Re: [sqlite] Potential corruption bug in 2.8.17. Patch attached.
[EMAIL PROTECTED] wrote: This was likely a typo. In its current state, it's accessing uninitialized memory. It looks like it's conceivable that an incorrect nextRowid could be later used if the uninitialized value happens to be a small integer (smaller than pC-nextRowid) and the valid flag therefore doesn't get set to false. --- vdbe.c~ 2005-12-19 12:42:25.0 -0500 +++ vdbe.c2006-10-22 16:32:45.0 -0400 @@ -2937,7 +2937,7 @@ if( pOp-p2 OPFLAG_NCHANGE ) db-nChange++; if( pOp-p2 OPFLAG_LASTROWID ) db-lastRowid = pNos-i; if( pOp-p2 OPFLAG_CSCHANGE ) db-csChange++; - if( pC-nextRowidValid pTos-i=pC-nextRowid ){ + if( pC-nextRowidValid pNos-i=pC-nextRowid ){ pC-nextRowidValid = 0; } } As it happens, pC-nextRowidValid is always false in this context, as far as I can tell, so the pTos-i variable is never accessed. The fix checked in was to remove the test altogether and unconditionally set pC-nextRowidValid to 0. Because the code is unreachable, this fix does not require a new release of SQLite 2.8. -- D. Richard Hipp [EMAIL PROTECTED] - To unsubscribe, send email to [EMAIL PROTECTED] -
Re: [sqlite] Potential corruption bug in 2.8.17. Patch attached.
[EMAIL PROTECTED] writes: [EMAIL PROTECTED] wrote: This was likely a typo. In its current state, it's accessing uninitialized memory. It looks like it's conceivable that an incorrect nextRowid could be later used if the uninitialized value happens to be a small integer (smaller than pC-nextRowid) and the valid flag therefore doesn't get set to false. --- vdbe.c~ 2005-12-19 12:42:25.0 -0500 +++ vdbe.c 2006-10-22 16:32:45.0 -0400 @@ -2937,7 +2937,7 @@ if( pOp-p2 OPFLAG_NCHANGE ) db-nChange++; if( pOp-p2 OPFLAG_LASTROWID ) db-lastRowid = pNos-i; if( pOp-p2 OPFLAG_CSCHANGE ) db-csChange++; - if( pC-nextRowidValid pTos-i=pC-nextRowid ){ + if( pC-nextRowidValid pNos-i=pC-nextRowid ){ pC-nextRowidValid = 0; } } As it happens, pC-nextRowidValid is always false in this context, as far as I can tell, so the pTos-i variable is never accessed. That explains why in many years of use, I've never seen an actual corruption caused by this. Thanks. The fix checked in was to remove the test altogether and unconditionally set pC-nextRowidValid to 0. If, as you say, pC-nextRowidValid is always false anyway, wouldn't the correct fix be to not even unconditionally set pC-nextRowidValid to 0; just delete those two original lines entirely? It sounds like you're now unnecessarily setting a variable that's already false to false. (Or did I misunderstand your statement?) Derrell - To unsubscribe, send email to [EMAIL PROTECTED] -
Re: [sqlite] Potential corruption bug in 2.8.17. Patch attached.
[EMAIL PROTECTED] wrote: --- vdbe.c~2005-12-19 12:42:25.0 -0500 +++ vdbe.c 2006-10-22 16:32:45.0 -0400 @@ -2937,7 +2937,7 @@ if( pOp-p2 OPFLAG_NCHANGE ) db-nChange++; if( pOp-p2 OPFLAG_LASTROWID ) db-lastRowid = pNos-i; if( pOp-p2 OPFLAG_CSCHANGE ) db-csChange++; - if( pC-nextRowidValid pTos-i=pC-nextRowid ){ + if( pC-nextRowidValid pNos-i=pC-nextRowid ){ pC-nextRowidValid = 0; } } The fix checked in was to remove the test altogether and unconditionally set pC-nextRowidValid to 0. If, as you say, pC-nextRowidValid is always false anyway, wouldn't the correct fix be to not even unconditionally set pC-nextRowidValid to 0; just delete those two original lines entirely? It sounds like you're now unnecessarily setting a variable that's already false to false. (Or did I misunderstand your statement?) I could not find a case where pC-nextRowidValid was true. But neither did I prove it was impossible. Lets just say it was very unlikely. Setting pC-nextRowidValid merely invalidates a cache. Invalidating the cache might make the code a little slower, but it will still get the correct answer. So it is always safe to set pC-newRowidValid to 0. But we cannot leave pC-nextRowidValid in the true state because that might leave an invalid value in the cache, resulting in a wrong answer. So for safety, we always clear the cache here, even though we have never seen an example where it is necessary. Better safe than sorry. -- D. Richard Hipp [EMAIL PROTECTED] - To unsubscribe, send email to [EMAIL PROTECTED] -
[sqlite] Potential corruption bug in 2.8.17. Patch attached.
This was likely a typo. In its current state, it's accessing uninitialized memory. It looks like it's conceivable that an incorrect nextRowid could be later used if the uninitialized value happens to be a small integer (smaller than pC-nextRowid) and the valid flag therefore doesn't get set to false. --- vdbe.c~ 2005-12-19 12:42:25.0 -0500 +++ vdbe.c 2006-10-22 16:32:45.0 -0400 @@ -2937,7 +2937,7 @@ if( pOp-p2 OPFLAG_NCHANGE ) db-nChange++; if( pOp-p2 OPFLAG_LASTROWID ) db-lastRowid = pNos-i; if( pOp-p2 OPFLAG_CSCHANGE ) db-csChange++; - if( pC-nextRowidValid pTos-i=pC-nextRowid ){ + if( pC-nextRowidValid pNos-i=pC-nextRowid ){ pC-nextRowidValid = 0; } } Cheers, Derrell - To unsubscribe, send email to [EMAIL PROTECTED] -