diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/btree.c | 5 | ||||
| -rw-r--r-- | src/expr.c | 6 | ||||
| -rw-r--r-- | src/vdbeaux.c | 2 |
3 files changed, 11 insertions, 2 deletions
diff --git a/src/btree.c b/src/btree.c index 4a51b01d7..34ce8c359 100644 --- a/src/btree.c +++ b/src/btree.c @@ -7521,8 +7521,13 @@ static int balance_nonroot( ** overflow cell), we can skip updating the pointer map entries. */ if( iOld>=nNew || pNew->pgno!=aPgno[iOld] +#ifdef HAVE_STDINT_H + || (intptr_t)pCell<(intptr_t)aOld + || (intptr_t)pCell>=(intptr_t)&aOld[usableSize] +#else || pCell<aOld || pCell>=&aOld[usableSize] +#endif ){ if( !leafCorrection ){ ptrmapPut(pBt, get4byte(pCell), PTRMAP_BTREE, pNew->pgno, &rc); diff --git a/src/expr.c b/src/expr.c index 8cf018f9d..8f6377e66 100644 --- a/src/expr.c +++ b/src/expr.c @@ -853,6 +853,7 @@ static int dupedExprSize(Expr *p, int flags){ */ static Expr *exprDup(sqlite3 *db, Expr *p, int flags, u8 **pzBuffer){ Expr *pNew = 0; /* Value to return */ + assert( flags==0 || flags==EXPRDUP_REDUCE ); if( p ){ const int isReduced = (flags&EXPRDUP_REDUCE); u8 *zAlloc; @@ -889,7 +890,9 @@ static Expr *exprDup(sqlite3 *db, Expr *p, int flags, u8 **pzBuffer){ }else{ int nSize = exprStructSize(p); memcpy(zAlloc, p, nSize); - memset(&zAlloc[nSize], 0, EXPR_FULLSIZE-nSize); + if( nSize<EXPR_FULLSIZE ){ + memset(&zAlloc[nSize], 0, EXPR_FULLSIZE-nSize); + } } /* Set the EP_Reduced, EP_TokenOnly, and EP_Static flags appropriately. */ @@ -979,6 +982,7 @@ static With *withDup(sqlite3 *db, With *p){ ** part of the in-memory representation of the database schema. */ Expr *sqlite3ExprDup(sqlite3 *db, Expr *p, int flags){ + assert( flags==0 || flags==EXPRDUP_REDUCE ); return exprDup(db, p, flags, 0); } ExprList *sqlite3ExprListDup(sqlite3 *db, ExprList *p, int flags){ diff --git a/src/vdbeaux.c b/src/vdbeaux.c index acf386428..26d162e93 100644 --- a/src/vdbeaux.c +++ b/src/vdbeaux.c @@ -3237,7 +3237,7 @@ u32 sqlite3VdbeSerialPut(u8 *buf, Mem *pMem, u32 serial_type){ assert( pMem->n + ((pMem->flags & MEM_Zero)?pMem->u.nZero:0) == (int)sqlite3VdbeSerialTypeLen(serial_type) ); len = pMem->n; - memcpy(buf, pMem->z, len); + if( len>0 ) memcpy(buf, pMem->z, len); return len; } |