From 6c4dbd9a087a9728f14b91ccf4cbe7613b3bbfba Mon Sep 17 00:00:00 2001
From: drh <>
Date: Thu, 30 Jan 2025 21:16:12 +0000
Subject: [PATCH] The reuse-subroutine optimization might have generated
 byte-code that loops forever.  This check-in fixes the problem.

FossilOrigin-Name: a8714e8c448adc62ce4ff2b303dac3a735e699d12875223615f68eeaf08bd7b1
---
 manifest      | 19 ++++++++++---------
 manifest.uuid |  2 +-
 src/expr.c    |  5 ++++-
 src/vdbe.h    |  1 +
 test/in7.test | 29 +++++++++++++++++++++++++++++
 5 files changed, 45 insertions(+), 11 deletions(-)

diff --git a/manifest b/manifest
index 51b35ce6ab..aaace78b53 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Minor\scleanups\sto\sthe\sprevious\scheckin.\sNo\sfunctional\schanges.
-D 2025-01-30T11:59:11.599
+C The\sreuse-subroutine\soptimization\smight\shave\sgenerated\nbyte-code\sthat\sloops\sforever.\s\sThis\scheck-in\sfixes\sthe\sproblem.
+D 2025-01-30T21:16:12.554
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md e108e1e69ae8e8a59e93c455654b8ac9356a11720d3345df2a4743e9590fb20d
@@ -728,7 +728,7 @@ F src/date.c 842c08ac143a56a627b05ac51d68624f2b7b03e3b4cba596205e735eed64ee57
 F src/dbpage.c e90410e5d4c0217dfddc4184a81e38ec4903c25d4ec0f201060a0e54e7c2099f
 F src/dbstat.c 73362c0df0f40ad5523a6f5501224959d0976757b511299bf892313e79d14f5c
 F src/delete.c 03a77ba20e54f0f42ebd8eddf15411ed6bdb06a2c472ac4b6b336521bf7cea42
-F src/expr.c 30a407765d4e4b592f9f958085fb4e8336e54fa46a70ade7f5a67111bc191563
+F src/expr.c e06331a671cdf2b9f06526244a98db03493d9d220b57d57a39fa0c3575eb2a5d
 F src/fault.c 460f3e55994363812d9d60844b2a6de88826e007
 F src/fkey.c 928ed2517e8732113d2b9821aa37af639688d752f4ea9ac6e0e393d713eeb76f
 F src/func.c 89b733a5f513c4bc06b7271384363d5693d62782de8295bc87b97d79862c9714
@@ -848,7 +848,7 @@ F src/utf.c 8b29d9a5956569ea2700f869669b8ef67a9662ee5e724ff77ab3c387e27094ba
 F src/util.c e5f6a5eeaa26b69054a43bbd0048cfe3d2851f6961052b35aed8f695df922850
 F src/vacuum.c b763b6457bd058d2072ef9364832351fd8d11e8abf70cbb349657360f7d55c40
 F src/vdbe.c 8a6eb02823b424b273614bae41579392a5c495424592b60423dd2c443a583df0
-F src/vdbe.h 9676348d342bd04e21e384c63b57224171ce84fac77853357334ef94c4d33cf4
+F src/vdbe.h 3d26d5c7660c5c7bd33ffb0d8784615072d8b23c81f8110870efe2631136bc89
 F src/vdbeInt.h bf294a0c8fc4cc80779e74b04b8bd82c6e1197b3137cefe0b16cdf002fc7dfd6
 F src/vdbeapi.c 033decc098df353b97a5ca14302ad812e2567f1037747c2d5fcda62aac1bb74e
 F src/vdbeaux.c 5fcbc642a3d3d88c5ea15cadf2c8b8e4e067cb9ff374beb1875c9d209001299e
@@ -1305,7 +1305,7 @@ F test/in3.test 3cbf58c87f4052cee3a58b37b6389777505aa0c0
 F test/in4.test bb767ec1cfd1730256f0a83219f0acda36bc251b63f8b8bb7d8c7cff17875a4f
 F test/in5.test 4fd79c70dfa0681313e8cdca07f5ff0400bdc0e20f808a5c59eaef1e4b48082a
 F test/in6.test f5f40d6816a8bb7c784424b58a10ac38efb76ab29127a2c17399e0cbeeda0e4b
-F test/in7.test 5050b648510d88bd27ff6b40991a45e1cc277c20e258162e81650e01069a56bb
+F test/in7.test d9efdee00b074a60c6343993b2eda78bc369ab080dad864513c73f8aca89d566
 F test/incrblob.test c9b96afc292aeff43d6687bcb09b0280aa599822
 F test/incrblob2.test a494c9e848560039a23974b9119cfc2cf3ad3bd15cc2694ee6367ae537ef8f1f
 F test/incrblob3.test 67621a04b3084113bf38ce03797d70eca012d9d8f948193b8f655df577b0da6f
@@ -2205,8 +2205,9 @@ F tool/version-info.c 3b36468a90faf1bbd59c65fd0eb66522d9f941eedd364fabccd7227350
 F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee87c1b31a7
 F tool/warnings.sh 49a486c5069de041aedcbde4de178293e0463ae9918ecad7539eedf0ec77a139
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
-P eedf45369461a329ada9c89706b1c17e0c02135afe1f43f3e1c8f00b857a6c9c
-R e148b21bd34918b3a7ffbb849ac8fbcb
-U stephan
-Z f33b2af8099eed51a43c2e484e21e8a4
+P 0146a0da534edb9def39dc49f8c3f3055cff2154a0a8b383670e4415021f0e28
+Q +0cc4ed8c6e53aca1f5e94c132bedbc7f561c04a77f1a30b965ffe7560634bfeb
+R 803ec7cbc6e924b7c57742b42800d84e
+U drh
+Z 1a20bd2a9838fa93432cea616a537d7d
 # Remove this line to create a well-formed Fossil manifest.
diff --git a/manifest.uuid b/manifest.uuid
index ce486642f8..05b464bd9f 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-0146a0da534edb9def39dc49f8c3f3055cff2154a0a8b383670e4415021f0e28
+a8714e8c448adc62ce4ff2b303dac3a735e699d12875223615f68eeaf08bd7b1
diff --git a/src/expr.c b/src/expr.c
index ca5b9092e7..989c7cbc4d 100644
--- a/src/expr.c
+++ b/src/expr.c
@@ -3465,6 +3465,7 @@ static int findCompatibleInRhsSubrtn(
     assert( pOp->opcode==OP_BeginSubrtn );
     pSig = pOp->p4.pSubrtnSig;
     assert( pSig!=0 );
+    if( !pSig->bComplete ) continue;
     if( pNewSig->selId!=pSig->selId ) continue;
     if( strcmp(pNewSig->zAff,pSig->zAff)!=0 ) continue;
     pExpr->y.sub.iAddr = pSig->iAddr;
@@ -3511,6 +3512,7 @@ void sqlite3CodeRhsOfIN(
   KeyInfo *pKeyInfo = 0;      /* Key information */
   int nVal;                   /* Size of vector pLeft */
   Vdbe *v;                    /* The prepared statement under construction */
+  SubrtnSig *pSig = 0;        /* Signature for this subroutine */
 
