diff options
| author | drh <drh@noemail.net> | 2009-05-05 15:46:43 +0000 |
|---|---|---|
| committer | drh <drh@noemail.net> | 2009-05-05 15:46:43 +0000 |
| commit | 3500ed6650b72640070fd03f76661005f565d7bb (patch) | |
| tree | 8ded86471ad2fc065a016482f965a7fbec4284db /src | |
| parent | e289d6069ad2ae464405c152a3c57235a8b8246e (diff) | |
| download | sqlite-3500ed6650b72640070fd03f76661005f565d7bb.tar.gz sqlite-3500ed6650b72640070fd03f76661005f565d7bb.zip | |
Make sure the left-shift operator never overflows. (CVS 6605)
FossilOrigin-Name: 300da30178c46ab9f2ceb0c3e3ee3eac73d5d8e1
Diffstat (limited to 'src')
| -rw-r--r-- | src/resolve.c | 8 | ||||
| -rw-r--r-- | src/vdbeaux.c | 8 | ||||
| -rw-r--r-- | src/where.c | 3 |
3 files changed, 12 insertions, 7 deletions
diff --git a/src/resolve.c b/src/resolve.c index ac6ada05e..4d34317e0 100644 --- a/src/resolve.c +++ b/src/resolve.c @@ -14,7 +14,7 @@ ** resolve all identifiers by associating them with a particular ** table and column. ** -** $Id: resolve.c,v 1.21 2009/05/01 21:13:37 drh Exp $ +** $Id: resolve.c,v 1.22 2009/05/05 15:46:43 drh Exp $ */ #include "sqliteInt.h" #include <stdlib.h> @@ -248,7 +248,11 @@ static int lookupName( if( iCol>=0 ){ testcase( iCol==31 ); testcase( iCol==32 ); - *piColMask |= ((u32)1<<iCol) | (iCol>=32?0xffffffff:0); + if( iCol>=32 ){ + *piColMask = 0xffffffff; + }else{ + *piColMask |= ((u32)1)<<iCol; + } } break; } diff --git a/src/vdbeaux.c b/src/vdbeaux.c index 3e5232258..b26adc458 100644 --- a/src/vdbeaux.c +++ b/src/vdbeaux.c @@ -14,7 +14,7 @@ ** to version 2.8.7, all this code was combined into the vdbe.c source file. ** But that file was getting too big so this subroutines were split out. ** -** $Id: vdbeaux.c,v 1.455 2009/05/04 11:42:30 danielk1977 Exp $ +** $Id: vdbeaux.c,v 1.456 2009/05/05 15:46:43 drh Exp $ */ #include "sqliteInt.h" #include "vdbeInt.h" @@ -730,9 +730,9 @@ static char *displayP4(Op *pOp, char *zTemp, int nTemp){ */ void sqlite3VdbeUsesBtree(Vdbe *p, int i){ int mask; - assert( i>=0 && i<p->db->nDb ); + assert( i>=0 && i<p->db->nDb && i<sizeof(u32)*8 ); assert( i<(int)sizeof(p->btreeMask)*8 ); - mask = 1<<i; + mask = ((u32)1)<<i; if( (p->btreeMask & mask)==0 ){ p->btreeMask |= mask; sqlite3BtreeMutexArrayInsert(&p->aMutex, p->db->aDb[i].pBt); @@ -1940,7 +1940,7 @@ void sqlite3VdbeDeleteAuxData(VdbeFunc *pVdbeFunc, int mask){ int i; for(i=0; i<pVdbeFunc->nAux; i++){ struct AuxData *pAux = &pVdbeFunc->apAux[i]; - if( (i>31 || !(mask&(1<<i))) && pAux->pAux ){ + if( (i>31 || !(mask&(((u32)1)<<i))) && pAux->pAux ){ if( pAux->xDelete ){ pAux->xDelete(pAux->pAux); } diff --git a/src/where.c b/src/where.c index 436c24684..071509535 100644 --- a/src/where.c +++ b/src/where.c @@ -16,7 +16,7 @@ ** so is applicable. Because this module is responsible for selecting ** indices, you might also think of this module as the "query optimizer". ** -** $Id: where.c,v 1.392 2009/05/01 21:13:37 drh Exp $ +** $Id: where.c,v 1.393 2009/05/05 15:46:43 drh Exp $ */ #include "sqliteInt.h" @@ -384,6 +384,7 @@ static void whereSplit(WhereClause *pWC, Expr *pExpr, int op){ */ static Bitmask getMask(WhereMaskSet *pMaskSet, int iCursor){ int i; + assert( pMaskSet->n<=sizeof(Bitmask)*8 ); for(i=0; i<pMaskSet->n; i++){ if( pMaskSet->ix[i]==iCursor ){ return ((Bitmask)1)<<i; |