Blame SOURCES/sqlite-3.26.0-CVE-2019-5827.patch

113387
Subject: [PATCH] Use the 64-bit memory allocator interfaces in extensions,
113387
 whenever possible and Enforce the SQLITE_LIMIT_COLUMN limit on virtual tables
113387
113387
---
113387
 ext/fts3/fts3_snippet.c       |  7 ++++---
113387
 ext/fts3/fts3_test.c          |  6 +++---
113387
 ext/fts3/fts3_tokenize_vtab.c |  2 +-
113387
 ext/fts3/fts3_tokenizer.c     |  4 ++--
113387
 ext/fts3/fts3_write.c         | 19 ++++++++++---------
113387
 ext/fts5/fts5_tokenize.c      |  2 +-
113387
 ext/rtree/geopoly.c           | 20 ++++++++++----------
113387
 src/build.c                   |  8 ++++----
113387
 src/expr.c                    |  2 +-
113387
 src/main.c                    |  2 +-
113387
 src/test_fs.c                 |  2 +-
113387
 src/util.c                    |  2 +-
113387
 src/vdbeaux.c                 |  8 +++++---
113387
 src/vdbesort.c                |  4 ++--
113387
 src/vtab.c                    | 25 +++++++++++++++----------
113387
 15 files changed, 61 insertions(+), 52 deletions(-)
113387
113387
diff --git a/ext/fts3/fts3_snippet.c b/ext/fts3/fts3_snippet.c
113387
index 5778620..efffff3 100644
113387
--- a/ext/fts3/fts3_snippet.c
113387
+++ b/ext/fts3/fts3_snippet.c
113387
@@ -130,10 +130,11 @@ struct StrBuffer {
113387
 */
113387
 static MatchinfoBuffer *fts3MIBufferNew(int nElem, const char *zMatchinfo){
113387
   MatchinfoBuffer *pRet;
113387
-  int nByte = sizeof(u32) * (2*nElem + 1) + sizeof(MatchinfoBuffer);
113387
-  int nStr = (int)strlen(zMatchinfo);
113387
+  sqlite3_int64 nByte = sizeof(u32) * (2*(sqlite3_int64)nElem + 1)
113387
+                           + sizeof(MatchinfoBuffer);
113387
+  sqlite3_int64 nStr = strlen(zMatchinfo);
113387
 
113387
-  pRet = sqlite3_malloc(nByte + nStr+1);
113387
+  pRet = sqlite3_malloc64(nByte + nStr+1);
113387
   if( pRet ){
113387
     memset(pRet, 0, nByte);
113387
     pRet->aMatchinfo[0] = (u8*)(&pRet->aMatchinfo[1]) - (u8*)pRet;
113387
diff --git a/ext/fts3/fts3_test.c b/ext/fts3/fts3_test.c
113387
index a48a556..0b4edcc 100644
113387
--- a/ext/fts3/fts3_test.c
113387
+++ b/ext/fts3/fts3_test.c
113387
@@ -448,14 +448,14 @@ static int testTokenizerNext(
113387
   }else{
113387
     /* Advance to the end of the token */
113387
     const char *pToken = p;
113387
-    int nToken;
113387
+    sqlite3_int64 nToken;
113387
     while( p
113387
-    nToken = (int)(p-pToken);
113387
+    nToken = (sqlite3_int64)(p-pToken);
113387
 
