0 ){
    /* The 0x7ffff00 limit term is explained in comments on sqlite3Malloc() */
    sqlite3_free(pOld);
    return 0;
  }
  if( nBytes>=0x7fffff00 ){
    /* The 0x7ffff00 limit term is explained in comments on sqlite3Malloc() */
    return 0;
  }
  nOld = sqlite3MallocSize(pOld);
  if( sqlite3GlobalConfig.bMemstat ){
    sqlite3_mutex_enter(mem0.mutex);
    sqlite3StatusSet(SQLITE_STATUS_MALLOC_SIZE, nBytes);
    nNew = sqlite3GlobalConfig.m.xRoundup(nBytes);
    if( nOld==nNew ){