From: drh <>
Date: Mon, 25 Jul 2022 14:05:11 +0000 (+0000)
Subject: TK_IF_NULL_ROW expressions must be accumulated in the same way as TK_COLUMN
X-Git-Tag: version-3.40.0~278^2~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6b6d6c6bd2ca6b1dc19f61216ffe88e5cf734581;p=thirdparty%2Fsqlite.git

TK_IF_NULL_ROW expressions must be accumulated in the same way as TK_COLUMN
expressions in an aggregate query.  Proposed fix for the problem identifyed by
dbsqlfuzz 8e17857db2c5a9294c975123ac807156a6559f13.

FossilOrigin-Name: 40d08807209638aad728be2cedbc904e342e76c8e486c364bd571b55dd2e1e87
---

diff --git a/manifest b/manifest
index c38bca3b5e..d040b26a47 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Reduce\sa\stimeout\sin\swalsetlk.test\sfrom\s2000ms\sto\s1100ms\sso\sthat\sthe\stest\sruns\sa\sbit\sfaster.
-D 2022-07-25T11:04:13.326
+C TK_IF_NULL_ROW\sexpressions\smust\sbe\saccumulated\sin\sthe\ssame\sway\sas\sTK_COLUMN\nexpressions\sin\san\saggregate\squery.\s\sProposed\sfix\sfor\sthe\sproblem\sidentifyed\sby\ndbsqlfuzz\s8e17857db2c5a9294c975123ac807156a6559f13.
+D 2022-07-25T14:05:11.599
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -521,7 +521,7 @@ F src/date.c 272162554168e7af4976213850e1c4c5f33b964d299ceb0983f3d5cceba01d05
 F src/dbpage.c 5808e91bc27fa3981b028000f8fadfdc10ce9e59a34ce7dc4e035a69be3906ec
 F src/dbstat.c 861e08690fcb0f2ee1165eff0060ea8d4f3e2ea10f80dab7d32ad70443a6ff2d
 F src/delete.c a8e844af211a48b13b5b358be77a12c860c6a557c21990ad51a548e2536500ce
-F src/expr.c 78a1b6c13306efaf563e9340732a2d651f792c488b7795a25f1f6a853e07ef25
+F src/expr.c 72f312252a5791988242dc812df89778f53939e3f60f4e0b432e90f4a3081c1d
 F src/fault.c 460f3e55994363812d9d60844b2a6de88826e007
 F src/fkey.c d965ede15d8360c09ed59348940649ee647b192e784466837d7aefa836d1d91e
 F src/func.c 8f72e88cccdee22185133c10f96ccd61dc34c5ea4b1fa9a73c237ef59b2e64f1
@@ -1391,7 +1391,7 @@ F test/securedel.test 2f70b2449186a1921bd01ec9da407fbfa98c3a7a5521854c300c194b2f
 F test/securedel2.test 2d54c28e46eb1fd6902089958b20b1b056c6f1c5
 F test/select1.test 692e84cfa29c405854c69e8a4027183d64c22952866a123fabbce741a379e889
 F test/select2.test 352480e0e9c66eda9c3044e412abdf5be0215b56
-F test/select3.test ce4f78bbc809b0513f960f1ee84cdbc5af50ba112c343d5266558a8b2468f656
+F test/select3.test 054b155a4b9394c6858640029cb93e87defbaecc1c87ebb21157c3d35dfc4d88
 F test/select4.test f0684d3da3bccacbe2a1ebadf6fb49d9df6f53acb4c6ebc228a88d0d6054cc7b
 F test/select5.test 8afc5e5dcdebc2be54472e73ebd9cd1adef1225fd15d37a1c62f969159f390ae
 F test/select6.test 9b2fb4ffedf52e1b5703cfcae1212e7a4a063f014c0458d78d29aca3db766d1f
@@ -1981,8 +1981,11 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P a995614b9aedf4492e6d7b777293770f268837f8246e1678ef0523738c8a8339
-R e7b8638d6eb2bb65a2c18035ce7a719d
-U dan
-Z 34c5d50caba419fff3085e94b713365e
+P 836fa097060dadeb2dc5d4ee2e40621c4af606b1ef7241e2264823e23e4ceb1f
+R ef7a712abb1795061ef7b33ca931bdb8
+T *branch * flatten-left-join
+T *sym-flatten-left-join *
+T -sym-trunk *
+U drh
+Z 4c1e333b8e885220474e580d77e5a634
 # Remove this line to create a well-formed Fossil manifest.
diff --git a/manifest.uuid b/manifest.uuid
index 69076e5991..383392c434 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-836fa097060dadeb2dc5d4ee2e40621c4af606b1ef7241e2264823e23e4ceb1f
\ No newline at end of file
+40d08807209638aad728be2cedbc904e342e76c8e486c364bd571b55dd2e1e87
\ No newline at end of file
diff --git a/src/expr.c b/src/expr.c
index 8edab3298a..876b453f16 100644
--- a/src/expr.c
+++ b/src/expr.c
@@ -4670,6 +4670,13 @@ expr_code_doover:
     case TK_IF_NULL_ROW: {
       int addrINR;
       u8 okConstFactor = pParse->okConstFactor;
+      if( pExpr->pAggInfo && !pExpr->pAggInfo->directMode ){
+        struct AggInfo_col *pCol;
+        assert( pExpr->iAgg>=0 && pExpr->iAgg<pExpr->pAggInfo->nColumn );
+        pCol = &pExpr->pAggInfo->aCol[pExpr->iAgg];
+        inReg = pCol->iMem;
+        break;
+      }
       addrINR = sqlite3VdbeAddOp1(v, OP_IfNullRow, pExpr->iTable);
       /* Temporarily disable factoring of constant expressions, since
       ** even though expressions may appear to be constant, they are not
@@ -6175,6 +6182,7 @@ static int analyzeAggregate(Walker *pWalker, Expr *pExpr){
 
