From 5edf8435d30c4049f84ed060081900cf23c2a598 Mon Sep 17 00:00:00 2001 From: drh Date: Fri, 8 Feb 2013 23:18:18 +0000 Subject: [PATCH] Fix a potential NULL-pointer dereference following an OOM error in the query planner logic for virtual tables with OR-connected terms. FossilOrigin-Name: 71b6c26053fdf2a5a84116e005bad1f2ca873a66 --- manifest | 12 ++++++------ manifest.uuid | 2 +- src/where.c | 3 ++- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/manifest b/manifest index 990aaddfef..81f10ad5c0 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Make\ssure\sthe\svirtual\stables\sthat\stake\sadvantage\sof\sIN\soperators\ssort\sthe\nRHS\sof\sthe\sIN\soperator\sin\sthe\scorrect\sorder\saccording\sto\sthe\sORDER\sBY\nclause. -D 2013-02-08T20:39:02.391 +C Fix\sa\spotential\sNULL-pointer\sdereference\sfollowing\san\sOOM\serror\nin\sthe\squery\splanner\slogic\sfor\svirtual\stables\swith\sOR-connected\sterms. +D 2013-02-08T23:18:18.222 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f F Makefile.in a48faa9e7dd7d556d84f5456eabe5825dd8a6282 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23 @@ -252,7 +252,7 @@ F src/vtab.c b05e5f1f4902461ba9f5fc49bb7eb7c3a0741a83 F src/wal.c f5c7b5027d0ed0e9bc9afeb4a3a8dfea762ec7d2 F src/wal.h 29c197540b19044e6cd73487017e5e47a1d3dac6 F src/walker.c 3d75ba73de15e0f8cd0737643badbeb0e002f07b -F src/where.c df3f8f610746165066bd029f24f35739b5d0a21f +F src/where.c 43e05406f0e05960a62d4719ed77f551f8204d3f F test/8_3_names.test 631ea964a3edb091cf73c3b540f6bcfdb36ce823 F test/aggerror.test a867e273ef9e3d7919f03ef4f0e8c0d2767944f2 F test/aggnested.test 45c0201e28045ad38a530b5a144b73cd4aa2cfd6 @@ -1034,7 +1034,7 @@ F tool/vdbe-compress.tcl f12c884766bd14277f4fcedcae07078011717381 F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4 F tool/warnings.sh fbc018d67fd7395f440c28f33ef0f94420226381 F tool/win/sqlite.vsix 97894c2790eda7b5bce3cc79cb2a8ec2fde9b3ac -P f78395c8896666bb1359b83fbcd58d5e3dbc39d3 -R 080d4548a7ca8008fc94adcb8a7a49c2 +P b016b7546d6fbfba06019398b9ac239b0cbe9086 +R 754c451bf3b3a4bb7bca45cc0f3e7eb1 U drh -Z 0d4d8d5d423c9c5e6216d31dab1445d7 +Z bf21096dfb91901ebdb63502984eab24 diff --git a/manifest.uuid b/manifest.uuid index 84f9305d63..d0aef318b2 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -b016b7546d6fbfba06019398b9ac239b0cbe9086 \ No newline at end of file +71b6c26053fdf2a5a84116e005bad1f2ca873a66 \ No newline at end of file diff --git a/src/where.c b/src/where.c index c513c28b80..3db76b5339 100644 --- a/src/where.c +++ b/src/where.c @@ -3665,7 +3665,8 @@ static void bestIndex(WhereBestIdx *p){ sqlite3_index_info *pIdxInfo = 0; p->ppIdxInfo = &pIdxInfo; bestVirtualIndex(p); - if( pIdxInfo->needToFreeIdxStr ){ + assert( pIdxInfo!=0 || p->pParse->db->mallocFailed ); + if( pIdxInfo && pIdxInfo->needToFreeIdxStr ){ sqlite3_free(pIdxInfo->idxStr); } sqlite3DbFree(p->pParse->db, pIdxInfo);