From 34c11e2f4b5a476405156856320174e464b86318 Mon Sep 17 00:00:00 2001 From: drh <> Date: Fri, 16 Apr 2021 01:03:16 +0000 Subject: [PATCH 1/5] Do not invoke sqlite3ExprAffinity() if there is a possibility that the Expr is incomplete due to a prior OOM. dbsqlfuzz b8a824706914488bd236da51118eb9174ceb870f FossilOrigin-Name: e8a1515b44380cc52aca1838814ca398012e4e9cf5728d40b404546e812a39b7 --- manifest | 14 +++++++------- manifest.uuid | 2 +- src/wherecode.c | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/manifest b/manifest index cd9ea2b60b..378682438b 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Fix\sa\sbad\sinteraction\sbetween\sconstant\spropagation\sand\stransitive\sterm\shandling\scausing\spatterns\slike\s"WHERE\sunlikely(t1.x=t1.y)\sAND\st1.y=?"\sto\sreturn\snon-matching\srows. -D 2021-04-15T19:09:19.856 +C Do\snot\sinvoke\ssqlite3ExprAffinity()\sif\sthere\sis\sa\spossibility\sthat\sthe\sExpr\nis\sincomplete\sdue\sto\sa\sprior\sOOM.\ndbsqlfuzz\sb8a824706914488bd236da51118eb9174ceb870f +D 2021-04-16T01:03:16.932 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -631,7 +631,7 @@ F src/wal.h c3aa7825bfa2fe0d85bef2db94655f99870a285778baa36307c0a16da32b226a F src/walker.c d42d6c80ea363ef689a462e65eefcfe87deab924c50de5baa37ecb6af7d7ddaa F src/where.c a96a99ec5acb186f789d5597249a2c1eb1a8602173fe2fee745be5510f590e27 F src/whereInt.h 446e5e8018f83358ef917cf32d8e6a86dc8430113d0b17e720f1839d3faa44c4 -F src/wherecode.c 8bdc239eae3d39f9f6ace4299eeb86e1e0c56eed88b60f9c473dc85ae79f4e89 +F src/wherecode.c 0e42f4ad53962e90349462520891734ed3217c7852f41c69ffac7a9eeaf31451 F src/whereexpr.c d8cafcf6781cf871082f04d7540862cf0fe30cb381dd1b2145a380376364fe8e F src/window.c ae9fbd0cbaa39e1b384c13289ed769f9981383bde7b2f262c70ad6c42e5ab226 F test/8_3_names.test ebbb5cd36741350040fd28b432ceadf495be25b2 @@ -1912,7 +1912,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 7163de3dea0445bf25dba47a54c50f35bb5c7edc7bdae9630b51c1ca970ec6cf -R cdb109bf0cd813339477f712ee9d6153 -U dan -Z 0bcb2e3640ff6543fca05af9e2907230 +P 2363a14ca723c0343fbe350f6c19787a7a47c2289fd9af136c97a451b53b5226 +R 1b807f7b5fbd51b7f8566b4336ed35b6 +U drh +Z bcb5423f89b5818431a20238dcd969bb diff --git a/manifest.uuid b/manifest.uuid index 78d5671da8..bf4b48da71 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -2363a14ca723c0343fbe350f6c19787a7a47c2289fd9af136c97a451b53b5226 \ No newline at end of file +e8a1515b44380cc52aca1838814ca398012e4e9cf5728d40b404546e812a39b7 \ No newline at end of file diff --git a/src/wherecode.c b/src/wherecode.c index 86113caebc..9c43607320 100644 --- a/src/wherecode.c +++ b/src/wherecode.c @@ -751,7 +751,7 @@ static int codeAllEqualityTerms( sqlite3VdbeAddOp2(v, OP_IsNull, regBase+j, pLevel->addrBrk); VdbeCoverage(v); } - if( zAff ){ + if( pParse->db->mallocFailed==0 ){ if( sqlite3CompareAffinity(pRight, zAff[j])==SQLITE_AFF_BLOB ){ zAff[j] = SQLITE_AFF_BLOB; } From 81e5a9a6df9528f7ba4bc0e30a235cd056d5450c Mon Sep 17 00:00:00 2001 From: drh <> Date: Fri, 16 Apr 2021 11:05:19 +0000 Subject: [PATCH 2/5] Fix the comment on the implementation of the pi() SQL function. No changes to code. FossilOrigin-Name: 5620bd466eb10fd4daf51af9b88d8221f981dc0ceabfa84a0e1d5c817f635429 --- manifest | 12 ++++++------ manifest.uuid | 2 +- src/func.c | 4 +--- 3 files changed, 8 insertions(+), 10 deletions(-) diff --git a/manifest b/manifest index 378682438b..22f281528f 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Do\snot\sinvoke\ssqlite3ExprAffinity()\sif\sthere\sis\sa\spossibility\sthat\sthe\sExpr\nis\sincomplete\sdue\sto\sa\sprior\sOOM.