Fix three crash problems discovered by afl-fuzz.
Ticket [a59ae93ee990a55]. FossilOrigin-Name: fe5788633131281a0f27c5b75993ce2ff958bfeb
This commit is contained in:
drh
parent
fa5ed0283c
commit
655814d2bd
17
manifest
17
manifest
@ -1,5 +1,5 @@
|
||||
C Add\sthe\s"ascii"\smode\sto\sthe\scommand-line\sshell.
|
||||
D 2015-01-09T00:38:06.225
|
||||
C Fix\sthree\scrash\sproblems\sdiscovered\sby\safl-fuzz.\nTicket\s[a59ae93ee990a55].
|
||||
D 2015-01-09T01:27:29.636
|
||||
F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
|
||||
F Makefile.in b40b4c2a3a187c41ee657d3f0e0e0dfe8fd860b5
|
||||
F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
|
||||
@ -180,9 +180,9 @@ F src/build.c f5cfd7b32216f695b995bbc7c1a395f6d451d11f
|
||||
F src/callback.c 7b44ce59674338ad48b0e84e7b72f935ea4f68b0
|
||||
F src/complete.c 198a0066ba60ab06fc00fba1998d870a4d575463
|
||||
F src/ctime.c df19848891c8a553c80e6f5a035e768280952d1a
|
||||
F src/date.c 93594514aae68de117ca4a2a0d6cc63eddf26744
|
||||
F src/date.c 53cedb541686b30eb5495753f0b622909a928780
|
||||
F src/delete.c 0750b1eb4d96cd3fb2c798599a3a7c85e92f1417
|
||||
F src/expr.c 00da3072f362b06f39ce4052baa1d4ce2bb36d1c
|
||||
F src/expr.c 7be80f7dc337329a24df45c2f3bdb2ea3b64c90e
|
||||
F src/fault.c 160a0c015b6c2629d3899ed2daf63d75754a32bb
|
||||
F src/fkey.c e0444b61bed271a76840cbe6182df93a9baa3f12
|
||||
F src/func.c 6d3c4ebd72aa7923ce9b110a7dc15f9b8c548430
|
||||
@ -619,7 +619,7 @@ F test/func4.test 6beacdfcb0e18c358e6c2dcacf1b65d1fa80955f
|
||||
F test/func5.test cdd224400bc3e48d891827cc913a57051a426fa4
|
||||
F test/fuzz-oss1.test 4912e528ec9cf2f42134456933659d371c9e0d74
|
||||
F test/fuzz.test 96083052bf5765e4518c1ba686ce2bab785670d1
|
||||
F test/fuzz2.test 207d0f9d06db3eaf47a6b7bfc835b8e2fc397167
|
||||
F test/fuzz2.test b34fe575aa10292135421ff4bf315de4cde7824a
|
||||
F test/fuzz3.test efd384b896c647b61a2c1848ba70d42aad60a7b3
|
||||
F test/fuzz_common.tcl a87dfbb88c2a6b08a38e9a070dabd129e617b45b
|
||||
F test/fuzz_malloc.test 328f70aaca63adf29b4c6f06505ed0cf57ca7c26
|
||||
@ -1235,8 +1235,7 @@ F tool/vdbe_profile.tcl 67746953071a9f8f2f668b73fe899074e2c6d8c1
|
||||
F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
|
||||
F tool/warnings.sh 0abfd78ceb09b7f7c27c688c8e3fe93268a13b32
|
||||
F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
|
||||
P 662932a69a0f69b7227cc05b75a9f1637a3862f4 ea99f4b29afb98dd474d96889c934763f5636891
|
||||
R 3f8d7ef6dd5f06bcfd99bf945267e110
|
||||
T +closed ea99f4b29afb98dd474d96889c934763f5636891
|
||||
P e1518a9478e1ce1ebd98894335e64c953064367f
|
||||
R 0672c0c00968fffbda70996e37c442f8
|
||||
U drh
|
||||
Z 1642395151124fe3b880675afbc572b4
|
||||
Z 8756c3c12d1aed88e2c7a41409182fc3
|
||||
|
||||
@ -1 +1 @@
|
||||
e1518a9478e1ce1ebd98894335e64c953064367f
|
||||
