mirror of
https://github.com/sqlite/sqlite.git
synced 2025-11-14 00:22:38 +03:00
Fix the OP_SeekRowid opcode so that it has no type-change side-effects on the
key register in P3. This fixes an obcure problem that arises when doing equi-joins between a table with a TEXT column against another table with an INTEGER PRIMARY KEY. The original problem was discovered when OSSFuzz created such a query and hit an assert() in OP_VerifyTabCol that was specifically designed to catch these kinds of errors at run-time. FossilOrigin-Name: fa94b49e02eb6b8fc4acc220ecc2fabef546c65845696758b25965c26b251ea9
This commit is contained in:
drh
14
manifest
14
manifest
@@ -1,5 +1,5 @@
|
|||||||
C Improve\s"PRAGMA\svdbe_trace=ON"\sto\salways\sshow\sthe\skey\svalues\sfor\sthe\nOP_IdxGT\sand\srelated\sopcodes.
|
C Fix\sthe\sOP_SeekRowid\sopcode\sso\sthat\sit\shas\sno\stype-change\sside-effects\son\sthe\nkey\sregister\sin\sP3.\s\sThis\sfixes\san\sobcure\sproblem\sthat\sarises\swhen\sdoing\nequi-joins\sbetween\sa\stable\swith\sa\sTEXT\scolumn\sagainst\sanother\stable\swith\nan\sINTEGER\sPRIMARY\sKEY.\s\sThe\soriginal\sproblem\swas\sdiscovered\swhen\sOSSFuzz\ncreated\ssuch\sa\squery\sand\shit\san\sassert()\sin\sOP_VerifyTabCol\sthat\swas\nspecifically\sdesigned\sto\scatch\sthese\skinds\sof\serrors\sat\srun-time.
|
||||||
D 2018-08-03T13:56:26.671
|
D 2018-08-03T15:58:07.068
|
||||||
F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
|
F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
|
||||||
F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
|
F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
|
||||||
F Makefile.in 0a3a6c81e6fcb969ff9106e882f0a08547014ba463cb6beca4c4efaecc924ee6
|
F Makefile.in 0a3a6c81e6fcb969ff9106e882f0a08547014ba463cb6beca4c4efaecc924ee6
|
||||||
@@ -569,7 +569,7 @@ F src/upsert.c 47edd408cc73f8d3c00a140550d1ad180b407c146285947969dd09874802bf88
|
|||||||
F src/utf.c 810fbfebe12359f10bc2a011520a6e10879ab2a163bcb26c74768eab82ea62a5
|
F src/utf.c 810fbfebe12359f10bc2a011520a6e10879ab2a163bcb26c74768eab82ea62a5
|
||||||
F src/util.c d9eb0a6c4aae1b00a7369eadd7ca0bbe946cb4c953b6751aa20d357c2f482157
|
F src/util.c d9eb0a6c4aae1b00a7369eadd7ca0bbe946cb4c953b6751aa20d357c2f482157
|
||||||
F src/vacuum.c 36e7d21a20c0bf6ef4ef7c399d192b5239410b7c4d3c1070fba4e30810d0b855
|
F src/vacuum.c 36e7d21a20c0bf6ef4ef7c399d192b5239410b7c4d3c1070fba4e30810d0b855
|
||||||
F src/vdbe.c 259a0c1753d05ba687696747062f5ca23b07cc69f475f312209a20aaf2e82675
|
F src/vdbe.c 8fbefa50884f4803139bdc2d4795b973a1a892f023726fa72246fea2fe8e9925
|
||||||
F src/vdbe.h d93abdc8bc9295e0a256e582c19f548c545dc498319d108bbc9dd29de31c48a2
|
F src/vdbe.h d93abdc8bc9295e0a256e582c19f548c545dc498319d108bbc9dd29de31c48a2
|
||||||
F src/vdbeInt.h 2a45270d7f44870ca5452f48cdf3c56387019ae03331c008d670a7d0a3e1ba3f
|
F src/vdbeInt.h 2a45270d7f44870ca5452f48cdf3c56387019ae03331c008d670a7d0a3e1ba3f
|
||||||
F src/vdbeapi.c af4a3de00d1851bcbc55b85dfbe52849aa2b1e17b4a5a1f3d9c257df7af361ff
|
F src/vdbeapi.c af4a3de00d1851bcbc55b85dfbe52849aa2b1e17b4a5a1f3d9c257df7af361ff
|
||||||
@@ -585,7 +585,7 @@ F src/wal.h 8de5d2d3de0956d6f6cb48c83a4012d5f227b8fe940f3a349a4b7e85ebcb492a
|
|||||||
F src/walker.c ba7225773931760cf60bf22f34d0cce2588df7ce5ce0f215a52eb88234b55ac4
|
F src/walker.c ba7225773931760cf60bf22f34d0cce2588df7ce5ce0f215a52eb88234b55ac4
|
||||||
F src/where.c 52ab6d07a6ac6e2cb2a7da41217f0b7c13ce17a30d6a1d3459e86ac94b160e15
|
F src/where.c 52ab6d07a6ac6e2cb2a7da41217f0b7c13ce17a30d6a1d3459e86ac94b160e15
|
||||||
F src/whereInt.h b90ef9b9707ef750eab2a7a080c48fb4900315033274689def32d0cf5a81ebe4
|
F src/whereInt.h b90ef9b9707ef750eab2a7a080c48fb4900315033274689def32d0cf5a81ebe4
|
||||||
F src/wherecode.c 2c552dfe50d06e0916dbd49a180e4bf0accfce6d17d46a2dfeea8f75d2b5861b