\ndbsqlfuzz\sb8a824706914488bd236da51118eb9174ceb870f -D 2021-04-16T01:03:16.932 +C Fix\sthe\scomment\son\sthe\simplementation\sof\sthe\spi()\sSQL\sfunction.\s\sNo\schanges\nto\scode. +D 2021-04-16T11:05:19.637 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -497,7 +497,7 @@ F src/delete.c 73f57a9a183532c344a3135cf8f2a5589376e39183e0b5f562d6b61b2af0f4d8 F src/expr.c f18126b29be917d7369ec87b64466ac9dfc2a565df23c828fdaf432389ec7da7 F src/fault.c 460f3e55994363812d9d60844b2a6de88826e007 F src/fkey.c e9063648396c58778f77583a678342fe4a9bc82436bf23c5f9f444f2df0fdaa4 -F src/func.c 479f6929be027eb0210cbdde9d3529c012facf082d64a6b854a9415940761e5e +F src/func.c 88fd711754a7241cb9f8eb1391370fd0c0cea756b3358efa274c5d1efd59af93 F src/global.c 56d6762a3a44495ab035e2d3185eeccbc98579e18c06038e1bb9af346105bc84 F src/hash.c 8d7dda241d0ebdafb6ffdeda3149a412d7df75102cecfc1021c98d6219823b19 F src/hash.h 9d56a9079d523b648774c1784b74b89bd93fac7b365210157482e4319a468f38 @@ -1912,7 +1912,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 2363a14ca723c0343fbe350f6c19787a7a47c2289fd9af136c97a451b53b5226 -R 1b807f7b5fbd51b7f8566b4336ed35b6 +P e8a1515b44380cc52aca1838814ca398012e4e9cf5728d40b404546e812a39b7 +R 0c09a9128f5e2a0a325d5124e728bd12 U drh -Z bcb5423f89b5818431a20238dcd969bb +Z 44d3ad50a92e89df3e0feb6719422873 diff --git a/manifest.uuid b/manifest.uuid index bf4b48da71..db88fd981b 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -e8a1515b44380cc52aca1838814ca398012e4e9cf5728d40b404546e812a39b7 \ No newline at end of file +5620bd466eb10fd4daf51af9b88d8221f981dc0ceabfa84a0e1d5c817f635429 \ No newline at end of file diff --git a/src/func.c b/src/func.c index aedbda6f36..efb18a3fae 100644 --- a/src/func.c +++ b/src/func.c @@ -2071,9 +2071,7 @@ static void math2Func( } /* -** Implementation of 2-argument SQL math functions: -** -** power(X,Y) - Compute X to the Y-th power +** Implementation of 0-argument pi() function. */ static void piFunc( sqlite3_context *context, From 11a6e9d9f08ce5c69d82e8437f11f8b01d68bbcc Mon Sep 17 00:00:00 2001 From: dan Date: Fri, 16 Apr 2021 11:25:37 +0000 Subject: [PATCH 3/5] Fix an assert() in fts3 that might fail when handing corrupt records. FossilOrigin-Name: d0e2d6742f314f71562e404980aad20de6b17e0b04c08582c18bbc4fd0360751 --- ext/fts3/fts3_write.c | 2 +- manifest | 16 ++-- manifest.uuid | 2 +- test/fts3corrupt4.test | 203 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 213 insertions(+), 10 deletions(-) diff --git a/ext/fts3/fts3_write.c b/ext/fts3/fts3_write.c index bc42fc3d63..544e23addd 100644 --- a/ext/fts3/fts3_write.c +++ b/ext/fts3/fts3_write.c @@ -1807,7 +1807,7 @@ static int fts3SegReaderCmp(Fts3SegReader *pLhs, Fts3SegReader *pRhs){ if( rc==0 ){ rc = pRhs->iIdx - pLhs->iIdx; } - assert( rc!=0 ); + assert_fts3_nc( rc!=0 ); return rc; } diff --git a/manifest b/manifest index 22f281528f..a9ba25e802 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Fix\sthe\scomment\son\sthe\simplementation\sof\sthe\spi()\sSQL\sfunction.\s\sNo\schanges\nto\scode. -D 2021-04-16T11:05:19.637 +C Fix\san\sassert()\sin\sfts3\sthat\smight\sfail\swhen\shanding\scorrupt\srecords. +D 2021-04-16T11:25:37.964 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -102,7 +102,7 @@ F ext/fts3/fts3_tokenizer.h 64c6ef6c5272c51ebe60fc607a896e84288fcbc3 F ext/fts3/fts3_tokenizer1.c 5c98225a53705e5ee34824087478cf477bdb7004 F ext/fts3/fts3_unicode.c de426ff05c1c2e7bce161cf6b706638419c3a1d9c2667de9cb9dc0458c18e226 F ext/fts3/fts3_unicode2.c 416eb7e1e81142703520d284b768ca2751d40e31fa912cae24ba74860532bf0f -F ext/fts3/fts3_write.c a5159accfd88f85fd3fc2298286d7a9427a02d1ea9a52b7c79730cff7a0bc03f +F ext/fts3/fts3_write.c