From: drh <>
Date: Thu, 9 Mar 2023 01:35:52 +0000 (+0000)
Subject: Fix a possible NULL pointer dereference due to the sqlite3_interrupt()
X-Git-Tag: version-3.41.1~5
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cc4f0f678d25c5c75650e8784617b519d20ddedc;p=thirdparty%2Fsqlite.git

Fix a possible NULL pointer dereference due to the sqlite3_interrupt()
enhancement in the 3.41.0 release.

FossilOrigin-Name: 66d24a220e3455a183b61490f42869520744cb3990e13f3ded92f1b6a7e248ce
---

diff --git a/manifest b/manifest
index 7465393352..4cde10d015 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Keep\sthe\shistorical\sdatatype\s("INT",\snot\s"NUM")\sfor\sa\stable\screated\sas\sfollows:\s"CREATE\sTABLE\st1\sAS\sSELECT\sCAST(123\sAS\sINT)\sAS\svalue;".\s\sThe\suse\sof\sFLEXNUM\sonly\soccurs\son\scompound\squeries.
-D 2023-03-08T14:37:04.942
+C Fix\sa\spossible\sNULL\spointer\sdereference\sdue\sto\sthe\ssqlite3_interrupt()\nenhancement\sin\sthe\s3.41.0\srelease.
+D 2023-03-09T01:35:52.756
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -685,7 +685,7 @@ F src/test_wsd.c 41cadfd9d97fe8e3e4e44f61a4a8ccd6f7ca8fe9
 F src/threads.c 4ae07fa022a3dc7c5beb373cf744a85d3c5c6c3c
 F src/tokenize.c 1305797eab3542a0896b552c6e7669c972c1468e11e92b370533c1f37a37082b
 F src/treeview.c fccf3b8c517c1f55cb380c1522febe6921fcb2bd800c16c78cab571d0eb0ccbd
-F src/trigger.c 5e68b790f022b8dafbfb0eb244786512a95c9575fc198719d2557d73e5795858
+F src/trigger.c 6072c531d9bcc3980528150a1b03fda2e85a08c10023fafb42f93ffd68607ffe
 F src/update.c f118e51768d2c1309e3c81e9f91141b22b8a1339cbc5969b1b2d810feaa25b22
 F src/upsert.c 5303dc6c518fa7d4b280ec65170f465c7a70b7ac2b22491598f6d0b4875b3145
 F src/utf.c ee39565f0843775cc2c81135751ddd93eceb91a673ea2c57f61c76f288b041a0
@@ -1404,7 +1404,7 @@ F test/reindex.test cd9d6021729910ece82267b4f5e1b5ac2911a7566c43b43c176a6a4732e2
 F test/releasetest_data.tcl b550dd1b122a9c969df794d05ea272df535f10ff1a245062e7ba080822378016
 F test/resetdb.test 54c06f18bc832ac6d6319e5ab23d5c8dd49fdbeec7c696d791682a8006bd5fc3
 F test/resolver01.test f4022acafda7f4d40eca94dbf16bc5fc4ac30ceb
-F test/returning1.test 3ef7b264598b3292be0cdb028e4acb7524c5fd409b33b78449f894dfd68db334
+F test/returning1.test ee72bece38ea39ef82a219d8f6619e5c1c15835ea127cd7e6e30012cde462dfe
 F test/returningfault.test ae4c4b5e8745813287a359d9ccdb9d5c883c2e68afb18fb0767937d5de5692a4
 F test/rollback.test 06680159bc6746d0f26276e339e3ae2f951c64812468308838e0a3362d911eaa
 F test/rollback2.test 3f3a4e20401825017df7e7671e9f31b6de5fae5620c2b9b49917f52f8c160a8f
@@ -2045,9 +2045,9 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P d00e68baf73238d2f91df6b19525c91539a7fe26406516cbacfff113e79e26ea
-Q +6d5b5896261c62a7e130b47416ee8c25793859a2afcb1646c257600537a5b71b
-R 05e345d820d81a67729a6442fb0a0119
+P dc1033af4bf707095032f66d7a8ab63204f38bae244fab16a2bc870840d5bffd
+Q +84417bbd144b2197c9930a520feb94b59053957c190be79f8deaaaebca68ecf1
+R fd4daae8bfdac9cc9c29914041159d80
 U drh
-Z 51dba0d99dc87e9d4f108cf8acf33536
+Z c94d7f50fa2d61e881f0ae3e0f731be2
 # Remove this line to create a well-formed Fossil manifest.
diff --git a/manifest.uuid b/manifest.uuid
index 85f98f13b2..ef1bd5dc6f 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-dc1033af4bf707095032f66d7a8ab63204f38bae244fab16a2bc870840d5bffd
\ No newline at end of file
+66d24a220e3455a183b61490f42869520744cb3990e13f3ded92f1b6a7e248ce
\ No newline at end of file
diff --git a/src/trigger.c b/src/trigger.c
index 02d8540237..f83c719a33 100644
--- a/src/trigger.c
+++ b/src/trigger.c
@@ -983,7 +983,7 @@ static void codeReturningTrigger(
   }
   sqlite3ExprListDelete(db, sSelect.pEList);
   pNew = sqlite3ExpandReturning(pParse, pReturning->pReturnEL, pTab);
-  if( !db->mallocFailed ){
+  if( pParse->nErr==0 ){
     NameContext sNC;
     memset(&sNC, 0, sizeof(sNC));
     if( pReturning->nRetCol==0 ){
diff --git a/test/returning1.test b/test/returning1.test
index 326af800e1..0d97b70201 100644
--- a/test/returning1.test
+++ b/test/returning1.test
@@ -212,13 +212,13 @@ do_execsql_test 10.2 {
   END;
 }
 
-do_catchsql_test 10.3 {
+do_catchsql_test 10.3a {
   INSERT INTO t1(a, b) VALUES(1234, 5678) RETURNING rowid;
-} {1 {no such column: rowid}}
+} {1 {no such column: new.rowid}}
 
-do_catchsql_test 10.3 {
+do_catchsql_test 10.3b {
   UPDATE t1 SET a='z' WHERE b='y' RETURNING rowid;
-} {1 {no such column: rowid}}
+} {1 {no such column: new.rowid}}
 
 do_execsql_test 10.4 {
   SELECT * FROM log;
@@ -408,4 +408,15 @@ do_execsql_test 17.0 {
   UPDATE bug SET x=NULL WHERE id = 20 RETURNING quote(x), x IS NULL;
 } {NULL 1}
 
+# 2023-03-08 https://sqlite.org/forum/forumpost/f5a2b1db87
+# NULL pointer dereference following an error.
+#
+do_execsql_test 18.0 {
+  CREATE TABLE v0(c1 INT);
+  CREATE VIEW view_2(c1) AS SELECT CASE WHEN c1 COLLATE TRUE THEN TRUE ELSE TRUE END FROM v0;
+}
+do_catchsql_test 18.1 {
+  INSERT INTO view_2 DEFAULT VALUES RETURNING *;
+} {1 {no such collation sequence: TRUE}}
+
 finish_test