Fix a potential use-after-free following an OOM in sqlite3ParserAddCleanup()

and add a mechanism to detect situations where this might occur in the future. FossilOrigin-Name: 38ef8ab9830e12acd2c710e113939b1f8dced02612c6933c37a3c948a4030d0a
2025-11-11 01:42:22 +03:00 · 2021-01-12 15:30:01 +00:00
parent cf3c078f93
commit 21d4f5b53a
6 changed files with 36 additions and 19 deletions
--- a/src/select.c
+++ b/src/select.c
@@ -4143,6 +4143,7 @@ static int flattenSubquery(
      sqlite3ParserAddCleanup(pToplevel, 
         (void(*)(sqlite3*,void*))sqlite3DeleteTable,
         pTabToDel);
+      testcase( pToplevel->earlyCleanup );
    }else{
      pTabToDel->nTabRef--;
    }
@@ -4865,6 +4866,7 @@ void sqlite3WithPush(Parse *pParse, With *pWith, u8 bFree){
      sqlite3ParserAddCleanup(pParse, 
         (void(*)(sqlite3*,void*))sqlite3WithDelete,
         pWith);
+      testcase( pParse->earlyCleanup );
    }
  }
 }