Fix some places where a malloc() failure would lead to a segfault. (CVS 580)

FossilOrigin-Name: 01ad352c3c82a86d9c94010cbc85d098b8fbc08a
2025-08-01 06:27:03 +03:00 · 2002-05-23 02:09:03 +00:00
parent 1873cd508a
commit e4697f5e90
7 changed files with 77 additions and 33 deletions
--- a/20
+++ b/20
@ -1,5 +1,5 @@
-C Do\snot\sallow\striggers\son\sthe\sSQLITE_MASTER\stable.\s(CVS\s579)
-D 2002-05-23T00:30:31
+C Fix\ssome\splaces\swhere\sa\smalloc()\sfailure\swould\slead\sto\sa\ssegfault.\s(CVS\s580)
+D 2002-05-23T02:09:04
 F Makefile.in 6291a33b87d2a395aafd7646ee1ed562c6f2c28c
 F Makefile.template 4e11752e0b5c7a043ca50af4296ec562857ba495
 F README a4c0ba11354ef6ba0776b400d057c59da47a4cc0
@ -23,12 +23,12 @@ F src/btree.h 8abeabfe6e0b1a990b64fa457592a6482f6674f3
 F src/build.c d88ad651bedecba69510d87d734040730305c528
 F src/delete.c c2eae01b76d5418d4ff1768659dfb199c38f0641
 F src/encode.c 346b12b46148506c32038524b95c4631ab46d760
-F src/expr.c 01e1e395392284a3a480c90bd60b3a0fa99aab38
+F src/expr.c 535c2468cfa9a8d043c6bbe50488849943da237b
 F src/func.c a31dcba85bc2ecb9b752980289cf7e6cd0cafbce
 F src/hash.c 6a6236b89c8c060c65dabd300a1c8ce7c10edb72
 F src/hash.h dca065dda89d4575f3176e75e9a3dc0f4b4fb8b9
 F src/insert.c 5b6586bb5d8306280253829f42f5f98b1455e757
-F src/main.c 3f0db74a3e8385322a3b69f51bea6ce19caeff19
+F src/main.c 1b10b0530cfff19c7a329052b9d91ec7e27dd2aa
 F src/md5.c 0ae1f3e2cac92d06fc6246d1b4b8f61a2fe66d3b
 F src/os.c 5ab8b6b4590d0c1ab8e96c67996c170e4462e0fc
 F src/os.h 4a361fccfbc4e7609b3e1557f604f94c1e96ad10
@ -49,10 +49,10 @@ F src/test2.c 669cc22781c6461a273416ec1a7414d25c081730
 F src/test3.c 4e52fff8b01f08bd202f7633feda5639b7ba2b5e
 F src/threadtest.c 81f0598e0f031c1bd506af337fdc1b7e8dff263f
 F src/tokenize.c 5892a8eb8f0063718f5bec1a1b24f4c6029eba9b
-F src/trigger.c 0b86599dd395307e330e6dce143d9d04bd051580
+F src/trigger.c a5e6694f2cc6f1b3c10b954b9bc904548f3599fc
 F src/update.c 46c4b3e86c066cd8a0dcf0b75e4580bcf113aeb0
 F src/util.c 707c30f8c13cddace7c08556ac450c0b786660b3
-F src/vdbe.c 5fd717e6a42e98e4f244a2149267004f71f23679
+F src/vdbe.c 67fbceb6fa2a0ab020b65c007430272a66771ae1
 F src/vdbe.h 126a651ba26f05de075dcc6da5466244a31af6b8
 F src/where.c 293985b6cf8391c3dcef9efcac4654884370513a
 F test/all.test e4d3821eeba751829b419cd47814bd20af4286d1
@ -74,7 +74,7 @@ F test/ioerr.test 57d9bffaca18b34f9e976f786eadc2591d6efc6a
 F test/limit.test a930f3eba2a7691c8397ccab33710b931589566a
 F test/lock.test 3fcfd46a73119f6a18094673328a32c7b3047a8f
 F test/main.test c66b564554b770ee7fdbf6a66c0cd90329bc2c85
-F test/malloc.test 70fdd0812e2a57eb746aaf015350f58bb8eee0b1
+F test/malloc.test 7ba32a9ebd3aeed52ae4aaa6d42ca37e444536fd
 F test/minmax.test fb6ab400271ae1f5bc88617c2882f2f081ea8e6d
 F test/misc1.test a03214118429b40ca5548bc1fae0ebd5c34dabe6
 F test/misuse.test a3aa2b18a97e4c409a1fcaff5151a4dd804a0162
@ -134,7 +134,7 @@ F www/speed.tcl da8afcc1d3ccc5696cfb388a68982bc3d9f7f00f
 F www/sqlite.tcl 8b5884354cb615049aed83039f8dfe1552a44279
 F www/tclsqlite.tcl 1db15abeb446aad0caf0b95b8b9579720e4ea331
 F www/vdbe.tcl 2013852c27a02a091d39a766bc87cff329f21218
-P ba1953abd04671232cf9e93ab3f962fedbbdc508
-R a952285f133ca5b16c99838ac55a7dcb
+P 275ba356f351abcf9a079ac16b765c9443750f0e
+R 24f997b85ebd07b440816b1b8e31fccc
 U drh
-Z 8f9363819a6fa7621778a9a4ae7a975a
+Z e76116375316d7a218c0b8c0bf8e9bb8
--- a/manifest.uuid
+++ b/manifest.uuid
@ -1 +1 @@
-275ba356f351abcf9a079ac16b765c9443750f0e
+01ad352c3c82a86d9c94010cbc85d098b8fbc08a
--- a/src/expr.c
+++ b/src/expr.c
@ -12,7 +12,7 @@
 ** This file contains routines used for analyzing expressions and
 ** for generating VDBE code that evaluates expressions in SQLite.
 **
-** $Id: expr.c,v 1.61 2002/05/21 13:43:04 drh Exp $
+** $Id: expr.c,v 1.62 2002/05/23 02:09:04 drh Exp $
 */
 #include "sqliteInt.h"