aa751c4559a0d1b885206c5f4421c5b34a8ec7ea3d3d04127b7747a5a83a2f4e F ext/fts3/fts3speed.tcl b54caf6a18d38174f1a6e84219950d85e98bb1e9 F ext/fts3/mkfts3amal.tcl 252ecb7fe6467854f2aa237bf2c390b74e71f100 F ext/fts3/tool/fts3cov.sh c331d006359456cf6f8f953e37f2b9c7d568f3863f00bb5f7eb87fea4ac01b73 @@ -971,7 +971,7 @@ F test/fts3conf.test c84bbaec81281c1788aa545ac6e78a6bd6cde2bdbbce2da261690e3659f F test/fts3corrupt.test 79a32ffdcd5254e2f7fa121d9656e61949ad049c3c6554229911b7ceac37c9c6 F test/fts3corrupt2.test e318f0676e5e78d5a4b702637e2bb25265954c08a1b1e4aaf93c7880bb0c67d0 F test/fts3corrupt3.test 0d5b69a0998b4adf868cc301fc78f3d0707745f1d984ce044c205cdb764b491f -F test/fts3corrupt4.test b71512ec391d39da96d60d01959e4e9f20d4237a964a94abcf5f5a2ad28378c1 +F test/fts3corrupt4.test 2b61991318db59b3c569d630660c4df0f22b0b2fe59f3bfbc111863b3bda6f14 F test/fts3corrupt5.test 0549f85ec4bd22e992f645f13c59b99d652f2f5e643dac75568bfd23a6db7ed5 F test/fts3corrupt6.test d274f139ec173392002c768631f404fefc007ae02ffa1b03d8cbd096c3fc00f9 F test/fts3cov.test 7eacdbefd756cfa4dc2241974e3db2834e9b372ca215880e00032222f32194cf @@ -1912,7 +1912,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P e8a1515b44380cc52aca1838814ca398012e4e9cf5728d40b404546e812a39b7 -R 0c09a9128f5e2a0a325d5124e728bd12 -U drh -Z 44d3ad50a92e89df3e0feb6719422873 +P 5620bd466eb10fd4daf51af9b88d8221f981dc0ceabfa84a0e1d5c817f635429 +R 4f5c640440401aeed37f68d54bcdff49 +U dan +Z 18bae14c6eca1fc28ec07f58312ffb19 diff --git a/manifest.uuid b/manifest.uuid index db88fd981b..2504e9f9df 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -5620bd466eb10fd4daf51af9b88d8221f981dc0ceabfa84a0e1d5c817f635429 \ No newline at end of file +d0e2d6742f314f71562e404980aad20de6b17e0b04c08582c18bbc4fd0360751 \ No newline at end of file diff --git a/test/fts3corrupt4.test b/test/fts3corrupt4.test index 851119a2fe..51016ab19c 100644 --- a/test/fts3corrupt4.test +++ b/test/fts3corrupt4.test @@ -6385,5 +6385,208 @@ do_catchsql_test 48.1 { INSERT INTO x1(x1) VALUES( 'merge=3,4' ),('merge=3,4'); } {1 {database disk image is malformed}} +#------------------------------------------------------------------------- +# +reset_db +do_test 49.0 { + sqlite3 db {} + db deserialize [decode_hexdb { +.open --hexdb +| size 28672 pagesize 4096 filename crash-58821b8eae6883.db +| page 1 offset 0 +| 0: 53 51 4c 69 74 65 20 66 6f 72 6d 61 74 20 33 00 SQLite format 3. +| 16: 10 00 01 01 00 40 20 20 00 00 00 00 00 00 00 07 .....@ ........ +| 32: 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 04 ................ +| 96: 00 00 00 00 0d 0e ef 00 07 0d 4d 00 0f bd 0f 5f ..........M...._ +| 112: 0e f7 0e 06 0e bc 0d a4 0d 4d 00 00 00 00 00 00 .........M...... +| 3392: 00 00 00 00 00 00 00 00 00 00 00 00 00 55 07 07 .............U.. +| 3408: 17 1b 1b 01 81 01 74 61 62 6c 65 74 31 5f 73 74 ......tablet1_st +| 3424: 61 74 74 31 5f 73 74 61 74 07 43 52 45 41 54 45 att1_stat.CREATE +| 3440: 20 54 41 42 4c 45 20 27 74 31 5f 73 74 61 74 27 TABLE 't1_stat' +| 3456: 28 69 64 20 49 4e 54 45 47 45 52 20 50 52 49 4d (id INTEGER PRIM +| 3472: 41 52 59 20 4b 45 59 2c 20 76 61 6c 75 65 20 42 ARY KEY, value B +| 3488: 4c 4f 42 29 60 06 07 17 21 21 01 81 0b 74 61 62 LOB)`...!!...tab +| 3504: 6c 65 74 31 5f 64 6f 63 73 69 7a 65 74 31 5f 64 let1_docsizet1_d +| 3520: 6f 63 73 69 7a 65 06 43 52 45 41 54 45 20 54 41 ocsize.CREATE TA +| 3536: 42 4c 45 20 27 74 31 5f 64 6f 63 73 69 7a 65 27 BLE 't1_docsize' +| 3552: 28 64 6f 63 69 64 20 49 4e 54 45 47 45 52 20 50 (docid INTEGER P +| 3568: 52 49 4d 41 52 59 20 4b 45 59 2c 20 73 69 7a 65 RIMARY KEY, size +| 3584: 20 42 4c 4f 42 29 81 33 