Prevent use-after-free of the u.vtab.idxStr string following an OOM

while generating the OP_VFilter opcode. FossilOrigin-Name: 751fe4edb2d4602e652523c2759de3f4fffd29d5c66cae68caf45b30fd8b750a
author: drh <drh@noemail.net> 2020-09-17 11:32:14 +0000
committer: drh <drh@noemail.net> 2020-09-17 11:32:14 +0000
commit: bc2e95140b7ff79b26a9ff78cd089e63df7d0fef (patch)
tree: 7ca50d2055260472effe42d904c4431c1106da96 /src/wherecode.c
parent: f1ea42556073c45dc07c31631f4cd12938761889 (diff)
download: sqlite-bc2e95140b7ff79b26a9ff78cd089e63df7d0fef.tar.gz
sqlite-bc2e95140b7ff79b26a9ff78cd089e63df7d0fef.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/src/wherecode.c b/src/wherecode.c
index 591f267e8..ae3a19757 100644
--- a/src/wherecode.c
+++ b/src/wherecode.c
@@ -1397,6 +1397,9 @@ Bitmask sqlite3WhereCodeOneLoopStart(
                       pLoop->u.vtab.needFree ? P4_DYNAMIC : P4_STATIC);
     VdbeCoverage(v);
     pLoop->u.vtab.needFree = 0;
+    /* An OOM inside of AddOp4(OP_VFilter) instruction above might have freed
+    ** the u.vtab.idxStr.  NULL it out to prevent a use-after-free */
+    if( db->mallocFailed ) pLoop->u.vtab.idxStr = 0;
     pLevel->p1 = iCur;
     pLevel->op = pWInfo->eOnePass ? OP_Noop : OP_VNext;
     pLevel->p2 = sqlite3VdbeCurrentAddr(v);
author	drh <drh@noemail.net>	2020-09-17 11:32:14 +0000
committer	drh <drh@noemail.net>	2020-09-17 11:32:14 +0000
commit	bc2e95140b7ff79b26a9ff78cd089e63df7d0fef (patch)
tree	7ca50d2055260472effe42d904c4431c1106da96 /src/wherecode.c
parent	f1ea42556073c45dc07c31631f4cd12938761889 (diff)
download	sqlite-bc2e95140b7ff79b26a9ff78cd089e63df7d0fef.tar.gz sqlite-bc2e95140b7ff79b26a9ff78cd089e63df7d0fef.zip