@ -186,6 +186,7 @@ ExprList *sqliteExprListDup(ExprList *p){
  if( pNew==0 ) return 0;
  pNew->nExpr = p->nExpr;
  pNew->a = sqliteMalloc( p->nExpr*sizeof(p->a[0]) );
+  if( pNew->a==0 ) return 0;
  for(i=0; i<p->nExpr; i++){
    pNew->a[i].pExpr = sqliteExprDup(p->a[i].pExpr);
    pNew->a[i].zName = sqliteStrDup(p->a[i].zName);
@ -203,6 +204,7 @@ IdList *sqliteIdListDup(IdList *p){
  if( pNew==0 ) return 0;
  pNew->nId = p->nId;
  pNew->a = sqliteMalloc( p->nId*sizeof(p->a[0]) );
+  if( pNew->a==0 ) return 0;
  for(i=0; i<p->nId; i++){
    pNew->a[i].zName = sqliteStrDup(p->a[i].zName);
    pNew->a[i].zAlias = sqliteStrDup(p->a[i].zAlias);
--- a/src/main.c
+++ b/src/main.c
@ -14,7 +14,7 @@
 ** other files are for internal use by SQLite and should not be
 ** accessed by users of the library.
 **
-** $Id: main.c,v 1.75 2002/05/19 23:43:14 danielk1977 Exp $
+** $Id: main.c,v 1.76 2002/05/23 02:09:04 drh Exp $
 */
 #include "sqliteInt.h"
 #include "os.h"
@ -387,8 +387,11 @@ static void clearHashTable(sqlite *db, int preserveTemps){
  HashElem *pElem;
  Hash temp1;
  Hash temp2;
-  assert( sqliteHashFirst(&db->tblDrop)==0 ); /* There can not be uncommitted */
-  assert( sqliteHashFirst(&db->idxDrop)==0 ); /*   DROP TABLEs or DROP INDEXs */
+
+  /* Make sure there are no uncommited DROPs */
+  assert( sqliteHashFirst(&db->tblDrop)==0 || sqlite_malloc_failed );
+  assert( sqliteHashFirst(&db->idxDrop)==0 || sqlite_malloc_failed );
+  assert( sqliteHashFirst(&db->trigDrop)==0 || sqlite_malloc_failed );
  temp1 = db->tblHash;
  temp2 = db->trigHash;
  sqliteHashInit(&db->trigHash, SQLITE_HASH_STRING, 0);
--- a/src/trigger.c
+++ b/src/trigger.c
@ -52,6 +52,7 @@ void sqliteCreateTrigger(
  }
  {
    char *tmp_str = sqliteStrNDup(pTableName->z, pTableName->n);
+    if( tmp_str==0 ) goto trigger_cleanup;
    tab = sqliteFindTable(pParse->db, tmp_str);
    sqliteFree(tmp_str);
    if( !tab ){
@ -70,8 +71,11 @@ void sqliteCreateTrigger(

