Fix a potential use-after-free following an OOM in sqlite3ParserAddCleanup()

and add a mechanism to detect situations where this might occur in the future. FossilOrigin-Name: 38ef8ab9830e12acd2c710e113939b1f8dced02612c6933c37a3c948a4030d0a
2025-11-11 01:42:22 +03:00 · 2021-01-12 15:30:01 +00:00
parent cf3c078f93
commit 21d4f5b53a
6 changed files with 36 additions and 19 deletions
--- a/src/insert.c
+++ b/src/insert.c
@@ -370,8 +370,9 @@ static int autoIncBegin(
    while( pInfo && pInfo->pTab!=pTab ){ pInfo = pInfo->pNext; }
    if( pInfo==0 ){
      pInfo = sqlite3DbMallocRawNN(pParse->db, sizeof(*pInfo));
-      if( pInfo==0 ) return 0;
-      sqlite3ParserAddCleanup(pToplevel, sqlite3DbFreeNN, pInfo);
+      sqlite3ParserAddCleanup(pToplevel, sqlite3DbFree, pInfo);
+      testcase( pParse->earlyCleanup );
+      if( pParse->db->mallocFailed ) return 0;
      pInfo->pNext = pToplevel->pAinc;
      pToplevel->pAinc = pInfo;
      pInfo->pTab = pTab;