From d8260fd1e3fe1a21dd595b95f91137448d2331ca Mon Sep 17 00:00:00 2001
From: dan <dan@noemail.net>
Date: Mon, 17 Nov 2014 15:07:40 +0000
Subject: [PATCH] Fix a problem with the parameters to an OP_Affinity in one of
 the VM programs generated by sqlite3_index_writer() that was causing an OOB
 read.

FossilOrigin-Name: 447b33b34a9836992f5a8d50cd8647a10435c144
---
 ext/ota/ota7.test | 51 +++++++++++++++++++++++++++++++++++++++++++++++
 manifest          | 13 ++++++------
 manifest.uuid     |  2 +-
 src/vdbeblob.c    |  2 +-
 4 files changed, 60 insertions(+), 8 deletions(-)
 create mode 100644 ext/ota/ota7.test

diff --git a/ext/ota/ota7.test b/ext/ota/ota7.test
new file mode 100644
index 0000000000..18bece567a
--- /dev/null
+++ b/ext/ota/ota7.test
@@ -0,0 +1,51 @@
+# 2014 October 21
+#
+# The author disclaims copyright to this source code.  In place of
+# a legal notice, here is a blessing:
+#
+#    May you do good and not evil.
+#    May you find forgiveness for yourself and forgive others.
+#    May you share freely, never taking more than you give.
+#
+#***********************************************************************
+#
+# This file contains tests for the OTA module. Specifically, it tests the
+# that affinities are correctly applied to values within the OTA database.
+#
+
+if {![info exists testdir]} {
+  set testdir [file join [file dirname [info script]] .. .. test]
+}
+source $testdir/tester.tcl
+set ::testprefix ota7
+
+do_test 1.0 {
+  execsql {
+    CREATE TABLE t1(a INT PRIMARY KEY, b) WITHOUT ROWID;
+    INSERT INTO t1 VALUES(1, 'abc');
+    INSERT INTO t1 VALUES(2, 'def');
+  }
+
+  forcedelete ota.db
+  sqlite3 ota ota.db
+  ota eval {
+    CREATE TABLE data_t1(a, b, ota_control);
+    INSERT INTO data_t1 VALUES('1', NULL, 1);
+  }
+  ota close
+} {}
+
+do_test 1.1 {
+  sqlite3ota ota test.db ota.db
+  while { [ota step]=="SQLITE_OK" } {}
+  ota close
+} {SQLITE_DONE}
+
+sqlite3 db test.db
+do_execsql_test 1.2 {
+  SELECT * FROM t1
+} {2 def}
+
+finish_test
+
+
diff --git a/manifest b/manifest
index 255e93be86..73890afec0 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Add\stests\sto\scheck\serror\shandling\sin\sOTA.
-D 2014-10-22T15:33:12.681
+C Fix\sa\sproblem\swith\sthe\sparameters\sto\san\sOP_Affinity\sin\sone\sof\sthe\sVM\sprograms\sgenerated\sby\ssqlite3_index_writer()\sthat\swas\scausing\san\sOOB\sread.
+D 2014-11-17T15:07:40.515
 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
 F Makefile.in cf57f673d77606ab0f2d9627ca52a9ba1464146a
 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
@@ -130,6 +130,7 @@ F ext/ota/ota3.test 215dd4a8e238567e0f890a5139b6fdf5494ef311
 F ext/ota/ota4.test 60f897f329a6782ef2f24862640acf3c52e48077
 F ext/ota/ota5.test ad0799daf8923ddebffe75ae8c5504ca90b7fadb
 F ext/ota/ota6.test 82f1f757ec9b2ad07d6de4060b8e3ba8e44dfdd3
+F ext/ota/ota7.test feba6072af04bc4bee192f7576aac60cef6a4727
 F ext/ota/otafault.test be02466863015a583cc0ceb6aca871a5e6f7a71b
 F ext/ota/sqlite3ota.c c7f8cdf55449b5169f79632e78f8e5049abf904c
 F ext/ota/sqlite3ota.h 7b20abe9247d292429d00f0a5c237ff6e0dc0196
@@ -305,7 +306,7 @@ F src/vdbe.h 09f5b4e3719fa454f252322b1cdab5cf1f361327
 F src/vdbeInt.h e2a060a55ee18a6ab973353a5e2ec7ee569bf787
 F src/vdbeapi.c 37a6c6ae284a97bcace365f2f0a225680c0499d9
 F src/vdbeaux.c edbb7a9c8b2a8f7a68ac75c2475edd4040266b76
-F src/vdbeblob.c a8e2c3baa3e7081347c4677185a631bfc43de043
+F src/vdbeblob.c 42b1854c42dc7b7f53c9ff1a4b90d24b2daeee5b
 F src/vdbemem.c 31d8eabb0cd78bfeab4e5124c7363c3e9e54db9f
 F src/vdbesort.c 975aeffa99acb0991b2f288d30294756bff41438
 F src/vdbetrace.c 7e4222955e07dd707a2f360c0eb73452be1cb010
@@ -1216,7 +1217,7 @@ F tool/vdbe_profile.tcl 67746953071a9f8f2f668b73fe899074e2c6d8c1
 F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
 F tool/warnings.sh 0abfd78ceb09b7f7c27c688c8e3fe93268a13b32
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
-P e2729d623c6e9d0b3049049f3f3051bbb479184f
-R f1db06b4abcee6f48965e7da46a3387a
+P ec7321ae482a8c4d893851a5edd17d67ef1a448b
+R ebf92f720e516f33caf61cc1f37b716d
 U dan
-Z 87316fa0e6665a6aa049c94bffdd7d8b
+Z c2254e02a36430a8663d836ffe531fb4
diff --git a/manifest.uuid b/manifest.uuid
index 41346389d5..e72967c007 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-ec7321ae482a8c4d893851a5edd17d67ef1a448b
\ No newline at end of file
+447b33b34a9836992f5a8d50cd8647a10435c144
\ No newline at end of file
diff --git a/src/vdbeblob.c b/src/vdbeblob.c
index 4ecd56522f..e95688b4f1 100644
--- a/src/vdbeblob.c
+++ b/src/vdbeblob.c
@@ -610,7 +610,7 @@ int sqlite3_index_writer(
     sqlite3VdbeAddOp2(v, OP_IdxInsert, 0, regRec);
   }else{
     /* Code the IdxDelete to remove the entry from the b-tree index. */
-    sqlite3VdbeAddOp4(v, OP_Affinity, 0, pIdx->nColumn, 0, zAffinity, 0);
+    sqlite3VdbeAddOp4(v, OP_Affinity, 1, pIdx->nColumn, 0, zAffinity, 0);
     sqlite3VdbeAddOp3(v, OP_IdxDelete, 0, 1, pIdx->nColumn);
   }
   sqlite3FinishCoding(pParse);