113387
     /* Copy the token into the buffer */
113387
     if( nToken>pCsr->nBuffer ){
113387
       sqlite3_free(pCsr->aBuffer);
113387
-      pCsr->aBuffer = sqlite3_malloc(nToken);
113387
+      pCsr->aBuffer = sqlite3_malloc64(nToken);
113387
     }
113387
     if( pCsr->aBuffer==0 ){
113387
       rc = SQLITE_NOMEM;
113387
diff --git a/ext/fts3/fts3_tokenize_vtab.c b/ext/fts3/fts3_tokenize_vtab.c
113387
index a3d24bc..5b4085b 100644
113387
--- a/ext/fts3/fts3_tokenize_vtab.c
113387
+++ b/ext/fts3/fts3_tokenize_vtab.c
113387
@@ -346,7 +346,7 @@ static int fts3tokFilterMethod(
113387
   if( idxNum==1 ){
113387
     const char *zByte = (const char *)sqlite3_value_text(apVal[0]);
113387
     int nByte = sqlite3_value_bytes(apVal[0]);
113387
-    pCsr->zInput = sqlite3_malloc(nByte+1);
113387
+    pCsr->zInput = sqlite3_malloc64(nByte+1);
113387
     if( pCsr->zInput==0 ){
113387
       rc = SQLITE_NOMEM;
113387
     }else{
113387
diff --git a/ext/fts3/fts3_tokenizer.c b/ext/fts3/fts3_tokenizer.c
113387
index bfc36af..fe2003e 100644
113387
--- a/ext/fts3/fts3_tokenizer.c
113387
+++ b/ext/fts3/fts3_tokenizer.c
113387
@@ -194,8 +194,8 @@ int sqlite3Fts3InitTokenizer(
113387
     int iArg = 0;
113387
     z = &z[n+1];
113387
     while( z
113387
-      int nNew = sizeof(char *)*(iArg+1);
113387
-      char const **aNew = (const char **)sqlite3_realloc((void *)aArg, nNew);
113387
+      sqlite3_int64 nNew = sizeof(char *)*(iArg+1);
113387
+      char const **aNew = (const char **)sqlite3_realloc64((void *)aArg, nNew);
113387
       if( !aNew ){
113387
         sqlite3_free(zCopy);
113387
         sqlite3_free((void *)aArg);
113387
diff --git a/ext/fts3/fts3_write.c b/ext/fts3/fts3_write.c
113387
index d57d265..5330b4c 100644
113387
--- a/ext/fts3/fts3_write.c
113387
+++ b/ext/fts3/fts3_write.c
113387
@@ -1744,8 +1744,9 @@ int sqlite3Fts3SegReaderPending(
113387
   }
113387
 
113387
   if( nElem>0 ){
113387
-    int nByte = sizeof(Fts3SegReader) + (nElem+1)*sizeof(Fts3HashElem *);
113387
-    pReader = (Fts3SegReader *)sqlite3_malloc(nByte);
113387
+    sqlite3_int64 nByte;
113387
+    nByte = sizeof(Fts3SegReader) + (nElem+1)*sizeof(Fts3HashElem *);
113387
+    pReader = (Fts3SegReader *)sqlite3_malloc64(nByte);
113387
     if( !pReader ){
113387
       rc = SQLITE_NOMEM;
113387
     }else{
113387
@@ -3357,7 +3358,7 @@ static void fts3InsertDocsize(
113387
   int rc;                  /* Result code from subfunctions */
113387
 
113387
   if( *pRC ) return;
113387
-  pBlob = sqlite3_malloc( 10*p->nColumn );
113387
+  pBlob = sqlite3_malloc64( 10*(sqlite3_int64)p->nColumn );
113387
   if( pBlob==0 ){
113387
     *pRC = SQLITE_NOMEM;
113387
     return;
113387
@@ -3407,7 +3408,7 @@ static void fts3UpdateDocTotals(
113387
   const int nStat = p->nColumn+2;
113387
 
113387
   if( *pRC ) return;
113387
-  a = sqlite3_malloc( (sizeof(u32)+10)*nStat );
113387
+  a = sqlite3_malloc64( (sizeof(u32)+10)*(sqlite3_int64)nStat );
113387
   if( a==0 ){
113387
     *pRC = SQLITE_NOMEM;
113387
     return;
113387
@@ -3528,8 +3529,8 @@ static int fts3DoRebuild(Fts3Table *p){
113387
     }
113387
 
