Protect every access to the Table.u union using a nearby assert() or branch.

FossilOrigin-Name: 50e08338aed7ac0cee600098d2ecd4b3b7bfd31a597bb26773badf3d2e2582c8
author: drh <> 2021-10-07 12:11:20 +0000
committer: drh <> 2021-10-07 12:11:20 +0000
commit: 78b2fa8610bd2d149af7746faa79f095e505550c (patch)
tree: 2cc1a3e64483ca30acb31ead81e32df29913387f /src
parent: 16a8f28e492507523c6b0b9d0bc0d9fd43c253a7 (diff)
download: sqlite-78b2fa8610bd2d149af7746faa79f095e505550c.tar.gz
sqlite-78b2fa8610bd2d149af7746faa79f095e505550c.zip
7 files changed, 44 insertions, 29 deletions
diff --git a/src/alter.c b/src/alter.c
index 81f6cf69d..8b8fbf2be 100644
--- a/src/alter.c
+++ b/src/alter.c
@@ -367,6 +367,7 @@ void sqlite3AlterFinishAddColumn(Parse *pParse, Token *pColDef){
     if( pDflt && pDflt->pLeft->op==TK_NULL ){
       pDflt = 0;
     }
+    assert( IsOrdinaryTable(pNew) );
     if( (db->flags&SQLITE_ForeignKeys) && pNew->u.tab.pFKey && pDflt ){
       sqlite3ErrorIfNotEmpty(pParse, zDb, zTab,
           "Cannot add a REFERENCES column with non-NULL default value");
@@ -409,7 +410,8 @@ void sqlite3AlterFinishAddColumn(Parse *pParse, Token *pColDef){
     }
     /* substr() operations on characters, but addColOffset is in bytes. So we
     ** have to use printf() to translate between these units: */
-    assert( !IsVirtual(pTab) );
+    assert( IsOrdinaryTable(pTab) );
+    assert( IsOrdinaryTable(pNew) );
     sqlite3NestedParse(pParse, 
         "UPDATE \"%w\"." DFLT_SCHEMA_TABLE " SET "
           "sql = printf('%%.%ds, ',sql) || %Q"
@@ -503,6 +505,7 @@ void sqlite3AlterBeginAddColumn(Parse *pParse, SrcList *pSrc){
   }
 
   sqlite3MayAbort(pParse);
+  assert( IsOrdinaryTable(pTab) );
   assert( pTab->u.tab.addColOffset>0 );
   iDb = sqlite3SchemaToIndex(db, pTab->pSchema);
 
@@ -533,7 +536,7 @@ void sqlite3AlterBeginAddColumn(Parse *pParse, SrcList *pSrc){
     pCol->zCnName = sqlite3DbStrDup(db, pCol->zCnName);
     pCol->hName = sqlite3StrIHash(pCol->zCnName);
   }
-  assert( !IsVirtual(pNew) );
+  assert( IsOrdinaryTable(pNew) );
   pNew->u.tab.pDfltList = sqlite3ExprListDup(db, pTab->u.tab.pDfltList, 0);
   pNew->pSchema = db->aDb[iDb].pSchema;
   pNew->u.tab.addColOffset = pTab->u.tab.addColOffset;
@@ -1531,7 +1534,7 @@ static void renameColumnFunc(
 #endif
       }
 