04 07 17 1f 1f 01 82 35 BLOB).3.......5 +| 3600: 74 61 62 6c 65 74 31 5f 73 65 67 64 69 72 74 31 tablet1_segdirt1 +| 3616: 5f 73 65 67 64 69 72 04 43 52 45 41 54 45 20 54 _segdir.CREATE T +| 3632: 41 42 4c 45 20 27 74 31 5f 73 65 67 64 69 72 27 ABLE 't1_segdir' +| 3648: 28 6c 65 76 65 6c 20 49 4e 54 45 47 45 52 2c 69 (level INTEGER,i +| 3664: 64 78 20 49 4e 54 45 47 45 52 2c 73 74 61 72 74 dx INTEGER,start +| 3680: 5f 62 6c 6f 63 6b 20 49 4e 54 45 47 45 52 2c 6c _block INTEGER,l +| 3696: 65 61 76 65 73 5f 65 6e 64 5f 62 6c 6f 63 6b 20 eaves_end_block +| 3712: 49 4e 54 45 47 45 52 2c 65 6e 64 5f 62 6c 6f 63 INTEGER,end_bloc +| 3728: 6b 20 49 4e 54 45 47 45 52 2c 72 6f 6f 74 20 42 k INTEGER,root B +| 3744: 4c 4f 42 2c 50 52 49 4d 41 52 59 20 4b 45 59 28 LOB,PRIMARY KEY( +| 3760: 6c 65 76 65 6c 2c 20 69 64 78 29 29 31 05 06 17 level, idx))1... +| 3776: 45 1f 01 00 69 6e 64 65 78 73 71 6c 69 74 65 5f E...indexsqlite_ +| 3792: 61 75 74 6f 69 6e 64 65 78 5f 74 31 5f 73 65 67 autoindex_t1_seg +| 3808: 64 69 72 5f 31 74 31 5f 73 65 67 64 69 72 05 00 dir_1t1_segdir.. +| 3824: 00 00 08 00 00 00 00 66 03 07 17 23 23 01 81 13 .......f...##... +| 3840: 74 61 62 6c 65 74 31 5f 73 65 67 6d 65 6e 74 73 tablet1_segments +| 3856: 74 31 5f 73 65 67 6d 65 6e 74 73 03 43 52 45 41 t1_segments.CREA +| 3872: 54 45 20 54 41 42 4c 45 20 27 74 31 5f 73 65 67 TE TABLE 't1_seg +| 3888: 6d 65 6e 74 73 27 28 62 6c 6f 63 6b 69 64 20 49 ments'(blockid I +| 3904: 4e 54 45 47 45 52 20 f9 52 49 4d 41 52 59 20 4b NTEGER .RIMARY K +| 3920: 45 59 2c 20 62 6c 6f 63 6b 20 42 4c 4f 42 29 5c EY, block BLOB). +| 3936: 02 07 17 21 21 01 81 03 74 61 62 6c 65 74 31 5f ...!!...tablet1_ +| 3952: 63 6f 6e 74 65 6e 74 74 31 5f 63 6f 6e 74 65 6e contentt1_conten +| 3968: 74 02 43 52 45 41 54 45 20 54 41 42 4c 45 20 27 t.CREATE TABLE ' +| 3984: 74 31 5f 63 6f 6e 74 65 6e 74 27 28 64 6f 63 69 t1_content'(doci +| 4000: 64 20 49 4e 54 45 47 45 52 20 50 52 49 4d 41 52 d INTEGER PRIMAR +| 4016: 59 20 4b 45 59 2c 20 27 63 30 61 27 29 41 01 06 Y KEY, 'c0a')A.. +| 4032: 17 11 11 08 71 74 61 62 6c 65 74 31 74 31 43 52 ....qtablet1t1CR +| 4048: 45 41 54 45 20 56 49 52 54 55 41 4c 20 54 41 42 EATE VIRTUAL TAB +| 4064: 4c 45 20 74 31 20 55 53 49 4e 47 20 66 74 73 34 LE t1 USING fts4 +| 4080: 28 61 2c 70 72 65 66 69 78 3d 27 32 2c 32 27 29 (a,prefix='2,2') +| page 2 offset 4096 +| 0: 0d 00 00 00 08 0e 1f 00 0f c4 0f 7c 0f 34 0f 07 ...........|.4.. +| 16: 0e c3 0e 97 0e 00 00 00 00 00 00 00 00 00 00 00 ................ +| 3600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 42 ...............B +| 3616: 08 04 00 81 09 73 75 6e 74 20 69 6e 20 63 75 6c .....sunt in cul +| 3632: 70 61 20 71 75 69 20 6f 66 66 69 63 69 61 20 64 pa qui officia d +| 3648: 65 73 65 72 75 6e 74 20 6d 6f 6c 6c 69 74 20 61 eserunt mollit a +| 3664: 6e 69 6d 20 69 64 20 65 73 74 20 6c 61 62 6f 72 nim id est labor +| 3680: 75 6d 2e 32 07 03 00 6b 45 78 63 65 70 74 65 75 um.2...kExcepteu +| 3696: 72 20 73 69 6e 74 20 6f 63 63 61 65 63 61 74 20 r sint occaecat +| 3712: 63 75 70 69 64 61 74 61 74 20 6e 6f 6e 20 70 72 cupidatat non pr +| 3728: 6f 69 64 65 6e 74 2c 2a 06 03 00 5b 63 69 6c 6c oident,*...