Code changes resulting from Coverity analysis.

http://scan.coverity.com/  Found 1 potential segfault in sqlite3_mprintf().
Also 2 failures to fclose() following a malloc() failure.  And lots of
cases where unnecessary conditionals could be removed from the code. (CVS 3126)

FossilOrigin-Name: e510e6dd9d6261f33b853af3b32d155b9d6b63b3

manifest

@@ -1,5 +1,5 @@
-C Pager\sperformance\senhancements.\s(CVS\s3125)
-D 2006-03-06T18:23:17
+C Code\schanges\sresulting\sfrom\sCoverity\sanalysis.\nhttp://scan.coverity.com/\s\sFound\s1\spotential\ssegfault\sin\ssqlite3_mprintf().\nAlso\s2\sfailures\sto\sfclose()\sfollowing\sa\smalloc()\sfailure.\s\sAnd\slots\sof\ncases\swhere\sunnecessary\sconditionals\scould\sbe\sremoved\sfrom\sthe\scode.\s(CVS\s3126)
+D 2006-03-06T20:55:46
 F Makefile.in 5d8dff443383918b700e495de42ec65bc1c8865b
 F Makefile.linux-gcc 74ba0eadf88748a9ce3fd03d2a3ede2e6715baec
 F README 9c4e2d6706bdcc3efdd773ce752a8cdab4f90028
@@ -34,20 +34,20 @@ F src/alter.c 451b34fc4eb2475ca76a2e86b21e1030a9428091
 F src/analyze.c 7d2b7ab9a9c2fd6e55700f69064dfdd3e36d7a8a
 F src/attach.c d73a3505de3fb9e373d0a158978116c4212031d0
 F src/auth.c 9ae84d2d94eb96195e04515715e08e85963e96c2
-F src/btree.c ffe57d05cf1d4b3f9837c8f1b4015da843a8f287
+F src/btree.c 3f3b6ccdf8ea59dd736bf3f8fb2061947fa4bd4d
 F src/btree.h 40055cfc09defd1146bc5b922399c035f969e56d
-F src/build.c eaf2d4d894e5317fd2de86fe4f1c5f93d9ed3d7b
+F src/build.c 98b458e30906461777ff1e003eef2db14c37314f
 F src/callback.c 1bf497306c32229114f826707054df7ebe10abf2
 F src/complete.c 7d1a44be8f37de125fcafd3d3a018690b3799675
 F src/date.c cd2bd5d1ebc6fa12d6312f69789ae5b0a2766f2e
 F src/delete.c 2dea1a83e6ef534346e74fd03114d3a7b16f08fc
 F src/experimental.c 1b2d1a6cd62ecc39610e97670332ca073c50792b
-F src/expr.c 2d72534daaa1ac7bd8eec1db39536071ada20d41
+F src/expr.c 105e8e17babd4dec832d4a0c88bea12ec074cbbe
 F src/func.c ea1a4480bacfb17f8e08d675313f024fe7136c00
 F src/hash.c 449f3d6620193aa557f5d86cbc5cc6b87702b185
 F src/hash.h 1b3f7e2609141fd571f62199fc38687d262e9564
-F src/insert.c ae51e360d1e710870471fb72d00f84c3d98292a0
-F src/legacy.c 86b669707b3cefd570e34154e2f6457547d1df4f
+F src/insert.c 2b0eb1f7d50b1d94782bac9644b41a53cf65c019
+F src/legacy.c fa15d505dd4e45044177ee4d1c6aeaf8c836d390
 F src/main.c b2fae87237011250f0d553fbcdf80b65a98701fb
 F src/md5.c c5fdfa5c2593eaee2e32a5ce6c6927c986eaf217
 F src/os.c 59f05de8c5777c34876607114a2fbe55ae578235
@@ -59,20 +59,20 @@ F src/os_unix.c 757a7b726764367f7b0595c4302969582c04413d
 F src/os_unix.h 5768d56d28240d3fe4537fac08cc85e4fb52279e
 F src/os_win.c 8ced9ac82670bbf77492961a2f7ff80a87f1404f
 F src/os_win.h 41a946bea10f61c158ce8645e7646b29d44f122b
-F src/pager.c dcc9966177d6fad54aefbcdb4fc49ed2cdda8672
+F src/pager.c 7b1975e2fa56fc3c9859bec321f57cd3d75ec36b
 F src/pager.h 43f32f3847421f7502cfbb66f4eb2302b8033818
 F src/parse.y c2daaa24fa2c8e256af740f29d3d61ac552fbd49
 F src/pragma.c 27d5e395c5d950931c7ac4fe610e7c2993e2fa55
-F src/prepare.c cf0fc8ebaf94409955ecb09ffeb0099c9ef44693
-F src/printf.c cda33918f602ff20bfba3ceae642ac1ed8f476d6
