From: drh Date: Wed, 12 Dec 2018 11:57:35 +0000 (+0000) Subject: OSSFuzz found a case where an assert() inside sqlite3ExprCompare() can be X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ce85e5dc75c8c22a083c42c806728f6dd776dcbc;p=thirdparty%2Fsqlite.git OSSFuzz found a case where an assert() inside sqlite3ExprCompare() can be true. Test case added to TH3. FossilOrigin-Name: bc891ac6b62fe7d9a5c157a95d0b9dc2559f7abb84d7b22e258acb9b250c224f --- diff --git a/manifest b/manifest index 1f9ce8ae1d..ccbd9653fe 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Fix\sa\sproblem\swith\susing\s"-vacuum"\s(the\sdefault)\sas\sthe\sstate\sdatabase\nwhen\sresuming\san\sRBU\svacuum. -D 2018-12-12T11:54:10.630 +C OSSFuzz\sfound\sa\scase\swhere\san\sassert()\sinside\ssqlite3ExprCompare()\scan\sbe\ntrue.\s\sTest\scase\sadded\sto\sTH3. +D 2018-12-12T11:57:35.159 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F Makefile.in a050c8670ea0d7b37b2192306cbb50d392acd9902b84e9b56f3444d006f97a6c @@ -458,7 +458,7 @@ F src/date.c ebe1dc7c8a347117bb02570f1a931c62dd78f4a2b1b516f4837d45b7d6426957 F src/dbpage.c 135eb3b5e74f9ef74bde5cec2571192c90c86984fa534c88bf4a055076fa19b7 F src/dbstat.c 3c8bd4e77f0244fd2bd7cc90acf116ad2f8e82d70e536637f35ac2bc99b726f9 F src/delete.c f7938125847e8ef485448db5fbad29acb2991381a02887dd854c1617315ab9fb -F src/expr.c 1c2157f34cd8ad26d757df245def39438c2b8d2a629910d38e1fb9b3f9995be7 +F src/expr.c 39ce499eedd8096ac81a6afaae45f09aa9af565ec89d1c04ca2c3211061a3645 F src/fault.c 460f3e55994363812d9d60844b2a6de88826e007 F src/fkey.c 972a4ba14296bef2303a0abbad1e3d82bc3c61f9e6ce4e8e9528bdee68748812 F src/func.c 7c288b4ce309b5a8b8473514b88e1f8e69a80134509a8c0db8e39c858e367e7f @@ -1779,8 +1779,8 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P c1c735a8c6eb4b53edba1130cc7bc7bd0499e8752155caf405eb5aa6f09dcd37 -Q +c878d741733a897d47a1a0b57b454bc9095ce302b48cc01089336d5d20e2a24c -R 29d84d5d45ed3f1fc36cb60afb52f323 +P 6b7567fc0c7dc143f7622733f9addbf36b931cf405e71681db5b5f1ae7905c92 +Q +23b62fb160d86dc9d9073bcc714601f5b7695f96abd893eafecf4b2e565b87f2 +R d8bc0151b2cf3f37be4941bb30d0cff2 U drh -Z b0e4b6e08e943f95c35ef0c01c6c3893 +Z 4ac6c0d939bf9a66432a24f717d5535f diff --git a/manifest.uuid b/manifest.uuid index 97f209f7c0..406f460035 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -6b7567fc0c7dc143f7622733f9addbf36b931cf405e71681db5b5f1ae7905c92 \ No newline at end of file +bc891ac6b62fe7d9a5c157a95d0b9dc2559f7abb84d7b22e258acb9b250c224f \ No newline at end of file diff --git a/src/expr.c b/src/expr.c index 76ad5741cb..042b2b0911 100644 --- a/src/expr.c +++ b/src/expr.c @@ -4792,8 +4792,10 @@ int sqlite3ExprCompare(Parse *pParse, Expr *pA, Expr *pB, int iTab){ && sqlite3ExprCompare(pParse, pA->pLeft, pB->pLeft, iTab) ) return 2; if( sqlite3ExprCompare(pParse, pA->pRight, pB->pRight, iTab) ) return 2; if( sqlite3ExprListCompare(pA->x.pList, pB->x.pList, iTab) ) return 2; - assert( (combinedFlags & EP_Reduced)==0 ); - if( pA->op!=TK_STRING && pA->op!=TK_TRUEFALSE ){ + if( pA->op!=TK_STRING + && pA->op!=TK_TRUEFALSE + && (combinedFlags & EP_Reduced)==0 + ){ if( pA->iColumn!=pB->iColumn ) return 2; if( pA->iTable!=pB->iTable && (pA->iTable!=iTab || NEVER(pB->iTable>=0)) ) return 2;