database/sqlite
1
0
Fork 0
mirror of https://github.com/sqlite/sqlite.git synced 2025-08-07 02:42:48 +03:00
Code Activity

Fix two obscure memory leaks that can follow a malloc() failure in sqlite3_set_auxdata(). Ticket #2534. (CVS 4185)

Browse Source 
FossilOrigin-Name: b88af1827bec3e8a32450dd0a073ffc3b12a5939
This commit is contained in:
danielk1977
2007-07-26 06:50:05 +00:00
parent a2d04e9a0f
commit e0fc52618c
6 changed files with 45 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
manifest
View File

@@ -1,5 +1,5 @@
C Implement\sxRename()\sfor\sfts1\sso\sthat\sit\sis\spossible\sto\srename\sfts1\stables.\nSee\shttp://www.sqlite.org/cvstrac/chngview?cn=4143\s(CVS\s4184) C Fix\stwo\sobscure\smemory\sleaks\sthat\scan\sfollow\sa\smalloc()\sfailure\sin\ssqlite3_set_auxdata().\sTicket\s#2534.\s(CVS\s4185)
D 2007-07-25T00:56:10 D 2007-07-26T06:50:06
F Makefile.in 0c0e53720f658c7a551046442dd7afba0b72bfbe F Makefile.in 0c0e53720f658c7a551046442dd7afba0b72bfbe
F Makefile.linux-gcc 65241babba6faf1152bf86574477baab19190499 F Makefile.linux-gcc 65241babba6faf1152bf86574477baab19190499
F README 9c4e2d6706bdcc3efdd773ce752a8cdab4f90028 F README 9c4e2d6706bdcc3efdd773ce752a8cdab4f90028
@@ -78,7 +78,7 @@ F src/date.c 6049db7d5a8fdf2c677ff7d58fa31d4f6593c988
F src/delete.c 5c0d89b3ef7d48fe1f5124bfe8341f982747fe29 F src/delete.c 5c0d89b3ef7d48fe1f5124bfe8341f982747fe29
F src/experimental.c 1b2d1a6cd62ecc39610e97670332ca073c50792b F src/experimental.c 1b2d1a6cd62ecc39610e97670332ca073c50792b
F src/expr.c d39d87cf15da59ab87028278d92e3e3064d54605 F src/expr.c d39d87cf15da59ab87028278d92e3e3064d54605
F src/func.c dcba54fc18d2b2fd02f8b7c3dc13e27d100a4d8e F src/func.c 28daebcddce30030f167afb3a7ed881a043b98b0
F src/hash.c 67b23e14f0257b69a3e8aa663e4eeadc1a2b6fd5 F src/hash.c 67b23e14f0257b69a3e8aa663e4eeadc1a2b6fd5
F src/hash.h 1b3f7e2609141fd571f62199fc38687d262e9564 F src/hash.h 1b3f7e2609141fd571f62199fc38687d262e9564
F src/insert.c ca135e919c2a9241e83e8dd74316677fdd54fb6f F src/insert.c ca135e919c2a9241e83e8dd74316677fdd54fb6f
@@ -140,10 +140,10 @@ F src/update.c 6b10becb6235ea314ed245fbfbf8b38755e3166e
F src/utf.c c152f99ddccc5e0214a9817aa07ab1b208b43f14 F src/utf.c c152f99ddccc5e0214a9817aa07ab1b208b43f14
F src/util.c 9e81d417fc60bd2fe156f8f2317aa4845bc6cc90 F src/util.c 9e81d417fc60bd2fe156f8f2317aa4845bc6cc90
F src/vacuum.c 8bd895d29e7074e78d4e80f948e35ddc9cf2beef F src/vacuum.c 8bd895d29e7074e78d4e80f948e35ddc9cf2beef