+F src/prepare.c fe3f5b7524575d378e82d3d7d4f1371884087c4e
+F src/printf.c 341e488b549b1a41f83b05a69ce1d7a8258b624c
 F src/random.c d40f8d356cecbd351ccfab6eaedd7ec1b54f5261
-F src/select.c 46e1d5bf796696a10587e981407fd75632fc9ba3
+F src/select.c c196faee625154a40d994be3de0a7725525d8531
 F src/server.c 087b92a39d883e3fa113cae259d64e4c7438bc96
-F src/shell.c 738f55ed75fb36731e764bfdb40756ac43b90b08
+F src/shell.c 7a4b16f85d8f6f25d917cdc3d0f7e18f84867adf
 F src/sqlite.h.in 0bf6f03f9a14dde5f3a4f87471840803acaa4497
 F src/sqliteInt.h ccc6c2351fb454aec927b5da8d83561c7d4b48cd
 F src/table.c f64ec4fbfe333f8df925bc6ba494f55e05b0e75e
-F src/tclsqlite.c cecd84a57914f2d915693276d035b0f6794bb078
+F src/tclsqlite.c 39bb47e9475ae54b896a31c0788747c7304f96b7
 F src/test1.c 9d299609a0ce35157fe15cdf8b4c663db5d40386
 F src/test2.c ca74a1d8aeb7d9606e8f6b762c5daf85c1a3f92b
 F src/test3.c 86e99724ee898b119ed575ef9f98618afe7e5e5d
@@ -84,7 +84,7 @@ F src/test_async.c e3deaedd4d86a56391b81808fde9e44fbd92f1d3
 F src/test_md5.c 6c42bc0a3c0b54be34623ff77a0eec32b2fa96e3
 F src/test_server.c 087b92a39d883e3fa113cae259d64e4c7438bc96
 F src/tokenize.c 382b3bb0ca26eb9153b5d20b246ef512a114a24f
-F src/trigger.c bdead679e3688fa9e3d690ac83e471e1b5358318
+F src/trigger.c 6e63d6d8104a395d6a472d2678a62f1cf6140a6d
 F src/update.c 34add66fcd3301b33b6e4c4c813f4e408f7ee4a0
 F src/utf.c 1d51225bce1ea8d1978e8ab28e862a0c12c7a8e8
 F src/util.c 59389ed717f0fa9d8023b3f482ba09dcf41343a8
@@ -213,7 +213,7 @@ F test/pager2.test 49c0f57c7da0b060f0486b85fdd074025caa694e
 F test/pager3.test 2323bf27fd5bd887b580247e5bce500ceee994b4
 F test/pagesize.test 05c74ea49f790734ec1e9ab765d9bf1cce79b8f2
 F test/pragma.test 745f51617fc8e72c9f202a1149b2b362d030a67c
-F test/printf.test 9e10c74e16bf889f8495ddb3d6f5f891e75ff1b7
+F test/printf.test c89f60e789b0fd9452182a05ed906d417f759ddb
 F test/progress.test 16496001da445e6534afb94562c286708316d82f x
 F test/quick.test e220b3b6e62fe4fb4e2a703ab2ba730fedfe0424
 F test/quote.test 5891f2338980916cf7415484b4ce785294044adb
@@ -284,7 +284,7 @@ F test/where.test ee7c9a6659b07e1ee61177f6e7ff71565ee2c9df
 F test/where2.test fde821b9cb8e20d53ccd2e71482b063c5b1e222a
 F test/where3.test 6356013ce1c8ddc22a65c880dfff2b2c985634cb
 F tool/diffdb.c 7524b1b5df217c20cd0431f6789851a4e0cb191b
-F tool/lemon.c 26d271a753ef87fe1e6194f53c594ab5e6783d85
+F tool/lemon.c b0b881c172b5375444ef1c13d80ab01efec3605e
 F tool/lempar.c 424df14a48736bb961ed47acf30c26d66ed85a62
 F tool/memleak.awk 4e7690a51bf3ed757e611273d43fe3f65b510133
 F tool/memleak2.awk 9cc20c8e8f3c675efac71ea0721ee6874a1566e8
@@ -355,7 +355,7 @@ F www/tclsqlite.tcl bb0d1357328a42b1993d78573e587c6dcbc964b9
 F www/vdbe.tcl 87a31ace769f20d3627a64fa1fade7fed47b90d0
 F www/version3.tcl 890248cf7b70e60c383b0e84d77d5132b3ead42b
 F www/whentouse.tcl 97e2b5cd296f7d8057e11f44427dea8a4c2db513
-P cb2e009f1748e8c4945e85a3d36b4435003412f0
-R a08949d926616be5599aabd575dcd92e
+P 9c26570743d878dee963e37728969fb30a2fb436
+R afb3e1512c75137b9bdb084df031bde0
 U drh
-Z 5dda9791f2fd667e7a224f45611c21fd
+Z 84042fb17c75d08debcf570da364546d

