Add a missing memAboutToChange() macro to vdbe.c, the lack of which was causing an assert() to fail incorrectly. Problem found by libfuzzer.

FossilOrigin-Name: 1a24791109da607d502ac41f179fe6c1dc46c774
2025-08-08 14:02:16 +03:00 · 2015-12-14 19:42:19 +00:00
parent 0f308f5d47
commit b1d6b53694
4 changed files with 25 additions and 8 deletions
--- a/14
+++ b/14
@@ -1,5 +1,5 @@
-C Add\sa\snew\sassert()\sstatement\sto\sthe\ssnapshot-specific\spart\sof\ssqlite3WalBeginReadTrans().
-D 2015-12-11T14:59:49.435
+C Add\sa\smissing\smemAboutToChange()\smacro\sto\svdbe.c,\sthe\slack\sof\swhich\swas\scausing\san\sassert()\sto\sfail\sincorrectly.\sProblem\sfound\sby\slibfuzzer.
+D 2015-12-14T19:42:19.129
 F Makefile.in 28bcd6149e050dff35d4dcfd97e890cd387a499d
 F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434
 F Makefile.msc e8fdca1cb89a1b58b5f4d3a130ea9a3d28cb314d
@@ -404,7 +404,7 @@ F src/update.c 17332f9fe818cbc0444c36a811800af8498af4c3
 F src/utf.c fc6b889ba0779b7722634cdeaa25f1930d93820c
 F src/util.c e802e8e311a0d6c48cd1b3e89db164f6f0248d70
 F src/vacuum.c 2ddd5cad2a7b9cef7f9e431b8c7771634c6b1701
-F src/vdbe.c 4d75375fa8bf911aa76ab8383d6f7eea0dec0fda
+F src/vdbe.c 0bc683e68a71d5151898b6b13cfeb277337335a4
 F src/vdbe.h efb7a8c1459e31f3ea4377824c6a7e4cb5068637
 F src/vdbeInt.h 75c2e82ee3357e9210c06474f8d9bdf12c81105d
 F src/vdbeapi.c 020681b943e77766b32ae1cddf86d7831b7374ca
@@ -1336,7 +1336,7 @@ F test/wild001.test bca33f499866f04c24510d74baf1e578d4e44b1c
 F test/win32heap.test ea19770974795cff26e11575e12d422dbd16893c
 F test/win32lock.test fbf107c91d8f5512be5a5b87c4c42ab9fdd54972
 F test/win32longpath.test 169c75a3b2e43481f4a62122510210c67b08f26d
-F test/with1.test 05c8fc7f809f178a8a0519f02c21fe430948c895
+F test/with1.test cef099a491eac9874f2c28bd2dc86394fb3e47b3
 F test/with2.test 2b40da883658eb74ad8ad06afabe11a408e7fb87
 F test/with3.test 511bacdbe41c49cf34f9fd1bd3245fe1575bca98
 F test/withM.test e97f2a8c506ab3ea9eab94e6f6072f6cc924c991
@@ -1410,7 +1410,7 @@ F tool/vdbe_profile.tcl 246d0da094856d72d2c12efec03250d71639d19f
 F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
 F tool/warnings.sh 48bd54594752d5be3337f12c72f28d2080cb630b
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
-P e998513e442ce1206b12dc28bdc996d7b5f9f94d
-R a4790a1ff73d4c37057dc2f097901685
+P d8a12023be32bdc6df18b0a5f38b917799854342
+R 3b6b45a5cba8add1b51b23a25852ed5f
 U dan
-Z 708cca6403fc05264746d6ebc901db59
+Z 6f448ee5f1ec122055dafde44e32aab7
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-d8a12023be32bdc6df18b0a5f38b917799854342
+1a24791109da607d502ac41f179fe6c1dc46c774
--- a/src/vdbe.c
+++ b/src/vdbe.c
@@ -1981,6 +1981,7 @@ case OP_Ge: {             /* same as TK_GE, jump, in1, in3 */
      */
      if( pOp->p5 & SQLITE_STOREP2 ){
        pOut = &aMem[pOp->p2];
+        memAboutToChange(p, pOut);
        MemSetTypeFlag(pOut, MEM_Null);
        REGISTER_TRACE(pOp->p2, pOut);
      }else{
--- a/test/with1.test
+++ b/test/with1.test
@@ -975,4 +975,20 @@ do_execsql_test 17.9 {
  SELECT * FROM x4;
 } {10 11}

+# Added to test a fix to a faulty assert() discovered by libFuzzer.
+#
+do_execsql_test 18.1 {
+  WITH xyz(x) AS (VALUES(NULL) UNION SELECT round(1<x) FROM xyz ORDER BY 1)
+  SELECT quote(x) FROM xyz;
+} {NULL}
+do_execsql_test 18.2 {
+  WITH xyz(x) AS (
+    SELECT printf('%d', 5) * NULL
+    UNION SELECT round(1<1+x) 
+    FROM xyz ORDER BY 1
+  )
+  SELECT 1 FROM xyz;
+} 1
+
+
 finish_test