Hi,
Thank you for the great package.
I am reporting a suspicious compile-time error warning and
a fix to avoid a negative array index access during run time within
an assert().
Background:
I was compiling mozilla thunderbird, and ever since I switched to
GCC 4.9.1 with its improved compile-time check, I received
a compile-time warning during the compilation of
sqlite3 source which mozilla
has imported for its own use.
This is inside a function called fts2EvalIncrPhraseNext().
The warning is of the following form (the line numbers are slightly off
due to the revisions between the time mozilla imported the source and
the current pre-released zip I obtained from your
web server. As of today, it would be
line 133915 in sqlite-amalgamation-201409301904.zip
(1.47 MiB)
WARNING lines:
/REF-COMM-CENTRAL/comm-central/mozilla/db/sqlite3/src/sqlite3.c: In
function ‘fts3EvalNextRow.part.612’:
/REF-COMM-CENTRAL/comm-central/mozilla/db/sqlite3/src/sqlite3.c:131262:19:
warning: array subscript is below array bounds [-Warray-bounds]
assert( rc!=SQLITE_OK || a[p->nToken-1].bIgnore==0 );
^
Looking at the code, it became obvious that
the assert() is called in an else clause of
an if in the following form.
if (p->nToken == 1 && p->bIncr ) {
...
} else {
... assert()...
}
So that means the compiler deduces that p->nToken can be either larger
than 1 (> 1) or smaller than 1 (meaning 0 ).
So if p->nToken == 0 during runtime, then it would cause a negative
index to be used within the assert() statement.
Now, of course, logically this may not happen from the behavior of
sqlite3. I am not familiar with the code.
However, the following patch fixes the warning to disappear and
takes care of the strange case of p->nToken == 0 (or smaller. Not sure
if nToken is unsigned) as well.
I am keen on seeing compiler warnings disappear from
the compilation of mozilla software. Since sqlite3 is imported from
upstream site, i.e. yours, I would like to see the
issue solved here.
Thank you in advance for your attention.
# HG changeset patch
# Parent 089cc337820f0ed141601f4fb1477d57583a5eed
# User ISHIKAWA, Chiaki <ishik...@yk.rim.or.jp>
In an error path, an index to an array can be negative.
diff --git a/db/sqlite3/src/sqlite3.c b/db/sqlite3/src/sqlite3.c
--- a/db/sqlite3/src/sqlite3.c
+++ b/db/sqlite3/src/sqlite3.c
@@ -129044,17 +129044,17 @@ static int fts3EvalIncrPhraseNext(
/* Advance the iterator for each token in the phrase once. */
for(i=0; rc==SQLITE_OK && i<p->nToken && bEof==0; i++){
rc = incrPhraseTokenNext(pTab, p, i, &a[i], &bEof);
if( a[i].bIgnore==0 && (bMaxSet==0 || DOCID_CMP(iMax,
a[i].iDocid)<0) ){
iMax = a[i].iDocid;
bMaxSet = 1;
}
}
- assert( rc!=SQLITE_OK || a[p->nToken-1].bIgnore==0 );
+ assert( rc!=SQLITE_OK || ((p->nToken >= 1) &&
a[p->nToken-1].bIgnore==0) );
assert( rc!=SQLITE_OK || bMaxSet );
/* Keep advancing iterators until they all point to the same
document */
for(i=0; i<p->nToken; i++){
while( rc==SQLITE_OK && bEof==0
&& a[i].bIgnore==0 && DOCID_CMP(a[i].iDocid, iMax)<0
){
rc = incrPhraseTokenNext(pTab, p, i, &a[i], &bEof);
_______________________________________________
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