-      assert( !IsVirtual(sParse.pNewTable) );
+      assert( IsOrdinaryTable(sParse.pNewTable) );
       for(pFKey=sParse.pNewTable->u.tab.pFKey; pFKey; pFKey=pFKey->pNextFrom){
         for(i=0; i<pFKey->nCol; i++){
           if( bFKOnly==0 && pFKey->aCol[i].iFrom==iCol ){
@@ -1721,7 +1724,7 @@ static void renameTableFunc(
            && !IsVirtual(pTab)
           ){
             FKey *pFKey;
-            assert( !IsVirtual(pTab) );
+            assert( IsOrdinaryTable(pTab) );
             for(pFKey=pTab->u.tab.pFKey; pFKey; pFKey=pFKey->pNextFrom){
               if( sqlite3_stricmp(pFKey->zTo, zOld)==0 ){
                 renameTokenFind(&sParse, &sCtx, (void*)pFKey->zTo);
@@ -2042,7 +2045,7 @@ static void dropColumnFunc(
     pEnd = renameTokenFind(&sParse, 0, (void*)pTab->aCol[iCol+1].zCnName);
     zEnd = (const char*)pEnd->t.z;
   }else{
-    assert( !IsVirtual(pTab) );
+    assert( IsOrdinaryTable(pTab) );
     zEnd = (const char*)&zSql[pTab->u.tab.addColOffset];
     while( ALWAYS(pCol->t.z[0]!=0) && pCol->t.z[0]!=',' ) pCol->t.z--;
   }
diff --git a/src/build.c b/src/build.c
index f7d285c2b..12d6b187c 100644
--- a/src/build.c
+++ b/src/build.c
@@ -683,7 +683,7 @@ void sqlite3ColumnSetExpr(
   Expr *pExpr       /* The new default expression */
 ){
   ExprList *pList;
-  assert( !IsVirtual(pTab) );
+  assert( IsOrdinaryTable(pTab) );
   pList = pTab->u.tab.pDfltList;
   if( pCol->iDflt==0
    || NEVER(pList==0)
@@ -704,7 +704,7 @@ void sqlite3ColumnSetExpr(
 */
 Expr *sqlite3ColumnExpr(Table *pTab, Column *pCol){
   if( pCol->iDflt==0 ) return 0;
-  if( NEVER(IsVirtual(pTab)) ) return 0;
+  if( NEVER(!IsOrdinaryTable(pTab)) ) return 0;
   if( NEVER(pTab->u.tab.pDfltList==0) ) return 0;
   if( NEVER(pTab->u.tab.pDfltList->nExpr<pCol->iDflt) ) return 0;
   return pTab->u.tab.pDfltList->a[pCol->iDflt-1].pExpr;
@@ -763,13 +763,13 @@ void sqlite3DeleteColumnNames(sqlite3 *db, Table *pTable){
       sqlite3DbFree(db, pCol->zCnName);
     }
     sqlite3DbFree(db, pTable->aCol);
-    if( !IsVirtual(pTable) ){
+    if( IsOrdinaryTable(pTable) ){
       sqlite3ExprListDelete(db, pTable->u.tab.pDfltList);
     }
     if( db==0 || db->pnBytesFreed==0 ){
       pTable->aCol = 0;
       pTable->nCol = 0;
-      if( !IsVirtual(pTable) ){
+      if( IsOrdinaryTable(pTable) ){
         pTable->u.tab.pDfltList = 0;
       }
     }
@@ -3549,6 +3549,7 @@ void sqlite3CreateForeignKey(
     goto fk_end;
   }
   pFKey->pFrom = p;
+  assert( IsOrdinaryTable(p) );
   pFKey->pNextFrom = p->u.tab.pFKey;
   z = (char*)&pFKey->aCol[nCol];
   pFKey->zTo = z;
@@ -3614,7 +3615,7 @@ void sqlite3CreateForeignKey(
 
   /* Link the foreign key to the table as the last step.
   */
-  assert( !IsVirtual(p) );
+  assert( IsOrdinaryTable(p) );
   p->u.tab.pFKey = pFKey;
   pFKey = 0;
 
@@ -3637,7 +3638,7 @@ void sqlite3DeferForeignKey(Parse *pParse, int isDeferred){
   Table *pTab;
   FKey *pFKey;
   if( (pTab = pParse->pNewTable)==0 ) return;
-  if( NEVER(IsVirtual(pTab)) ) return;
+  if( NEVER(!IsOrdinaryTable(pTab)) ) return;
   if( (pFKey = pTab->u.tab.pFKey)==0 ) return;
   assert( isDeferred==0 || isDeferred==1 ); /* EV: R-30323-21917 */
   pFKey->isDeferred = (u8)isDeferred;
diff --git a/src/fkey.c b/src/fkey.c
index 5888e558f..7a82a1c13 100644
--- a/src/fkey.c
+++ b/src/fkey.c
@@ -720,13 +720,12 @@ static void fkTriggerDelete(sqlite3 *dbMem, Trigger *p){
 */
 void sqlite3FkDropTable(Parse *pParse, SrcList *pName, Table *pTab){
   sqlite3 *db = pParse->db;
-  if( (db->flags&SQLITE_ForeignKeys) && !IsVirtual(pTab) ){
+  if( (db->flags&SQLITE_ForeignKeys) && IsOrdinaryTable(pTab) ){
     int iSkip = 0;
     Vdbe *v = sqlite3GetVdbe(pParse);
 
