In memsys5, initialize new allocations to non-zero bytes. Change the content

of freed allocations to prevent use after free. These changes in SQLITE_DEBUG only. FossilOrigin-Name: ba5f0a5599dece6d8f3dfe652800c28875c74a24
2025-10-31 18:11:01 +03:00 · 2014-02-24 19:07:51 +00:00
parent 15ab9418d9
commit 9d41bc105d
3 changed files with 20 additions and 7 deletions
--- a/12
+++ b/12
@@ -1,5 +1,5 @@
-C Remove\san\sunused\svariable\sfrom\sthe\sVDBE_PROFILE\scompile-time\soption.\s\sKeep\sthe\nopcode\scount\sin\san\su32\sinstead\sof\san\sint.
-D 2014-02-24T14:24:01.038
+C In\smemsys5,\sinitialize\snew\sallocations\sto\snon-zero\sbytes.\s\sChange\sthe\scontent\nof\sfreed\sallocations\sto\sprevent\suse\safter\sfree.\s\sThese\schanges\sin\sSQLITE_DEBUG\nonly.
+D 2014-02-24T19:07:51.519
 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
 F Makefile.in 2ef13430cd359f7b361bb863504e227b25cc7f81
 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
@@ -191,7 +191,7 @@ F src/mem0.c 6a55ebe57c46ca1a7d98da93aaa07f99f1059645
 F src/mem1.c c0c990fcaddff810ea277b4fb5d9138603dd5d4b
 F src/mem2.c dce31758da87ec2cfa52ba4c5df1aed6e07d8e8f
 F src/mem3.c 61c9d47b792908c532ca3a62b999cf21795c6534
-F src/mem5.c 19d9271cb936742707b6118ed44d779657c7c511
+F src/mem5.c aeb019f271ea53de83d651ec526877e6ba863450
 F src/memjournal.c 0683aac6cab6ec2b5374c0db37c0deb2436a3785
 F src/mutex.c d3b66a569368015e0fcb1ac15f81c119f504d3bc
 F src/mutex.h 5bc526e19dccc412b7ff04642f6fdad3fdfdabea
@@ -1151,7 +1151,7 @@ F tool/vdbe_profile.tcl 67746953071a9f8f2f668b73fe899074e2c6d8c1
 F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
 F tool/warnings.sh d1a6de74685f360ab718efda6265994b99bbea01
 F tool/win/sqlite.vsix 030f3eeaf2cb811a3692ab9c14d021a75ce41fff
-P b46d4e8923e6e367412bba7aeac07039bbcbabd1
-R e5107e17f1549034e719556b6caa9337
+P 4df0ac9023d9261145a4425a508ba009a10276fc
+R d75bf2d1dc1afee51bd2a2b5f0c23dc4
 U drh
-Z 29723a7a1d524b99d64cf7ed14fa2052
+Z e260958c722bfd17d5ba07190b7e2529
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-4df0ac9023d9261145a4425a508ba009a10276fc
+ba5f0a5599dece6d8f3dfe652800c28875c74a24
--- a/src/mem5.c
+++ b/src/mem5.c
@@ -275,6 +275,12 @@ static void *memsys5MallocUnsafe(int nByte){
  if( mem5.maxCount<mem5.currentCount ) mem5.maxCount = mem5.currentCount;
  if( mem5.maxOut<mem5.currentOut ) mem5.maxOut = mem5.currentOut;

+#ifdef SQLITE_DEBUG
+  /* Make sure the allocated memory does not assume that it is set to zero
+  ** or retains a value from a previous allocation */
+  memset(&mem5.zPool[i*mem5.szAtom], 0xAA, iFullSz);
+#endif
+
  /* Return a pointer to the allocated memory. */
  return (void*)&mem5.zPool[i*mem5.szAtom];
 }
@@ -332,6 +338,13 @@ static void memsys5FreeUnsafe(void *pOld){
    }
    size *= 2;
  }
+
+#ifdef SQLITE_DEBUG
+  /* Overwrite freed memory with the 0x55 bit pattern to verify that it is
+  ** not used after being freed */
+  memset(&mem5.zPool[iBlock*mem5.szAtom], 0x55, size);
+#endif
+
  memsys5Link(iBlock, iLogsize);
 }