database/sqlite
1
0
Fork 0
mirror of https://github.com/sqlite/sqlite.git synced 2025-08-07 02:42:48 +03:00
Code Activity

Fix a potential null-pointer dereference and crash in the case where one

Browse Source 
thread is calling sqlite3_column_text() and another thread is calling
sqlite3_step() on the same prepared statement at the same instant.

FossilOrigin-Name: ee1382a36303eff8d94275ac3b12e5ce398ee620
This commit is contained in:
drh
2016-09-22 21:37:18 +00:00
parent 511f9e8d29
commit 28f17017ee
3 changed files with 14 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/vdbeapi.c
View File

@@ -952,14 +952,13 @@ static Mem *columnMem(sqlite3_stmt *pStmt, int i){
Mem *pOut;
pVm = (Vdbe *)pStmt;
if( pVm && pVm->pResultSet!=0 && i<pVm->nResColumn && i>=0 ){
sqlite3_mutex_enter(pVm->db->mutex);
if( pVm==0 ) return (Mem*)columnNullValue();
assert( pVm->db );
sqlite3_mutex_enter(pVm->db->mutex);
if( pVm->pResultSet!=0 && i<pVm->nResColumn && i>=0 ){
pOut = &pVm->pResultSet[i];
}else{
if( pVm && ALWAYS(pVm->db) ){
sqlite3_mutex_enter(pVm->db->mutex);
sqlite3Error(pVm->db, SQLITE_RANGE);
}
sqlite3Error(pVm->db, SQLITE_RANGE);
pOut = (Mem*)columnNullValue();
}
return pOut;
@@ -992,6 +991,8 @@ static void columnMallocFailure(sqlite3_stmt *pStmt)
*/
Vdbe *p = (Vdbe *)pStmt;
if( p ){
assert( p->db!=0 );
assert( sqlite3_mutex_held(p->db->mutex) );
p->rc = sqlite3ApiExit(p->db, p->rc);
sqlite3_mutex_leave(p->db->mutex);
}