manifest.uuid

@@ -1 +1 @@
-9c26570743d878dee963e37728969fb30a2fb436
+e510e6dd9d6261f33b853af3b32d155b9d6b63b3

src/btree.c

@@ -9,7 +9,7 @@
 **    May you share freely, never taking more than you give.
 **
 *************************************************************************
-** $Id: btree.c,v 1.316 2006/02/24 02:53:50 drh Exp $
+** $Id: btree.c,v 1.317 2006/03/06 20:55:46 drh Exp $
 **
 ** This file implements a external (disk-based) database using BTrees.
 ** For a detailed discussion of BTrees, refer to
@@ -867,7 +867,8 @@ static int ptrmapGet(BtShared *pBt, Pgno key, u8 *pEType, Pgno *pPgno){
   }
 
   offset = PTRMAP_PTROFFSET(pBt, key);
-  if( pEType ) *pEType = pPtrmap[offset];
+  assert( pEType!=0 );
+  *pEType = pPtrmap[offset];
   if( pPgno ) *pPgno = get4byte(&pPtrmap[offset+1]);
 
   sqlite3pager_unref(pPtrmap);
@@ -2463,7 +2464,6 @@ static int autoVacuumCommit(BtShared *pBt, Pgno *nTrunc){
   if( rc!=SQLITE_OK ) goto autovacuum_out;
   put4byte(&pBt->pPage1->aData[32], 0);
   put4byte(&pBt->pPage1->aData[36], 0);
-  if( rc!=SQLITE_OK ) goto autovacuum_out;
   *nTrunc = finSize;
   assert( finSize!=PENDING_BYTE_PAGE(pBt) );
 
@@ -4093,6 +4093,7 @@ static int reparentPage(BtShared *pBt, Pgno pgno, MemPage *pNewParent, int idx){
   MemPage *pThis;
   unsigned char *aData;
 
+  assert( pNewParent!=0 );
   if( pgno==0 ) return SQLITE_OK;
   assert( pBt->pPager!=0 );
   aData = sqlite3pager_lookup(pBt->pPager, pgno);
@@ -4103,7 +4104,7 @@ static int reparentPage(BtShared *pBt, Pgno pgno, MemPage *pNewParent, int idx){
       if( pThis->pParent!=pNewParent ){
         if( pThis->pParent ) sqlite3pager_unref(pThis->pParent->aData);
         pThis->pParent = pNewParent;
-        if( pNewParent ) sqlite3pager_ref(pNewParent->aData);
+        sqlite3pager_ref(pNewParent->aData);
       }
       pThis->idxParent = idx;
     }

