On 22/11/62 00:06, Jens Alfke wrote:
On Nov 21, 2019, at 7:01 AM, Richard Hipp <d...@sqlite.org> wrote:
The memset() just forces the bug to the surface in builds where the
ckmalloc()/ckfree() routines of TCL are using caching that prevents
valgrind/ASAN from seeing the use-after-free. The memset() is not
part of the bug fixx itself, but is a preventative measure to try to
prevent similar bugs in the future.
This looks wrong to me:
memset(p->pVfs, 0, sizeof(sqlite3_vfs));
memset(p, 0, sizeof(Testvfs));
ckfree((char *)p->pVfs);
ckfree((char *)p);
The second line zeroes the Testvfs struct pointed to by p;
the third line reads the pVfs field of the struct, which is now NULL,
and then calls free() on that NULL pointer, which is a no-op.
The net result is to leak the heap block pointed to by p->pVfs.
Shouldn't the second and third lines be swapped?
They should indeed.
Thanks,
Dan.
—Jens
_______________________________________________
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
_______________________________________________
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users