From: drh <>
Date: Wed, 23 Jul 2025 23:12:53 +0000 (+0000)
Subject: Raise an error right away if the number of aggregate terms in a query
X-Git-Tag: release~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=710858bca3e6f0cc1d5d74101a1b444b3c7214ff;p=thirdparty%2Fsqlite.git

Raise an error right away if the number of aggregate terms in a query
exceeds the maximum number of columns.

FossilOrigin-Name: 733652d00ac7f40b455f9305c133ae4d1169e6606d11b6e40662ca75f85d8925
---

diff --git a/manifest b/manifest
index 2ce866b789..9127d46d77 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Version\s3.44.4
-D 2025-02-19T00:18:53.011
+C Raise\san\serror\sright\saway\sif\sthe\snumber\sof\saggregate\sterms\sin\sa\squery\nexceeds\sthe\smaximum\snumber\sof\scolumns.
+D 2025-07-23T23:12:53.929
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -675,7 +675,7 @@ F src/date.c eebc54a00e888d3c56147779e9f361b77d62fd69ff2008c5373946aa1ba1d574
 F src/dbpage.c 80e46e1df623ec40486da7a5086cb723b0275a6e2a7b01d9f9b5da0f04ba2782
 F src/dbstat.c 3b677254d512fcafd4d0b341bf267b38b235ccfddbef24f9154e19360fa22e43
 F src/delete.c cb766727c78e715f9fb7ec8a7d03658ed2a3016343ca687acfcec9083cdca500
-F src/expr.c 832f32dd73e6844199d1b41dbbb0fa08679ef07608da10910b998ab902fcb80e
+F src/expr.c 423cf5d88d857fdd5b2af542f6dd59bb9a53c876bf527d962b49eedf761131a7
 F src/fault.c 460f3e55994363812d9d60844b2a6de88826e007
 F src/fkey.c a47610f0a5c6cb0ad79f8fcef039c01833dec0c751bb695f28dc0ec6a4c3ba00
 F src/func.c 1fb2e5b349eb1bb376b235b790b7aefa9e64eeb9139a6e45b54ac64ced3277df
@@ -730,7 +730,7 @@ F src/shell.c.in 2e15f7ab2273843f3d3cdc22f3d6a1d080dd57099450b0a3bd9256a74ce822d
 F src/sqlite.h.in 1ecba681f97f5e0659433da9555cacc2c124d26c4d09db1edcc64ee15d614839
 F src/sqlite3.rc 5121c9e10c3964d5755191c80dd1180c122fc3a8
 F src/sqlite3ext.h 3f046c04ea3595d6bfda99b781926b17e672fd6d27da2ba6d8d8fc39981dcb54
-F src/sqliteInt.h 142d16cb29c0c6ee067f96a25c8d528673300bcb2b6bdb066b587306067847af
+F src/sqliteInt.h 7664fa0c977b1743a91b1bf724dd70203b0cda5081de5ddba94ac1e08d022cd8
 F src/sqliteLimit.h 33b1c9baba578d34efe7dfdb43193b366111cdf41476b1e82699e14c11ee1fb6
 F src/status.c 160c445d7d28c984a0eae38c144f6419311ed3eace59b44ac6dafc20db4af749
 F src/table.c 0f141b58a16de7e2fbe81c308379e7279f4c6b50eb08efeec5892794a0ba30d1
@@ -2144,10 +2144,9 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 75bbd094db08d421b7555bda5447902e44adff99cc095e7216a21cb5a3002167
-R b41a5c18f429ddaf57caac86fbf1fac1
-T +sym-release *
-T +sym-version-3.44.4 *
+P f1e31fd9961ac82535a5d0702b127d84de8ca21d4df1c51c73e078ea0ad4afa8
+Q +5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8
+R d673d2b8efcc0b4ae159018a770e653d
 U drh
-Z f74c9c677015f2d92504f82e5b79556e
+Z dd73e6db0434a2fa388099a0e0427531
 # Remove this line to create a well-formed Fossil manifest.
diff --git a/manifest.uuid b/manifest.uuid
index 8c1f793d4c..ab631e19e2 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-f1e31fd9961ac82535a5d0702b127d84de8ca21d4df1c51c73e078ea0ad4afa8
+733652d00ac7f40b455f9305c133ae4d1169e6606d11b6e40662ca75f85d8925
diff --git a/src/expr.c b/src/expr.c
index 4b2bbcfbdb..6f14225f98 100644
--- a/src/expr.c
+++ b/src/expr.c
@@ -6646,7 +6646,9 @@ static void findOrCreateAggInfoColumn(
 ){
   struct AggInfo_col *pCol;
   int k;
+  int mxTerm = pParse->db->aLimit[SQLITE_LIMIT_COLUMN];
 