src/build.c

@@ -22,7 +22,7 @@
 **     COMMIT
 **     ROLLBACK
 **
-** $Id: build.c,v 1.389 2006/02/24 02:53:50 drh Exp $
+** $Id: build.c,v 1.390 2006/03/06 20:55:46 drh Exp $
 */
 #include "sqliteInt.h"
 #include <ctype.h>
@@ -3108,7 +3108,7 @@ static void reindexDatabases(Parse *pParse, char const *zColl){
   Table *pTab;                /* A table in the database */
 
   for(iDb=0, pDb=db->aDb; iDb<db->nDb; iDb++, pDb++){
-    if( pDb==0 ) continue;
+    assert( pDb!=0 );
     for(k=sqliteHashFirst(&pDb->pSchema->tblHash);  k; k=sqliteHashNext(k)){
       pTab = (Table*)sqliteHashData(k);
       reindexTable(pParse, pTab, zColl);

src/expr.c

@@ -12,7 +12,7 @@
 ** This file contains routines used for analyzing expressions and
 ** for generating VDBE code that evaluates expressions in SQLite.
 **
-** $Id: expr.c,v 1.255 2006/03/02 04:44:24 drh Exp $
+** $Id: expr.c,v 1.256 2006/03/06 20:55:46 drh Exp $
 */
 #include "sqliteInt.h"
 #include <ctype.h>
@@ -841,11 +841,13 @@ static int lookupName(
 
     if( pSrcList ){
       for(i=0, pItem=pSrcList->a; i<pSrcList->nSrc; i++, pItem++){
-        Table *pTab = pItem->pTab;
-        int iDb = sqlite3SchemaToIndex(db, pTab->pSchema);
+        Table *pTab;
+        int iDb;
         Column *pCol;
   
-        if( pTab==0 ) continue;
+        pTab = pItem->pTab;
+        assert( pTab!=0 );
+        iDb = sqlite3SchemaToIndex(db, pTab->pSchema);
         assert( pTab->nCol>0 );
         if( zTab ){
           if( pItem->zAlias ){

src/insert.c

@@ -12,7 +12,7 @@
 ** This file contains C code routines that are called by the parser
 ** to handle INSERT statements in SQLite.
 **
-** $Id: insert.c,v 1.162 2006/02/24 02:53:50 drh Exp $
+** $Id: insert.c,v 1.163 2006/03/06 20:55:46 drh Exp $
 */
 #include "sqliteInt.h"
 
@@ -269,7 +269,7 @@ void sqlite3Insert(
   if( sqlite3IsReadOnly(pParse, pTab, triggers_exist) ){
     goto insert_cleanup;
   }
-  if( pTab==0 ) goto insert_cleanup;
+  assert( pTab!=0 );
 
   /* If pTab is really a view, make sure it has been initialized.
   */

src/legacy.c

@@ -14,7 +14,7 @@
 ** other files are for internal use by SQLite and should not be
 ** accessed by users of the library.
 **
-** $Id: legacy.c,v 1.13 2006/01/23 13:14:55 drh Exp $
+** $Id: legacy.c,v 1.14 2006/03/06 20:55:46 drh Exp $
 */
 
 #include "sqliteInt.h"
@@ -54,8 +54,8 @@ int sqlite3_exec(
 
     pStmt = 0;
     rc = sqlite3_prepare(db, zSql, -1, &pStmt, &zLeftover);
+    assert( rc==SQLITE_OK || pStmt==0 );
     if( rc!=SQLITE_OK ){
-      if( pStmt ) sqlite3_finalize(pStmt);
       continue;
     }
     if( !pStmt ){

src/pager.c

@@ -18,7 +18,7 @@
 ** file simultaneously, or one process from reading the database while
 ** another is writing.
 **
-** @(#) $Id: pager.c,v 1.261 2006/03/06 18:23:17 drh Exp $
+** @(#) $Id: pager.c,v 1.262 2006/03/06 20:55:46 drh Exp $
 */
 #ifndef SQLITE_OMIT_DISKIO
 #include "sqliteInt.h"
@@ -1302,9 +1302,6 @@ static int pager_playback(Pager *pPager){
       pPager->dbSize = mxPg;
     }
 
