Fix a potential NULL pointer dereference following OOM.

FossilOrigin-Name: 8ce3cb90965771530c0021173d98720fc4c76bb99e69f7a879f80471dea0aace

diff --git a/manifest b/manifest
index 0e289c8966b3d1b6269485e0f940a404ff45030e..235abe46345e15447fc47c380c318b50a4d32378 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Add\sa\snew\soptimizer\sdisabling\sbit\sto\sclose\soff\sthe\sexists-to-in\soptimization,\nfor\stesting\spurposes.
-D 2021-01-15T15:17:14.152
+C Fix\sa\spotential\sNULL\spointer\sdereference\sfollowing\sOOM.
+D 2021-01-15T15:21:27.437
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -630,7 +630,7 @@ F src/walker.c d9c4e454ebb9499e908aa62d55b8994c375cf5355ac78f60d45af17f7890701c
 F src/where.c 0e6abb22a2323fec80b450825593c26a2ad8f4815d1ee3af9969d8f6144bf681
 F src/whereInt.h 9a3f577619f07700d16d89eeb2f3d94d6b7ed7f109c2dacf0ce8844921549506
 F src/wherecode.c a3a1aff30fe99a818d8e7c607980f033f40c68d890e03ed25838b9dbb7908bee
-F src/whereexpr.c 2d42217961cf8da8280779df88bcfb7cb3ee719369cafb44ac2b376fdecf9db7
+F src/whereexpr.c 8ea4f6cd1332fdfbfbe832dc8a9f5194990684870931e7a07c2cafbc544588e7
 F src/window.c edd6f5e25a1e8f2b6f5305b7f5f7da7bb35f07f0d432b255b1d4c2fcab4205aa
 F test/8_3_names.test ebbb5cd36741350040fd28b432ceadf495be25b2
 F test/affinity2.test ce1aafc86e110685b324e9a763eab4f2a73f737842ec3b687bd965867de90627
@@ -1896,7 +1896,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P dcb7772d7695ddbc0fe89e06c07ff4a6ae4fa05de914e2ec10b5cc07a62ed49f
-R 6fb63e2f60db07c2af9d4dfa7cc52f88
+P a80c9a076d31729282004ca372913c9fdbfb6e74711fbb8c5dc12ee0ecba2b87
+R 31b39e7a643244cb65bba0cd39985e5a
 U drh
-Z 5ba57a27c0ec24c2bc90f07584644072
+Z 96ac907b935dc11fb79e0a38f40aef27

diff --git a/manifest.uuid b/manifest.uuid
index 1f56d238fa8541c41937f8a525d6bd3cfe00434d..b72b9116a2117c779fbaa0cfcef1aa5bdf00ba41 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-a80c9a076d31729282004ca372913c9fdbfb6e74711fbb8c5dc12ee0ecba2b87
\ No newline at end of file
+8ce3cb90965771530c0021173d98720fc4c76bb99e69f7a879f80471dea0aace
\ No newline at end of file

diff --git a/src/whereexpr.c b/src/whereexpr.c
index 4de5af1730792c97fd126e5cc8eaf574d98e87f9..0359babc500319425ac37d6f740e214666e1b174 100644 (file)
--- a/src/whereexpr.c
+++ b/src/whereexpr.c
@@ -1153,6 +1153,7 @@ static void exprAnalyzeExists(
   Expr *pInLhs = 0;
   Expr **ppAnd = 0;
   int idxNew;
+  sqlite3 *db = pParse->db;
 
   assert( pExpr->op==TK_EXISTS );
   assert( (pExpr->flags & EP_VarSelect) && (pExpr->flags & EP_xIsSelect) );
@@ -1162,10 +1163,13 @@ static void exprAnalyzeExists(
   if( pSel->pWhere==0 ) return;
   if( 0==exprAnalyzeExistsFindEq(pSel, 0, 0) ) return;
 
-  pDup = sqlite3ExprDup(pParse->db, pExpr, 0);
-  if( pDup==0 ) return;
+  pDup = sqlite3ExprDup(db, pExpr, 0);
+  if( db->mallocFailed ){
+    sqlite3ExprDelete(db, pDup);
+    return;
+  }
   pSel = pDup->x.pSelect;
-  sqlite3ExprListDelete(pParse->db, pSel->pEList);
+  sqlite3ExprListDelete(db, pSel->pEList);
   pSel->pEList = 0;
 
   pInLhs = exprAnalyzeExistsFindEq(pSel, &pEq, &ppAnd);
@@ -1184,13 +1188,13 @@ static void exprAnalyzeExists(
     Expr *pAnd = *ppAnd;
     Expr *pOther = (pAnd->pLeft==pEq) ? pAnd->pRight : pAnd->pLeft;
     pAnd->pLeft = pAnd->pRight = 0;
-    sqlite3ExprDelete(pParse->db, pAnd);
+    sqlite3ExprDelete(db, pAnd);
     *ppAnd = pOther;
   }else{
     assert( pSel->pWhere==pEq );
     pSel->pWhere = 0;
   }
-  sqlite3ExprDelete(pParse->db, pEq);
+  sqlite3ExprDelete(db, pEq);
 
   idxNew = whereClauseInsert(pWC, pDup, TERM_VIRTUAL|TERM_DYNAMIC);
   if( idxNew ){