Fix a possible null pointer deref following OOM. Discovered by dbsqlfuzz.

FossilOrigin-Name: cc888878ea8d5bc754c69de523819d32d6d9853857e31d7287f9dbfd723428db

diff --git a/manifest b/manifest
index f7d92c6d0dc2a46bd59b3be8a26188ba5836dfda..68df1f1b757e657373d4a4a53a4514d828a9ad2f 100644 (file)
--- a/manifest
+++ b/manifest
@@ -1,6 +1,6 @@
 B 7a876209a678a34c198b54ceef9e3c041f128a14dc73357f6a57cadadaa6cf7b
-C Update\sthe\sshowlocks\sutility\sprogram\sso\sthat\sit\sfunctions\son\sfiles\swith\na\shuge\snumber\sof\slocks\swithout\soverflowing\sthe\sstack.
-D 2020-06-25T23:21:09.249
+C Fix\sa\spossible\snull\spointer\sderef\sfollowing\sOOM.\s\sDiscovered\sby\sdbsqlfuzz.
+D 2020-06-26T04:34:28.728
 F Makefile.in 19374a5db06c3199ec1bab71ab74a103d8abf21053c05e9389255dc58083f806
 F Makefile.msc 48f5a3fc32672c09ad73795749f6253e406a31526935fbbffd8f021108d54574
 F autoconf/Makefile.am a8d1d24affe52ebf8d7ddcf91aa973fa0316618ab95bb68c87cabf8faf527dc8
@@ -9,15 +9,17 @@ F ext/misc/decimal.c c1897f624893d1c12e3c879d97ca7d1c4a36cae10d32afe632779de78c4
 F ext/misc/ieee754.c 7303cc27dfaf08dbe187bd63185dae7310e73f63f2e0aaa1d3bd8cee65173281
 F main.mk b1cd0bc6aedad7ebb667b7f74f835f932f60ee33be2a5c3051fd93eb465f5c75
 F src/build.c ba1bbe563a3dc02d5fed20537603181e5289c13ea30ae5e775f552e7557adbfa
+F src/expr.c a3ab84399b3415f66d2d0c25f5bcd98ef465c0c07ea1f19bf2a418b1c8fcad74
 F src/shell.c.in d663152487d4bfddea0f6d21ebc2ed51575d22657a02c6828afd344bbd4651af
 F src/test1.c fe56c4bcaa2685ca9aa25d817a0ee9345e189aff4a5a71a3d8ba946c7776feb8
 F test/decimal.test 12739a01bdba4c4d79f95b323e6b67b9fad1ab6ffb56116bd2b9c81a5b19e1d9
+F test/fuzzdata8.db 0ae860b36b79fd41cafddc9e6602358b2d5c331cf200283221e659f86e196c0c
 F test/speedtest1.c ea201573f9b27542ea1e74a68e74f121e0eb04c89e67039f40ed68f1b833339f
 F tool/mkautoconfamal.sh f62353eb6c06ab264da027fd4507d09914433dbdcab9cb011cdc18016f1ab3b8
 F tool/mksqlite3c.tcl f4ef476510eca4124c874a72029f1e01bc54a896b1724e8f9eef0d8bfae0e84c
 F tool/mksqlite3h.tcl 1f5e4a1dbbbc43c83cc6e74fe32c6c620502240b66c7c0f33a51378e78fc4edf
 F tool/showlocks.c 9cc5e66d4ebbf2d194f39db2527ece92077e86ae627ddd233ee48e16e8142564
-P db2f0836b64cd2e119684f1cf75fa3b19a84ca6aca1a239f7e2b9298016e2c95
-R 0276be5c8a111d3ffc976288f1457408
+P adb7484f93329c7a94cd84e30bc4a8dbf2d6e901eba17cc3454afb8ba346cbf4
+R 75144d9ad27fa13b3371c63198b17db4
 U drh
-Z 08b6b193e7afff7dc4e3f0aacc9e50d2
+Z 11caf1c9a5c1ea5e3c3cf8efb37ecca6

diff --git a/manifest.uuid b/manifest.uuid
index c071b7db7727c3b4bd9ec7b58847e9f095dbe265..75d305c546877d0ab885464aeca9798249ebc67c 100644 (file)
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-adb7484f93329c7a94cd84e30bc4a8dbf2d6e901eba17cc3454afb8ba346cbf4
\ No newline at end of file
+cc888878ea8d5bc754c69de523819d32d6d9853857e31d7287f9dbfd723428db
\ No newline at end of file

diff --git a/src/expr.c b/src/expr.c
index 201d53ac3046c7f5a17f2df532ff2af67a25989d..9b63a569bc169d59af5d58efe8c595e4e3d2e9e0 100644 (file)
--- a/src/expr.c
+++ b/src/expr.c
@@ -4270,7 +4270,9 @@ expr_code_doover:
       int nCol;
       testcase( op==TK_EXISTS );
       testcase( op==TK_SELECT );
-      if( op==TK_SELECT && (nCol = pExpr->x.pSelect->pEList->nExpr)!=1 ){
+      if( pParse->db->mallocFailed ){
+        return 0;
+      }else if( op==TK_SELECT && (nCol = pExpr->x.pSelect->pEList->nExpr)!=1 ){
         sqlite3SubselectError(pParse, nCol, 1);
       }else{
         return sqlite3CodeSubselect(pParse, pExpr);

diff --git a/test/fuzzdata8.db b/test/fuzzdata8.db
index b14e3d1e42672ef0597d159beb176cc76e4d5eb5..77e2b9fa15a0bef2a790961f44f27ae4e126cf86 100644 (file)
Binary files a/test/fuzzdata8.db and b/test/fuzzdata8.db differ