On Apr 2, 2010, at 6:15 AM, Daniel Lin wrote:
>
> I've read the test page which you provide.
> But, I still think I'm right. Because Borland C++ Builder's Code
> Guard detect by following method:
>
> 1. Make special tag on 'malloc' memory boundry.
> 2. Check the memcpy is overrun the previous malloc boundry.
>
> I've traced back the callee & caller's code, I'm 80% sure your code
> seems wrong on that line.
>
> That's why I still think your code has problem on that line.
> And I still don't know why my modification will cause malfunction.
> Is there any sample could show the malfunction?
>
> Maybe dmalloc could also help the checking issue. (But, I'm not sure
> it could help on this overrun problem.)
0708 void sqlite3VdbeChangeP4(Vdbe *p, int addr, const char *zP4, int
n){
...
0736 }else if( n==P4_KEYINFO ){
0737 KeyInfo *pKeyInfo;
0738 int nField, nByte;
0739
0740 nField = ((KeyInfo*)zP4)->nField;
0741 nByte = sizeof(*pKeyInfo) + (nField-1)*sizeof(pKeyInfo-
>aColl[0]) + nField;
0742 pKeyInfo = sqlite3Malloc( nByte );
0743 pOp->p4.pKeyInfo = pKeyInfo;
0744 if( pKeyInfo ){
0745 u8 *aSortOrder;
0746 memcpy((char*)pKeyInfo, zP4, nByte);
0747 aSortOrder = pKeyInfo->aSortOrder;
0748 if( aSortOrder ){
0749 pKeyInfo->aSortOrder = (unsigned char*)&pKeyInfo-
>aColl[nField];
0750 memcpy(pKeyInfo->aSortOrder, aSortOrder, nField);
0751 }
0752 pOp->p4type = P4_KEYINFO;
0753 }else{
0754 p->db->mallocFailed = 1;
0755 pOp->p4type = P4_NOTUSED;
0756 }
A pointer to the object to be copied is passed in as parameter zP4.
The size of the object is computed on line 741. Sufficient space to
copy the object is allocated on line 742. The copy occurs on line
746. Lines 747 through 751 copy over some auxiliary information into
the tail the same memory allocation as is used by the original
object. The code is correct is stands.
To see why your change will cause a malfunction, all you have to do is
run the test suite.
Further discussion to sqlite-users@sqlite.org, please.
>
>
> On Fri, Apr 2, 2010 at 11:34, D. Richard Hipp <d...@hwaci.com> wrote:
>
> On Apr 1, 2010, at 9:34 PM, Daniel Lin wrote:
>
> Hi, Richard,
>
> Still not got your reply.
> I've changed the line, and it works well.
> So, I don't know when will the malfunction will occur.
>
> Have you ever used the codeguard like utility to check the sqlite at
> runtime?
>
>
> http://valgrind.org/
> http://www.sqlite.org/testing.html
>
>
>
> On Thu, Mar 25, 2010 at 08:47, Daniel Lin <dlin...@gmail.com> wrote:
> Why, I found the nByte which calculated is 17 bytes.
> But the data structure which come from is only 16 bytes.
>
> That let the code guard noticed me it maybe wrong.
>
>
> On Wed, Mar 24, 2010 at 19:57, D. Richard Hipp <d...@hwaci.com> wrote:
>
> On Mar 24, 2010, at 7:11 AM, Daniel Lin wrote:
>
> About this bug, I found change the code to following will let it
> workable.
> But, I require your confirm.
>
> memcpy(pKeyInfo, zP4, sizeof(*pKeyInfo));
>
> The SQLite code is correct as written. Your change will cause
> SQLite to malfunction.
>
> Check-in http://www.sqlite.org/src/ci/be27897991 is an attempt to
> suppress the warning from code guard. But as I have no way of
> testing to see if the change obtained that goal.
>
>
>
>
> On Wed, Mar 24, 2010 at 19:04, Daniel Lin <dlin...@gmail.com> wrote:
> Dear Dr.,
>
> I use Borland C++ Builder with code guard checking function enabled
> mode . (on 32 bits Windows XP)
>
> I found in an amalgamation sqlite.c may cause memory overrun.
>
> SQLITE_PRIVATE void sqlite3VdbeChangeP4(Vdbe *p, int addr, const
> char *zP4, int n){
> ...
> pOp->p4.pKeyInfo = pKeyInfo;
> if (pKeyInfo ){
> u8 *aSortOrder;
> memcpy(pKeyInfo, zP4, nByte); /* this line force copy 17 bytes
> from 16 bytes structure */
> aSortOrder = pKeyInfo->aSortOrder;
> if( aSortOrder ){
> pKeyInfo->aSortOrder = (unsigned char*)&pKeyInfo->aColl[nField];
> memcpy(pKeyInfo->aSortOrder, aSortOrder, nField);
> }
> pOp->p4type = P4_KEYINFO;
>
>
> D. Richard Hipp
> d...@hwaci.com
>
>
>
>
>
>
> D. Richard Hipp
> d...@hwaci.com
>
>
>
>
D. Richard Hipp
d...@hwaci.com
_______________________________________________
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
