From: dan <dan@noemail.net>
Date: Mon, 2 Jul 2018 15:03:50 +0000 (+0000)
Subject: Fix a crash caused by a LIKE pattern that consists of a single escape
X-Git-Tag: version-3.25.0~174
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6b4b88208e41e7628005bd73718419e0a10296d4;p=thirdparty%2Fsqlite.git

Fix a crash caused by a LIKE pattern that consists of a single escape
character.

FossilOrigin-Name: bb9bfc3a12dfb89b1c58f5551cdc89ab7b0fbe03f285f2ed86611786ed02ffd9
---

diff --git a/manifest b/manifest
index 653d0aa79c..50d0feff5d 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Fix\sa\ssegfault\scaused\sby\sinvoking\sa\sregular\saggregate\sas\sa\swindow-function.\nAnd\ssome\sproblems\swith\scount(*)\swhen\sused\sas\sa\swindow-function.
-D 2018-07-02T12:07:32.352
+C Fix\sa\scrash\scaused\sby\sa\sLIKE\spattern\sthat\sconsists\sof\sa\ssingle\sescape\ncharacter.
+D 2018-07-02T15:03:50.160
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F Makefile.in 0a3a6c81e6fcb969ff9106e882f0a08547014ba463cb6beca4c4efaecc924ee6
@@ -450,7 +450,7 @@ F src/delete.c 4c8c7604277a2041647f96b78f4b9a47858e9217e4fb333d35e7b5ab32c5b57f
 F src/expr.c 7e257eeffe9553c10a6ac0a1f0177bf740c4da834e7d6e2cbb7d3ebaa3d7f3e1
 F src/fault.c 460f3e55994363812d9d60844b2a6de88826e007
 F src/fkey.c b1da9ef8dc834603bb0d28972378a7ce65897847f9a1e89ab800bbdf24c788ee
-F src/func.c 4d573e690757f29674db05d7b29c1a27886157fd2b71fcb94c68141c0eb52cfb
+F src/func.c 8a002cd2eb217dcac2e2f3b1f1fc49315081f7c71dff3f0bbbb4c157b5d24b50
 F src/global.c 9bf034fd560bdd514715170ed8460bb7f823cec113f0569ef3f18a20c7ccd128
 F src/hash.c a12580e143f10301ed5166ea4964ae2853d3905a511d4e0c44497245c7ce1f7a
 F src/hash.h ab34c5c54a9e9de2e790b24349ba5aab3dbb4fd4
@@ -583,7 +583,7 @@ F src/walker.c ba7225773931760cf60bf22f34d0cce2588df7ce5ce0f215a52eb88234b55ac4
 F src/where.c 0bcbf9e191ca07f9ea2008aa80e70ded46bcdffd26560c83397da501f00aece6
 F src/whereInt.h b90ef9b9707ef750eab2a7a080c48fb4900315033274689def32d0cf5a81ebe4
 F src/wherecode.c 3317f2b083a66d3e65a03edf316ade4ccb0a99c9956273282ebb579b95d4ba96
-F src/whereexpr.c 19cf35cdd9bf6d5589d8a5c960d99259761136187a2319a6e14d11cf1abe14c2
+F src/whereexpr.c 571618c67a3eb5ce0f1158c2792c1aee9b4a4a264392fc4fb1b35467f80abf9a
 F src/window.c 7df0313f9b21c904e51226b24c0203aa26be502202f469143bacc5e74ebc0d38
 F test/8_3_names.test ebbb5cd36741350040fd28b432ceadf495be25b2
 F test/affinity2.test a6d901b436328bd67a79b41bb0ac2663918fe3bd
@@ -1626,7 +1626,7 @@ F test/window3.test 87fb18021903fc4d1659b8b2092aea55d611a9606cfa7272686234e5197c
 F test/window4.tcl 7cec7e578aa9f78b7265bff8d552cda17a1d8d89f0449d0e74970a527b8846f5
 F test/window4.test dcd8767869988e0d23d56bc3f8b46ec116de23127b81b5f66fd48d5529072ed1
 F test/window5.test 8187f46597c90b73e8f96659e893353cbda337479cc582f7a488eab351ba08d3
-F test/window6.test 28e9126e1c35b99dec7b0609f1a242cecca5d0291382bcb5f61f498973c2b047
+F test/window6.test 6e817df58449ec92db67a76d4840ad5f4a6662af0d2e22328288523e2ba537e4
 F test/windowfault.test 97d5fc404308edb579a5a183e294ed874c844ecf01f0a28ba46df3141ebaee1f
 F test/with1.test 58475190cd8caaeebea8cfeb2a264ec97a0c492b8ffe9ad20cefbb23df462f96
 F test/with2.test e0030e2f0267a910d6c0e4f46f2dfe941c1cc0d4f659ba69b3597728e7e8f1ab
@@ -1744,7 +1744,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 3f6730be4cb712a28401be6d96e56ccb3f2e98dd8961b477befec3f363715178
-R 119ac682f2311f0cb1cd57d00a75572a
+P 4f3c8a82fd1c5b14d84f2301e34cfc8d52fe4b3a60840c39e895c11f2da529d9
+R 947603f57703a72e98c481cdb1471c29
 U dan
-Z be71ee8fe3da4ce8850e5091c36fabce
+Z b6e0a0e0cc4dd2ca9103d3009ba7802b
diff --git a/manifest.uuid b/manifest.uuid
index 1a4a3f8d8a..72abf34945 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-4f3c8a82fd1c5b14d84f2301e34cfc8d52fe4b3a60840c39e895c11f2da529d9
\ No newline at end of file
+bb9bfc3a12dfb89b1c58f5551cdc89ab7b0fbe03f285f2ed86611786ed02ffd9
\ No newline at end of file
diff --git a/src/func.c b/src/func.c
index ff7c3049fa..ae2b767195 100644
--- a/src/func.c
+++ b/src/func.c
@@ -1612,7 +1612,9 @@ static void countInverse(sqlite3_context *ctx, int argc, sqlite3_value **argv){
 #endif
   }
 }   
-#endif
+#else
+# define countInverse 0
+#endif /* SQLITE_OMIT_WINDOWFUNC */
 