|
F src/wherecode.c eb558ea9a482e179d27858113ca7012e508b904ff90b892367cc9ca4c0b9b246
|
||||||
F src/whereexpr.c dc34f0df69418dedb4619f7ad61b7d31f447971223540b957a1b836a62c0ce7b
|
F src/whereexpr.c dc34f0df69418dedb4619f7ad61b7d31f447971223540b957a1b836a62c0ce7b
|
||||||
F src/window.c 4b503da928dace3e845b891381a4d98eeb8c5744313ae3643df8d8d21fdcca65
|
F src/window.c 4b503da928dace3e845b891381a4d98eeb8c5744313ae3643df8d8d21fdcca65
|
||||||
F test/8_3_names.test ebbb5cd36741350040fd28b432ceadf495be25b2
|
F test/8_3_names.test ebbb5cd36741350040fd28b432ceadf495be25b2
|
||||||
@@ -1753,7 +1753,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
|
|||||||
F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
|
F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
|
||||||
F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
|
F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
|
||||||
F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
|
F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
|
||||||
P e390023c8e70961661fd9e29674dedacd1b941b6b8d9cd88f8cfa8f787f030f9
|
P 0f881955ed173c7c35dfca2d4aeca855858e40bb951e6fb6fedd9a2fff6a5a86
|
||||||
R 42c2ba852bcdcd5b618ab0afe0f401df
|
R fd20495db4931704facdb29762bad04e
|
||||||
U drh
|
U drh
|
||||||
Z aecb34e96579e406e10bba0b12f9710a
|
Z 309f6ab0d792269409cda7bb806561c5
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
0f881955ed173c7c35dfca2d4aeca855858e40bb951e6fb6fedd9a2fff6a5a86
|
fa94b49e02eb6b8fc4acc220ecc2fabef546c65845696758b25965c26b251ea9
|
||||||
12
src/vdbe.c
12
src/vdbe.c
@@ -4323,13 +4323,21 @@ case OP_SeekRowid: { /* jump, in3 */
|
|||||||
|
|
||||||
pIn3 = &aMem[pOp->p3];
|
pIn3 = &aMem[pOp->p3];
|
||||||
if( (pIn3->flags & MEM_Int)==0 ){
|
if( (pIn3->flags & MEM_Int)==0 ){
|
||||||
|
/* Make sure pIn3->u.i contains a valid integer representation of
|
||||||
|
** the key value, but do not change the datatype of the register, as
|
||||||
|
** other parts of the perpared statement might be depending on the
|
||||||
|
** current datatype. */
|
||||||
|
u16 origFlags = pIn3->flags;
|
||||||
|
int isNotInt;
|
||||||
applyAffinity(pIn3, SQLITE_AFF_NUMERIC, encoding);
|
applyAffinity(pIn3, SQLITE_AFF_NUMERIC, encoding);
|
||||||
if( (pIn3->flags & MEM_Int)==0 ) goto jump_to_p2;
|
isNotInt = (pIn3->flags & MEM_Int)==0;
|
||||||
|
pIn3->flags = origFlags;
|
||||||
|
if( isNotInt ) goto jump_to_p2;
|
||||||
}
|
}
|
||||||
/* Fall through into OP_NotExists */
|
/* Fall through into OP_NotExists */
|
||||||
case OP_NotExists: /* jump, in3 */
|
case OP_NotExists: /* jump, in3 */
|
||||||
pIn3 = &aMem[pOp->p3];
|
pIn3 = &aMem[pOp->p3];
|
||||||
assert( pIn3->flags & MEM_Int );
|
assert( (pIn3->flags & MEM_Int)!=0 || pOp->opcode==OP_SeekRowid );
|
||||||
assert( pOp->p1>=0 && pOp->p1<p->nCursor );
|
assert( pOp->p1>=0 && pOp->p1<p->nCursor );
|
||||||
pC = p->apCsr[pOp->p1];
|
pC = p->apCsr[pOp->p1];
|
||||||
assert( pC!=0 );
|
assert( pC!=0 );
|
||||||
|
|||||||
@@ -1353,9 +1353,6 @@ Bitmask sqlite3WhereCodeOneLoopStart(
|
|||||||
addrNxt = pLevel->addrNxt;
|
addrNxt = pLevel->addrNxt;
|
||||||
sqlite3VdbeAddOp3(v, OP_SeekRowid, iCur, addrNxt, iRowidReg);
|
sqlite3VdbeAddOp3(v, OP_SeekRowid, iCur, addrNxt, iRowidReg);
|
||||||
VdbeCoverage(v);
|
VdbeCoverage(v);
|
||||||
sqlite3ExprCacheAffinityChange(pParse, iRowidReg, 1);
|
|
||||||
sqlite3ExprCacheStore(pParse, iCur, -1, iRowidReg);
|
|
||||||
VdbeComment((v, "pk"));
|
|
||||||
pLevel->op = OP_Noop;
|
pLevel->op = OP_Noop;
|
||||||
}else if( (pLoop->wsFlags & WHERE_IPK)!=0
|
}else if( (pLoop->wsFlags & WHERE_IPK)!=0
|
||||||
&& (pLoop->wsFlags & WHERE_COLUMN_RANGE)!=0
|
&& (pLoop->wsFlags & WHERE_COLUMN_RANGE)!=0
|
||||||
|
|||||||
Reference in New Issue
Block a user