From: dan Date: Wed, 7 Jul 2021 15:52:44 +0000 (+0000) Subject: Fix a recently introduced segfault that might occur if a sub-select were used as... X-Git-Tag: version-3.37.0~353 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2931a66ecebd60277efe019b920e0e1e96721aee;p=thirdparty%2Fsqlite.git Fix a recently introduced segfault that might occur if a sub-select were used as a term on the RHS of an IN(...) operator for which the LHS is a row-value. FossilOrigin-Name: f586c06a5d03943db32add4d3d058a5aa09c819870b29cd8b54cf69433a8cdb1 --- diff --git a/manifest b/manifest index 458352c186..56a2a6bdc4 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Improve\sthe\serror\smessage\sin\scases\swhere\sthere\sis\sa\srow-value\son\sthe\sLHS\sof\san\sIN()\soperator,\sthe\sRHS\sis\sa\slist\s(not\sa\ssub-select)\sand\sat\sleast\sone\selement\sof\sthe\slist\sis\snot\sa\srow-value\swith\sthe\scorrect\snumber\sof\selements. -D 2021-07-07T13:53:55.754 +C Fix\sa\srecently\sintroduced\ssegfault\sthat\smight\soccur\sif\sa\ssub-select\swere\sused\sas\sa\sterm\son\sthe\sRHS\sof\san\sIN(...)\soperator\sfor\swhich\sthe\sLHS\sis\sa\srow-value. +D 2021-07-07T15:52:44.574 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 @@ -496,7 +496,7 @@ F src/date.c e0632f335952b32401482d099321bbf12716b29d6e72836b53ae49683ebae4bf F src/dbpage.c 8a01e865bf8bc6d7b1844b4314443a6436c07c3efe1d488ed89e81719047833a F src/dbstat.c 3aa79fc3aed7ce906e4ea6c10e85d657299e304f6049861fe300053ac57de36c F src/delete.c 62451bba9fe641159e9c0b7d9d2bab1c48d0cff11e16de2d14000603d2af1fcf -F src/expr.c 69ec84d79404ce9ae0712516cdf8ce724366c4b71bd22021ef28e952d9a3c44c +F src/expr.c 62b6d0ac8ee30a4749b78b7b75ae951a911a5d49321af5fe41c05af4df9e7537 F src/fault.c 460f3e55994363812d9d60844b2a6de88826e007 F src/fkey.c e9063648396c58778f77583a678342fe4a9bc82436bf23c5f9f444f2df0fdaa4 F src/func.c c96ac6f7c4f2d684217c4673a80446e1b50e25b5ea79366f333f484622d010a0 @@ -1920,7 +1920,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 9dbdc9001e3258e71ca995fbcdebf66ab95890ded87fa7125c6cb4bd43010aaf -R 3de711d2b347ff8ce75f48cf9bf28e2e +P 6b22f4e71dbc14c887ebbda67095b5faaa8079cac87cd4ab5a2ae90c71cd9633 +R 2f5c851e73952219f058fe70670ea883 U dan -Z b6fba9efd0310badf0c0e8e9ddd045f1 +Z c96972b6a62814c17f8f6aa2467bed52 diff --git a/manifest.uuid b/manifest.uuid index 41dd42e166..9ad70da7c8 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -6b22f4e71dbc14c887ebbda67095b5faaa8079cac87cd4ab5a2ae90c71cd9633 \ No newline at end of file +f586c06a5d03943db32add4d3d058a5aa09c819870b29cd8b54cf69433a8cdb1 \ No newline at end of file diff --git a/src/expr.c b/src/expr.c index 44abb58e51..4ad1902d25 100644 --- a/src/expr.c +++ b/src/expr.c @@ -967,10 +967,11 @@ void sqlite3PExprAddSelect(Parse *pParse, Expr *pExpr, Select *pSelect){ Select *sqlite3ExprListToValues(Parse *pParse, int nElem, ExprList *pEList){ int ii; Select *pRet = 0; + assert( nElem>1 ); for(ii=0; iinExpr; ii++){ Select *pSel; Expr *pExpr = pEList->a[ii].pExpr; - int nExprElem = sqlite3ExprVectorSize(pExpr); + int nExprElem = (pExpr->op==TK_VECTOR ? pExpr->x.pList->nExpr : 1); if( nExprElem!=nElem ){ sqlite3ErrorMsg(pParse, "IN(...) element has %d term%s - expected %d", nExprElem, nExprElem>1?"s":"", nElem