Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/sqlite/src/ext/fts3/fts3_write.c

Issue 10387026: Fix a problem in fts3_write.c causing stack memory to be referenced after it is out of scope (Closed)
Patch Set: Add contact information to the AUTHORS file Created 8 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/sqlite/sqlite-3.7.6.3-fix-out-of-scope-memory-reference.patch ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 ** 2009 Oct 23 2 ** 2009 Oct 23
3 ** 3 **
4 ** The author disclaims copyright to this source code. In place of 4 ** The author disclaims copyright to this source code. In place of
5 ** a legal notice, here is a blessing: 5 ** a legal notice, here is a blessing:
6 ** 6 **
7 ** May you do good and not evil. 7 ** May you do good and not evil.
8 ** May you find forgiveness for yourself and forgive others. 8 ** May you find forgiveness for yourself and forgive others.
9 ** May you share freely, never taking more than you give. 9 ** May you share freely, never taking more than you give.
10 ** 10 **
(...skipping 1220 matching lines...) Expand 10 before | Expand all | Expand 10 after
1231 ** a subset of the terms stored in the Fts3Table.pendingTerms array. 1231 ** a subset of the terms stored in the Fts3Table.pendingTerms array.
1232 */ 1232 */
1233 int sqlite3Fts3SegReaderPending( 1233 int sqlite3Fts3SegReaderPending(
1234 Fts3Table *p, /* Virtual table handle */ 1234 Fts3Table *p, /* Virtual table handle */
1235 const char *zTerm, /* Term to search for */ 1235 const char *zTerm, /* Term to search for */
1236 int nTerm, /* Size of buffer zTerm */ 1236 int nTerm, /* Size of buffer zTerm */
1237 int isPrefix, /* True for a term-prefix query */ 1237 int isPrefix, /* True for a term-prefix query */
1238 Fts3SegReader **ppReader /* OUT: SegReader for pending-terms */ 1238 Fts3SegReader **ppReader /* OUT: SegReader for pending-terms */
1239 ){ 1239 ){
1240 Fts3SegReader *pReader = 0; /* Fts3SegReader object to return */ 1240 Fts3SegReader *pReader = 0; /* Fts3SegReader object to return */
1241 Fts3HashElem *pE; /* Iterator variable */
1241 Fts3HashElem **aElem = 0; /* Array of term hash entries to scan */ 1242 Fts3HashElem **aElem = 0; /* Array of term hash entries to scan */
1242 int nElem = 0; /* Size of array at aElem */ 1243 int nElem = 0; /* Size of array at aElem */
1243 int rc = SQLITE_OK; /* Return Code */ 1244 int rc = SQLITE_OK; /* Return Code */
1244 1245
1245 if( isPrefix ){ 1246 if( isPrefix ){
1246 int nAlloc = 0; /* Size of allocated array at aElem */ 1247 int nAlloc = 0; /* Size of allocated array at aElem */
1247 Fts3HashElem *pE = 0; /* Iterator variable */
1248 1248
1249 for(pE=fts3HashFirst(&p->pendingTerms); pE; pE=fts3HashNext(pE)){ 1249 for(pE=fts3HashFirst(&p->pendingTerms); pE; pE=fts3HashNext(pE)){
1250 char *zKey = (char *)fts3HashKey(pE); 1250 char *zKey = (char *)fts3HashKey(pE);
1251 int nKey = fts3HashKeysize(pE); 1251 int nKey = fts3HashKeysize(pE);
1252 if( nTerm==0 || (nKey>=nTerm && 0==memcmp(zKey, zTerm, nTerm)) ){ 1252 if( nTerm==0 || (nKey>=nTerm && 0==memcmp(zKey, zTerm, nTerm)) ){
1253 if( nElem==nAlloc ){ 1253 if( nElem==nAlloc ){
1254 Fts3HashElem **aElem2; 1254 Fts3HashElem **aElem2;
1255 nAlloc += 16; 1255 nAlloc += 16;
1256 aElem2 = (Fts3HashElem **)sqlite3_realloc( 1256 aElem2 = (Fts3HashElem **)sqlite3_realloc(
1257 aElem, nAlloc*sizeof(Fts3HashElem *) 1257 aElem, nAlloc*sizeof(Fts3HashElem *)
(...skipping 11 matching lines...) Expand all
1269 1269
1270 /* If more than one term matches the prefix, sort the Fts3HashElem 1270 /* If more than one term matches the prefix, sort the Fts3HashElem
1271 ** objects in term order using qsort(). This uses the same comparison 1271 ** objects in term order using qsort(). This uses the same comparison
1272 ** callback as is used when flushing terms to disk. 1272 ** callback as is used when flushing terms to disk.
1273 */ 1273 */
1274 if( nElem>1 ){ 1274 if( nElem>1 ){
1275 qsort(aElem, nElem, sizeof(Fts3HashElem *), fts3CompareElemByTerm); 1275 qsort(aElem, nElem, sizeof(Fts3HashElem *), fts3CompareElemByTerm);
1276 } 1276 }
1277 1277
1278 }else{ 1278 }else{
1279 Fts3HashElem *pE = fts3HashFindElem(&p->pendingTerms, zTerm, nTerm); 1279 pE = fts3HashFindElem(&p->pendingTerms, zTerm, nTerm);
1280 if( pE ){ 1280 if( pE ){
1281 aElem = &pE; 1281 aElem = &pE;
1282 nElem = 1; 1282 nElem = 1;
1283 } 1283 }
1284 } 1284 }
1285 1285
1286 if( nElem>0 ){ 1286 if( nElem>0 ){
1287 int nByte = sizeof(Fts3SegReader) + (nElem+1)*sizeof(Fts3HashElem *); 1287 int nByte = sizeof(Fts3SegReader) + (nElem+1)*sizeof(Fts3HashElem *);
1288 pReader = (Fts3SegReader *)sqlite3_malloc(nByte); 1288 pReader = (Fts3SegReader *)sqlite3_malloc(nByte);
1289 if( !pReader ){ 1289 if( !pReader ){
(...skipping 1428 matching lines...) Expand 10 before | Expand all | Expand 10 after
2718 }else{ 2718 }else{
2719 sqlite3_exec(p->db, "ROLLBACK TO fts3", 0, 0, 0); 2719 sqlite3_exec(p->db, "ROLLBACK TO fts3", 0, 0, 0);
2720 sqlite3_exec(p->db, "RELEASE fts3", 0, 0, 0); 2720 sqlite3_exec(p->db, "RELEASE fts3", 0, 0, 0);
2721 } 2721 }
2722 } 2722 }
2723 sqlite3Fts3SegmentsClose(p); 2723 sqlite3Fts3SegmentsClose(p);
2724 return rc; 2724 return rc;
2725 } 2725 }
2726 2726
2727 #endif 2727 #endif
OLDNEW
« no previous file with comments | « third_party/sqlite/sqlite-3.7.6.3-fix-out-of-scope-memory-reference.patch ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698