Fix a segfault that can occur in the RowSet object following a malloc

failure. (CVS 5978)

FossilOrigin-Name: cb0f1658d3db7ccf80843d66fa85af8de44710d0

2 files changed, 7 insertions, 4 deletions

diff --git a/src/vdbe.c b/src/vdbe.c
index 191b3c58f..bde57f587 100644
--- a/src/vdbe.c
+++ b/src/vdbe.c
@@ -43,7 +43,7 @@
 ** in this file for details.  If in doubt, do not deviate from existing
 ** commenting and indentation practices when changing or adding code.
 **
-** $Id: vdbe.c,v 1.790 2008/12/04 20:40:10 drh Exp $
+** $Id: vdbe.c,v 1.791 2008/12/04 22:17:56 drh Exp $
 */
 #include "sqliteInt.h"
 #include <ctype.h>
@@ -4302,6 +4302,7 @@ case OP_RowSetAdd: {       /* in2 */
   assert( (pVal->flags & MEM_Int)!=0 );
   if( (pIdx->flags & MEM_RowSet)==0 ){
     sqlite3VdbeMemSetRowSet(pIdx);
+    if( (pIdx->flags & MEM_RowSet)==0 ) goto no_mem;
   }
   sqlite3RowSetInsert(pIdx->u.pRowSet, pVal->u.i);
   break;
diff --git a/src/vdbemem.c b/src/vdbemem.c
index d9ec059e8..ffe2e1543 100644
--- a/src/vdbemem.c
+++ b/src/vdbemem.c
@@ -15,7 +15,7 @@
 ** only within the VDBE.  Interface routines refer to a Mem using the
 ** name sqlite_value
 **
-** $Id: vdbemem.c,v 1.127 2008/12/04 20:40:10 drh Exp $
+** $Id: vdbemem.c,v 1.128 2008/12/04 22:17:56 drh Exp $
 */
 #include "sqliteInt.h"
 #include <ctype.h>
@@ -510,12 +510,14 @@ void sqlite3VdbeMemSetRowSet(Mem *pMem){
     sqlite3VdbeMemRelease(pMem);
     pMem->zMalloc = sqlite3DbMallocRaw(db, 32);
   }
-  if( !db->mallocFailed ){
+  if( db->mallocFailed ){
+    pMem->flags = MEM_Null;
+  }else{
     assert( pMem->zMalloc );
     pMem->u.pRowSet = sqlite3RowSetInit(db, pMem->zMalloc, 
                                        sqlite3DbMallocSize(db, pMem->zMalloc));
     assert( pMem->u.pRowSet!=0 );
-    pMem->flags = MEM_RowSet|MEM_Dyn;
+    pMem->flags = MEM_RowSet;
   }
 }