     assert( v );                  /* VDBE has already been allocated */
-    assert( !IsView(pTab) );      /* Not a view */
-    assert( !IsVirtual(pTab) );
+    assert( IsOrdinaryTable(pTab) );
     if( sqlite3FkReferences(pTab)==0 ){
       /* Search for a deferred foreign key constraint for which this table
       ** is the child table. If one cannot be found, return without 
@@ -890,13 +889,13 @@ void sqlite3FkCheck(
 
   /* If foreign-keys are disabled, this function is a no-op. */
   if( (db->flags&SQLITE_ForeignKeys)==0 ) return;
+  if( !IsOrdinaryTable(pTab) ) return;
 
   iDb = sqlite3SchemaToIndex(db, pTab->pSchema);
   zDb = db->aDb[iDb].zDbSName;
 
   /* Loop through all the foreign key constraints for which pTab is the
   ** child table (the table that the foreign key definition is part of).  */
-  assert( !IsVirtual(pTab) );
   for(pFKey=pTab->u.tab.pFKey; pFKey; pFKey=pFKey->pNextFrom){
     Table *pTo;                   /* Parent table of foreign key pFKey */
     Index *pIdx = 0;              /* Index on key columns in pTo */
@@ -1079,10 +1078,9 @@ u32 sqlite3FkOldmask(
   Table *pTab                     /* Table being modified */
 ){
   u32 mask = 0;
-  if( pParse->db->flags&SQLITE_ForeignKeys ){
+  if( pParse->db->flags&SQLITE_ForeignKeys && IsOrdinaryTable(pTab) ){
     FKey *p;
     int i;
-    assert( !IsVirtual(pTab) );
     for(p=pTab->u.tab.pFKey; p; p=p->pNextFrom){
       for(i=0; i<p->nCol; i++) mask |= COLUMN_MASK(p->aCol[i].iFrom);
     }
@@ -1133,7 +1131,7 @@ int sqlite3FkRequired(
 ){
   int eRet = 1;                   /* Value to return if bHaveFK is true */
   int bHaveFK = 0;                /* If FK processing is required */
-  if( pParse->db->flags&SQLITE_ForeignKeys && !IsVirtual(pTab) ){
+  if( pParse->db->flags&SQLITE_ForeignKeys && IsOrdinaryTable(pTab) ){
     if( !aChange ){
       /* A DELETE operation. Foreign key processing is required if the 
       ** table in question is either the child or parent table for any 
@@ -1421,7 +1419,7 @@ void sqlite3FkDelete(sqlite3 *db, Table *pTab){
   FKey *pFKey;                    /* Iterator variable */
   FKey *pNext;                    /* Copy of pFKey->pNextFrom */
 
-  assert( !IsVirtual(pTab) );
+  assert( IsOrdinaryTable(pTab) );
   for(pFKey=pTab->u.tab.pFKey; pFKey; pFKey=pNext){
     assert( db==0 || sqlite3SchemaMutexHeld(db, 0, pTab->pSchema) );
 
