Bug list return me error, so posting here hoping someone watchs it.
A suspicious piece of code.
The variable nDummy is not initialized *(1)* in the function but its
pointer *(2)* is passed to *vdbePmaReaderInit* that increments *(3)* its
value.
static int vdbeMergeEngineLevel0(
SortSubtask *pTask, /* Sorter task to read from */
int nPMA, /* Number of PMAs to read */
i64 *piOffset, /* IN/OUT: Readr offset in pTask->file */
MergeEngine **ppOut /* OUT: New merge-engine */
){
MergeEngine *pNew; /* Merge engine to return */
i64 iOff = *piOffset;
int i;
int rc = SQLITE_OK;
*ppOut = pNew = vdbeMergeEngineNew(nPMA);
if( pNew==0 ) rc = SQLITE_NOMEM;
for(i=0; iaReadr[i];
rc = vdbePmaReaderInit(pTask, >file, iOff, pReadr, &*nDummy*);
*-(2)*
iOff = pReadr->iEof;
}
if( rc!=SQLITE_OK ){
vdbeMergeEngineFree(pNew);
*ppOut = 0;
}
*piOffset = iOff;
return rc;
}
static int vdbePmaReaderInit(
SortSubtask *pTask, /* Task context */
SorterFile *pFile, /* Sorter file to read from */
i64 iStart, /* Start offset in pFile */
PmaReader *pReadr, /* PmaReader to populate */
i64 **pnByte* /* IN/OUT: Increment this value by PMA
size */
){
int rc;
assert( pFile->iEof>iStart );
assert( pReadr->aAlloc==0 && pReadr->nAlloc==0 );
assert( pReadr->aBuffer==0 );
assert( pReadr->aMap==0 );
rc = vdbePmaReaderSeek(pTask, pReadr, pFile, iStart);
if( rc==SQLITE_OK ){
u64 nByte;/* Size of PMA in bytes */
rc = vdbePmaReadVarint(pReadr, );
pReadr->iEof = pReadr->iReadOff + nByte;
**pnByte* += nByte;
*--(3)*
}
if( rc==SQLITE_OK ){
rc = vdbePmaReaderNext(pReadr);
}
return rc;
}
Regards
