On 01/19/2012 04:20 AM, Donald Bryant-Rich wrote:
In the function sqlite3VdbeMemReleaseExternal calls sqlite3DbFree which is passed into the function as the xDel component of the Mem argument to the function (p):if( p->flags&MEM_Dyn&& p->xDel ){ assert( (p->flags&MEM_RowSet)==0 ); p->xDel((void *)p->z); p->xDel = 0; } sqlite3DbFree is declared to take two parameters, a database and a point to the memory to be freed: SQLITE_PRIVATE void sqlite3DbFree(sqlite3*, void*); But the xDel component is set in a number of functions to SQLITE_DYNAMIC which is a cast of sqlite3DbFree to a function taking only one parameter: typedef void (*sqlite3_destructor_type)(void*); #define SQLITE_STATIC ((sqlite3_destructor_type)0) #define SQLITE_TRANSIENT ((sqlite3_destructor_type)-1) #define SQLITE_DYNAMIC ((sqlite3_destructor_type)sqlite3DbFree) This can cause a memory exception when sqlite3DbFree is called with the wrong number of parameters pushed to the stack.
Thanks for reporting this. The definition is certainly incorrect. But looking at the code, we don't see how control could get to that point with xDel==SQLITE_DYNAMIC. At least not with 3.7.10, as SQLITE_DYNAMIC should always be handled here: http://www.sqlite.org/src/artifact/4f7d25d5ea2e?ln=728 Which version are you doing this with? Dan. _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
