Fix an obscure memory leak in sqlite3Stat4ProbeFree()

FossilOrigin-Name: c72abbe2c1735f3d563c6672616b2918b6209922
2015-04-20 13:59:18 +00:00 · 2015-04-20 13:59:18 +00:00 · cef2584335
parent f34e9aabd8
commit cef2584335
4 changed files with 22 additions and 9 deletions
--- a/14
+++ b/14
@ -1,5 +1,5 @@
-C Enhance\sfuzzershell\sto\ssupport\smultiple\sblocks\sof\sSQL,\seach\srun\sin\sits\sown\nprivate\sin-memory\sdatabase.
-D 2015-04-20T12:50:13.942
+C Fix\san\sobscure\smemory\sleak\sin\ssqlite3Stat4ProbeFree()
+D 2015-04-20T13:59:18.103
 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
 F Makefile.in faaf75b89840659d74501bea269c7e33414761c1
 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
@ -299,7 +299,7 @@ F src/vdbeInt.h 9cbaa84f53ddd2d09a0cf61a94337a3a035d08a0
 F src/vdbeapi.c 583d56b129dd27f12bed518270de9ebe521e6a75
 F src/vdbeaux.c 03591cca98ec50e1493043f0ff7abbece0b9c83d
 F src/vdbeblob.c 4f2e8e075d238392df98c5e03a64342465b03f90
-F src/vdbemem.c c0dc81285b7571b0a31c40f17846fe2397ec1cd9
+F src/vdbemem.c b5256445b318b0f2b3bc429028469cfbb08f19a5
 F src/vdbesort.c 2e7f683464fd5db3be4beaa1ff2d39e24fcb64b8
 F src/vdbetrace.c f95c2dff9041fcf07f871789c22ebb0648ea0b7c
 F src/vtab.c 5f81f8a59c1f5ddb94c918f25ed5d83578fcc633
@ -321,7 +321,7 @@ F test/alter4.test c461150723ac957f3b2214aa0b11552cd72023ec
 F test/altermalloc.test e81ac9657ed25c6c5bb09bebfa5a047cd8e4acfc
 F test/amatch1.test b5ae7065f042b7f4c1c922933f4700add50cdb9f
 F test/analyze.test 3eb35a4af972f98422e5dc0586501b17d103d321
-F test/analyze3.test 75b9e42ea1e4edc919250450dc5762186965d4e6
+F test/analyze3.test c2c07285e1012315e561132fcfa8fd43be66ec8c
 F test/analyze4.test eff2df19b8dd84529966420f29ea52edc6b56213
 F test/analyze5.test 765c4e284aa69ca172772aa940946f55629bc8c4
 F test/analyze6.test f1c552ce39cca4ec922a7e4e0e5d0203d6b3281f
@ -1251,7 +1251,7 @@ F tool/vdbe_profile.tcl 67746953071a9f8f2f668b73fe899074e2c6d8c1
 F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
 F tool/warnings.sh 0abfd78ceb09b7f7c27c688c8e3fe93268a13b32
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
-P 592c010478fba7410424f011a62e019c826f1ac3
-R 55f62d08aa055d79c5fb00626b830397
+P ab0a96ca73cfe92d5a837c71c148e8361f42acc3
+R 3caac82026514fa2d10894c0463eb30d
 U drh
-Z 4938f7ca9f322011187311f0d5e05712
+Z 942c4169ecb37cfefc1570a95881cae9
--- a/manifest.uuid
+++ b/manifest.uuid
@ -1 +1 @@
-ab0a96ca73cfe92d5a837c71c148e8361f42acc3
+c72abbe2c1735f3d563c6672616b2918b6209922
--- a/src/vdbemem.c
+++ b/src/vdbemem.c
@ -1647,7 +1647,7 @@ void sqlite3Stat4ProbeFree(UnpackedRecord *pRec){
    Mem *aMem = pRec->aMem;
    sqlite3 *db = aMem[0].db;
    for(i=0; i<nCol; i++){
-      if( aMem[i].szMalloc ) sqlite3DbFree(db, aMem[i].zMalloc);
+      sqlite3VdbeMemRelease(&aMem[i]);
    }
    sqlite3KeyInfoUnref(pRec->pKeyInfo);
    sqlite3DbFree(db, pRec);
--- a/test/analyze3.test
+++ b/test/analyze3.test
@ -662,4 +662,17 @@ do_eqp_test analyze3-6-2 {
  SELECT * FROM t1 WHERE a = 5 AND b > 'w' AND c = 13;
 } {0 0 0 {SEARCH TABLE t1 USING INDEX i2 (c=?)}}

+#-----------------------------------------------------------------------------
+# 2015-04-20.
+# Memory leak in sqlite3Stat4ProbeFree().  (Discovered while fuzzing.)
+#
+do_execsql_test analyze-7.1 {
+  DROP TABLE IF EXISTS t1;
+  CREATE TABLE t1(a INTEGER PRIMARY KEY, b, c);
+  INSERT INTO t1 VALUES(1,1,'0000');
+  CREATE INDEX t0b ON t1(b);
+  ANALYZE;
+  SELECT c FROM t1 WHERE b=3 AND a BETWEEN 30 AND hex(1);
+} {}
+
 finish_test