113387
     if( rc==SQLITE_OK ){
113387
-      int nByte = sizeof(u32) * (p->nColumn+1)*3;
113387
-      aSz = (u32 *)sqlite3_malloc(nByte);
113387
+      sqlite3_int64 nByte = sizeof(u32) * ((sqlite3_int64)p->nColumn+1)*3;
113387
+      aSz = (u32 *)sqlite3_malloc64(nByte);
113387
       if( aSz==0 ){
113387
         rc = SQLITE_NOMEM;
113387
       }else{
113387
@@ -3595,12 +3596,12 @@ static int fts3IncrmergeCsr(
113387
 ){
113387
   int rc;                         /* Return Code */
113387
   sqlite3_stmt *pStmt = 0;        /* Statement used to read %_segdir entry */  
113387
-  int nByte;                      /* Bytes allocated at pCsr->apSegment[] */
113387
+  sqlite3_int64 nByte;            /* Bytes allocated at pCsr->apSegment[] */
113387
 
113387
   /* Allocate space for the Fts3MultiSegReader.aCsr[] array */
113387
   memset(pCsr, 0, sizeof(*pCsr));
113387
   nByte = sizeof(Fts3SegReader *) * nSeg;
113387
-  pCsr->apSegment = (Fts3SegReader **)sqlite3_malloc(nByte);
113387
+  pCsr->apSegment = (Fts3SegReader **)sqlite3_malloc64(nByte);
113387
 
113387
   if( pCsr->apSegment==0 ){
113387
     rc = SQLITE_NOMEM;
113387
@@ -5591,7 +5592,7 @@ int sqlite3Fts3UpdateMethod(
113387
   }
113387
 
113387
   /* Allocate space to hold the change in document sizes */
113387
-  aSzDel = sqlite3_malloc( sizeof(aSzDel[0])*(p->nColumn+1)*2 );
113387
+  aSzDel = sqlite3_malloc64(sizeof(aSzDel[0])*((sqlite3_int64)p->nColumn+1)*2);
113387
   if( aSzDel==0 ){
113387
     rc = SQLITE_NOMEM;
113387
     goto update_out;
113387
diff --git a/ext/fts5/fts5_tokenize.c b/ext/fts5/fts5_tokenize.c
113387
index af2bc22..029efc5 100644
113387
--- a/ext/fts5/fts5_tokenize.c
113387
+++ b/ext/fts5/fts5_tokenize.c
113387
@@ -363,7 +363,7 @@ static int fts5UnicodeCreate(
113387
 