fe5788633131281a0f27c5b75993ce2ff958bfeb
|
||||
@ -895,8 +895,10 @@ static void strftimeFunc(
|
||||
size_t i,j;
|
||||
char *z;
|
||||
sqlite3 *db;
|
||||
const char *zFmt = (const char*)sqlite3_value_text(argv[0]);
|
||||
const char *zFmt;
|
||||
char zBuf[100];
|
||||
if( argc==0 ) return;
|
||||
zFmt = (const char*)sqlite3_value_text(argv[0]);
|
||||
if( zFmt==0 || isDate(context, argc-1, argv+1, &x) ) return;
|
||||
db = sqlite3_context_db_handle(context);
|
||||
for(i=0, n=1; zFmt[i]; i++, n++){
|
||||
|
||||
@ -515,7 +515,7 @@ Expr *sqlite3PExpr(
|
||||
const Token *pToken /* Argument token */
|
||||
){
|
||||
Expr *p;
|
||||
if( op==TK_AND && pLeft && pRight ){
|
||||
if( op==TK_AND && pLeft && pRight && pParse->nErr==0 ){
|
||||
/* Take advantage of short-circuit false optimization for AND */
|
||||
p = sqlite3ExprAnd(pParse->db, pLeft, pRight);
|
||||
}else{
|
||||
@ -4069,10 +4069,11 @@ static int exprSrcCount(Walker *pWalker, Expr *pExpr){
|
||||
int i;
|
||||
struct SrcCount *p = pWalker->u.pSrcCount;
|
||||
SrcList *pSrc = p->pSrc;
|
||||
for(i=0; i<pSrc->nSrc; i++){
|
||||
int nSrc = pSrc ? pSrc->nSrc : 0;
|
||||
for(i=0; i<nSrc; i++){
|
||||
if( pExpr->iTable==pSrc->a[i].iCursor ) break;
|
||||
}
|
||||
if( i<pSrc->nSrc ){
|
||||
if( i<nSrc ){
|
||||
p->nThis++;
|
||||
}else{
|
||||
p->nOther++;
|
||||
|
||||
@ -12,7 +12,6 @@
|
||||
#
|
||||
# This file checks error recovery from malformed SQL strings.
|
||||
#
|
||||
# $Id: fuzz2.test,v 1.3 2007/05/15 16:51:37 drh Exp $
|
||||
|
||||
set testdir [file dirname $argv0]
|
||||
source $testdir/tester.tcl
|
||||
@ -105,4 +104,26 @@ do_test fuzz2-5.5 {
|
||||
fuzzcatch {SELECT ALL * GROUP BY EXISTS ( SELECT "AAAAAA" . * , AAAAAA ( * ) AS AAAAAA FROM "AAAAAA" . "AAAAAA" AS "AAAAAA" USING ( AAAAAA , "AAAAAA" , "AAAAAA" ) WHERE AAAAAA ( DISTINCT ) - RAISE ( FAIL , "AAAAAA" ) HAVING "AAAAAA" . "AAAAAA" . AAAAAA ORDER BY #182 , #55 ) BETWEEN EXISTS ( SELECT ALL * FROM ( ( }
|
||||
} {1}
|
||||
|
||||
# Test cases discovered by Michal Zalewski on 2015-01-03 and reported on the
|
||||
# sqlite-users mailing list. All of these cases cause segfaults in
|
||||
# SQLite 3.8.7.4 and earlier.
|
||||
#
|
||||
do_test fuzz2-6.1 {
|
||||
catchsql {SELECT n()AND+#0;}
|
||||
} {1 {near "#0": syntax error}}
|
||||
do_test fuzz2-6.2 {
|
||||
catchsql {SELECT strftime()}
|
||||
} {0 {{}}}
|
||||
do_test fuzz2-6.3 {
|
||||
catchsql {DETACH(SELECT group_concat(q));}
|
||||
} {1 {no such column: q}}
|
||||
do_test fuzz2-6.4a {
|
||||
db eval {DROP TABLE IF EXISTS t0; CREATE TABLE t0(t);}
|
||||
catchsql {INSERT INTO t0 SELECT strftime();}
|
||||
} {0 {}}
|
||||
do_test fuzz2-6.4b {
|
||||
db eval {SELECT quote(t) FROM t0}
|
||||
} {NULL}
|
||||
|
||||
|
||||
finish_test
|
||||
|
||||
Loading…
Reference in New Issue
Block a user