/ Check-in [e14374e4]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Be careful not to use the result of sqlite3_value_blob() after changing the representation of an object. Ticket #2290. (CVS 3834)
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:e14374e4e6f14a90ecb53c2e7c86908a220c6d68
User & Date: drh 2007-04-10 13:51:18
Context
2007-04-10
18:17
Preliminary fix for ticket #2291. This fixes the immediate problem. But we really need to write more tests for the xfer optimization in order to look for other related problems before closing this ticket. (CVS 3835) check-in: 34fec312 user: drh tags: trunk
13:51
Be careful not to use the result of sqlite3_value_blob() after changing the representation of an object. Ticket #2290. (CVS 3834) check-in: e14374e4 user: drh tags: trunk
2007-04-09
20:45
Fix crash in delete when existing row has null fields. Previous code assumed that the row had values in all columns, sigh. Fixes bug http://www.sqlite.org/cvstrac/tktview?tn=2289 . (CVS 3833) check-in: 81be7290 user: shess tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/func.c.

    12     12   ** This file contains the C functions that implement various SQL
    13     13   ** functions of SQLite.  
    14     14   **
    15     15   ** There is only one exported symbol in this file - the function
    16     16   ** sqliteRegisterBuildinFunctions() found at the bottom of the file.
    17     17   ** All other code has file scope.
    18     18   **
    19         -** $Id: func.c,v 1.138 2007/03/17 17:52:42 drh Exp $
           19  +** $Id: func.c,v 1.139 2007/04/10 13:51:18 drh Exp $
    20     20   */
    21     21   #include "sqliteInt.h"
    22     22   #include <ctype.h>
    23     23   /* #include <math.h> */
    24     24   #include <stdlib.h>
    25     25   #include <assert.h>
    26     26   #include "vdbeInt.h"
................................................................................
   652    652     int argc,
   653    653     sqlite3_value **argv
   654    654   ){
   655    655     int i, n;
   656    656     const unsigned char *pBlob;
   657    657     char *zHex, *z;
   658    658     assert( argc==1 );
   659         -  pBlob = sqlite3_value_blob(argv[0]);
   660    659     n = sqlite3_value_bytes(argv[0]);
          660  +  pBlob = sqlite3_value_blob(argv[0]);
   661    661     z = zHex = sqlite3_malloc(n*2 + 1);
   662    662     if( zHex==0 ) return;
   663    663     for(i=0; i<n; i++, pBlob++){
   664    664       unsigned char c = *pBlob;
   665    665       *(z++) = hexdigits[(c>>4)&0xf];
   666    666       *(z++) = hexdigits[c&0xf];
   667    667     }

Changes to test/func.test.

     7      7   #    May you find forgiveness for yourself and forgive others.
     8      8   #    May you share freely, never taking more than you give.
     9      9   #
    10     10   #***********************************************************************
    11     11   # This file implements regression tests for SQLite library.  The
    12     12   # focus of this file is testing built-in functions.
    13     13   #
    14         -# $Id: func.test,v 1.59 2007/03/17 17:52:42 drh Exp $
           14  +# $Id: func.test,v 1.60 2007/04/10 13:51:19 drh Exp $
    15     15   
    16     16   set testdir [file dirname $argv0]
    17     17   source $testdir/tester.tcl
    18     18   
    19     19   # Create a table to work with.
    20     20   #
    21     21   do_test func-0.0 {
................................................................................
   321    321   # The "hex()" function was added in order to be able to render blobs
   322    322   # generated by randomblob().  So this seems like a good place to test
   323    323   # hex().
   324    324   #
   325    325   do_test func-9.10 {
   326    326     execsql {SELECT hex(x'00112233445566778899aAbBcCdDeEfF')}
   327    327   } {00112233445566778899AABBCCDDEEFF}
          328  +do_test func-9.11 {
          329  +  execsql {SELECT hex(replace('abcdefg','ef','12'))}
          330  +} {61626364313267}
   328    331   
   329    332   # Use the "sqlite_register_test_function" TCL command which is part of
   330    333   # the text fixture in order to verify correct operation of some of
   331    334   # the user-defined SQL function APIs that are not used by the built-in
   332    335   # functions.
   333    336   #
   334    337   set ::DB [sqlite3_connection_pointer db]

Changes to www/capi3ref.tcl.

     1         -set rcsid {$Id: capi3ref.tcl,v 1.53 2007/03/17 10:26:59 danielk1977 Exp $}
            1  +set rcsid {$Id: capi3ref.tcl,v 1.54 2007/04/10 13:51:19 drh Exp $}
     2      2   source common.tcl
     3      3   header {C/C++ Interface For SQLite Version 3}
     4      4   puts {
     5      5   <h2 class=pdf_section>C/C++ Interface For SQLite Version 3</h2>
     6      6   }
     7      7   
     8      8   proc api {name prototype desc {notused x}} {
................................................................................
   425    425   <tr><td> TEXT </td><td>    FLOAT </td><td> Use atof()</td></tr>
   426    426   <tr><td> TEXT </td><td>    BLOB </td><td>  No change</td></tr>
   427    427   <tr><td> BLOB </td><td>    INTEGER</td><td>Convert to TEXT then use atoi()</td></tr>
   428    428   <tr><td> BLOB </td><td>    FLOAT </td><td> Convert to TEXT then use atof()</td></tr>
   429    429   <tr><td> BLOB </td><td>    TEXT </td><td>  Add a \\000 terminator if needed</td></tr>
   430    430   </table>
   431    431   </blockquote>
          432  +
          433  +  Note that when type conversions occur, pointers returned by prior
          434  +  calls to sqlite3_column_blob(), sqlite3_column_text(), and/or
          435  +  sqlite3_column_text16() may be invalidated.  So, for example, if
          436  +  you initially call sqlite3_column_text() and get back a pointer to
          437  +  a UTF-8 string, then you call sqlite3_column_text16(), after the
          438  +  call to sqlite3_column_text16() the pointer returned by the prior
          439  +  call to sqlite3_column_text() will likely point to deallocated memory.
          440  +  Attempting to use the original pointer might lead to heap corruption
          441  +  or a segfault.  Note also that calls  to sqlite3_column_bytes()
          442  +  and sqlite3_column_bytes16() can also cause type conversion that
          443  +  and deallocate prior buffers.  Use these routines carefully.
   432    444   }
   433    445   
   434    446   api {} {
   435    447   int sqlite3_column_count(sqlite3_stmt *pStmt);
   436    448   } {
   437    449    Return the number of columns in the result set returned by the prepared
   438    450    SQL statement. This routine returns 0 if pStmt is an SQL statement