  /* Build the Trigger object */
  nt = (Trigger*)sqliteMalloc(sizeof(Trigger));
+  if( nt==0 ) goto trigger_cleanup;
  nt->name = sqliteStrNDup(pName->z, pName->n);
  nt->table = sqliteStrNDup(pTableName->z, pTableName->n);
+  nt->strings = sqliteStrNDup(zData, zDataLen);
+  if( sqlite_malloc_failed ) goto trigger_cleanup;
  nt->op = op;
  nt->tr_tm = tr_tm;
  nt->pWhen = pWhen;
@ -79,10 +83,7 @@ void sqliteCreateTrigger(
  nt->foreach = foreach;
  nt->step_list = pStepList;
  nt->isCommit = 0;
-
-  nt->strings = sqliteStrNDup(zData, zDataLen);
  offset = (int)(nt->strings - zData);
-
  sqliteExprMoveStrings(nt->pWhen, offset);

  ss = nt->step_list;
@ -120,6 +121,7 @@ void sqliteCreateTrigger(

    /* Make an entry in the sqlite_master table */
    v = sqliteGetVdbe(pParse);
+    if( v==0 ) goto trigger_cleanup;
    sqliteBeginWriteOperation(pParse, 0);
    addr = sqliteVdbeAddOpList(v, ArraySize(insertTrig), insertTrig);
    sqliteVdbeChangeP3(v, addr+3, nt->name, 0); 
@ -175,6 +177,7 @@ trigger_cleanup:
 */
 TriggerStep *sqliteTriggerSelectStep(Select *pSelect){
  TriggerStep *pTriggerStep = sqliteMalloc(sizeof(TriggerStep));
+  if( pTriggerStep==0 ) return 0;

  pTriggerStep->op = TK_SELECT;
  pTriggerStep->pSelect = pSelect;
@ -198,6 +201,7 @@ TriggerStep *sqliteTriggerInsertStep(
  int orconf          /* The conflict algorithm (OE_Abort, OE_Replace, etc.) */
 ){
  TriggerStep *pTriggerStep = sqliteMalloc(sizeof(TriggerStep));
+  if( pTriggerStep==0 ) return 0;

  assert(pEList == 0 || pSelect == 0);
  assert(pEList != 0 || pSelect != 0);
@ -224,6 +228,7 @@ TriggerStep *sqliteTriggerUpdateStep(
  int orconf           /* The conflict algorithm. (OE_Abort, OE_Ignore, etc) */
 ){
  TriggerStep *pTriggerStep = sqliteMalloc(sizeof(TriggerStep));
+  if( pTriggerStep==0 ) return 0;

  pTriggerStep->op = TK_UPDATE;
  pTriggerStep->target  = *pTableName;
@ -240,7 +245,8 @@ TriggerStep *sqliteTriggerUpdateStep(
 ** sees a DELETE statement inside the body of a CREATE TRIGGER.
 */
 TriggerStep *sqliteTriggerDeleteStep(Token *pTableName, Expr *pWhere){
-  TriggerStep * pTriggerStep = sqliteMalloc(sizeof(TriggerStep));
+  TriggerStep *pTriggerStep = sqliteMalloc(sizeof(TriggerStep));
+  if( pTriggerStep==0 ) return 0;

  pTriggerStep->op = TK_DELETE;
  pTriggerStep->target  = *pTableName;
@ -563,7 +569,7 @@ int sqliteCodeRowTrigger(
      }
    }

-    if( fire_this ){
+    if( fire_this && (pTriggerStack = sqliteMalloc(sizeof(TriggerStack)))!=0 ){
      int endTrigger;
      IdList dummyTablist;
      Expr * whenExpr;
@ -572,7 +578,6 @@ int sqliteCodeRowTrigger(
      dummyTablist.a = 0;