diff --git a/src/insert.c b/src/insert.c
index acaafa023..84b998a64 100644
--- a/src/insert.c
+++ b/src/insert.c
@@ -2219,7 +2219,8 @@ void sqlite3GenerateConstraintChecks(
     **
     ** This is not possible for ENABLE_PREUPDATE_HOOK builds, as the row
     ** must be explicitly deleted in order to ensure any pre-update hook
-    ** is invoked.  */ 
+    ** is invoked.  */
+    assert( IsOrdinaryTable(pTab) );
 #ifndef SQLITE_ENABLE_PREUPDATE_HOOK
     if( (ix==0 && pIdx->pNext==0)                   /* Condition 3 */
      && pPk==pIdx                                   /* Condition 2 */
@@ -2940,6 +2941,7 @@ static int xferOptimization(
   ** the extra complication to make this rule less restrictive is probably
   ** not worth the effort.  Ticket [6284df89debdfa61db8073e062908af0c9b6118e]
   */
+  assert( IsOrdinaryTable(pDest) );
   if( (db->flags & SQLITE_ForeignKeys)!=0 && pDest->u.tab.pFKey!=0 ){
     return 0;
   }
diff --git a/src/pragma.c b/src/pragma.c
index 8abbeb92e..5a2c4e555 100644
--- a/src/pragma.c
+++ b/src/pragma.c
@@ -1408,7 +1408,7 @@ void sqlite3Pragma(
     FKey *pFK;
     Table *pTab;
     pTab = sqlite3FindTable(db, zRight, zDb);
-    if( pTab && !IsVirtual(pTab) ){
+    if( pTab && IsOrdinaryTable(pTab) ){
       pFK = pTab->u.tab.pFKey;
       if( pFK ){
         int iTabDb = sqlite3SchemaToIndex(db, pTab->pSchema);
@@ -1468,7 +1468,7 @@ void sqlite3Pragma(
         pTab = (Table*)sqliteHashData(k);
         k = sqliteHashNext(k);
       }
-      if( pTab==0 || IsVirtual(pTab) || pTab->u.tab.pFKey==0 ) continue;
+      if( pTab==0 || !IsOrdinaryTable(pTab) || pTab->u.tab.pFKey==0 ) continue;
       iDb = sqlite3SchemaToIndex(db, pTab->pSchema);
       zDb = db->aDb[iDb].zDbSName;
       sqlite3CodeVerifySchema(pParse, iDb);
@@ -1476,7 +1476,7 @@ void sqlite3Pragma(
       if( pTab->nCol+regRow>pParse->nMem ) pParse->nMem = pTab->nCol + regRow;
       sqlite3OpenTable(pParse, 0, iDb, pTab, OP_OpenRead);
       sqlite3VdbeLoadString(v, regResult, pTab->zName);
-      assert( !IsVirtual(pTab) );
+      assert( IsOrdinaryTable(pTab) );
       for(i=1, pFK=pTab->u.tab.pFKey; pFK; i++, pFK=pFK->pNextFrom){
         pParent = sqlite3FindTable(db, pFK->zTo, zDb);
         if( pParent==0 ) continue;
@@ -1499,7 +1499,7 @@ void sqlite3Pragma(
       if( pFK ) break;
       if( pParse->nTab<i ) pParse->nTab = i;
       addrTop = sqlite3VdbeAddOp1(v, OP_Rewind, 0); VdbeCoverage(v);
-      assert( !IsVirtual(pTab) );
+      assert( IsOrdinaryTable(pTab) );
       for(i=1, pFK=pTab->u.tab.pFKey; pFK; i++, pFK=pFK->pNextFrom){
         pParent = sqlite3FindTable(db, pFK->zTo, zDb);
         pIdx = 0;
diff --git a/src/vdbeblob.c b/src/vdbeblob.c
index cc427b9c3..9cf6b5495 100644
--- a/src/vdbeblob.c
+++ b/src/vdbeblob.c
@@ -212,7 +212,7 @@ int sqlite3_blob_open(
         ** key columns must be indexed. The check below will pick up this 
         ** case.  */
         FKey *pFKey;
-        assert( !IsVirtual(pTab) );
+        assert( IsOrdinaryTable(pTab) );
         for(pFKey=pTab->u.tab.pFKey; pFKey; pFKey=pFKey->pNextFrom){
           int j;
           for(j=0; j<pFKey->nCol; j++){
diff --git a/src/vtab.c b/src/vtab.c
index 3c9b2f275..9f742ec1a 100644
--- a/src/vtab.c
+++ b/src/vtab.c
@@ -228,7 +228,10 @@ void sqlite3VtabUnlock(VTable *pVTab){
 */
 static VTable *vtabDisconnectAll(sqlite3 *db, Table *p){
   VTable *pRet = 0;
-  VTable *pVTable = p->u.vtab.p;
+  VTable *pVTable;
+
+  assert( IsVirtual(p) );
+  pVTable = p->u.vtab.p;
   p->u.vtab.p = 0;
 
