/ Check-in [653df0af]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a bug in sqlite3_realloc() - if called with a size of more than 2147483392 it returns 0 but it also releases the prior allocation. (CVS 6827)
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 653df0afcc58de82c8c1b5f6a7b2f4829ff69792
User & Date: drh 2009-06-27 00:48:33
Context
2009-06-27
11:17
Fix an instance where sqlite3JumpHere() might be called with a negative address following an OOM fault. (CVS 6828) check-in: 49f22e55 user: drh tags: trunk
00:48
Fix a bug in sqlite3_realloc() - if called with a size of more than 2147483392 it returns 0 but it also releases the prior allocation. (CVS 6827) check-in: 653df0af user: drh tags: trunk
2009-06-26
18:35
Remove incorrect NEVER() macros from malloc.c. The allocations can be exceeded using sqlite3_malloc() and sqlite3_realloc(). (CVS 6826) check-in: 0d345e59 user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Show Whitespace Changes Patch

Changes to src/malloc.c.

8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
...
469
470
471
472
473
474
475




476
477
478
479
480
481
482
483
484
485
486
**    May you find forgiveness for yourself and forgive others.
**    May you share freely, never taking more than you give.
**
*************************************************************************
**
** Memory allocation functions used throughout sqlite.
**
** $Id: malloc.c,v 1.63 2009/06/26 18:35:17 drh Exp $
*/
#include "sqliteInt.h"
#include <stdarg.h>

/*
** This routine runs when the memory allocator sees that the
** total memory allocation is about to exceed the soft heap
................................................................................
*/
void *sqlite3Realloc(void *pOld, int nBytes){
  int nOld, nNew;
  void *pNew;
  if( pOld==0 ){
    return sqlite3Malloc(nBytes);
  }




  if( nBytes<=0 || nBytes>=0x7fffff00 ){
    /* The 0x7ffff00 limit term is explained in comments on sqlite3Malloc() */
    sqlite3_free(pOld);
    return 0;
  }
  nOld = sqlite3MallocSize(pOld);
  if( sqlite3GlobalConfig.bMemstat ){
    sqlite3_mutex_enter(mem0.mutex);
    sqlite3StatusSet(SQLITE_STATUS_MALLOC_SIZE, nBytes);
    nNew = sqlite3GlobalConfig.m.xRoundup(nBytes);
    if( nOld==nNew ){







|







 







>
>
>
>
|

<








8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
...
469
470
471
472
473
474
475
476
477
478
479
480
481

482
483
484
485
486
487
488
489
**    May you find forgiveness for yourself and forgive others.
**    May you share freely, never taking more than you give.
**
*************************************************************************
**
** Memory allocation functions used throughout sqlite.
**
** $Id: malloc.c,v 1.64 2009/06/27 00:48:33 drh Exp $
*/
#include "sqliteInt.h"
#include <stdarg.h>

/*
** This routine runs when the memory allocator sees that the
** total memory allocation is about to exceed the soft heap
................................................................................
*/
void *sqlite3Realloc(void *pOld, int nBytes){
  int nOld, nNew;
  void *pNew;
  if( pOld==0 ){
    return sqlite3Malloc(nBytes);
  }
  if( nBytes<=0 ){
    sqlite3_free(pOld);
    return 0;
  }
  if( nBytes>=0x7fffff00 ){
    /* The 0x7ffff00 limit term is explained in comments on sqlite3Malloc() */

    return 0;
  }
  nOld = sqlite3MallocSize(pOld);
  if( sqlite3GlobalConfig.bMemstat ){
    sqlite3_mutex_enter(mem0.mutex);
    sqlite3StatusSet(SQLITE_STATUS_MALLOC_SIZE, nBytes);
    nNew = sqlite3GlobalConfig.m.xRoundup(nBytes);
    if( nOld==nNew ){