113387
       p->bRemoveDiacritic = 1;
113387
       p->nFold = 64;
113387
-      p->aFold = sqlite3_malloc(p->nFold * sizeof(char));
113387
+      p->aFold = sqlite3_malloc64(p->nFold * sizeof(char));
113387
       if( p->aFold==0 ){
113387
         rc = SQLITE_NOMEM;
113387
       }
113387
diff --git a/ext/rtree/geopoly.c b/ext/rtree/geopoly.c
113387
index f6a31f5..7b97f9b 100644
113387
--- a/ext/rtree/geopoly.c
113387
+++ b/ext/rtree/geopoly.c
113387
@@ -261,7 +261,7 @@ static GeoPoly *geopolyParseJson(const unsigned char *z, int *pRc){
113387
       GeoPoly *pOut;
113387
       int x = 1;
113387
       s.nVertex--;  /* Remove the redundant vertex at the end */
113387
-      pOut = sqlite3_malloc64( GEOPOLY_SZ(s.nVertex) );
113387
+      pOut = sqlite3_malloc64( GEOPOLY_SZ((sqlite3_int64)s.nVertex) );
113387
       x = 1;
113387
       if( pOut==0 ) goto parse_json_err;
113387
       pOut->nVertex = s.nVertex;
113387
@@ -644,7 +644,7 @@ static GeoPoly *geopolyBBox(
113387
     if( pRc ) *pRc = SQLITE_OK;
113387
     if( aCoord==0 ){
113387
       geopolyBboxFill:
113387
-      pOut = sqlite3_realloc(p, GEOPOLY_SZ(4));
113387
+      pOut = sqlite3_realloc64(p, GEOPOLY_SZ(4));
113387
       if( pOut==0 ){
113387
         sqlite3_free(p);
113387
         if( context ) sqlite3_result_error_nomem(context);
113387
@@ -1040,9 +1040,9 @@ static GeoSegment *geopolySortSegmentsByYAndC(GeoSegment *pList){
113387
 ** Determine the overlap between two polygons
113387
 */
113387
 static int geopolyOverlap(GeoPoly *p1, GeoPoly *p2){
113387
-  int nVertex = p1->nVertex + p2->nVertex + 2;
113387
+  sqlite3_int64 nVertex = p1->nVertex + p2->nVertex + 2;
113387
   GeoOverlap *p;
113387
-  int nByte;
113387
+  sqlite3_int64 nByte;
113387
   GeoEvent *pThisEvent;
113387
   double rX;
113387
   int rc = 0;
113387
@@ -1054,7 +1054,7 @@ static int geopolyOverlap(GeoPoly *p1, GeoPoly *p2){
113387
   nByte = sizeof(GeoEvent)*nVertex*2 
113387
            + sizeof(GeoSegment)*nVertex 
113387
            + sizeof(GeoOverlap);
113387
-  p = sqlite3_malloc( nByte );
113387
+  p = sqlite3_malloc64( nByte );
113387
   if( p==0 ) return -1;
113387
   p->aEvent = (GeoEvent*)&p[1];
113387
   p->aSegment = (GeoSegment*)&p->aEvent[nVertex*2];
113387
@@ -1213,8 +1213,8 @@ static int geopolyInit(
113387
 ){
113387
   int rc = SQLITE_OK;
113387
   Rtree *pRtree;
113387
-  int nDb;              /* Length of string argv[1] */
113387
-  int nName;            /* Length of string argv[2] */
113387
+  sqlite3_int64 nDb;              /* Length of string argv[1] */
113387
+  sqlite3_int64 nName;            /* Length of string argv[2] */
113387
   sqlite3_str *pSql;
113387
   char *zSql;
113387
   int ii;
113387
@@ -1222,9 +1222,9 @@ static int geopolyInit(
113387
   sqlite3_vtab_config(db, SQLITE_VTAB_CONSTRAINT_SUPPORT, 1);
113387
 
113387
   /* Allocate the sqlite3_vtab structure */
113387
-  nDb = (int)strlen(argv[1]);
113387
-  nName = (int)strlen(argv[2]);
113387
-  pRtree = (Rtree *)sqlite3_malloc(sizeof(Rtree)+nDb+nName+2);
113387
+  nDb = strlen(argv[1]);
113387
+  nName = strlen(argv[2]);
113387
+  pRtree = (Rtree *)sqlite3_malloc64(sizeof(Rtree)+nDb+nName+2);
113387
   if( !pRtree ){
113387
     return SQLITE_NOMEM;
113387
   }
113387
diff --git a/src/build.c b/src/build.c
113387
index afe4171..1dc2614 100644
113387
--- a/src/build.c
113387
+++ b/src/build.c
113387
@@ -3760,9 +3760,9 @@ void *sqlite3ArrayAllocate(
113387
   int *pIdx         /* Write the index of a new slot here */
113387
 ){
113387
   char *z;
113387
-  int n = *pnEntry;
113387
+  sqlite3_int64 n = *pnEntry;
113387
   if( (n & (n-1))==0 ){
113387
-    int sz = (n==0) ? 1 : 2*n;
113387
+    sqlite3_int64 sz = (n==0) ? 1 : 2*n;
113387
     void *pNew = sqlite3DbRealloc(db, pArray, sz*szEntry);
113387
     if( pNew==0 ){
113387
       *pIdx = -1;
113387
@@ -3870,7 +3870,7 @@ SrcList *sqlite3SrcListEnlarge(
113387
   /* Allocate additional space if needed */
113387
   if( (u32)pSrc->nSrc+nExtra>pSrc->nAlloc ){
113387
     SrcList *pNew;
113387
-    int nAlloc = pSrc->nSrc*2+nExtra;
113387
+    sqlite3_int64 nAlloc = 2*(sqlite3_int64)pSrc->nSrc+nExtra;
113387
     int nGot;
113387
     pNew = sqlite3DbRealloc(db, pSrc,
113387
                sizeof(*pSrc) + (nAlloc-1)*sizeof(pSrc->a[0]) );
113387
@@ -4612,7 +4612,7 @@ With *sqlite3WithAdd(
113387
   }
113387
 