F src/vdbe.c a58fe70f11078deb16f6825cc99f099d2fad4a7b F src/vdbe.c cf973bd1af5fbda845b0f759bb06eb19ff42e215
F src/vdbe.h 001c5b257567c1d3de7feb2203aac71d0d7b16a3 F src/vdbe.h 001c5b257567c1d3de7feb2203aac71d0d7b16a3
F src/vdbeInt.h c3514903cad9e36d6b3242be20261351d09db56c F src/vdbeInt.h c3514903cad9e36d6b3242be20261351d09db56c
F src/vdbeapi.c fe3b713d5d37f8dfff1aa7546dae213a0e492f10 F src/vdbeapi.c 220b81132abaf0f620edb8da48799a77daef12a7
F src/vdbeaux.c ca1d673fd5e45fe9ba994391b11568c48a7e1b59 F src/vdbeaux.c ca1d673fd5e45fe9ba994391b11568c48a7e1b59
F src/vdbeblob.c bb30b3e387c35ba869949494b2736aff97159470 F src/vdbeblob.c bb30b3e387c35ba869949494b2736aff97159470
F src/vdbefifo.c 3ca8049c561d5d67cbcb94dc909ae9bb68c0bf8f F src/vdbefifo.c 3ca8049c561d5d67cbcb94dc909ae9bb68c0bf8f
@@ -314,7 +314,7 @@ F test/malloc7.test 1cf52834509eac7ebeb92105dacd4669f9ca9869
F test/malloc8.test e4054ca2a87ab1d42255bec009b177ba20b5a487 F test/malloc8.test e4054ca2a87ab1d42255bec009b177ba20b5a487
F test/malloc9.test 8381041fd89c31fba60c8a1a1c776bb022108572 F test/malloc9.test 8381041fd89c31fba60c8a1a1c776bb022108572
F test/mallocA.test 525674e6e0775a9bf85a33f1da1c6bbddc712c30 F test/mallocA.test 525674e6e0775a9bf85a33f1da1c6bbddc712c30
F test/mallocB.test 975ef7b76af7c8e2b3e635951c8fe9cd5139cb05 F test/mallocB.test 5d4a3dc4931a8c13ef3723c4934af23ff9d60d71
F test/malloc_common.tcl 3cda97d63fbf370061ffa9795a24e5027367fef3 F test/malloc_common.tcl 3cda97d63fbf370061ffa9795a24e5027367fef3
F test/manydb.test 8de36b8d33aab5ef295b11d9e95310aeded31af8 F test/manydb.test 8de36b8d33aab5ef295b11d9e95310aeded31af8
F test/memdb.test a67bda4ff90a38f2b19f6c7f95aa7289e051d893 F test/memdb.test a67bda4ff90a38f2b19f6c7f95aa7289e051d893
@@ -523,7 +523,7 @@ F www/tclsqlite.tcl 8be95ee6dba05eabcd27a9d91331c803f2ce2130
F www/vdbe.tcl 87a31ace769f20d3627a64fa1fade7fed47b90d0 F www/vdbe.tcl 87a31ace769f20d3627a64fa1fade7fed47b90d0
F www/version3.tcl 890248cf7b70e60c383b0e84d77d5132b3ead42b F www/version3.tcl 890248cf7b70e60c383b0e84d77d5132b3ead42b
F www/whentouse.tcl fc46eae081251c3c181bd79c5faef8195d7991a5 F www/whentouse.tcl fc46eae081251c3c181bd79c5faef8195d7991a5
P f9020cffda02923ef45979bb447ec2e232086ad5 P febf75f022b9414fc456ddf274d301f95d61e1b8
R 113424230958cdea7f4818042b790004 R ee7759b63bd272b0d59d8d149b62821d
U shess U danielk1977
Z d58c62915852491e824945ca31f01cbb Z c91c02f3dbbce60d9aa5e32fe5d9eff0