   assert( pNC->ncFlags & NC_UAggInfo );
   switch( pExpr->op ){
+    case TK_IF_NULL_ROW:
     case TK_AGG_COLUMN:
     case TK_COLUMN: {
       testcase( pExpr->op==TK_AGG_COLUMN );
@@ -6237,7 +6245,7 @@ static int analyzeAggregate(Walker *pWalker, Expr *pExpr){
             */
             ExprSetVVAProperty(pExpr, EP_NoReduce);
             pExpr->pAggInfo = pAggInfo;
-            pExpr->op = TK_AGG_COLUMN;
+            if( pExpr->op==TK_COLUMN ) pExpr->op = TK_AGG_COLUMN;
             pExpr->iAgg = (i16)k;
             break;
           } /* endif pExpr->iTable==pItem->iCursor */
diff --git a/test/select3.test b/test/select3.test
index 809b549028..ec0ee8d2bb 100644
--- a/test/select3.test
+++ b/test/select3.test
@@ -330,4 +330,49 @@ do_execsql_test select3.10.100 {
   FROM t1;
 } {{} {}}
 
+#-------------------------------------------------------------------------
+# dbsqlfuzz crash-8e17857db2c5a9294c975123ac807156a6559f13.txt
+# Associated with the flatten-left-join branch circa 2022-06-23.
+#
+foreach {tn sql} {
+  1 {
+    CREATE TABLE t1(a TEXT);
+    CREATE TABLE t2(x INT);
+    CREATE INDEX t2x ON t2(x);
+    INSERT INTO t1 VALUES('abc');
+  }
+  2 {
+    CREATE TABLE t1(a TEXT);
+    CREATE TABLE t2(x INT);
+    INSERT INTO t1 VALUES('abc');
+  }
+  3 {
+    CREATE TABLE t1(a TEXT);
+    CREATE TABLE t2(x INT);
+    INSERT INTO t1 VALUES('abc');
+    PRAGMA automatic_index=OFF;
+  }
+} {
+  reset_db
+  do_execsql_test select3-11.$tn.1 $sql 
+  do_execsql_test select3.11.$tn.2 {
+    SELECT max(a), val FROM t1 LEFT JOIN (
+        SELECT 'constant' AS val FROM t2 WHERE x=1234
+    )
+  } {abc {}}
+  do_execsql_test select3.11.$tn.3 {
+    INSERT INTO t2 VALUES(123);
+    SELECT max(a), val FROM t1 LEFT JOIN (
+        SELECT 'constant' AS val FROM t2 WHERE x=1234
+    )
+  } {abc {}}
+  do_execsql_test select3.11.$tn.4 {
+    INSERT INTO t2 VALUES(1234);
+    SELECT max(a), val FROM t1 LEFT JOIN (
+        SELECT 'constant' AS val FROM t2 WHERE x=1234
+    )
+  } {abc constant}
+}
+
+
 finish_test