113387
   if( pWith ){
113387
-    int nByte = sizeof(*pWith) + (sizeof(pWith->a[1]) * pWith->nCte);
113387
+    sqlite3_int64 nByte = sizeof(*pWith) + (sizeof(pWith->a[1]) * pWith->nCte);
113387
     pNew = sqlite3DbRealloc(db, pWith, nByte);
113387
   }else{
113387
     pNew = sqlite3DbMallocZero(db, sizeof(*pWith));
113387
diff --git a/src/expr.c b/src/expr.c
113387
index 5f98f76..d64b8eb 100644
113387
--- a/src/expr.c
113387
+++ b/src/expr.c
113387
@@ -1547,7 +1547,7 @@ ExprList *sqlite3ExprListAppend(
113387
   }else if( (pList->nExpr & (pList->nExpr-1))==0 ){
113387
     ExprList *pNew;
113387
     pNew = sqlite3DbRealloc(db, pList, 
113387
-             sizeof(*pList)+(2*pList->nExpr - 1)*sizeof(pList->a[0]));
113387
+        sizeof(*pList)+(2*(sqlite3_int64)pList->nExpr-1)*sizeof(pList->a[0]));
113387
     if( pNew==0 ){
113387
       goto no_mem;
113387
     }
113387
diff --git a/src/main.c b/src/main.c
113387
index 46c8346..434b898 100644
113387
--- a/src/main.c
113387
+++ b/src/main.c
113387
@@ -698,7 +698,7 @@ static int setupLookaside(sqlite3 *db, void *pBuf, int sz, int cnt){
113387
     pStart = 0;
113387
   }else if( pBuf==0 ){
113387
     sqlite3BeginBenignMalloc();
113387
-    pStart = sqlite3Malloc( sz*cnt );  /* IMP: R-61949-35727 */
113387
+    pStart = sqlite3Malloc( sz*(sqlite3_int64)cnt );  /* IMP: R-61949-35727 */
113387
     sqlite3EndBenignMalloc();
113387
     if( pStart ) cnt = sqlite3MallocSize(pStart)/sz;
113387
   }else{
113387
diff --git a/src/test_fs.c b/src/test_fs.c
113387
index 8192beb..1feea46 100644
113387
--- a/src/test_fs.c
113387
+++ b/src/test_fs.c
113387
@@ -744,7 +744,7 @@ static int fsColumn(sqlite3_vtab_cursor *cur, sqlite3_context *ctx, int i){
113387
     fstat(fd, &sbuf);
113387
 
113387
     if( sbuf.st_size>=pCur->nAlloc ){
113387
-      int nNew = sbuf.st_size*2;
113387
+      sqlite3_int64 nNew = sbuf.st_size*2;
113387
       char *zNew;
113387
       if( nNew<1024 ) nNew = 1024;
113387
 
