Fix a segfault that can occur in the RowSet object following a malloc

failure. (CVS 5978) FossilOrigin-Name: cb0f1658d3db7ccf80843d66fa85af8de44710d0
2008-12-04 22:17:55 +00:00 · 2008-12-04 22:17:55 +00:00 · 8d99363c1b
commit 8d99363c1b
parent 3d4501e573
4 changed files with 15 additions and 12 deletions
--- a/14
+++ b/14
@ -1,5 +1,5 @@
-C Replace\sthe\sVDBE\sFifo\sobject\swith\sthe\snew\sRowSet\sobject.\s(CVS\s5977)
-D 2008-12-04T20:40:10
+C Fix\sa\ssegfault\sthat\scan\soccur\sin\sthe\sRowSet\sobject\sfollowing\sa\smalloc\nfailure.\s(CVS\s5978)
+D 2008-12-04T22:17:56
 F Makefile.arm-wince-mingw32ce-gcc fcd5e9cd67fe88836360bb4f9ef4cb7f8e2fb5a0
 F Makefile.in f7e4c81c347b04f7b0f1c1b081a168645d7b8af7
 F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654
@ -194,13 +194,13 @@ F src/update.c 7143ac31d26dee156277126e9a7c5be953b18347
 F src/utf.c 86dc0f8076f606432a01f1498ae054c32de1f9d2
 F src/util.c b9a5d1c4c1a433e17d5828f9717fac763016a2cb
 F src/vacuum.c 383d6297bddc011ab04a9eed110db6eaf523e8e9
-F src/vdbe.c 5c46d3742f36599e615ce57164e44c64df5d0470
+F src/vdbe.c 3e849f1cffda97280d36b88e0980bdbe8128be7e
 F src/vdbe.h 03516f28bf5aca00a53c4dccd6c313f96adb94f6
 F src/vdbeInt.h 1df957ab0f6a129735513d528c930dddfb4b23ef
 F src/vdbeapi.c 20722164e7701a0747eaea03cddbbe0de5cb37bf
 F src/vdbeaux.c 33ba6b66bc595f5522e6a6995a86799bacd8961b
 F src/vdbeblob.c b0dcebfafedcf9c0addc7901ad98f6f986c08935
-F src/vdbemem.c 2f386accfa1f4f11f0f12c2b6dcd4948e6df9c1f
+F src/vdbemem.c 360396ac77b2da36a8cfc280e7c055482f0254e8
 F src/vtab.c 02c51eac45dbff1a1d6e73f58febf92ecb563f7f
 F src/walker.c 488c2660e13224ff70c0c82761118efb547f8f0d
 F src/where.c 96f7c2bd9e83c252d90ee2794f7a902fc5ba505b
@ -662,7 +662,7 @@ F tool/speedtest16.c c8a9c793df96db7e4933f0852abb7a03d48f2e81
 F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff
 F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224
 F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e
-P 4697249fcc6041ba7d2fb89589c855a8bec71eb2
-R 854bd2622f9c32e838b36a1ab2f599ef
+P 39a0750b49cf55e9c0927169ca47db909f5c16ea
+R 4a7599da73fd5a79c2dfb0d9f2d60746
 U drh
-Z 79aa37bffdc9ab8f785db1e32012837b
+Z 69484d9ad61e9734a4c2ad4dd121e991
--- a/manifest.uuid
+++ b/manifest.uuid
@ -1 +1 @@
-39a0750b49cf55e9c0927169ca47db909f5c16ea
+cb0f1658d3db7ccf80843d66fa85af8de44710d0
--- a/src/vdbe.c
+++ b/src/vdbe.c
@ -43,7 +43,7 @@
 ** in this file for details.  If in doubt, do not deviate from existing
 ** commenting and indentation practices when changing or adding code.
 **
-** $Id: vdbe.c,v 1.790 2008/12/04 20:40:10 drh Exp $
+** $Id: vdbe.c,v 1.791 2008/12/04 22:17:56 drh Exp $
 */
 #include "sqliteInt.h"
 #include <ctype.h>
@ -4302,6 +4302,7 @@ case OP_RowSetAdd: {       /* in2 */
  assert( (pVal->flags & MEM_Int)!=0 );
  if( (pIdx->flags & MEM_RowSet)==0 ){
    sqlite3VdbeMemSetRowSet(pIdx);
+    if( (pIdx->flags & MEM_RowSet)==0 ) goto no_mem;
  }
  sqlite3RowSetInsert(pIdx->u.pRowSet, pVal->u.i);
  break;
--- a/src/vdbemem.c
+++ b/src/vdbemem.c
@ -15,7 +15,7 @@
 ** only within the VDBE.  Interface routines refer to a Mem using the
 ** name sqlite_value
 **
-** $Id: vdbemem.c,v 1.127 2008/12/04 20:40:10 drh Exp $
+** $Id: vdbemem.c,v 1.128 2008/12/04 22:17:56 drh Exp $
 */
 #include "sqliteInt.h"
 #include <ctype.h>
@ -510,12 +510,14 @@ void sqlite3VdbeMemSetRowSet(Mem *pMem){
    sqlite3VdbeMemRelease(pMem);
    pMem->zMalloc = sqlite3DbMallocRaw(db, 32);
  }
-  if( !db->mallocFailed ){
+  if( db->mallocFailed ){
+    pMem->flags = MEM_Null;
+  }else{
    assert( pMem->zMalloc );
    pMem->u.pRowSet = sqlite3RowSetInit(db, pMem->zMalloc, 
                                       sqlite3DbMallocSize(db, pMem->zMalloc));
    assert( pMem->u.pRowSet!=0 );
-    pMem->flags = MEM_RowSet|MEM_Dyn;
+    pMem->flags = MEM_RowSet;
  }
 }