From: drh <drh@noemail.net>
Date: Mon, 19 Sep 2016 11:00:42 +0000 (+0000)
Subject: Fix a segfault introduced by the row-value enhancement that comes up on
X-Git-Tag: version-3.15.0~74
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9a2e5169a4c8c3fa75537733993961584084ae42;p=thirdparty%2Fsqlite.git

Fix a segfault introduced by the row-value enhancement that comes up on
a skip-scan where the first term of the index is unconstrained and the
second term is of the form "columm IN (SELECT...)".

FossilOrigin-Name: 2401ea5acfeee8042489d1db38036ff86e8a6916
---

diff --git a/manifest b/manifest
index 46e31f7f79..4cfe2cc045 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Improved\sperformance\sin\ssqlite3ExprCodeTarget().
-D 2016-09-19T10:24:19.052
+C Fix\sa\ssegfault\sintroduced\sby\sthe\srow-value\senhancement\sthat\scomes\sup\son\na\sskip-scan\swhere\sthe\sfirst\sterm\sof\sthe\sindex\sis\sunconstrained\sand\sthe\nsecond\sterm\sis\sof\sthe\sform\s"columm\sIN\s(SELECT...)".
+D 2016-09-19T11:00:42.662
 F Makefile.in 6fd48ffcf7c2deea7499062d1f3747f986c19678
 F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434
 F Makefile.msc e1aa788e84f926e42239ee167c53f785bedacacd
@@ -467,7 +467,7 @@ F src/vxworks.h d2988f4e5a61a4dfe82c6524dd3d6e4f2ce3cdb9
 F src/wal.c 02eeecc265f6ffd0597378f5d8ae9070b62a406a
 F src/wal.h 6dd221ed384afdc204bc61e25c23ef7fd5a511f2
 F src/walker.c 83042807db1a27175fcb39be8f3e2a839dbdddb2
-F src/where.c d0ca1b5e1c56249e7725cea66ce4e172c5845dec
+F src/where.c e4140408b81539cf9298355138a3749164dfd6a2
 F src/whereInt.h 14dd243e13b81cbb0a66063d38b70f93a7d6e613
 F src/wherecode.c e412e09abad1eea213d85594cf46db9f877db56d
 F src/whereexpr.c e3db778ed205e982f31960896db71c50612ae009
@@ -1089,7 +1089,7 @@ F test/shortread1.test bb591ef20f0fd9ed26d0d12e80eee6d7ac8897a3
 F test/show_speedtest1_rtree.tcl 32e6c5f073d7426148a6936a0408f4b5b169aba5
 F test/shrink.test 1b4330b1fd9e818c04726d45cb28db73087535ce
 F test/sidedelete.test f0ad71abe6233e3b153100f3b8d679b19a488329
-F test/skipscan1.test f2d4482f195f018c3732374d3985fc34bcc3ae1a
+F test/skipscan1.test 8ab5d2c7c5cd3fe7f172d366e6e74e887cb33cb4
 F test/skipscan2.test d1d1450952b7275f0b0a3a981f0230532743951a
 F test/skipscan3.test ec5bab3f81c7038b43450e7b3062e04a198bdbb5
 F test/skipscan5.test 67817a4b6857c47e0e33ba3e506da6f23ef68de2
@@ -1525,7 +1525,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P c6e6afb9391704d9119335f2ce17df3968acb514
-R 5e8eb1549d648015d64d5983cb2b67d7
+P 75146165dcc1ae1faab46b1a7333ef795d5eeac5
+R 6570c4faac186baff77a196a1b23d589
 U drh
-Z f9a9936a11469969054ab3df81b2204c
+Z c8f046879d40b5e9b9c03ef1eccd7de3
diff --git a/manifest.uuid b/manifest.uuid
index fb2a91730a..316a029f4b 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-75146165dcc1ae1faab46b1a7333ef795d5eeac5
\ No newline at end of file
+2401ea5acfeee8042489d1db38036ff86e8a6916
\ No newline at end of file
diff --git a/src/where.c b/src/where.c
index 527698320f..0af935ff02 100644
--- a/src/where.c
+++ b/src/where.c
@@ -2410,7 +2410,7 @@ static int whereLoopAddBtreeIndex(
         ** for each such term. The following loop checks that pTerm is the
         ** first such term in use, and sets nIn back to 0 if it is not. */
         for(i=0; i<pNew->nLTerm-1; i++){
-          if( pNew->aLTerm[i]->pExpr==pExpr ) nIn = 0;
+          if( pNew->aLTerm[i] && pNew->aLTerm[i]->pExpr==pExpr ) nIn = 0;
         }
       }else if( ALWAYS(pExpr->x.pList && pExpr->x.pList->nExpr) ){
         /* "x IN (value, value, ...)" */
diff --git a/test/skipscan1.test b/test/skipscan1.test
index 6d77e63498..6cdeed5439 100644
--- a/test/skipscan1.test
+++ b/test/skipscan1.test
@@ -322,4 +322,19 @@ do_execsql_test skipscan1-8.2 {
   ORDER BY +x;
 } {1 AB 2 CD}
 
+# Segfault reported on the mailing list by Keith Medcalf on 2016-09-18.
+# A skip-scan with a "column IN (SELECT ...)" on the second term of the
+# index.
+#
+do_execsql_test skipscan1-9.2 {
+  CREATE TABLE t9a(a,b,c);
+  CREATE INDEX t9a_ab ON t9a(a,b);
+  CREATE TABLE t9b(x,y);
+  ANALYZE sqlite_master;
+  INSERT INTO sqlite_stat1 VALUES('t9a','t9a_ab','1000000 250000 1');
+  ANALYZE sqlite_master;
+  EXPLAIN QUERY PLAN
+  SELECT * FROM t9a WHERE b IN (SELECT x FROM t9b WHERE y!=5);
+} {/USING INDEX t9a_ab .ANY.a. AND b=./}
+
 finish_test