database/sqlite
1
0
Fork 0
mirror of https://github.com/sqlite/sqlite.git synced 2025-08-08 14:02:16 +03:00
Code Activity

Extra defenses against UAF when failing to allocate a transient cursor. No

Browse Source 
known path to a UAF currently exists.  This change just helps with the static
analysis to prove it.

FossilOrigin-Name: bae05811116dae0d05bcc001655416d0316ca1c16cbde2bd49f691c832261b89
This commit is contained in:
drh
2024-10-31 17:23:40 +00:00
parent f5187de2fb
commit d27f6d7881
3 changed files with 9 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/vdbe.c
View File

@@ -4538,9 +4538,11 @@ case OP_OpenEphemeral: { /* ncycle */
}
}
pCx->isOrdered = (pOp->p5!=BTREE_UNORDERED);
assert( p->apCsr[pOp->p1]==pCx );
if( rc ){
assert( !sqlite3BtreeClosesWithCursor(pCx->ub.pBtx, pCx->uc.pCursor) );
sqlite3BtreeClose(pCx->ub.pBtx);
p->apCsr[pOp->p1] = 0; /* Not required; helps with static analysis */
}else{
assert( sqlite3BtreeClosesWithCursor(pCx->ub.pBtx, pCx->uc.pCursor) );
}