From: drh Date: Wed, 7 Dec 2011 01:47:27 +0000 (+0000) Subject: Bug fix in sqlite3SelectDup(). Make sure the pNext pointer is valid. X-Git-Tag: version-3.7.10~19^2~70^2~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e7e6a54504d246345e79384a5d28f11f18878b84;p=thirdparty%2Fsqlite.git Bug fix in sqlite3SelectDup(). Make sure the pNext pointer is valid. FossilOrigin-Name: 7e5b56b1c602d4adfd4496a9c877f3b685b2d360 --- diff --git a/manifest b/manifest index e924999ec2..8900db8ee7 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Improvements\sto\sthe\sdata-structure\sexplain\ssubsystem.\s\sMost\squeries\snow\ngive\sa\sreasonably\sdetailed\sgraph\sof\stheir\sparse\stree. -D 2011-12-07T01:23:51.800 +C Bug\sfix\sin\ssqlite3SelectDup().\s\sMake\ssure\sthe\spNext\spointer\sis\svalid. +D 2011-12-07T01:47:27.299 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f F Makefile.in 5b4a3e12a850b021547e43daf886b25133b44c07 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23 @@ -134,7 +134,7 @@ F src/complete.c dc1d136c0feee03c2f7550bafc0d29075e36deac F src/ctime.c a9c26822515f81ec21588cbb482ca6724be02e33 F src/date.c 067a81c9942c497aafd2c260e13add8a7d0c7dd4 F src/delete.c 51d32f0a9c880663e54ce309f52e40c325d5e112 -F src/expr.c 62f6ad2a1dcfbf684e6916c0662d5b4f28b98346 +F src/expr.c 3d800a2280d1ea4eab33ab500af59ebb7b878e64 F src/fault.c 160a0c015b6c2629d3899ed2daf63d75754a32bb F src/fkey.c 657212460bf5cfd3ae607d12ea62092844c227b5 F src/func.c 6261ce00aad9c63cd5b4219249b05683979060e9 @@ -977,7 +977,7 @@ F tool/tostr.awk e75472c2f98dd76e06b8c9c1367f4ab07e122d06 F tool/vdbe-compress.tcl d70ea6d8a19e3571d7ab8c9b75cba86d1173ff0f F tool/warnings-clang.sh 9f406d66e750e8ac031c63a9ef3248aaa347ef2a F tool/warnings.sh fbc018d67fd7395f440c28f33ef0f94420226381 -P 79ae51c5b1b20ed0a425a87e65a32a096a80b7e1 -R 33f29d39c143746ce94119c4aaec65fd +P 0aa7d3d2346bdddcc4e1e25ee26d13c8594885e5 +R 8f6a328e6230a075adb0590e80910ddf U drh -Z 8a3e65c823a12538f790d9d174308040 +Z 657cde2c7390fad792d576ed9952c864 diff --git a/manifest.uuid b/manifest.uuid index dbbd003458..e28fee5f60 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -0aa7d3d2346bdddcc4e1e25ee26d13c8594885e5 \ No newline at end of file +7e5b56b1c602d4adfd4496a9c877f3b685b2d360 \ No newline at end of file diff --git a/src/expr.c b/src/expr.c index 0d217ed405..09f07abf42 100644 --- a/src/expr.c +++ b/src/expr.c @@ -940,7 +940,7 @@ IdList *sqlite3IdListDup(sqlite3 *db, IdList *p){ return pNew; } Select *sqlite3SelectDup(sqlite3 *db, Select *p, int flags){ - Select *pNew; + Select *pNew, *pPrior; if( p==0 ) return 0; pNew = sqlite3DbMallocRaw(db, sizeof(*p) ); if( pNew==0 ) return 0; @@ -951,7 +951,9 @@ Select *sqlite3SelectDup(sqlite3 *db, Select *p, int flags){ pNew->pHaving = sqlite3ExprDup(db, p->pHaving, flags); pNew->pOrderBy = sqlite3ExprListDup(db, p->pOrderBy, flags); pNew->op = p->op; - pNew->pPrior = sqlite3SelectDup(db, p->pPrior, flags); + pNew->pPrior = pPrior = sqlite3SelectDup(db, p->pPrior, flags); + if( pPrior ) pPrior->pNext = pNew; + pNew->pNext = 0; pNew->pLimit = sqlite3ExprDup(db, p->pLimit, flags); pNew->pOffset = sqlite3ExprDup(db, p->pOffset, flags); pNew->iLimit = 0;