mirror of https://github.com/sqlite/sqlite
Fix a bug in where.c that could cause SQLite to write to freed memory while compiling a query with many terms in the WHERE clause. (CVS 6952)
FossilOrigin-Name: 8161af840e8fd2b06457e75023f934e1b8fe5fd6
This commit is contained in:
danielk1977
parent
1a4eaf0be2
commit
f51d1bd665
14
manifest
14
manifest
|
|
@ -1,5 +1,5 @@
|
|||
C Add\sa\stest\sto\smallocI.test\sto\sshow\sthat\sa\sshared\slock\sis\scorrectly\sreleased\sif\san\sOOM\scondition\soccurs\swhile\sparsing\sa\sdatabase\sschema.\s(CVS\s6951)
|
||||
D 2009-07-29T06:04:57
|
||||
C Fix\sa\sbug\sin\swhere.c\sthat\scould\scause\sSQLite\sto\swrite\sto\sfreed\smemory\swhile\scompiling\sa\squery\swith\smany\sterms\sin\sthe\sWHERE\sclause.\s(CVS\s6952)
|
||||
D 2009-07-31T06:14:52
|
||||
F Makefile.arm-wince-mingw32ce-gcc fcd5e9cd67fe88836360bb4f9ef4cb7f8e2fb5a0
|
||||
F Makefile.in df9359da7a726ccb67a45db905c5447d5c00c6ef
|
||||
F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654
|
||||
|
|
@ -213,7 +213,7 @@ F src/vdbeblob.c a3f3e0e877fc64ea50165eec2855f5ada4477611
|
|||
F src/vdbemem.c bfc25f9ef4fa914b473303566459552bdb2e008a
|
||||
F src/vtab.c b19c4e96dcf2b89b5b2ba48e8ef624e654a59b2c
|
||||
F src/walker.c 1edca756275f158b80f20eb6f104c8d3fcc96a04
|
||||
F src/where.c de6ab601ee6f7a886f1380b63122883ef570a88f
|
||||
F src/where.c 7e696d69a6d1b0fa277da2801ae4126dd4db0f8c
|
||||
F test/aggerror.test a867e273ef9e3d7919f03ef4f0e8c0d2767944f2
|
||||
F test/alias.test 4529fbc152f190268a15f9384a5651bbbabc9d87
|
||||
F test/all.test 14165b3e32715b700b5f0cbf8f6e3833dda0be45
|
||||
|
|
@ -710,7 +710,7 @@ F test/where4.test e9b9e2f2f98f00379e6031db6a6fca29bae782a2
|
|||
F test/where5.test fdf66f96d29a064b63eb543e28da4dfdccd81ad2
|
||||
F test/where6.test 42c4373595f4409d9c6a9987b4a60000ad664faf
|
||||
F test/where7.test b6e84b472a024e45c6dbdadc52bbcab3fcc8d0e1
|
||||
F test/where8.test 4839a0a1447e178a9a0725c5136fb963445e7708
|
||||
F test/where8.test fb2ccd7f1fa33287fef25b6bad6849c868a6e331
|
||||
F test/where8m.test da346596e19d54f0aba35ebade032a7c47d79739
|
||||
F test/where9.test be19e1a92f80985c1a121b4678bf7d2123eaa623
|
||||
F test/whereA.test 1d1674254614147c866ab9b59af6582f454a858c
|
||||
|
|
@ -740,7 +740,7 @@ F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff
|
|||
F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224
|
||||
F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e
|
||||
F tool/vdbe-compress.tcl 672f81d693a03f80f5ae60bfefacd8a349e76746
|
||||
P 4571aa9e9142db465ae8250b0adf27e0a094331a
|
||||
R dcea50c6f35f0aec2ba3cb61a9fe65cb
|
||||
P 5a82620efa1298530760e69e4e34d446a30233b8
|
||||
R 5171f50e963fce31c959e66efb3a8d0a
|
||||
U danielk1977
|
||||
Z c8de658c5b21527a701e58d71776ac0b
|
||||
Z 77225468b9c3e046f4f8c47188f8bd03
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