   /* Assert that the mutex (if any) associated with the BtShared database 
@@ -336,6 +339,7 @@ void sqlite3VtabUnlockList(sqlite3 *db){
 ** database connection.
 */
 void sqlite3VtabClear(sqlite3 *db, Table *p){
+  assert( IsVirtual(p) );
   if( !db || db->pnBytesFreed==0 ) vtabDisconnectAll(0, p);
   if( p->u.vtab.azArg ){
     int i;
@@ -353,9 +357,12 @@ void sqlite3VtabClear(sqlite3 *db, Table *p){
 ** deleted.
 */
 static void addModuleArgument(Parse *pParse, Table *pTable, char *zArg){
-  sqlite3_int64 nBytes = sizeof(char *)*(2+pTable->u.vtab.nArg);
+  sqlite3_int64 nBytes;
   char **azModuleArg;
   sqlite3 *db = pParse->db;
+
+  assert( IsVirtual(pTable) );
+  nBytes = sizeof(char *)*(2+pTable->u.vtab.nArg);
   if( pTable->u.vtab.nArg+3>=db->aLimit[SQLITE_LIMIT_COLUMN] ){
     sqlite3ErrorMsg(pParse, "too many columns on %s", pTable->zName);
   }
@@ -442,6 +449,7 @@ void sqlite3VtabFinishParse(Parse *pParse, Token *pEnd){
   sqlite3 *db = pParse->db;         /* The database connection */
 
   if( pTab==0 ) return;
+  assert( IsVirtual(pTab) );
   addArgumentToVtab(pParse);
   pParse->sArg.z = 0;
   if( pTab->u.vtab.nArg<1 ) return;
@@ -559,13 +567,16 @@ static int vtabCallConstructor(
   VtabCtx sCtx;
   VTable *pVTable;
   int rc;
-  const char *const*azArg = (const char *const*)pTab->u.vtab.azArg;
+  const char *const*azArg;
   int nArg = pTab->u.vtab.nArg;
   char *zErr = 0;
   char *zModuleName;
   int iDb;
   VtabCtx *pCtx;
 
+  assert( IsVirtual(pTab) );
+  azArg = (const char *const*)pTab->u.vtab.azArg;
+
   /* Check that the virtual-table is not already being initialized */
   for(pCtx=db->pVtabCtx; pCtx; pCtx=pCtx->pPrior){
     if( pCtx->pTab==pTab ){
@@ -893,7 +904,7 @@ int sqlite3VtabCallDestroy(sqlite3 *db, int iDb, const char *zTab){
   Table *pTab;
 
   pTab = sqlite3FindTable(db, zTab, db->aDb[iDb].zDbSName);
-  if( pTab!=0 && ALWAYS(pTab->u.vtab.p!=0) ){
+  if( pTab!=0 && ALWAYS(IsVirtual(pTab)) && ALWAYS(pTab->u.vtab.p!=0) ){
     VTable *p;
     int (*xDestroy)(sqlite3_vtab *);
     for(p=pTab->u.vtab.p; p; p=p->pNext){
author	drh <>	2021-10-07 12:11:20 +0000
committer	drh <>	2021-10-07 12:11:20 +0000
commit	78b2fa8610bd2d149af7746faa79f095e505550c (patch)
tree	2cc1a3e64483ca30acb31ead81e32df29913387f /src
parent	16a8f28e492507523c6b0b9d0bc0d9fd43c253a7 (diff)
download	sqlite-78b2fa8610bd2d149af7746faa79f095e505550c.tar.gz sqlite-78b2fa8610bd2d149af7746faa79f095e505550c.zip