      /* Push an entry on to the trigger stack */
-      pTriggerStack = sqliteMalloc(sizeof(TriggerStack));
      pTriggerStack->pTrigger = pTrigger;
      pTriggerStack->newIdx = newIdx;
      pTriggerStack->oldIdx = oldIdx;
--- a/src/vdbe.c
+++ b/src/vdbe.c
@ -30,7 +30,7 @@
 ** But other routines are also provided to help in building up
 ** a program instruction by instruction.
 **
-** $Id: vdbe.c,v 1.144 2002/05/19 23:43:14 danielk1977 Exp $
+** $Id: vdbe.c,v 1.145 2002/05/23 02:09:04 drh Exp $
 */
 #include "sqliteInt.h"
 #include <ctype.h>
@ -967,9 +967,11 @@ static void Cleanup(Vdbe *p){
  sqliteFree(p->azColName);
  p->azColName = 0;
  closeAllCursors(p);
-  for(i=0; i<p->nMem; i++){
-    if( p->aMem[i].s.flags & STK_Dyn ){
-      sqliteFree(p->aMem[i].z);
+  if( p->aMem ){
+    for(i=0; i<p->nMem; i++){
+      if( p->aMem[i].s.flags & STK_Dyn ){
+        sqliteFree(p->aMem[i].z);
+      }
    }
  }
  sqliteFree(p->aMem);
@ -995,13 +997,15 @@ static void Cleanup(Vdbe *p){
  }
  p->nLineAlloc = 0;
  AggReset(&p->agg);
-  for(i=0; i<p->nSet; i++){
-    sqliteHashClear(&p->aSet[i].hash);
+  if( p->aSet ){
+    for(i=0; i<p->nSet; i++){
+      sqliteHashClear(&p->aSet[i].hash);
+    }
  }
  sqliteFree(p->aSet);
  p->aSet = 0;
  p->nSet = 0;
-  if( p->keylistStackDepth > 0 ){
+  if( p->keylistStack ){
    int ii;
    for(ii = 0; ii < p->keylistStackDepth; ii++){
      KeylistFree(p->keylistStack[ii]);
--- a/test/malloc.test
+++ b/test/malloc.test
@ -14,7 +14,7 @@
 # special feature is used to see what happens in the library if a malloc
 # were to really fail due to an out-of-memory situation.
 #
-# $Id: malloc.test,v 1.4 2001/10/22 02:58:11 drh Exp $
+# $Id: malloc.test,v 1.5 2002/05/23 02:09:05 drh Exp $

 set testdir [file dirname $argv0]
 source $testdir/tester.tcl
@ -65,10 +65,6 @@ for {set go 1; set i 1} {$go} {incr i} {
  } {1 1}
 }

-finish_test
-return
-
-
 set fd [open ./data.tmp w]
 for {set i 1} {$i<=20} {incr i} {
  puts $fd "$i\t[expr {$i*$i}]\t[expr {100-$i}] abcdefghijklmnopqrstuvwxyz"
@ -191,5 +187,39 @@ for {set go 1; set i 1} {$go} {incr i} {
     }
  } {1 1}
 }
+for {set go 1; set i 1} {$go} {incr i} {
+  do_test malloc-5.$i {
+     sqlite_malloc_fail 0
+     catch {db close}
+     catch {file delete -force test.db}
+     catch {file delete -force test.db-journal}
+     sqlite_malloc_fail $i
+     set v [catch {sqlite db test.db} msg]
+     if {$v} {
+       set msg ""
+     } else {
+       set v [catch {execsql {
+         BEGIN TRANSACTION;
+         CREATE TABLE t1(a,b);
+         CREATE TABLE t2(x,y);
+         CREATE TRIGGER r1 AFTER INSERT ON t1 BEGIN
+           INSERT INTO t2(x,y) VALUES(new.rowid,1);
+         END;
+         INSERT INTO t1(a,b) VALUES(2,3);
+         COMMIT;
+       }} msg]
+     }
+     set leftover [lindex [sqlite_malloc_stat] 2]
+     if {$leftover>0} {
+       if {$leftover>1} {puts "\nLeftover: $leftover\nReturn=$v  Message=$msg"}
+       set ::go 0
+       set v {1 1}
+     } else {
+       set v2 [expr {$msg=="" || $msg=="out of memory"}]
+       if {!$v2} {puts "\nError message returned: $msg"}
+       lappend v $v2
+     }
+  } {1 1}
+}
 sqlite_malloc_fail 0
 finish_test