From: drh Date: Tue, 10 Jan 2017 15:08:06 +0000 (+0000) Subject: Fix a potential assertion fault discovered by OSS-Fuzz. X-Git-Tag: version-3.17.0~118 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d9bcb32ebb4b94df6c241bc09080cd0832d3a01b;p=thirdparty%2Fsqlite.git Fix a potential assertion fault discovered by OSS-Fuzz. FossilOrigin-Name: 71c03b59b645884ebd6b9e18713cd2eb8c949870 --- diff --git a/manifest b/manifest index 6f2234dddb..263f2b60cf 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Remove\sa\sredundant\sassignment\sstatement. -D 2017-01-09T19:55:19.701 +C Fix\sa\spotential\sassertion\sfault\sdiscovered\sby\sOSS-Fuzz. +D 2017-01-10T15:08:06.289 F Makefile.in 41bd4cad981487345c4a84081074bcdb876e4b2e F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434 F Makefile.msc b8ca53350ae545e3562403d5da2a69cec79308da @@ -472,7 +472,7 @@ F src/walker.c 91a6df7435827e41cff6bb7df50ea00934ee78b0 F src/where.c 6bbf9284f4f15a6fa48663d033870cc0d7f5ee66 F src/whereInt.h 2bcc3d176e6091cb8f50a30b65c006e88a73614d F src/wherecode.c e04ac8f24c3ac8621df6c3be3ac8c7d4fa893745 -F src/whereexpr.c 87ecdf24beba4498e4380b31c4131febb0a6ceaa +F src/whereexpr.c 24e452bcc36ac19130706357bbec4c1419931222 F test/8_3_names.test ebbb5cd36741350040fd28b432ceadf495be25b2 F test/affinity2.test a6d901b436328bd67a79b41bb0ac2663918fe3bd F test/aggerror.test a867e273ef9e3d7919f03ef4f0e8c0d2767944f2 @@ -1543,7 +1543,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 237aa97452e20c312f256a8fd62531e3d447f84b -R 3d5f5ba0e62157717b12def8c248d9db +P a5fa09657bd6c4ea5fe6712b0f8af2170cbe0381 +R 9d11b71201b21d28f9619103dd00f618 U drh -Z 6d8150e7f23763db279bf09c6fea02eb +Z 82e96cf4e2e496f2e42165b862cbc10e diff --git a/manifest.uuid b/manifest.uuid index 5e3236a559..9a414db70b 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -a5fa09657bd6c4ea5fe6712b0f8af2170cbe0381 \ No newline at end of file +71c03b59b645884ebd6b9e18713cd2eb8c949870 \ No newline at end of file diff --git a/src/whereexpr.c b/src/whereexpr.c index 4bb161044e..27c6ebc2f1 100644 --- a/src/whereexpr.c +++ b/src/whereexpr.c @@ -913,6 +913,7 @@ static void exprAnalyze( Parse *pParse = pWInfo->pParse; /* Parsing context */ sqlite3 *db = pParse->db; /* Database connection */ unsigned char eOp2; /* op2 value for LIKE/REGEXP/GLOB */ + int nLeft; /* Number of elements on left side vector */ if( db->mallocFailed ){ return; @@ -1184,13 +1185,12 @@ static void exprAnalyze( ** is not a sub-select. */ if( pWC->op==TK_AND && (pExpr->op==TK_EQ || pExpr->op==TK_IS) - && sqlite3ExprIsVector(pExpr->pLeft) + && (nLeft = sqlite3ExprVectorSize(pExpr->pLeft))>1 + && sqlite3ExprVectorSize(pExpr->pRight)==nLeft && ( (pExpr->pLeft->flags & EP_xIsSelect)==0 - || (pExpr->pRight->flags & EP_xIsSelect)==0 - )){ - int nLeft = sqlite3ExprVectorSize(pExpr->pLeft); + || (pExpr->pRight->flags & EP_xIsSelect)==0) + ){ int i; - assert( nLeft==sqlite3ExprVectorSize(pExpr->pRight) ); for(i=0; i