diff --git a/manifest b/manifest index b54e84e36c..eed416503b 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Lift\sdocListMerge()\scall\sout\sof\sloadSegmentLeavesInt()\sfor\sprefix\nsearch.\s\sDoclists\sfrom\smultiple\sprefix\smatches\swill\sneed\sa\sunion\smerge\nfunction,\swhich\swill\shave\sto\slogically\shappen\sacross\sa\ssegment\sbefore\ndoclists\sare\smerged\sbetween\ssegments.\s(CVS\s3887) -D 2007-04-30T17:52:52 +C Fix\sa\spotential\ssegfault\sfollowing\sa\smalloc()\sfailure\sduring\sa\scall\nto\ssqlite3_prepare()\swhere\sthe\snBytes\sparameter\sis\spositive\sbut\sless\sthan\nthe\slength\sof\sthe\sinput\sSQL\sstring.\s(CVS\s3888) +D 2007-04-30T21:39:16 F Makefile.in 8cab54f7c9f5af8f22fd97ddf1ecfd1e1860de62 F Makefile.linux-gcc 2d8574d1ba75f129aba2019f0b959db380a90935 F README 9c4e2d6706bdcc3efdd773ce752a8cdab4f90028 @@ -91,7 +91,7 @@ F src/pager.c 48b1ebe8c9bcd8a9544ebef13c85547f28e8bb6b F src/pager.h d652ddf092d2318d00e41f8539760fe8e57c157c F src/parse.y a3940369e12c69c4968aa580cdc74cf73a664980 F src/pragma.c 4fdefc03c3fd0ee87f8aad82bf80ba9bf1cdf416 -F src/prepare.c 4cb9c9eb926e8baf5652ca4b4f2416f53f5b5370 +F src/prepare.c 03277063bc4f5860efbf23548fa0123ac0f6eaec F src/printf.c 0c6f40648770831341ac45ab32423a80b4c87f05 F src/random.c 6119474a6f6917f708c1dee25b9a8e519a620e88 F src/select.c b914abca0ba28893e7fb7c7fb97a05e240e2ce8b @@ -275,7 +275,8 @@ F test/malloc4.test 59cd02f71b363302a04c4e77b97c0a1572eaa210 F test/malloc5.test f228cb7101ae403327824d327a1f5651d83ef0f2 F test/malloc6.test 025ae0b78542e0ddd000d23f79d93e9be9ba0f15 F test/malloc7.test 1cf52834509eac7ebeb92105dacd4669f9ca9869 -F test/malloc8.test ede3231e1d9359b3c618357e49cb1c62267382e7 +F test/malloc8.test c46bb15d03370a6740be49cb6cb5403ce711ff19 +F test/malloc9.test 8381041fd89c31fba60c8a1a1c776bb022108572 F test/manydb.test 8de36b8d33aab5ef295b11d9e95310aeded31af8 F test/memdb.test a67bda4ff90a38f2b19f6c7f95aa7289e051d893 F test/memleak.test d2d2a1ff7105d32dc3fdf691458cf6cba58c7217 @@ -465,7 +466,7 @@ F www/tclsqlite.tcl bb0d1357328a42b1993d78573e587c6dcbc964b9 F www/vdbe.tcl 87a31ace769f20d3627a64fa1fade7fed47b90d0 F www/version3.tcl 890248cf7b70e60c383b0e84d77d5132b3ead42b F www/whentouse.tcl fc46eae081251c3c181bd79c5faef8195d7991a5 -P 8cccec68bd9073b2b19d3d31cf0b77b0ce76172e -R 7069672da6b54cde9af80d1ef9e46049 -U shess -Z 8a2908873a8cd6c0a742806cb3215c42 +P 7ddb82668906e33e2d6a796f2da1795032e036d5 +R 6c84bdbf40bcc10c544725efed0e51c5 +U drh +Z dbcc6f5007a9724aa47f910a6b885e46 diff --git a/manifest.uuid b/manifest.uuid index c9a7edcd4a..294d6b5d67 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -7ddb82668906e33e2d6a796f2da1795032e036d5 \ No newline at end of file +27bf3fc3cf3c9c7acdbf9281a4669c9f642b0097 \ No newline at end of file diff --git a/src/prepare.c b/src/prepare.c index cc1055f1c4..c711c2f7a5 100644 --- a/src/prepare.c +++ b/src/prepare.c @@ -13,7 +13,7 @@ ** interface, and routines that contribute to loading the database schema ** from disk. ** -** $Id: prepare.c,v 1.46 2007/04/19 11:09:01 danielk1977 Exp $ +** $Id: prepare.c,v 1.47 2007/04/30 21:39:16 drh Exp $ */ #include "sqliteInt.h" #include "os.h" @@ -491,9 +491,11 @@ int sqlite3Prepare( sParse.db = db; if( nBytes>=0 && zSql[nBytes]!=0 ){ char *zSqlCopy = sqlite3StrNDup(zSql, nBytes); - sqlite3RunParser(&sParse, zSqlCopy, &zErrMsg); - sParse.zTail += zSql - zSqlCopy; - sqliteFree(zSqlCopy); + if( zSqlCopy ){ + sqlite3RunParser(&sParse, zSqlCopy, &zErrMsg); + sqliteFree(zSqlCopy); + } + sParse.zTail = &zSql[nBytes]; }else{ sqlite3RunParser(&sParse, zSql, &zErrMsg); } diff --git a/test/malloc8.test b/test/malloc8.test index e624ca0946..071861942c 100644 --- a/test/malloc8.test +++ b/test/malloc8.test @@ -1,4 +1,4 @@ -# 2006 July 26 +# 2007 April 25 # # The author disclaims copyright to this source code. In place of # a legal notice, here is a blessing: @@ -11,7 +11,7 @@ # This file contains additional out-of-memory checks (see malloc.tcl) # added to expose a bug in out-of-memory handling for sqlite3_value_text() # -# $Id: malloc8.test,v 1.1 2007/04/25 18:23:53 drh Exp $ +# $Id: malloc8.test,v 1.2 2007/04/30 21:39:16 drh Exp $ set testdir [file dirname $argv0] source $testdir/tester.tcl diff --git a/test/malloc9.test b/test/malloc9.test new file