[cill +| 3744: 75 6d 20 64 6f 6c 6f 72 65 20 65 75 20 66 75 67 um dolore eu fug +| 3760: 69 61 74 20 6e 75 6c 6c 61 20 70 61 72 69 61 74 iat nulla pariat +| 3776: 75 72 2e 42 05 04 00 81 09 44 75 69 73 20 61 75 ur.B.....Duis au +| 3792: 74 65 20 69 72 75 72 65 20 64 6f 6c 6f 72 20 69 te irure dolor i +| 3808: 6e 20 72 65 70 72 65 68 65 6e 64 65 72 69 74 20 n reprehenderit +| 3824: 69 6e 20 76 6f 6c 75 70 74 61 74 65 20 76 65 6c in voluptate vel +| 3840: 69 74 20 65 73 73 65 2b 04 03 00 5d 6e 69 73 69 it esse+...]nisi +| 3856: 20 75 74 20 61 6c 69 71 75 69 70 20 65 78 20 65 ut aliquip ex e +| 3872: 61 20 63 6f 6d 6d 6f 64 6f 20 63 6f 6e 73 65 71 a commodo conseq +| 3888: 75 61 74 2e 46 03 04 00 81 11 55 74 20 65 6e 69 uat.F.....Ut eni +| 3904: 6d 20 61 64 20 6d 69 6e 69 6d 20 76 65 6e 69 61 m ad minim venia +| 3920: 6d 2c 20 71 75 69 73 20 6e 6f 73 74 72 75 64 20 m, quis nostrud +| 3936: 65 78 65 72 63 69 74 61 74 69 6f 6e 20 75 6c 6c exercitation ull +| 3952: 61 6d 63 6f 20 6c 61 62 6f 72 69 73 46 02 04 00 amco laborisF... +| 3968: 81 11 73 65 64 20 64 6f 20 65 69 75 73 6d 6f 64 ..sed do eiusmod +| 3984: 20 74 65 6d 70 6f 72 20 69 6e 63 69 64 69 64 75 tempor incididu +| 4000: 6e 74 20 75 74 20 6c 61 62 6f 72 65 20 65 74 20 nt ut labore et +| 4016: 64 6f 6c 6f 72 65 20 6d 61 67 6e 61 20 61 6c 69 dolore magna ali +| 4032: 71 75 61 2e 3a 01 03 00 7b 4c 6f 72 65 6d 20 69 qua.:....Lorem i +| 4048: 70 73 75 6d 20 64 6f 6c 6f 72 20 73 69 74 20 61 psum dolor sit a +| 4064: 6d 65 74 2c 20 63 6f 6e 73 65 63 74 65 74 75 72 met, consectetur +| 4080: 20 61 64 69 70 69 73 63 69 6e 67 20 65 00 01 00 adipiscing e... +| page 4 offset 12288 +| 0: 0d 00 00 00 03 0a a6 00 0d 57 0c 4a 0a a6 00 00 .........W.J.... +| 2720: 00 00 00 00 00 00 83 21 03 08 02 08 08 08 17 86 .......!........ +| 2736: 30 08 00 30 20 34 30 32 00 02 61 64 06 01 08 00 0..0 402..ad.... +| 2752: 02 04 00 01 01 6c 06 02 0c 00 02 04 00 01 01 6d .....l.........m +| 2768: 03 01 06 00 01 01 6e 03 08 09 00 01 01 75 03 05 ......n......u.. +| 2784: 03 00 00 02 63 69 03 06 02 00 01 01 6f 07 01 07 ....ci......o... +| 2800: 00 03 07 03 00 01 01 75 06 07 05 00 01 04 00 00 .......u........ +| 2816: 02 64 65 03 08 07 00 01 01 6f 0d 01 04 00 01 03 .de......o...... +| 2832: 09 00 03 05 00 01 03 00 01 01 75 03 05 02 00 00 ..........u..... +| 2848: 02 65 61 03 04 06 00 01 01 69 03 02 04 00 01 01 .ea......i...... +| 2864: 6c 03 01 09 00 01 01 6e 03 03 03 00 01 01 73 06 l......n......s. +| 2880: 05 0b 00 03 0b 00 01 01 74 03 02 09 00 01 01 75 ........t......u +| 2896: 03 06 04 00 01 01 78 09 03 09 00 01 05 00 03 02 ......x......... +| 2912: 00 00 02 66 75 03 06 05 00 00 02 69 64 03 08 0a ...fu......id... +| 2928: 00 01 01 6e 0a 02 06 00 03 06 04 00 03 03 00 01 ...n............ +| 2944: 01 70 03 01 03 00 01 01 72 03 05 04 00 00 02 6c .p......r......l +| 2960: 61 09 02 08 00 01 0b 00 05 0c 00 01 01 6f 03 01 a............o.. +| 2976: 02 00 00 02 6d 61 03 02 0b 00 01 01 69 03 03 05 ....ma......i... +| 2992: 00 01 01 6f 03 08 08 00 00 02 6e 69 03 04 02 00 ...o......ni.... +| 3008: 01 01 6f 06 03 08 00 04 06 00 01 01 75 03 06 06 ..o.........u... +| 3024: 00 00 02 6f 63 03 07 04 00 01 01 66 03 08 06 00 ...oc......f.... +| 3040: 00 02 70 61 03 06 07 00 01 01 72 03 07 07 00 00 ..pa......r..... +| 3056: 02 71 75 06 03 07 00 05 05 00 00 02 72 65 03 05 .qu.........re.. +| 3072: 07 00 00 02 73 65 03 02 02 00 01 01 69 06 01 05 ....se......i... +| 3088: 00 06 03 00 01 01 75 03 08 02 00 00 02 74 65 03 ......u......te. +| 3104: 02 05 00 00 02 75 6c 03 03 0a 00 01 01 74 09 02 .....ul......t.. +| 3120: 07 00 01 02 00 01 03 00 00 02 76 65 06 03 06 00 ..........ve.... +| 3136: 02 0a 00 01 01 6f 03 05 09 00 82 0a 02 08 02 08 .....o.......... +| 3152: 08 08 17 84 02 04 00 30 20 32 35 31 00 01 61 13 .......0 251..a. +| 3168: 01 06 04 00 01 0c 00 01 04 00 01 04 00 01 03 00 ................ +| 3184: 03 09 00 00 01 63 10 01 07 00 03 07 03 00 02 02 .....c.......... +| 3200: 00 01 05 00 01 04 00 00 01 64 11 01 04 00 01 03 .........d...... +| 3216: 09 00 03 02 05 00 01 03 00 02 07 00 00 01 65 1b ..............e. +| 3232: 01 09 00 01 04 07 00 01 03 08 00 01 05 03 00 01 ................ +| 3248: 0b 00 01 04 00 01 02 00 01 0b 00 00 01 66 03 06 .............f.. +| 3264: 05 00 00 01 69 0f 01 03 00 01 06 00 03 04 04 04 ....i........... +| 3280: 00 03 03 09 00 00 01 6c 0c 01 02 00 01 08 00 01 .......l........ +| 3296: 0b 00 05 0c 00 00 01 6d 09 02 0b 00 01 05 00 05 .......m........ +| 3312: 08 00 00 01 6e 0c 03 08 00 01 02 00 02 06 00 01 ....n........... +| 3328: 06 00 00 01 6f 06 07 04 00 01 06 00 00 01 70 06 ....o.........p. +| 3344: 06 07 00 01 07 00 00 01 71 06 03 07 00 05 05 00 ........q....... +| 3360: 00 01 72 03 05 07 00 00 01 73 0c 01 05 00 01 02 ..r......s...... +| 3376: 00 05 03 00 01 02 00 00 01 74 03 02 05 00 00 01 .........t...... +| 3392: 75 0a 02 07 00 01 02 0a 00 01 03 00 00 01 76 07 u.............v. +| 3408: 03 06 00 02 09 03 00 85 26 01 08 08 08 08 08 17 ........&....... +| 3424: 8a 3e 30 20 36 36 35 00 02 61 65 03 03 04 00 02 .>0 665..ae..... +| 3440: 08 69 70 69 73 63 69 6e 67 03 01 08 00 01 05 6c .ipiscing......l +| 3456: 69 71 75 61 03 02 0c 00 05 02 69 70 03 04 04 00 iqua......ip.... +| 3472: 01 03 6d 65 74 03 01 06 00 01 03 6e 69 6d 03 08 ..met......nim.. +| 3488: 09 00 01 03 75 74 65 03 05 03 00 00 06 63 69 6c ....ute......cil +| 3504: 6c 75 6d 03 06 02 00 01 06 6f 6d 6d 6f 64 6f 03 lum......ommodo. +| 3520: 04 07 00 02 09 6e 73 65 63 74 65 74 b5 72 03 01 .....nsectet.r.. +| 3536: 07 00 05 04 71 75 61 74 03 04 08 00 01 04 75 6c ....quat......ul +| 3552: 70 61 03 08 04 00 02 07 70 69 64 61 74 61 74 03 pa......pidatat. +| 3568: 07 05 00 00 08 64 65 73 65 72 75 6e 74 03 08 07 .....deserunt... +| 3584: 00 01 01 6f 03 02 03 00 02 03 6c 6f 72 06 01 04 ...o......lor... +| 3600: 00 04 05 00 05 01 65 06 02 0a 00 04 03 00 01 03 ......e......... +| 3616: 75 69 73 03 05 02 00 00 02 65 61 03 04 06 00 01 uis......ea..... +| 3632: 06 69 75 73 6d 6f 64 03 02 04 00 01 03 6c 69 74 .iusmod......lit +| 3648: 03 01 09 00 01 03 6e 69 6d 03 03 03 00 01 03 73 ......nim......s +| 3664: 73 65 03 05 0b 00 02 01 74 03 08 0b 00 01 01 74 se......t......t +| 3680: 03 02 09 00 01 01 75 03 06 04 00 01 01 78 03 04 ......u......x.. +| 3696: 05 00 02 07 63 65 70 74 65 75 72 03 07 02 00 02 ....cepteur..... +| 3712: 0a 65 72 63 69 74 61 74 69 6f 6e 03 03 09 00 00 .ercitation..... +| 3728: 06 66 75 67 69 61 74 03 06 05 00 00 02 69 64 03 .fugiat......id. +| 3744: 08 0a 00 01 01 6e 07 05 06 04 00 03 03 00 02 08 .....n.......... +| 3760: 63 69 64 69 64 75 6e 74 03 02 06 00 01 04 70 73 cididunt......ps +| 3776: 75 6d 03 01 03 00 01 04 72 75 72 65 03 05 04 00 um......rure.... +| 3792: 00 06 6c 61 62 6f 72 65 03 02 08 00 05 02 69 73 ..labore......is +| 3808: 03 03 0b 00 05 02 75 6d 03 08 0c 00 01 04 6f 72 ......um......or +| 3824: 65 6d 03 01 02 00 00 05 6d 61 67 6e 61 03 02 0b em......magna... +| 3840: 00 01 04 69 6e 69 6d 03 03 05 00 01 05 6f 6c 6c ...inim......oll +| 3856: 69 74 03 08 08 00 00 04 6e 69 73 69 03 04 02 00 it......nisi.... +| 3872: 01 02 6f 6e 03 07 06 00 02 05 73 74 72 75 64 03 ..on......strud. +| 3888: 03 08 00 01 04 75 6c 6c 61 03 06 06 00 00 08 6f .....ulla......o +| 3904: 63 63 61 65 63 61 74 03 07 04 00 01 06 66 66 69 ccaecat......ffi +| 3920: 63 69 61 03 08 06 00 00 08 70 61 72 69 61 74 75 cia......pariatu +| 3936: 72 03 06 07 00 01 07 72 6f 69 64 65 6e 74 03 07 r......roident.. +| 3952: 07 00 00 03 71 75 69 03 08 05 00 03 01 73 03 03 ....qui......s.. +| 3968: 07 00 00 0d 72 65 70 72 65 68 65 6e 64 65 72 69 ....reprehenderi +| 3984: 74 03 05 07 00 00 03 73 65 64 03 02 02 00 01 03 t......sed...... +| 4000: 69 6e 74 03 07 03 00 02 01 74 03 01 05 00 01 03 int......t...... +| 4016: 75 6e 74 03 08 02 00 00 06 74 65 6d 70 6f 72 03 unt......tempor. +| 4032: 02 05 00 00 07 75 6c 6c 61 6d 63 6f 03 03 0a 00 .....ullamco.... +| 4048: 01 01 74 09 02 07 00 01 02 00 01 03 00 00 05 76 ..t............v +| 4064: 65 6c 69 74 03 05 0a 00 02 04 6e 69 61 6d 03 03 elit......niam.. +| 4080: 06 00 01 08 6f 6c 75 70 74 61 74 65 03 05 09 00 ....oluptate.... +| page 5 offset 16384 +| 0: 0a 00 00 00 03 0f eb 00 0f fb 0f f3 0f eb 00 00 ................ +| 4064: 00 00 00 00 00 00 00 00 00 00 00 07 04 02 08 01 ................ +| 4080: 08 00 03 07 04 02 08 01 04 00 02 04 04 08 08 09 ................ +| page 6 offset 20480 +| 0: 0d 00 00 00 08 0f d0 00 0f fa 0f f4 0f ee 0f e8 ................ +| 16: 0f e2 0f dc 0f d6 0f d0 00 00 00 00 00 00 00 00 ................ +| 4048: 04 08 03 00 0e 0b 04 07 03 00 0e 06 04 06 03 00 ................ +| 4064: 0e 06 04 05 03 00 0e 0a 04 04 03 00 0e 07 04 03 ................ +| 4080: 03 00 0e 0a 04 02 03 00 0e 0b 04 01 03 00 0e 08 ................ +| page 7 offset 24576 +| 0: 0d 00 00 00 01 0f f7 00 0f f7 00 00 00 00 01 00 ................ +| 4080: 00 00 00 00 00 00 00 07 00 03 00 14 08 45 b5 03 .............E.. +| end crash-58821b8eae6883.db +}]} {} + +do_catchsql_test 49.1 { + SAVEPOINT one; + DELETE FROM t1 WHERE t1 MATCH 'c*'; + SELECT matchinfo(t1,'pcx') IS NULL FROM t1 WHERE t1 MATCH 'f*e*'; +} {0 0} + + finish_test From 19c16c8771073b46114ea9bc2d44228621b0a7b2 Mon Sep 17 00:00:00 2001 From: drh <> Date: Fri, 16 Apr 2021 12:13:39 +0000 Subject: [PATCH 4/5] Fix an assert() in whereLoopAddOr() that can be wrong if an OOM occurs in an OR constraint on a virtual table if one of the terms of the OR is an IN operator. dbsqlfuzz 5ee7350b40014f5a878c5d6e76913a2d619f5146 FossilOrigin-Name: 5cb40e53edcb1e54cde0e54c38a647144bc3158435df0161f95c89732de086e6 --- manifest | 14 +++++++------- manifest.uuid | 2 +- src/where.c | 4 +++- 3 files changed, 11 insertions(+), 9 deletions(-) diff --git a/manifest b/manifest index a9ba25e802..f693690268 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Fix\san\sassert()\sin\sfts3\sthat\smight\sfail\swhen\shanding\scorrupt\srecords. -D 2021-04-16T11:25:37.964 +C Fix\san\sassert()\sin\swhereLoopAddOr()\sthat\scan\sbe\swrong\sif\san\sOOM\soccurs\sin\nan\sOR\sconstraint\son\sa\svirtual\stable\sif\sone\sof\sthe\sterms\sof\sthe\sOR\sis\san\sIN\noperator.\s\sdbsqlfuzz\s5ee7350b40014f5a878c5d6e76913a2d619f5146 +D 2021-04-16T12:13:39.917 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -629,7 +629,7 @@ F src/vxworks.h d2988f4e5a61a4dfe82c6524dd3d6e4f2ce3cdb9 F src/wal.c 69e770e96fd56cc21608992bf2c6f1f3dc5cf2572d0495c6a643b06c3a679f14 F src/wal.h c3aa7825bfa2fe0d85bef2db94655f99870a285778baa36307c0a16da32b226a F src/walker.c d42d6c80ea363ef689a462e65eefcfe87deab924c50de5baa37ecb6af7d7ddaa -F src/where.c a96a99ec5acb186f789d5597249a2c1eb1a8602173fe2fee745be5510f590e27 +F src/where.c 1c305bab0996a63219a6cb3d4718587f3a5dc5608120c4448985aa2bef88b7f5 F src/whereInt.h 446e5e8018f83358ef917cf32d8e6a86dc8430113d0b17e720f1839d3faa44c4 F src/wherecode.c 0e42f4ad53962e90349462520891734ed3217c7852f41c69ffac7a9eeaf31451 F src/whereexpr.c d8cafcf6781cf871082f04d7540862cf0fe30cb381dd1b2145a380376364fe8e @@ -1912,7 +1912,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 5620bd466eb10fd4daf51af9b88d8221f981dc0ceabfa84a0e1d5c817f635429 -R 4f5c640440401aeed37f68d54bcdff49 -U dan -Z 18bae14c6eca1fc28ec07f58312ffb19 +P d0e2d6742f314f71562e404980aad20de6b17e0b04c08582c18bbc4fd0360751 +R 332bb44b67c02aac523458d51b6b816e +U drh +Z ea3687369fc6da14ed3df05290b695f6 diff --git a/manifest.uuid b/manifest.uuid index 