From: drh <>
Date: Fri, 21 May 2021 21:49:07 +0000 (+0000)
Subject: If there are errors in a nested CTE, be sure to abandon processing.  Do not
X-Git-Tag: version-3.36.0~76
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=93c8139c1a9755a9f599966f82df45cdee85305e;p=thirdparty%2Fsqlite.git

If there are errors in a nested CTE, be sure to abandon processing.  Do not
continue since the parse tree may have been left in a goofy state which could
cause use-after-free and segfaults.
See [forum:/forumpost/aa4a7a3980|forum post aa4a7a3980] for an example.

FossilOrigin-Name: 94225d693932eb0b5d7799d40513afbd31ed40e1e156675eb92ad7216f1ff20f
---

diff --git a/manifest b/manifest
index 0ac7a15037..114b4e8cb3 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Fix\sa\sproblem\swith\sSQLITE_MAX_MEMORY\sin\smalloc.c.
-D 2021-05-21T16:41:22.941
+C If\sthere\sare\serrors\sin\sa\snested\sCTE,\sbe\ssure\sto\sabandon\sprocessing.\s\sDo\snot\ncontinue\ssince\sthe\sparse\stree\smay\shave\sbeen\sleft\sin\sa\sgoofy\sstate\swhich\scould\ncause\suse-after-free\sand\ssegfaults.\nSee\s[forum:/forumpost/aa4a7a3980|forum\spost\saa4a7a3980]\sfor\san\sexample.
+D 2021-05-21T21:49:07.197
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -543,7 +543,7 @@ F src/printf.c 78fabb49b9ac9a12dd1c89d744abdc9b67fd3205e62967e158f78b965a29ec4b
 F src/random.c 80f5d666f23feb3e6665a6ce04c7197212a88384
 F src/resolve.c 40e216d9a72e52841a9c8e0aec7d367bade8e2df17b804653b539b20c1ab5660
 F src/rowset.c ba9515a922af32abe1f7d39406b9d35730ed65efab9443dc5702693b60854c92
-F src/select.c 8f9ecc60f9ffb5954f726d2adf5722c638072260838490d0349e71d2e4a31822
+F src/select.c dd81ee4c1afeeb91047c5df7778701ea445bbaee24bfb5aeb980c7a32d2844d0
 F src/shell.c.in 1b32ba2918ede13b68df47c7b92b72ba0d06e68d384e78bb9d7456527271d400
 F src/sqlite.h.in 5c950066775ca9efdaa49077c05d38d0bef6418f3bd07d2dce0210f1d2f3c326
 F src/sqlite3.rc 5121c9e10c3964d5755191c80dd1180c122fc3a8
@@ -1792,7 +1792,7 @@ F test/windowerr.test a8b752402109c15aa1c5efe1b93ccb0ce1ef84fa964ae1cd6684dd0b3c
 F test/windowfault.test 21919e601f20b976ea2a73aa401220c89ed0e8d203c4f69476ea55bce3726496
 F test/windowpushd.test d8895d08870b7226f7693665bd292eb177e62ca06799184957b3ca7dc03067df
 F test/with1.test 7bc5abfe4c80c0cef8a90f5a66d60b9982e8ccd7350c8eb70611323a3b8e07ba
-F test/with2.test 000fb95f1f29dae868cea0f41505eb5126077d49eb967ff88f9ee46212ad8863
+F test/with2.test 858070ce1c71a198bff63691dab7eb3ce6c74fa46da3fff6b6c4c34c83f141fe
 F test/with3.test ad32d13ad50661e6fa305f62a0717649c348792e7b658bf2644976227a9e0373
 F test/with4.test 257be66c0c67fee1defbbac0f685c3465e2cad037f21ce65f23f86084f198205
 F test/with5.test 6248213c41fab36290b5b73aa3f937309dfba337004d9d8434c3fabc8c7d4be8
@@ -1914,7 +1914,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 240f7494bfa3e0806ae2f971e78039c62a419de647cb9e807309f90e1d2a536d
-R 04449523789f74442d2ffc6328882af8
-U dan
-Z d5a4a247a6ed6e80155854d3f3c040e4
+P c18dbe2f389f4ba7b219b7995d4f7009d1bc249ef8f93a30b262c6d2c008319d
+R ddcc3a411d04466b180e47749d964e86
+U drh
+Z cac7574e7912a186bd75c53237363cb1
diff --git a/manifest.uuid b/manifest.uuid
index f9a0787a44..85125b5a9a 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-c18dbe2f389f4ba7b219b7995d4f7009d1bc249ef8f93a30b262c6d2c008319d
\ No newline at end of file
+94225d693932eb0b5d7799d40513afbd31ed40e1e156675eb92ad7216f1ff20f
\ No newline at end of file
diff --git a/src/select.c b/src/select.c
index 88aa795274..5df43cbabc 100644
--- a/src/select.c
+++ b/src/select.c
@@ -5067,6 +5067,11 @@ static int resolveFromTermToCte(
     /* There are no WITH clauses in the stack.  No match is possible */
     return 0;
   }
+  if( pParse->nErr ){
+    /* Prior errors might have left pParse->pWith in a goofy state, so
+    ** go no further. */
+    return 0;
+  }
   if( pFrom->zDatabase!=0 ){
     /* The FROM term contains a schema qualifier (ex: main.t1) and so
     ** it cannot possibly be a CTE reference. */
diff --git a/test/with2.test b/test/with2.test
index 1051c6fb17..ebd4cf54b1 100644
--- a/test/with2.test
+++ b/test/with2.test
@@ -549,4 +549,55 @@ do_execsql_test 10.1 {
   )
 } {1}
 
+# 2021-05-21
+# Forum post https://sqlite.org/forum/forumpost/aa4a7a3980
+#
+reset_db
+do_execsql_test 11.1 {
+  CREATE TABLE t1(a);
+  CREATE VIEW v2(c) AS
+      WITH x AS (
+        WITH y AS (
+           WITH z AS(SELECT * FROM t1)
+           SELECT * FROM v2
+        ) SELECT a
+      ) SELECT * from t1;
+  ALTER TABLE t1 RENAME COLUMN a TO b;
+  SELECT sql FROM sqlite_schema WHERE name='t1';
+} {{CREATE TABLE t1(b)}}
+do_catchsql_test 11.2 {
+  INSERT INTO t1 VALUES(55);
+  SELECT * FROM v2;
+} {0 55}
+do_catchsql_test 11.3 {
+  DROP VIEW v2;
+  CREATE VIEW v2(c) AS
+      WITH x AS (
+        WITH y AS (
+           WITH z AS(SELECT * FROM t1)
+           SELECT * FROM v2
+        ) SELECT a
+      ) SELECT * from t1, x;
+  SELECT * FROM v2;
+} {1 {no such column: a}}
+do_catchsql_test 11.4 {
+  DROP VIEW v2;
+  CREATE VIEW v2(c) AS
+      WITH x AS (
+        WITH y AS (
+           WITH z AS(SELECT * FROM t1)
+           SELECT * FROM v2
+        ) SELECT *
+      ) SELECT * from t1, x;
+  SELECT * FROM v2;
+} {1 {no tables specified}}
+do_catchsql_test 11.5 {
+  WITH x AS (
+    WITH y AS (
+       WITH z AS(SELECT * FROM t1)
+       SELECT * FROM no_such_table
+    ) SELECT a
+  ) SELECT * from t1;
+} {0 55}
+
 finish_test