mode 100644 index 0000000000..5df82e4e1e --- /dev/null +++ b/test/malloc9.test @@ -0,0 +1,142 @@ +# 2007 April 30 +# +# The author disclaims copyright to this source code. In place of +# a legal notice, here is a blessing: +# +# May you do good and not evil. +# May you find forgiveness for yourself and forgive others. +# May you share freely, never taking more than you give. +# +#*********************************************************************** +# This file contains additional out-of-memory checks (see malloc.tcl) +# added to expose a bug in out-of-memory handling for sqlite3_prepare(). +# +# $Id: malloc9.test,v 1.1 2007/04/30 21:39:16 drh Exp $ + +set testdir [file dirname $argv0] +source $testdir/tester.tcl + +# Only run these tests if memory debugging is turned on. +# +if {[info command sqlite_malloc_stat]==""} { + puts "Skipping malloc tests: not compiled with -DSQLITE_MEMDEBUG..." + finish_test + return +} + +# Usage: do_malloc_test +# +# The first argument, , is an integer used to name the +# tests executed by this proc. Options are as follows: +# +# -tclprep TCL script to run to prepare test. +# -sqlprep SQL script to run to prepare test. +# -tclbody TCL script to run with malloc failure simulation. +# -sqlbody TCL script to run with malloc failure simulation. +# -cleanup TCL script to run after the test. +# +# This command runs a series of tests to verify SQLite's ability +# to handle an out-of-memory condition gracefully. It is assumed +# that if this condition occurs a malloc() call will return a +# NULL pointer. Linux, for example, doesn't do that by default. See +# the "BUGS" section of malloc(3). +# +# Each iteration of a loop, the TCL commands in any argument passed +# to the -tclbody switch, followed by the SQL commands in any argument +# passed to the -sqlbody switch are executed. Each iteration the +# Nth call to sqliteMalloc() is made to fail, where N is increased +# each time the loop runs starting from 1. When all commands execute +# successfully, the loop ends. +# +proc do_malloc_test {tn args} { + array unset ::mallocopts + array set ::mallocopts $args + + set ::go 1 + for {set ::n 1} {$::go && $::n < 50000} {incr ::n} { + do_test malloc9-$tn.$::n { + + sqlite_malloc_fail 0 + catch {db close} + catch {file delete -force test.db} + catch {file delete -force test.db-journal} + sqlite3 db test.db + set ::DB [sqlite3_connection_pointer db] + + # Execute any -tclprep and -sqlprep scripts. + # + if {[info exists ::mallocopts(-tclprep)]} { + eval $::mallocopts(-tclprep) + } + if {[info exists ::mallocopts(-sqlprep)]} { + execsql $::mallocopts(-sqlprep) + } + + # Now set the ${::n}th malloc() to fail and execute the -tclbody and + # -sqlbody scripts. + # + sqlite_malloc_fail $::n + set ::mallocbody {} + if {[info exists ::mallocopts(-tclbody)]} { + append ::mallocbody "$::mallocopts(-tclbody)\n" + } + if {[info exists ::mallocopts(-sqlbody)]} { + append ::mallocbody "db eval {$::mallocopts(-sqlbody)}" + } + set v [catch $::mallocbody msg] + + # If the test fails (if $v!=0) and the database connection actually + # exists, make sure the failure code is SQLITE_NOMEM. + if {$v && [info command db]=="db" && [info exists ::mallocopts(-sqlbody)] + && [db errorcode]!=7} { + set v 999 + } + + set leftover [lindex [sqlite_malloc_stat] 2] + if {$leftover>0} { + if {$leftover>1} {puts "\nLeftover: $leftover\nReturn=$v Message=$msg"} + set ::go 0 + if {$v} { + puts "\nError message returned: $msg" + } else { + set v {1 1} + } + } else { + set v2 [expr {$msg=="" || [regexp {out of memory} $msg]}] + if {!$v2} {puts "\nError message returned: $msg"} + lappend v $v2 + } + } {1 1} + + if {[info exists ::mallocopts(-cleanup)]} { + catch [list uplevel #0 $::mallocopts(-cleanup)] msg + } + } + unset ::mallocopts +} + + +do_malloc_test 1 -tclprep { + set sql {CREATE TABLE t1(x)} + set sqlbytes [string length $sql] + append sql {; INSERT INTO t1 VALUES(1)} +} -tclbody { + if {[catch {sqlite3_prepare db $sql $sqlbytes TAIL} STMT]} { + set msg $STMT + set STMT {} + error $msg + } +} -cleanup { + if {$STMT!=""} { + sqlite3_finalize $STMT + } +} + +# Ensure that no file descriptors were leaked. +do_test malloc-99.X { + catch {db close} + set sqlite_open_file_count +} {0} + +sqlite_malloc_fail 0 +finish_test