+  assert( mxTerm <= SMXV(i16) );
   assert( pAggInfo->iFirstReg==0 );
   pCol = pAggInfo->aCol;
   for(k=0; k<pAggInfo->nColumn; k++, pCol++){
@@ -6664,6 +6666,10 @@ static void findOrCreateAggInfoColumn(
     assert( pParse->db->mallocFailed );
     return;
   }
+  if( k>mxTerm ){
+    sqlite3ErrorMsg(pParse, "more than %d aggregate terms", mxTerm);
+    k = mxTerm;
+  }
   pCol = &pAggInfo->aCol[k];
   assert( ExprUseYTab(pExpr) );
   pCol->pTab = pExpr->y.pTab;
@@ -6697,6 +6703,7 @@ fix_up_expr:
   if( pExpr->op==TK_COLUMN ){
     pExpr->op = TK_AGG_COLUMN;
   }
+  assert( k <= SMXV(pExpr->iAgg) );
   pExpr->iAgg = (i16)k;
 }
 
@@ -6780,13 +6787,19 @@ static int analyzeAggregate(Walker *pWalker, Expr *pExpr){
         ** function that is already in the pAggInfo structure
         */
         struct AggInfo_func *pItem = pAggInfo->aFunc;
+        int mxTerm = pParse->db->aLimit[SQLITE_LIMIT_COLUMN];
+        assert( mxTerm <= SMXV(i16) );
         for(i=0; i<pAggInfo->nFunc; i++, pItem++){
           if( pItem->pFExpr==pExpr ) break;
           if( sqlite3ExprCompare(0, pItem->pFExpr, pExpr, -1)==0 ){
             break;
           }
         }
-        if( i>=pAggInfo->nFunc ){
+        if( i>mxTerm ){
+          sqlite3ErrorMsg(pParse, "more than %d aggregate terms", mxTerm);
+          i = mxTerm;
+          assert( i<pAggInfo->nFunc );
+        }else if( i>=pAggInfo->nFunc ){
           /* pExpr is original.  Make a new entry in pAggInfo->aFunc[]
           */
           u8 enc = ENC(pParse->db);
@@ -6838,6 +6851,7 @@ static int analyzeAggregate(Walker *pWalker, Expr *pExpr){
         */
         assert( !ExprHasProperty(pExpr, EP_TokenOnly|EP_Reduced) );
         ExprSetVVAProperty(pExpr, EP_NoReduce);
+        assert( i <= SMXV(pExpr->iAgg) );
         pExpr->iAgg = (i16)i;
         pExpr->pAggInfo = pAggInfo;
         return WRC_Prune;
diff --git a/src/sqliteInt.h b/src/sqliteInt.h
index 44e4acc987..b9f5a3934d 100644
--- a/src/sqliteInt.h
+++ b/src/sqliteInt.h
@@ -992,6 +992,14 @@ typedef INT16_TYPE LogEst;
 #define LARGEST_UINT64 (0xffffffff|(((u64)0xffffffff)<<32))
 #define SMALLEST_INT64 (((i64)-1) - LARGEST_INT64)
 
+/*
+** Macro SMXV(n) return the maximum value that can be held in variable n,
+** assuming n is a signed integer type.  UMXV(n) is similar for unsigned
+** integer types.
+*/
+#define SMXV(n) ((((i64)1)<<(sizeof(n)*8-1))-1)
+#define UMXV(n) ((((i64)1)<<(sizeof(n)*8))-1)
+
 /*
 ** Round up a number to the next larger multiple of 8.  This is used
 ** to force 8-byte alignment on 64-bit architectures.
@@ -2851,7 +2859,7 @@ struct AggInfo {
                           ** from source tables rather than from accumulators */
   u8 useSortingIdx;       /* In direct mode, reference the sorting index rather
                           ** than the source table */
-  u16 nSortingColumn;     /* Number of columns in the sorting index */
+  u32 nSortingColumn;     /* Number of columns in the sorting index */
   int sortingIdx;         /* Cursor number of the sorting index */
   int sortingIdxPTab;     /* Cursor number of pseudo-table */
   int iFirstReg;          /* First register in range for aCol[] and aFunc[] */
@@ -2860,8 +2868,8 @@ struct AggInfo {
     Table *pTab;             /* Source table */
     Expr *pCExpr;            /* The original expression */
     int iTable;              /* Cursor number of the source table */
-    i16 iColumn;             /* Column number within the source table */
-    i16 iSorterColumn;       /* Column number in the sorting index */
+    int iColumn;             /* Column number within the source table */
+    int iSorterColumn;       /* Column number in the sorting index */
   } *aCol;
   int nColumn;            /* Number of used entries in aCol[] */
   int nAccumulator;       /* Number of columns that show through to the output.