-    /* rc = sqlite3OsSeek(pPager->jfd, JOURNAL_HDR_SZ(pPager)); */
-    if( rc!=SQLITE_OK ) goto end_playback;
-  
     /* Copy original pages out of the journal and back into the database file.
     */
     for(i=0; i<nRec; i++){
@@ -3153,8 +3150,9 @@ void sqlite3pager_dont_write(Pager *pPager, Pgno pgno){
   if( MEMDB ) return;
 
   pPg = pager_lookup(pPager, pgno);
+  assert( pPg!=0 );  /* We never call _dont_write unless the page is in mem */
   pPg->alwaysRollback = 1;
-  if( pPg && pPg->dirty && !pPager->stmtInUse ){
+  if( pPg->dirty && !pPager->stmtInUse ){
     if( pPager->dbSize==(int)pPg->pgno && pPager->origDbSize<pPager->dbSize ){
       /* If this pages is the last page in the file and the file has grown
       ** during the current transaction, then do NOT mark the page as clean.

src/prepare.c

@@ -13,7 +13,7 @@
 ** interface, and routines that contribute to loading the database schema
 ** from disk.
 **
-** $Id: prepare.c,v 1.31 2006/02/10 02:27:43 danielk1977 Exp $
+** $Id: prepare.c,v 1.32 2006/03/06 20:55:46 drh Exp $
 */
 #include "sqliteInt.h"
 #include "os.h"
@@ -74,6 +74,7 @@ int sqlite3InitCallback(void *pInit, int argc, char **argv, char **azColName){
     db->init.newTnum = atoi(argv[1]);
     rc = sqlite3_exec(db, argv[2], 0, 0, &zErr);
     db->init.iDb = 0;
+    assert( rc!=SQLITE_OK || zErr==0 );
     if( SQLITE_OK!=rc ){
       if( rc==SQLITE_NOMEM ){
         sqlite3FailedMalloc();

src/printf.c

@@ -340,6 +340,10 @@ static int vxprintf(
       }
     }
     zExtra = 0;
+    if( infop==0 ){
+      return -1;
+    }
+
 
     /* Limit the precision to prevent overflowing buf[] during conversion */
     if( precision>etBUFSIZE-40 && (infop->flags & FLAG_STRING)==0 ){

src/select.c

@@ -12,7 +12,7 @@
 ** This file contains C code routines that are called by the parser
 ** to handle SELECT statements in SQLite.
 **
-** $Id: select.c,v 1.305 2006/02/24 02:53:50 drh Exp $
+** $Id: select.c,v 1.306 2006/03/06 20:55:46 drh Exp $
 */
 #include "sqliteInt.h"
 
@@ -2687,7 +2687,8 @@ static void updateAccumulator(Parse *pParse, AggInfo *pAggInfo){
       CollSeq *pColl = 0;
       struct ExprList_item *pItem;
       int j;
-      for(j=0, pItem=pList->a; !pColl && j<pList->nExpr; j++, pItem++){
+      assert( pList!=0 );  /* pList!=0 if pF->pFunc->needCollSeq is true */
+      for(j=0, pItem=pList->a; !pColl && j<nArg; j++, pItem++){
         pColl = sqlite3ExprCollSeq(pParse, pItem->pExpr);
       }
       if( !pColl ){

src/shell.c

@@ -12,7 +12,7 @@
 ** This file contains code to implement the "sqlite" command line
 ** utility for accessing SQLite databases.
 **
-** $Id: shell.c,v 1.133 2006/01/31 19:31:44 drh Exp $
+** $Id: shell.c,v 1.134 2006/03/06 20:55:46 drh Exp $
 */
 #include <stdlib.h>
 #include <string.h>
@@ -62,7 +62,7 @@ static sqlite3 *db = 0;
 /*
 ** True if an interrupt (Control-C) has been received.
 */
-static int seenInterrupt = 0;
+static volatile int seenInterrupt = 0;
 