5a82620efa1298530760e69e4e34d446a30233b8
|
||||
8161af840e8fd2b06457e75023f934e1b8fe5fd6
|
||||
|
|
@ -16,7 +16,7 @@
|
|||
** so is applicable. Because this module is responsible for selecting
|
||||
** indices, you might also think of this module as the "query optimizer".
|
||||
**
|
||||
** $Id: where.c,v 1.410 2009/07/28 08:43:09 shane Exp $
|
||||
** $Id: where.c,v 1.411 2009/07/31 06:14:52 danielk1977 Exp $
|
||||
*/
|
||||
#include "sqliteInt.h"
|
||||
|
||||
|
|
@ -1176,6 +1176,7 @@ static void exprAnalyze(
|
|||
else if( pExpr->op==TK_OR ){
|
||||
assert( pWC->op==TK_AND );
|
||||
exprAnalyzeOrTerm(pSrc, pWC, idxTerm);
|
||||
pTerm = &pWC->a[idxTerm];
|
||||
}
|
||||
#endif /* SQLITE_OMIT_OR_OPTIMIZATION */
|
||||
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@
|
|||
# is testing of where.c. More specifically, the focus is the optimization
|
||||
# of WHERE clauses that feature the OR operator.
|
||||
#
|
||||
# $Id: where8.test,v 1.8 2009/06/07 23:45:11 drh Exp $
|
||||
# $Id: where8.test,v 1.9 2009/07/31 06:14:52 danielk1977 Exp $
|
||||
|
||||
set testdir [file dirname $argv0]
|
||||
source $testdir/tester.tcl
|
||||
|
|
@ -653,9 +653,53 @@ foreach idxsql {
|
|||
}
|
||||
incr A
|
||||
}
|
||||
|
||||
catch {unset results}
|
||||
catch {unset A}
|
||||
catch {unset B}
|
||||
|
||||
# At one point the following tests provoked an invalid write error (writing
|
||||
# to memory that had already been freed). It was not possible to demonstrate
|
||||
# that this bug could cause a query to return bad data.
|
||||
#
|
||||
do_test where8-5.1 {
|
||||
db close
|
||||
sqlite3 db test.db
|
||||
sqlite3_db_config_lookaside db 0 0 0
|
||||
execsql {
|
||||
CREATE TABLE tA(
|
||||
a, b, c, d, e, f, g, h,
|
||||
i, j, k, l, m, n, o, p
|
||||
);
|
||||
}
|
||||
execsql {
|
||||
SELECT * FROM tA WHERE
|
||||
a=1 AND b=2 AND c=3 AND d=4 AND e=5 AND f=6 AND g=7 AND h=8 AND
|
||||
i=1 AND j=2 AND k=3 AND l=4 AND m=5 AND n=6 AND o=7 AND
|
||||
(p = 1 OR p = 2 OR p = 3)
|
||||
}
|
||||
} {}
|
||||
do_test where8-5.2 {
|
||||
execsql {
|
||||
SELECT * FROM tA WHERE
|
||||
a=1 AND b=2 AND c=3 AND d=4 AND e=5 AND f=6 AND g=7 AND h=8 AND
|
||||
i=1 AND j=2 AND k=3 AND l=4 AND m=5 AND
|
||||
(p = 1 OR p = 2 OR p = 3) AND n=6 AND o=7
|
||||
}
|
||||
} {}
|
||||
do_test where8-5.3 {
|
||||
execsql {
|
||||
INSERT INTO tA VALUES(1, 2, 3, 4, 5, 6, 7, 8, 1, 2, 3, 4, 5, 6, 7, 8);
|
||||
CREATE UNIQUE INDEX tAI ON tA(p);
|
||||
CREATE TABLE tB(x);
|
||||
INSERT INTO tB VALUES('x');
|
||||
}
|
||||
execsql {
|
||||
SELECT a, x FROM tA LEFT JOIN tB ON (
|
||||
a=1 AND b=2 AND c=3 AND d=4 AND e=5 AND f=6 AND g=7 AND h=8 AND
|
||||
i=1 AND j=2 AND k=3 AND l=4 AND m=5 AND n=6 AND o=7 AND
|
||||
(p = 1 OR p = 2 OR p = 3)
|
||||
)
|
||||
}
|
||||
} {1 {}}
|
||||
|
||||
finish_test
|
||||
|
|
|
|||
Loading…
Reference in New Issue