database/sqlite
1
0
Fork 0
mirror of https://github.com/sqlite/sqlite.git synced 2025-08-07 02:42:48 +03:00
Code Activity

Prevent a possible NULL pointer dereference in the OP_Found opcode that

Browse Source 
can follow an OOM error.  Problem found by OSS-Fuzz.

FossilOrigin-Name: c2de178fe7e2e4e0d764e7e6ac637cfc8c053580c43f7246318dafad2974de3c
This commit is contained in:
drh
2017-05-19 22:51:00 +00:00
parent bcbb066534
commit e46515b53f
3 changed files with 11 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/vdbe.c
View File

@@ -4106,10 +4106,12 @@ case OP_Found: { /* jump, in3 */
pIdxKey = &r;
pFree = 0;
}else{
assert( pIn3->flags & MEM_Blob );
rc = ExpandBlob(pIn3);
assert( rc==SQLITE_OK || rc==SQLITE_NOMEM );
if( rc ) goto no_mem;
pFree = pIdxKey = sqlite3VdbeAllocUnpackedRecord(pC->pKeyInfo);
if( pIdxKey==0 ) goto no_mem;
assert( pIn3->flags & MEM_Blob );
(void)ExpandBlob(pIn3);
sqlite3VdbeRecordUnpack(pC->pKeyInfo, pIn3->n, pIn3->z, pIdxKey);
}
pIdxKey->default_rc = 0;