 /*
 ** This is the name of our program. It is set in main(), used
@@ -1074,7 +1074,10 @@ static int do_meta_command(char *zLine, struct callback_data *p){
       return 0;
     }
     azCol = malloc( sizeof(azCol[0])*(nCol+1) );
-    if( azCol==0 ) return 0;
+    if( azCol==0 ){
+      fclose(in);
+      return 0;
+    }
     sqlite3_exec(p->db, "BEGIN", 0, 0, 0);
     zCommit = "COMMIT";
     while( (zLine = local_getline(0, in))!=0 ){
@@ -1371,6 +1374,7 @@ static int do_meta_command(char *zLine, struct callback_data *p){
 
   if( c=='w' && strncmp(azArg[0], "width", n)==0 ){
     int j;
+    assert( nArg<=ArraySize(azArg) );
     for(j=1; j<nArg && j<ArraySize(p->colWidth); j++){
       p->colWidth[j-1] = atoi(azArg[j]);
     }
@@ -1560,7 +1564,7 @@ static void process_sqliterc(
 ){
   char *home_dir = NULL;
   const char *sqliterc = sqliterc_override;
-  char *zBuf;
+  char *zBuf = 0;
   FILE *in = NULL;
 
   if (sqliterc == NULL) {
@@ -1586,6 +1590,7 @@ static void process_sqliterc(
     process_input(p,in);
     fclose(in);
   }
+  free(zBuf);
   return;
 }
 

src/tclsqlite.c

@@ -11,7 +11,7 @@
 *************************************************************************
 ** A TCL Interface to SQLite
 **
-** $Id: tclsqlite.c,v 1.152 2006/03/03 20:32:19 drh Exp $
+** $Id: tclsqlite.c,v 1.153 2006/03/06 20:55:46 drh Exp $
 */
 #ifndef NO_TCL     /* Omit this whole file if TCL is unavailable */
 
@@ -1085,6 +1085,7 @@ static int DbObjCmd(void *cd, Tcl_Interp *interp, int objc,Tcl_Obj *const*objv){
     azCol = malloc( sizeof(azCol[0])*(nCol+1) );
     if( azCol==0 ) {
       Tcl_AppendResult(interp, "Error: can't malloc()", 0);
+      fclose(in);
       return TCL_ERROR;
     }
     sqlite3_exec(pDb->db, "BEGIN", 0, 0, 0);

src/trigger.c

@@ -60,9 +60,11 @@ void sqlite3BeginTrigger(
   DbFixer sFix;
   int iTabDb;
 
+  assert( pName1!=0 );   /* pName1->z might be NULL, but not pName1 itself */
+  assert( pName2!=0 );
   if( isTemp ){
     /* If TEMP was specified, then the trigger name may not be qualified. */
-    if( pName2 && pName2->n>0 ){
+    if( pName2->n>0 ){
       sqlite3ErrorMsg(pParse, "temporary trigger may not have qualified name");
       goto trigger_cleanup;
     }
@@ -505,7 +507,8 @@ void sqlite3DropTriggerPtr(Parse *pParse, Trigger *pTrigger){
 
   /* Generate code to destroy the database record of the trigger.
   */
-  if( pTable!=0 && (v = sqlite3GetVdbe(pParse))!=0 ){
+  assert( pTable!=0 );
+  if( (v = sqlite3GetVdbe(pParse))!=0 ){
     int base;
     static const VdbeOpList dropTrigger[] = {
       { OP_Rewind,     0, ADDR(9),  0},

test/printf.test

@@ -11,7 +11,7 @@
 # This file implements regression tests for SQLite library.  The
 # focus of this file is testing the sqlite_*_printf() interface.
 #
-# $Id: printf.test,v 1.19 2005/09/06 21:40:45 drh Exp $
+# $Id: printf.test,v 1.20 2006/03/06 20:55:46 drh Exp $
 
 set testdir [file dirname $argv0]
 source $testdir/tester.tcl
@@ -167,8 +167,8 @@ do_test printf-9.5 {
   sqlite3_mprintf_int {%d %*c} 1 -201 67
 } "1 C$fifty$fifty$fifty$fifty"
 do_test printf-9.6 {
-  sqlite3_mprintf_int {%yhello} 0 0 0
-} {%}
+  sqlite3_mprintf_int {hi%12345.12346yhello} 0 0 0
+} {hi}
 
 # Ticket #812
 #

tool/lemon.c

@@ -1747,6 +1747,7 @@ FILE *err;
   int j;
   int errcnt = 0;
   cp = strchr(argv[i],'=');
+  assert( cp!=0 );
   *cp = 0;
   for(j=0; op[j].label; j++){
     if( strcmp(argv[i],op[j].label)==0 ) break;