From 5cca94ea710b63d30213c9fad4fbde5cd751ae5e Mon Sep 17 00:00:00 2001 From: dan Date: Fri, 5 Dec 2014 21:04:26 +0000 Subject: [PATCH] Fix a buffer overread that might occur in analyze.c if SQLITE_ENABLE_STAT4 was defined. FossilOrigin-Name: c1ae1268b9023a771fda98f26bf451c6066fe70b --- manifest | 13 +++++++------ manifest.uuid | 2 +- src/analyze.c | 2 +- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/manifest b/manifest index 12cf545560..2c008fe79f 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Add\snew\stest\sfile\se_walckpt.test.\sStill\ssome\stests\sto\scome. -D 2014-12-05T20:46:19.108 +C Fix\sa\sbuffer\soverread\sthat\smight\soccur\sin\sanalyze.c\sif\sSQLITE_ENABLE_STAT4\swas\sdefined. +D 2014-12-05T21:04:26.713 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f F Makefile.in 6c4f961fa91d0b4fa121946a19f9e5eac2f2f809 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23 @@ -167,7 +167,7 @@ F sqlite.pc.in 42b7bf0d02e08b9e77734a47798d1a55a9e0716b F sqlite3.1 fc7ad8990fc8409983309bb80de8c811a7506786 F sqlite3.pc.in 48fed132e7cb71ab676105d2a4dc77127d8c1f3a F src/alter.c ba266a779bc7ce10e52e59e7d3dc79fa342e8fdb -F src/analyze.c f7d774356ba5a14e7ad4fb637681af16875ad88f +F src/analyze.c 7a2986e6ea8247e5f21aca3d0b584598f58d84fe F src/attach.c f4e94df2d1826feda65eb0939f7f6f5f923a0ad9 F src/auth.c b56c78ebe40a2110fd361379f7e8162d23f92240 F src/backup.c 7ddee9c7d505e07e959a575b18498f17c71e53ea @@ -1225,7 +1225,8 @@ F tool/vdbe_profile.tcl 67746953071a9f8f2f668b73fe899074e2c6d8c1 F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4 F tool/warnings.sh 0abfd78ceb09b7f7c27c688c8e3fe93268a13b32 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f -P fdb667335c2250239a66143aec4235325dec8274 -R 88cb63a8d2ff8042b23c5ce33c03986a +P e4db3db3a65ecfd4069a40d436aa7a5512d61a30 +Q +194c90db637ad4197a54be83a665feb2a9c96014 +R 4fea4497b1906b35d5aec52d63c738f3 U dan -Z d1e87cf655be5398ea39ae6fc02beae8 +Z 35f7cd6f840ef1a069fd6944a80e996c diff --git a/manifest.uuid b/manifest.uuid index 786ddbf8ea..9514250541 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -e4db3db3a65ecfd4069a40d436aa7a5512d61a30 \ No newline at end of file +c1ae1268b9023a771fda98f26bf451c6066fe70b \ No newline at end of file diff --git a/src/analyze.c b/src/analyze.c index 01c2f12952..e483807116 100644 --- a/src/analyze.c +++ b/src/analyze.c @@ -1596,7 +1596,7 @@ static void initAvgEq(Index *pIdx){ i64 nSum100 = 0; /* Number of terms contributing to sumEq */ i64 nDist100; /* Number of distinct values in index */ - if( pIdx->aiRowEst==0 || pIdx->aiRowEst[iCol+1]==0 ){ + if( !pIdx->aiRowEst || iCol>=pIdx->nKeyCol || pIdx->aiRowEst[iCol+1]==0 ){ nRow = pFinal->anLt[iCol]; nDist100 = (i64)100 * pFinal->anDLt[iCol]; nSample--;