2504e9f9df..318fa06e38 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -d0e2d6742f314f71562e404980aad20de6b17e0b04c08582c18bbc4fd0360751 \ No newline at end of file +5cb40e53edcb1e54cde0e54c38a647144bc3158435df0161f95c89732de086e6 \ No newline at end of file diff --git a/src/where.c b/src/where.c index 3d60b175ed..97814d4316 100644 --- a/src/where.c +++ b/src/where.c @@ -3608,7 +3608,9 @@ static int whereLoopAddOr( if( rc==SQLITE_OK ){ rc = whereLoopAddOr(&sSubBuild, mPrereq, mUnusable); } - assert( rc==SQLITE_OK || rc==SQLITE_DONE || sCur.n==0 ); + assert( rc==SQLITE_OK || rc==SQLITE_DONE || sCur.n==0 + || rc==SQLITE_NOMEM ); + testcase( rc==SQLITE_NOMEM && sCur.n>0 ); testcase( rc==SQLITE_DONE ); if( sCur.n==0 ){ sSum.n = 0; From 197561cd42258dcaf2f9d1eb94b5c0438c4e4f3f Mon Sep 17 00:00:00 2001 From: drh <> Date: Fri, 16 Apr 2021 12:33:52 +0000 Subject: [PATCH 5/5] Remove an ALWAYS() from a branch in sqlite3ExprAddCollateToken() which can be false following an OOM. dbsqlfuzz 9e8516bf1e786c84e520ae43141b75b7399f8618. FossilOrigin-Name: 6af4e6d054efd8445e1010aabd584f36e70dfad0de13bd0e2f1761cad4d9a7d6 --- manifest | 12 ++++++------ manifest.uuid | 2 +- src/expr.c | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/manifest b/manifest index f693690268..5b4e46a4c5 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Fix\san\sassert()\sin\swhereLoopAddOr()\sthat\scan\sbe\swrong\sif\san\sOOM\soccurs\sin\nan\sOR\sconstraint\son\sa\svirtual\stable\sif\sone\sof\sthe\sterms\sof\sthe\sOR\sis\san\sIN\noperator.\s\sdbsqlfuzz\s5ee7350b40014f5a878c5d6e76913a2d619f5146 -D 2021-04-16T12:13:39.917 +C Remove\san\sALWAYS()\sfrom\sa\sbranch\sin\ssqlite3ExprAddCollateToken()\swhich\scan\nbe\sfalse\sfollowing\san\sOOM.\ndbsqlfuzz\s9e8516bf1e786c84e520ae43141b75b7399f8618. +D 2021-04-16T12:33:52.638 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -494,7 +494,7 @@ F src/date.c e0632f335952b32401482d099321bbf12716b29d6e72836b53ae49683ebae4bf F src/dbpage.c 8a01e865bf8bc6d7b1844b4314443a6436c07c3efe1d488ed89e81719047833a F src/dbstat.c 3aa79fc3aed7ce906e4ea6c10e85d657299e304f6049861fe300053ac57de36c F src/delete.c 73f57a9a183532c344a3135cf8f2a5589376e39183e0b5f562d6b61b2af0f4d8 -F src/expr.c f18126b29be917d7369ec87b64466ac9dfc2a565df23c828fdaf432389ec7da7 +F src/expr.c 17972f20c963f4d28a3afd9ee34c32475a5ab0ef0044b4523976885eabc4d278 F src/fault.c 460f3e55994363812d9d60844b2a6de88826e007 F src/fkey.c e9063648396c58778f77583a678342fe4a9bc82436bf23c5f9f444f2df0fdaa4 F src/func.c 88fd711754a7241cb9f8eb1391370fd0c0cea756b3358efa274c5d1efd59af93 @@ -1912,7 +1912,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P d0e2d6742f314f71562e404980aad20de6b17e0b04c08582c18bbc4fd0360751 -R 332bb44b67c02aac523458d51b6b816e +P 5cb40e53edcb1e54cde0e54c38a647144bc3158435df0161f95c89732de086e6 +R ddfb443f324f92c0f7d01464d567a778 U drh -Z ea3687369fc6da14ed3df05290b695f6 +Z 4128704ba35132d25cf1033fb5faf21a diff --git a/manifest.uuid b/manifest.uuid index 318fa06e38..9b532950dc 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -5cb40e53edcb1e54cde0e54c38a647144bc3158435df0161f95c89732de086e6 \ No newline at end of file +6af4e6d054efd8445e1010aabd584f36e70dfad0de13bd0e2f1761cad4d9a7d6 \ No newline at end of file diff --git a/src/expr.c b/src/expr.c index 898ed85194..912b604ea8 100644 --- a/src/expr.c +++ b/src/expr.c @@ -99,7 +99,7 @@ Expr *sqlite3ExprAddCollateToken( if( pExpr==0 ) return 0; if( pExpr->op==TK_VECTOR ){ ExprList *pList = pExpr->x.pList; - if( ALWAYS(pList!=0) ){ + if( pList!=0 ){ int i; for(i=0; inExpr; i++){ pList->a[i].pExpr = sqlite3ExprAddCollateToken(pParse,pList->a[i].pExpr,