Fix a problem in fts3_write.c causing stack memory to be referenced after it is out of scope.

FossilOrigin-Name: f9c4a7c8f4e5821b47c1393d6272e32416d8886c

ext/fts3/fts3_write.c

@@ -1470,6 +1470,7 @@ int sqlite3Fts3SegReaderPending(
   Fts3SegReader **ppReader        /* OUT: SegReader for pending-terms */
 ){
   Fts3SegReader *pReader = 0;     /* Fts3SegReader object to return */
+  Fts3HashElem *pE;               /* Iterator variable */
   Fts3HashElem **aElem = 0;       /* Array of term hash entries to scan */
   int nElem = 0;                  /* Size of array at aElem */
   int rc = SQLITE_OK;             /* Return Code */
@@ -1478,7 +1479,6 @@ int sqlite3Fts3SegReaderPending(
   pHash = &p->aIndex[iIndex].hPending;
   if( bPrefix ){
     int nAlloc = 0;               /* Size of allocated array at aElem */
-    Fts3HashElem *pE = 0;         /* Iterator variable */
 
     for(pE=fts3HashFirst(pHash); pE; pE=fts3HashNext(pE)){
       char *zKey = (char *)fts3HashKey(pE);
@@ -1512,8 +1512,13 @@ int sqlite3Fts3SegReaderPending(
 
   }else{
     /* The query is a simple term lookup that matches at most one term in
-    ** the index. All that is required is a straight hash-lookup. */
+    ** the index. All that is required is a straight hash-lookup. 
-    Fts3HashElem *pE = fts3HashFindElem(pHash, zTerm, nTerm);
+    **
+    ** Because the stack address of pE may be accessed via the aElem pointer
+    ** below, the "Fts3HashElem *pE" must be declared so that it is valid
+    ** within this entire function, not just this "else{...}" block.
+    */
+    pE = fts3HashFindElem(pHash, zTerm, nTerm);
     if( pE ){
       aElem = &pE;
       nElem = 1;

manifest

@@ -1,5 +1,5 @@
-C Fix\sother\sproblems\swhere\s32-bit\sinteger\soverflow\smay\scause\sa\sproblem.\sTwo\sthat\srequire\san\simprobably\slarge\ssub-journal\sand\stwo\sin\stest\sharness\scode.
+C Fix\sa\sproblem\sin\sfts3_write.c\scausing\sstack\smemory\sto\sbe\sreferenced\safter\sit\sis\sout\sof\sscope.
-D 2011-12-21T18:04:41.417
+D 2011-12-22T15:30:46.102
 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
 F Makefile.in 5b4a3e12a850b021547e43daf886b25133b44c07
 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
@@ -78,7 +78,7 @@ F ext/fts3/fts3_test.c 24fa13f330db011500acb95590da9eee24951894
 F ext/fts3/fts3_tokenizer.c 9ff7ec66ae3c5c0340fa081958e64f395c71a106
 F ext/fts3/fts3_tokenizer.h 13ffd9fcb397fec32a05ef5cd9e0fa659bf3dbd3
 F ext/fts3/fts3_tokenizer1.c 0dde8f307b8045565cf63797ba9acfaff1c50c68
-F ext/fts3/fts3_write.c c097228bff4d33c6b8a270c9717b9f8339068776
+F ext/fts3/fts3_write.c fb1998be659ff85b7045513ab625bbdcf9b804d8
 F ext/fts3/fts3speed.tcl b54caf6a18d38174f1a6e84219950d85e98bb1e9
 F ext/fts3/mkfts3amal.tcl 252ecb7fe6467854f2aa237bf2c390b74e71f100
 F ext/icu/README.txt bf8461d8cdc6b8f514c080e4e10dc3b2bbdfefa9
@@ -985,7 +985,7 @@ F tool/tostr.awk e75472c2f98dd76e06b8c9c1367f4ab07e122d06
 F tool/vdbe-compress.tcl d70ea6d8a19e3571d7ab8c9b75cba86d1173ff0f
 F tool/warnings-clang.sh 9f406d66e750e8ac031c63a9ef3248aaa347ef2a
 F tool/warnings.sh fbc018d67fd7395f440c28f33ef0f94420226381
-P c5256b59ad70104c1e181b9f49d1d712cf4cc9f6
+P c723e3e18a008922281d8d6e8e3aba07941eb173
-R 67d063070f0e350ae5f59b7b697ace26
+R a473dabc4c74a83ea005d83d596de923
 U dan
-Z bef61bfcf61cf3a9e556e6b3194dc0ce
+Z 9db758f12d3cf045a211ef0d51186bd2

manifest.uuid

@@ -1 +1 @@
-c723e3e18a008922281d8d6e8e3aba07941eb173
+f9c4a7c8f4e5821b47c1393d6272e32416d8886c