113387
diff --git a/src/util.c b/src/util.c
113387
index 96b0b14..7f2b977 100644
113387
--- a/src/util.c
113387
+++ b/src/util.c
113387
@@ -1572,7 +1572,7 @@ VList *sqlite3VListAdd(
113387
   assert( pIn==0 || pIn[0]>=3 );  /* Verify ok to add new elements */
113387
   if( pIn==0 || pIn[1]+nInt > pIn[0] ){
113387
     /* Enlarge the allocation */
113387
-    int nAlloc = (pIn ? pIn[0]*2 : 10) + nInt;
113387
+    sqlite3_int64 nAlloc = (pIn ? 2*(sqlite3_int64)pIn[0] : 10) + nInt;
113387
     VList *pOut = sqlite3DbRealloc(db, pIn, nAlloc*sizeof(int));
113387
     if( pOut==0 ) return pIn;
113387
     if( pIn==0 ) pOut[1] = 2;
113387
diff --git a/src/vdbeaux.c b/src/vdbeaux.c
113387
index b74141b..ffc5d0b 100644
113387
--- a/src/vdbeaux.c
113387
+++ b/src/vdbeaux.c
113387
@@ -125,9 +125,11 @@ static int growOpArray(Vdbe *v, int nOp){
113387
   ** operation (without SQLITE_TEST_REALLOC_STRESS) is to double the current
113387
   ** size of the op array or add 1KB of space, whichever is smaller. */
113387
 #ifdef SQLITE_TEST_REALLOC_STRESS
113387
-  int nNew = (p->nOpAlloc>=512 ? p->nOpAlloc*2 : p->nOpAlloc+nOp);
113387
+  sqlite3_int64 nNew = (p->nOpAlloc>=512 ? 2*(sqlite3_int64)p->nOpAlloc
113387
+                        : (sqlite3_int64)p->nOpAlloc+nOp);
113387
 #else
113387
-  int nNew = (p->nOpAlloc ? p->nOpAlloc*2 : (int)(1024/sizeof(Op)));
113387
+  sqlite3_int64 nNew = (p->nOpAlloc ? 2*(sqlite3_int64)p->nOpAlloc
113387
+                        : (sqlite3_int64)1024/sizeof(Op));
113387
   UNUSED_PARAMETER(nOp);
113387
 #endif
113387
 
113387
@@ -875,7 +877,7 @@ void sqlite3VdbeScanStatus(
113387
   LogEst nEst,                    /* Estimated number of output rows */
113387
   const char *zName               /* Name of table or index being scanned */
113387
 ){
113387
-  int nByte = (p->nScan+1) * sizeof(ScanStatus);
113387
+  sqlite3_int64 nByte = (p->nScan+1) * sizeof(ScanStatus);
113387
   ScanStatus *aNew;
113387
   aNew = (ScanStatus*)sqlite3DbRealloc(p->db, p->aScan, nByte);
113387
   if( aNew ){
113387
diff --git a/src/vdbesort.c b/src/vdbesort.c
113387
index b30bc4e..d84a411 100644
113387
--- a/src/vdbesort.c
113387
+++ b/src/vdbesort.c
113387
@@ -537,7 +537,7 @@ static int vdbePmaReadBlob(
113387
     /* Extend the p->aAlloc[] allocation if required. */
113387
     if( p->nAlloc
113387
       u8 *aNew;
113387
-      int nNew = MAX(128, p->nAlloc*2);
113387
+      sqlite3_int64 nNew = MAX(128, 2*(sqlite3_int64)p->nAlloc);
113387
       while( nByte>nNew ) nNew = nNew*2;
113387
       aNew = sqlite3Realloc(p->aAlloc, nNew);
113387
       if( !aNew ) return SQLITE_NOMEM_BKPT;
113387
@@ -1829,7 +1829,7 @@ int sqlite3VdbeSorterWrite(
113387
     if( nMin>pSorter->nMemory ){
113387
       u8 *aNew;
113387
       int iListOff = (u8*)pSorter->list.pList - pSorter->list.aMemory;
113387
-      int nNew = pSorter->nMemory * 2;
113387
+      sqlite3_int64 nNew = 2 * (sqlite3_int64)pSorter->nMemory;
113387
       while( nNew < nMin ) nNew = nNew*2;
113387
       if( nNew > pSorter->mxPmaSize ) nNew = pSorter->mxPmaSize;
113387
       if( nNew < nMin ) nNew = nMin;
113387
diff --git a/src/vtab.c b/src/vtab.c
113387
index 1b8d283..41c6093 100644
113387
--- a/src/vtab.c
113387
+++ b/src/vtab.c
113387
@@ -302,9 +302,13 @@ void sqlite3VtabClear(sqlite3 *db, Table *p){
113387
 ** string will be freed automatically when the table is
113387
 ** deleted.
113387
 */
113387
-static void addModuleArgument(sqlite3 *db, Table *pTable, char *zArg){
113387
-  int nBytes = sizeof(char *)*(2+pTable->nModuleArg);
113387
+static void addModuleArgument(Parse *pParse, Table *pTable, char *zArg){
113387
+  sqlite3_int64 nBytes = sizeof(char *)*(2+pTable->nModuleArg);
113387
   char **azModuleArg;
113387
+  sqlite3 *db = pParse->db;
113387
+  if( pTable->nModuleArg+3>=db->aLimit[SQLITE_LIMIT_COLUMN] ){
113387
+    sqlite3ErrorMsg(pParse, "too many columns on %s", pTable->zName);
113387
+  }
113387
   azModuleArg = sqlite3DbRealloc(db, pTable->azModuleArg, nBytes);
113387
   if( azModuleArg==0 ){
113387
     sqlite3DbFree(db, zArg);
113387
@@ -339,9 +343,9 @@ void sqlite3VtabBeginParse(
113387
   db = pParse->db;
113387
 