 /*
 ** Routines to implement min() and max() aggregate functions.
diff --git a/src/whereexpr.c b/src/whereexpr.c
index c027481025..6f6e660ad2 100644
--- a/src/whereexpr.c
+++ b/src/whereexpr.c
@@ -256,11 +256,13 @@ static int isLikeOrGlob(
 
     /* The optimization is possible only if (1) the pattern does not begin
     ** with a wildcard and if (2) the non-wildcard prefix does not end with
-    ** an (illegal 0xff) character.  The second condition is necessary so
+    ** an (illegal 0xff) character, or (3) the pattern does not consist of
+    ** a single escape character. The second condition is necessary so
     ** that we can increment the prefix key to find an upper bound for the
-    ** range search. 
-    */
-    if( cnt!=0 && 255!=(u8)z[cnt-1] ){
+    ** range search. The third is because the caller assumes that the pattern
+    ** consists of at least one character after all escapes have been
+    ** removed.  */
+    if( cnt!=0 && 255!=(u8)z[cnt-1] && (cnt>1 || z[0]!=wc[3]) ){
       Expr *pPrefix;
 
       /* A "complete" match if the pattern ends with "*" or "%" */
diff --git a/test/window6.test b/test/window6.test
index cc3a08067c..040a570135 100644
--- a/test/window6.test
+++ b/test/window6.test
@@ -146,12 +146,30 @@ do_execsql_test 5.5 {
 
 #-------------------------------------------------------------------------
 #
+
 do_execsql_test 6.0 {
+  SELECT LIKE('!', '', '!') x WHERE x;
+} {}
+
+do_execsql_test 6.1 {
   SELECT LIKE("!","","!")""WHeRE"";
-} {1}
-do_catchsql_test 6.1 {
+} {}
+
+do_catchsql_test 6.2 {
   SELECT LIKE("!","","!")""window"";
 } {1 {near "window": syntax error}}
 
+reset_db 
+do_execsql_test 7.0 {
+  CREATE TABLE t1(x TEXT);
+  CREATE INDEX i1 ON t1(x COLLATE nocase);
+  INSERT INTO t1 VALUES('');
+}
+
+do_execsql_test 7.1 {
+  SELECT count(*) FROM t1 WHERE x LIKE '!' ESCAPE '!';
+} {0}
+
+
 finish_test