From: drh <>
Date: Wed, 5 Jan 2022 16:02:23 +0000 (+0000)
Subject: Fix an assert() failure that could follow an OOM when coding a RETURNING trigger... 
X-Git-Tag: version-3.37.2~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=dde17957b7932fcbd204a1496945bb689560bf7b;p=thirdparty%2Fsqlite.git

Fix an assert() failure that could follow an OOM when coding a RETURNING trigger. dbsqlfuzz case 5d3e2438f15dc32b473d9f29413157857efa1212.

FossilOrigin-Name: 93965e67e2478fc99d7abfd6790edac353358373873bb6ac82c7c65dbe52a5de
---

diff --git a/manifest b/manifest
index dc3b91b440..418d65c1d5 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Improved\shandling\sof\sOOM\serrors\sin\ssqlite3ExpandReturning().\ndbsqlfuzz\s1040b720f0bbc3bdcfe7336acffbf71517e3ef82.
-D 2022-01-05T12:01:34.753
+C Fix\san\sassert()\sfailure\sthat\scould\sfollow\san\sOOM\swhen\scoding\sa\sRETURNING\strigger.\sdbsqlfuzz\scase\s5d3e2438f15dc32b473d9f29413157857efa1212.
+D 2022-01-05T16:02:23.739
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -617,7 +617,7 @@ F src/test_wsd.c 41cadfd9d97fe8e3e4e44f61a4a8ccd6f7ca8fe9
 F src/threads.c 4ae07fa022a3dc7c5beb373cf744a85d3c5c6c3c
 F src/tokenize.c 865911afa00fed589cd03b25c140ca88544842aaef7b81f7d41ed769a7a54120
 F src/treeview.c 9dfdb7ff7f6645d0a6458dbdf4ffac041c071c4533a6db8bb6e502b979ac67bc
-F src/trigger.c 6537dcb8e4323b7ba3fd60c0f9eabde9e92b2849d57a4d9faac80185f6914559
+F src/trigger.c 043d66ecb25a223c614681c8ab758f1aaf6e507c901d3a4668113afab1cc2dc7
 F src/update.c 69c4c10bc6873a80c0a77cb578f9fc60ee90003d03f9530bc3370fa24615772d
 F src/upsert.c 8789047a8f0a601ea42fa0256d1ba3190c13746b6ba940fe2d25643a7e991937
 F src/utf.c ee39565f0843775cc2c81135751ddd93eceb91a673ea2c57f61c76f288b041a0
@@ -1311,6 +1311,7 @@ F test/releasetest_data.tcl 7cea6c852ae6bb3a9ff1a2b910e4dd13c16a05f74443984dfd52
 F test/resetdb.test 8062cf10a09d8c048f8de7711e94571c38b38168db0e5877ba7561789e5eeb2b
 F test/resolver01.test f4022acafda7f4d40eca94dbf16bc5fc4ac30ceb
 F test/returning1.test f96c7245f6ac16038e802760cd90b93479369939a8a7a44e2329ee5aed28239c
+F test/returningfault.test ae4c4b5e8745813287a359d9ccdb9d5c883c2e68afb18fb0767937d5de5692a4
 F test/rollback.test 06680159bc6746d0f26276e339e3ae2f951c64812468308838e0a3362d911eaa
 F test/rollback2.test 3f3a4e20401825017df7e7671e9f31b6de5fae5620c2b9b49917f52f8c160a8f
 F test/rollbackfault.test 0e646aeab8840c399cfbfa43daab46fd609cf04a
@@ -1935,9 +1936,9 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 71f21f172cbc033f70604d166f17118472491fcf8b78350bd347de016132b464
-Q +33c6b8e94bda12df13b4d2dd782b3120c3628596b86ef531d20b3100bf159b50
-R d6a73b24aaed4e2c4e8d3082bcdb0df3
+P b9ed2a2921a8f3f07a3a2c9b954806df924b3806795ab876bbbda28578175288
+Q +7ae596dd4a73a09585c5dc9f4faf75d126d0733fc2fb32c1de64126a1088d967
+R 3bd7f0154d4526f7981cf586715f2aaa
 U drh
-Z 4d7c092f8e80469c2a481b7eafc7b0ff
+Z 33b68d5e6b88c69d3bb094fb27b4d5bf
 # Remove this line to create a well-formed Fossil manifest.
diff --git a/manifest.uuid b/manifest.uuid
index 83b05a4b89..949ccd8532 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-b9ed2a2921a8f3f07a3a2c9b954806df924b3806795ab876bbbda28578175288
\ No newline at end of file
+93965e67e2478fc99d7abfd6790edac353358373873bb6ac82c7c65dbe52a5de
\ No newline at end of file
diff --git a/src/trigger.c b/src/trigger.c
index 41f34b3458..7e3a053a7f 100644
--- a/src/trigger.c
+++ b/src/trigger.c
@@ -945,7 +945,9 @@ static void codeReturningTrigger(
     sNC.ncFlags = NC_UBaseReg;
     pParse->eTriggerOp = pTrigger->op;
     pParse->pTriggerTab = pTab;
-    if( sqlite3ResolveExprListNames(&sNC, pNew)==SQLITE_OK ){
+    if( sqlite3ResolveExprListNames(&sNC, pNew)==SQLITE_OK
+     && !db->mallocFailed
+    ){
       int i;
       int nCol = pNew->nExpr;
       int reg = pParse->nMem+1;
@@ -953,8 +955,7 @@ static void codeReturningTrigger(
       pReturning->iRetReg = reg;
       for(i=0; i<nCol; i++){
         Expr *pCol = pNew->a[i].pExpr;
-        assert( pCol!=0 || pParse->db->mallocFailed );
-        if( NEVER(pCol==0) ) continue;
+        assert( pCol!=0 ); /* Due to !db->mallocFailed ~9 lines above */
         sqlite3ExprCodeFactorable(pParse, pCol, reg+i);
       }
       sqlite3VdbeAddOp3(v, OP_MakeRecord, reg, i, reg+i);
diff --git a/test/returningfault.test b/test/returningfault.test
new file mode 100644
index 0000000000..8bf6fbfe06
--- /dev/null
+++ b/test/returningfault.test
@@ -0,0 +1,36 @@
+# 2022 January 5
+#
+# The author disclaims copyright to this source code.  In place of
+# a legal notice, here is a blessing:
+#
+#    May you do good and not evil.
+#    May you find forgiveness for yourself and forgive others.
+#    May you share freely, never taking more than you give.
+#
+#***********************************************************************
+#
+
+set testdir [file dirname $argv0]
+source $testdir/tester.tcl
+source $testdir/malloc_common.tcl
+
+
+do_execsql_test 1.0 {
+  CREATE TABLE t1 (b);
+} {}
+faultsim_save_and_close
+
+do_faultsim_test pagerfault-1 -faults oom-t* -prep {
+  faultsim_restore_and_reopen
+} -body {
+  execsql { 
+    INSERT INTO t1(b) VALUES(65) RETURNING (
+      SELECT * FROM sqlite_temp_schema
+    ) AS aaa;
+  }
+} -test {
+  faultsim_test_result {1 {sub-select returns 5 columns - expected 1}}
+}
+
+
+finish_test