Fix a possible NULL pointer dereference in following an OOM error

in sqlite3ExprIsInteger(). Problem found by OSS-Fuzz. FossilOrigin-Name: 5ec655e8e817c1ed3bfb2e576745a7cef441494ad7baf1bf9f8895e98ac19c5a
2017-03-12 20:28:44 +00:00 · 2017-03-12 20:28:44 +00:00 · ba28b5ab0a
commit ba28b5ab0a
parent 1ed1e616f7
3 changed files with 8 additions and 7 deletions
--- a/12
+++ b/12
@ -1,5 +1,5 @@
-C Remove\san\sobsolete\sassert()\sin\sthe\sIN\soperator\scode\sgeneration.
-D 2017-03-12T19:39:00.634
+C Fix\sa\spossible\sNULL\spointer\sdereference\sin\sfollowing\san\sOOM\serror\nin\ssqlite3ExprIsInteger().\sProblem\sfound\sby\sOSS-Fuzz.
+D 2017-03-12T20:28:44.701
 F Makefile.in 2dae2a56457c2885425a480e1053de8096aff924
 F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434
 F Makefile.msc 9020fa41eb91f657ae0cc44145d0a2f3af520860
@ -351,7 +351,7 @@ F src/ctime.c a9984df73898c042a5cfc8f9d8e7723d02bc35c9
 F src/date.c ee676e7694dfadbdd2fde1a258a71be8360ba5ae
 F src/dbstat.c 19ee7a4e89979d4df8e44cfac7a8f905ec89b77d
 F src/delete.c 0d9d5549d42e79ce4d82ff1db1e6c81e36d2f67c
-F src/expr.c 7eac40b592672a1f3e0565ac1e66fbb87218436c134d8b2460f989b550e2eb73
+F src/expr.c f12a581f342a6fd85d14c31e4fb84f16b3dd107f54d7728dddb62cebc79d7ce1
 F src/fault.c 460f3e55994363812d9d60844b2a6de88826e007
 F src/fkey.c 2e9aabe1aee76273aff8a84ee92c464e095400ae
 F src/func.c c67273e1ec08abbdcc14c189892a3ff6eeece86b
@ -1562,7 +1562,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 3299a26160c239255608d1e2b15a221e28b18a3d
-R 0614fda50e45b1c812e74d7f5befdd87
+P 18bf6aca2ac86478fd12d5020f3a41cfd2bd2dc3defe2298411f79ad308a6f73
+R ca6b9859462ac91c5f6d6ceb39023c31
 U drh
-Z 926534de7c008338fc48290e21b48744
+Z af1824315a47164e92b4aa40f4d2923c
--- a/manifest.uuid
+++ b/manifest.uuid
@ -1 +1 @@
-18bf6aca2ac86478fd12d5020f3a41cfd2bd2dc3defe2298411f79ad308a6f73
+5ec655e8e817c1ed3bfb2e576745a7cef441494ad7baf1bf9f8895e98ac19c5a
--- a/src/expr.c
+++ b/src/expr.c
@ -1860,6 +1860,7 @@ int sqlite3ExprContainsSubquery(Expr *p){
 */
 int sqlite3ExprIsInteger(Expr *p, int *pValue){
  int rc = 0;
+  if( p==0 ) return 0;  /* Can only happen following on OOM */

  /* If an expression is an integer literal that fits in a signed 32-bit
  ** integer, then the EP_IntValue flag will have already been set */