   v = pParse->pVdbe;
   assert( v!=0 );
@@ -3531,7 +3533,6 @@ void sqlite3CodeRhsOfIN(
     ** Compute a signature for the RHS of the IN operator to facility
     ** finding and reusing prior instances of the same IN operator.
     */
-    SubrtnSig *pSig = 0;
     assert( !ExprUseXSelect(pExpr) || pExpr->x.pSelect!=0 );
     if( ExprUseXSelect(pExpr) && (pExpr->x.pSelect->selFlags & SF_All)==0 ){
       pSig = sqlite3DbMallocRawNN(pParse->db, sizeof(pSig[0]));
@@ -3574,6 +3575,7 @@ void sqlite3CodeRhsOfIN(
     pExpr->y.sub.iAddr =
       sqlite3VdbeAddOp2(v, OP_BeginSubrtn, 0, pExpr->y.sub.regReturn) + 1;
     if( pSig ){
+      pSig->bComplete = 0;
       pSig->iAddr = pExpr->y.sub.iAddr;
       pSig->regReturn = pExpr->y.sub.regReturn;
       pSig->iTable = iTab;
@@ -3709,6 +3711,7 @@ void sqlite3CodeRhsOfIN(
     sqlite3ReleaseTempReg(pParse, r1);
     sqlite3ReleaseTempReg(pParse, r2);
   }
+  if( pSig ) pSig->bComplete = 1;
   if( pKeyInfo ){
     sqlite3VdbeChangeP4(v, addr, (void *)pKeyInfo, P4_KEYINFO);
   }
diff --git a/src/vdbe.h b/src/vdbe.h
index 71aae29a08..476f1b4ea2 100644
--- a/src/vdbe.h
+++ b/src/vdbe.h
@@ -40,6 +40,7 @@ typedef struct SubrtnSig SubrtnSig;
 */
 struct SubrtnSig {
   int selId;          /* SELECT-id for the SELECT statement on the RHS */
+  u8 bComplete;       /* True if fully coded and available for reusable */
   char *zAff;         /* Affinity of the overall IN expression */
   int iTable;         /* Ephemeral table generated by the subroutine */
   int iAddr;          /* Subroutine entry address */
diff --git a/test/in7.test b/test/in7.test
index 4dc0821d18..763396140a 100644
--- a/test/in7.test
+++ b/test/in7.test
@@ -219,4 +219,33 @@ do_execsql_test 3.8 {
   SELECT t1.a, t2.b FROM t1, t2 WHERE (t1.a, t2.b) IN ((1, 2));
 } {1 2}
 
+# 2025-01-30 Inifinite loop in byte-code discovered by dbsqlfuzz
+# having to do with SubrtnSig logic.  The code was using a Subroutine
+# from within itself resulting in infinite recursion.
+#
+# This test will spin forever if the bug has not been fixed, or if
+# it reappears.
+#
+reset_db
+do_execsql_test 4.0 {
+  CREATE TABLE t1(a INTEGER PRIMARY KEY, b);
+  INSERT INTO t1 VALUES(1,x'1111');
+  CREATE TABLE t2(c);
+  CREATE TABLE t3(d);
+  CREATE TRIGGER t1tr UPDATE ON t1 BEGIN
+    UPDATE t1 SET b=x'2222' FROM t2;
+    UPDATE t1
+       SET b = (SELECT a IN (SELECT a
+                               FROM t1
+                              WHERE (b,a) IN (SELECT rowid, d
+                                                FROM t3
+                                             )
+                            )
+                  FROM t1 NATURAL RIGHT JOIN t1
+               );
+  END;
+  UPDATE t1 SET b=x'3333';
+  SELECT quote(b) FROM t1;
+} {X'3333'}
+
 finish_test
-- 
2.47.2