113387
   assert( pTable->nModuleArg==0 );
113387
-  addModuleArgument(db, pTable, sqlite3NameFromToken(db, pModuleName));
113387
-  addModuleArgument(db, pTable, 0);
113387
-  addModuleArgument(db, pTable, sqlite3DbStrDup(db, pTable->zName));
113387
+  addModuleArgument(pParse, pTable, sqlite3NameFromToken(db, pModuleName));
113387
+  addModuleArgument(pParse, pTable, 0);
113387
+  addModuleArgument(pParse, pTable, sqlite3DbStrDup(db, pTable->zName));
113387
   assert( (pParse->sNameToken.z==pName2->z && pName2->z!=0)
113387
        || (pParse->sNameToken.z==pName1->z && pName2->z==0)
113387
   );
113387
@@ -374,7 +378,7 @@ static void addArgumentToVtab(Parse *pParse){
113387
     const char *z = (const char*)pParse->sArg.z;
113387
     int n = pParse->sArg.n;
113387
     sqlite3 *db = pParse->db;
113387
-    addModuleArgument(db, pParse->pNewTable, sqlite3DbStrNDup(db, z, n));
113387
+    addModuleArgument(pParse, pParse->pNewTable, sqlite3DbStrNDup(db, z, n));
113387
   }
113387
 }
113387
 
113387
@@ -663,7 +667,8 @@ static int growVTrans(sqlite3 *db){
113387
   /* Grow the sqlite3.aVTrans array if required */
113387
   if( (db->nVTrans%ARRAY_INCR)==0 ){
113387
     VTable **aVTrans;
113387
-    int nBytes = sizeof(sqlite3_vtab *) * (db->nVTrans + ARRAY_INCR);
113387
+    sqlite3_int64 nBytes = sizeof(sqlite3_vtab*)*
113387
+                                 ((sqlite3_int64)db->nVTrans + ARRAY_INCR);
113387
     aVTrans = sqlite3DbRealloc(db, (void *)db->aVTrans, nBytes);
113387
     if( !aVTrans ){
113387
       return SQLITE_NOMEM_BKPT;
113387
@@ -1157,9 +1162,9 @@ int sqlite3VtabEponymousTableInit(Parse *pParse, Module *pMod){
113387
   pTab->pSchema = db->aDb[0].pSchema;
113387
   assert( pTab->nModuleArg==0 );
113387
   pTab->iPKey = -1;
113387
-  addModuleArgument(db, pTab, sqlite3DbStrDup(db, pTab->zName));
113387
-  addModuleArgument(db, pTab, 0);
113387
-  addModuleArgument(db, pTab, sqlite3DbStrDup(db, pTab->zName));
113387
+  addModuleArgument(pParse, pTab, sqlite3DbStrDup(db, pTab->zName));
113387
+  addModuleArgument(pParse, pTab, 0);
113387
+  addModuleArgument(pParse, pTab, sqlite3DbStrDup(db, pTab->zName));
113387
   rc = vtabCallConstructor(db, pTab, pMod, pModule->xConnect, &zErr);
113387
   if( rc ){
113387
     sqlite3ErrorMsg(pParse, "%s", zErr);
113387
-- 
113387
2.30.2
113387