On 2017-04-19 19:31, Dan Kennedy wrote:
On 04/18/2017 07:12 PM, Vitti wrote:
In my opinion this is probably due to erroneous usage of variable res
in the branches
of the huge switch in sqlite3VdbeExec
What's wrong with ``{ int res; res = 0; }''? The sanitizer should alert
in the following code: ``int *p; { int res; p = &res; } p[0] = 0;''.
Does it not like us using a
switch() to jump into the middle of a block that contains variable
declarations?
If it had been true in general, then it would have tripped on earlier
``pC = p->apCsr[pOp->p1];'' or ``pCrsr = pC->uc.pCursor;'' (both ``pC''
and ``pCrsr'' are local to the block). It is too simple to be not
detected. I would bet on a bug in the sanitizer triggered by a
composition of (a) successive blocks conataining ``res'', (b) switch
into the place just after a declaration in the middle of a block, (c) an
using of a pointer to ``res'', and (d) a huge size of ``switch(...)''.
- best regards
Cezary H. Noweta
_______________________________________________
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