2
manifest.uuid
View File

@@ -1 +1 @@
febf75f022b9414fc456ddf274d301f95d61e1b8 b88af1827bec3e8a32450dd0a073ffc3b12a5939

3
src/func.c
View File

@@ -16,7 +16,7 @@
** sqliteRegisterBuildinFunctions() found at the bottom of the file. ** sqliteRegisterBuildinFunctions() found at the bottom of the file.
** All other code has file scope. ** All other code has file scope.
** **
** $Id: func.c,v 1.162 2007/07/23 19:12:42 drh Exp $ ** $Id: func.c,v 1.163 2007/07/26 06:50:06 danielk1977 Exp $
*/ */
#include "sqliteInt.h" #include "sqliteInt.h"
#include <ctype.h> #include <ctype.h>
@@ -1118,6 +1118,7 @@ static void test_auxdata(
if( zAux ){ if( zAux ){
zRet[i*2] = '1'; zRet[i*2] = '1';
if( strcmp(zAux, z) ){ if( strcmp(zAux, z) ){
free_test_auxdata((void *)zRet);
sqlite3_result_error(pCtx, "Auxilary data corruption", -1); sqlite3_result_error(pCtx, "Auxilary data corruption", -1);
return; return;
} }

16
src/vdbe.c
View File

@@ -43,7 +43,7 @@
** in this file for details. If in doubt, do not deviate from existing ** in this file for details. If in doubt, do not deviate from existing
** commenting and indentation practices when changing or adding code. ** commenting and indentation practices when changing or adding code.
** **
** $Id: vdbe.c,v 1.638 2007/07/22 19:10:21 drh Exp $ ** $Id: vdbe.c,v 1.639 2007/07/26 06:50:06 danielk1977 Exp $
*/ */
#include "sqliteInt.h" #include "sqliteInt.h"
#include "os.h" #include "os.h"
@@ -1289,7 +1289,19 @@ case OP_Function: {
if( sqlite3SafetyOff(db) ) goto abort_due_to_misuse; if( sqlite3SafetyOff(db) ) goto abort_due_to_misuse;
(*ctx.pFunc->xFunc)(&ctx, n, apVal); (*ctx.pFunc->xFunc)(&ctx, n, apVal);
if( sqlite3SafetyOn(db) ) goto abort_due_to_misuse; if( sqlite3SafetyOn(db) ) goto abort_due_to_misuse;
if( sqlite3MallocFailed() ) goto no_mem; if( sqlite3MallocFailed() ){
/* Even though a malloc() has failed, the implementation of the
** user function may have called an sqlite3_result_XXX() function
** to return a value. The following call releases any resources
** associated with such a value.
**
** Note: Maybe MemRelease() should be called if sqlite3SafetyOn()
** fails also (the if(...) statement above). But if people are
** misusing sqlite, they have bigger problems than a leaked value.
*/
sqlite3VdbeMemRelease(&ctx.s);
goto no_mem;
}
popStack(&pTos, n); popStack(&pTos, n);
/* If any auxilary data functions have been called by this user function, /* If any auxilary data functions have been called by this user function,

10
src/vdbeapi.c
View File

@@ -390,13 +390,13 @@ void sqlite3_set_auxdata(
){ ){
struct AuxData *pAuxData; struct AuxData *pAuxData;
VdbeFunc *pVdbeFunc; VdbeFunc *pVdbeFunc;
if( iArg<0 ) return; if( iArg<0 ) goto failed;
pVdbeFunc = pCtx->pVdbeFunc; pVdbeFunc = pCtx->pVdbeFunc;
if( !pVdbeFunc || pVdbeFunc->nAux<=iArg ){ if( !pVdbeFunc || pVdbeFunc->nAux<=iArg ){
int nMalloc = sizeof(VdbeFunc) + sizeof(struct AuxData)*iArg; int nMalloc = sizeof(VdbeFunc) + sizeof(struct AuxData)*iArg;
pVdbeFunc = sqliteRealloc(pVdbeFunc, nMalloc); pVdbeFunc = sqliteRealloc(pVdbeFunc, nMalloc);
if( !pVdbeFunc ) return; if( !pVdbeFunc ) goto failed;
pCtx->pVdbeFunc = pVdbeFunc; pCtx->pVdbeFunc = pVdbeFunc;
memset(&pVdbeFunc->apAux[pVdbeFunc->nAux], 0, memset(&pVdbeFunc->apAux[pVdbeFunc->nAux], 0,
sizeof(struct AuxData)*(iArg+1-pVdbeFunc->nAux)); sizeof(struct AuxData)*(iArg+1-pVdbeFunc->nAux));
@@ -410,6 +410,12 @@ void sqlite3_set_auxdata(
} }
pAuxData->pAux = pAux; pAuxData->pAux = pAux;
pAuxData->xDelete = xDelete; pAuxData->xDelete = xDelete;
return;
failed:
if( xDelete ){
xDelete(pAux);
}
} }
/* /*

11
test/mallocB.test
View File

@@ -12,7 +12,8 @@
# These were all discovered by fuzzy generation of SQL. Apart from # These were all discovered by fuzzy generation of SQL. Apart from
# that they have little in common. # that they have little in common.
# #
# $Id: mallocB.test,v 1.2 2007/05/31 08:20:44 danielk1977 Exp $ #
# $Id: mallocB.test,v 1.3 2007/07/26 06:50:06 danielk1977 Exp $
set testdir [file dirname $argv0] set testdir [file dirname $argv0]
source $testdir/tester.tcl source $testdir/tester.tcl
@@ -32,5 +33,13 @@ do_malloc_test mallocB-3 -sqlbody {SELECT random()}
do_malloc_test mallocB-4 -sqlbody {SELECT zeroblob(1000)} do_malloc_test mallocB-4 -sqlbody {SELECT zeroblob(1000)}
do_malloc_test mallocB-5 -sqlbody {SELECT * FROM (SELECT 1) GROUP BY 1;} do_malloc_test mallocB-5 -sqlbody {SELECT * FROM (SELECT 1) GROUP BY 1;}
# The following test checks that there are no resource leaks following a
# malloc() failure in sqlite3_set_auxdata().
#
# Note: This problem was not discovered by fuzzy generation of SQL. Not
# that it really matters.
#
do_malloc_test mallocB-6 -sqlbody { SELECT test_auxdata('hello world'); }
sqlite_malloc_fail 0 sqlite_malloc_fail 0
finish_test finish_test