Fix a bug in the EXPLAIN code for listing trigger programs that was causing an out-of-bounds read.

FossilOrigin-Name: c9342ca58105499a5eb61c3e6d016559b6072c95

manifest

@@ -1,5 +1,5 @@
-C Do\smore\saggressive\soptimization\sof\sthe\sAND\soperator\swhere\sone\sside\sor\sthe\nother\sis\salways\sfalse.
-D 2012-03-31T02:34:35.585
+C Fix\sa\sbug\sin\sthe\sEXPLAIN\scode\sfor\slisting\strigger\sprograms\sthat\swas\scausing\san\sout-of-bounds\sread.
+D 2012-03-31T09:59:44.574
 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
 F Makefile.in 2f37e468503dbe79d35c9f6dffcf3fae1ae9ec20
 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
@@ -245,9 +245,9 @@ F src/vdbe.c 8913926230bfc9d183fcd44e3d023c6d393b6548
 F src/vdbe.h 18f581cac1f4339ec3299f3e0cc6e11aec654cdb
 F src/vdbeInt.h 6ff4180a05683566a8835d12f7ec504b22932c82
 F src/vdbeapi.c 3662b6a468a2a4605a15dfab313baa6dff81ad91
-F src/vdbeaux.c 79cf42b70e211a52d664fc4d585ee2da0a64deac
+F src/vdbeaux.c d52c8a424fdd4b1d5cf1ac93cc7cd20da023ec5c
 F src/vdbeblob.c 32f2a4899d67f69634ea4dd93e3f651936d732cb
-F src/vdbemem.c fb0ac964ccbcd94f595eb993c05bfd9c52468a4a
+F src/vdbemem.c cb55e84b8e2c15704968ee05f0fae25883299b74
 F src/vdbesort.c b25814d385895544ebc8118245c8311ded7f81c9
 F src/vdbetrace.c d6e50e04e1ec498150e519058f617d91b8f5c843
 F src/vtab.c ab90fb600a3f5e4b7c48d22a4cdb2d6b23239847
@@ -999,7 +999,7 @@ F tool/tostr.awk e75472c2f98dd76e06b8c9c1367f4ab07e122d06
 F tool/vdbe-compress.tcl d70ea6d8a19e3571d7ab8c9b75cba86d1173ff0f
 F tool/warnings-clang.sh 9f406d66e750e8ac031c63a9ef3248aaa347ef2a
 F tool/warnings.sh fbc018d67fd7395f440c28f33ef0f94420226381
-P 196ca3a8b007b9f792e969893d981f6c5aa2fccc
-R d4cee1bded14d0c2a35aac2c2a8ea01d
-U drh
-Z c8013359e2c16f7dbb75906fb62e335f
+P f9a7e179cbbeeab5e57bbf392bef89750215546b
+R ab995d275ca5429ef68a8cbbd55bb89c
+U dan
+Z cbd6b70420ae30df5a5f82de3e30da3c

manifest.uuid

@@ -1 +1 @@
-f9a7e179cbbeeab5e57bbf392bef89750215546b
+c9342ca58105499a5eb61c3e6d016559b6072c95

src/vdbeaux.c

@@ -1239,7 +1239,7 @@ int sqlite3VdbeList(
         for(j=0; j<nSub; j++){
           if( apSub[j]==pOp->p4.pProgram ) break;
         }
-        if( j==nSub && SQLITE_OK==sqlite3VdbeMemGrow(pSub, nByte, 1) ){
+        if( j==nSub && SQLITE_OK==sqlite3VdbeMemGrow(pSub, nByte, nSub!=0) ){
           apSub = (SubProgram **)pSub->z;
           apSub[nSub++] = pOp->p4.pProgram;
           pSub->flags |= MEM_Blob;

src/vdbemem.c

@@ -59,10 +59,10 @@ int sqlite3VdbeChangeEncoding(Mem *pMem, int desiredEnc){
 ** Make sure pMem->z points to a writable allocation of at least 
 ** n bytes.
 **
-** If the memory cell currently contains string or blob data
-** and the third argument passed to this function is true, the 
-** current content of the cell is preserved. Otherwise, it may
-** be discarded.  
+** If the third argument passed to this function is true, then memory
+** cell pMem must contain a string or blob. In this case the content is
+** preserved. Otherwise, if the third parameter to this function is false,
+** any current string or blob value may be discarded.
 **
 ** This function sets the MEM_Dyn flag and clears any xDel callback.
 ** It also clears MEM_Ephem and MEM_Static. If the preserve flag is 
@@ -77,6 +77,10 @@ int sqlite3VdbeMemGrow(Mem *pMem, int n, int preserve){
   );
   assert( (pMem->flags&MEM_RowSet)==0 );
 
+  /* If the preserve flag is set to true, then the memory cell must already
+  ** contain a valid string or blob value.  */
+  assert( preserve==0 || pMem->flags&(MEM_Blob|MEM_Str) );
+
   if( n<32 ) n = 32;
   if( sqlite3DbMallocSize(pMem->db, pMem->zMalloc)<n ){
     if( preserve && pMem->z==pMem->zMalloc ){