Avoid a sanitizer error (pointer arithmatic overflow) in vdbesort.c.

FossilOrigin-Name: af61a2fc45a0fa1277d7453779238b77de4c298a9f60714b7dc62ddca5874f80
2019-04-16 11:21:13 +00:00 · 2019-04-16 11:21:13 +00:00 · 2eb2ca8391
commit 2eb2ca8391
parent 112e174020
3 changed files with 14 additions and 10 deletions
--- a/12
+++ b/12
@ -1,5 +1,5 @@
-C Avoid\sa\ssanitizer\serror\sin\stest1.c.\sHave\sreleasetest.tcl/wapptest.tcl\screate\sa\sfile\scalled\s"makecommand.sh"\sthat\scan\sbe\sused\sto\srerun\sa\stest\sfrom\sthe\scommand\sline.
-D 2019-04-16T10:51:29.014
+C Avoid\sa\ssanitizer\serror\s(pointer\sarithmatic\soverflow)\sin\svdbesort.c.
+D 2019-04-16T11:21:13.568
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@ -597,7 +597,7 @@ F src/vdbeapi.c 2ddd60f4a351f15ee98d841e346af16111ad59dfa4d25d2dd4012e9875bf7d92
 F src/vdbeaux.c f873b5c2efcf8a4d6ecfc5b1a5b06fd810419198f3bd882175d371cc03801873
 F src/vdbeblob.c f5c70f973ea3a9e915d1693278a5f890dc78594300cf4d54e64f2b0917c94191
 F src/vdbemem.c 8e6889761e344babdb8a56dd1ac8911501fa648396544d1644f1cd6a87c80dc0
-F src/vdbesort.c 31c7794a517e8b0a1704988f1f7596b74c6fc07eeb7bb85776f50a391ed9d94f
+F src/vdbesort.c 66592d478dbb46f19aed0b42222325eadb84deb40a90eebe25c6e7c1d8468f47
 F src/vdbetrace.c 79d6dbbc479267b255a7de8080eee6e729928a0ef93ed9b0bfa5618875b48392
 F src/vtab.c 4c5959e00b7a142198d178e3a822f4e05f36f2d1a3c57657373f9487154fc06b
 F src/vxworks.h d2988f4e5a61a4dfe82c6524dd3d6e4f2ce3cdb9
@ -1818,7 +1818,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P ee886600297c2a03d9d1d10db88d3d107b48e5d4de5e5d91b0ab16cc7c447ede
-R 8b174ed25bfed0d8eb722ebaa3aaabbf
+P 4de4480ffdea1e923c4b964692ccde92d713c8b6c056bb04bddf1ff55ee891ec
+R 53d48b50e3fea254b204992be6aac766
 U dan
-Z 97f4f18a7a6e556c0ee0ac2993a46468
+Z 2252f4361031453f785e5bf47a799819
--- a/manifest.uuid
+++ b/manifest.uuid
@ -1 +1 @@
-4de4480ffdea1e923c4b964692ccde92d713c8b6c056bb04bddf1ff55ee891ec
+af61a2fc45a0fa1277d7453779238b77de4c298a9f60714b7dc62ddca5874f80
--- a/src/vdbesort.c
+++ b/src/vdbesort.c
@ -1828,15 +1828,19 @@ int sqlite3VdbeSorterWrite(

    if( nMin>pSorter->nMemory ){
      u8 *aNew;
-      int iListOff = (u8*)pSorter->list.pList - pSorter->list.aMemory;
      sqlite3_int64 nNew = 2 * (sqlite3_int64)pSorter->nMemory;
+      int iListOff = -1;
+      if( pSorter->list.pList ){
+        iListOff = (u8*)pSorter->list.pList - pSorter->list.aMemory;
+      }
      while( nNew < nMin ) nNew = nNew*2;
      if( nNew > pSorter->mxPmaSize ) nNew = pSorter->mxPmaSize;
      if( nNew < nMin ) nNew = nMin;
-
      aNew = sqlite3Realloc(pSorter->list.aMemory, nNew);
      if( !aNew ) return SQLITE_NOMEM_BKPT;
-      pSorter->list.pList = (SorterRecord*)&aNew[iListOff];
+      if( iListOff>=0 ){
+        pSorter->list.pList = (SorterRecord*)&aNew[iListOff];
+      }
      pSorter->list.aMemory = aNew;
      pSorter->nMemory = nNew;
    }