From ad45ed7414a11c03bca528e4fdf304d7012497a0 Mon Sep 17 00:00:00 2001
From: dan <dan@noemail.net>
Date: Thu, 8 Aug 2013 12:21:32 +0000
Subject: [PATCH] Fix a segfault in "ALTER TABLE t1 ADD COLUMN b DEFAULT
 (-+1)". Also an assert() failure that could occur if SQLITE_ENABLE_STAT4 were
 not defined.

FossilOrigin-Name: 9fec3e38287067d60874530300fbeb602958c951
---
 manifest         | 16 ++++++++--------
 manifest.uuid    |  2 +-
 src/vdbemem.c    |  4 +++-
 src/where.c      |  5 ++++-
 test/alter4.test |  5 +++++
 5 files changed, 21 insertions(+), 11 deletions(-)

diff --git a/manifest b/manifest
index 44a7e1f774..2ecaf9c19f 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Fix\sa\sbug\sin\susing\sstat4\sdata\sto\sestimate\sthe\snumber\sof\srows\sselected\sby\sa\srange\sconstraint.
-D 2013-08-08T11:48:57.819
+C Fix\sa\ssegfault\sin\s"ALTER\sTABLE\st1\sADD\sCOLUMN\sb\sDEFAULT\s(-+1)".\sAlso\san\sassert()\sfailure\sthat\scould\soccur\sif\sSQLITE_ENABLE_STAT4\swere\snot\sdefined.
+D 2013-08-08T12:21:32.556
 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
 F Makefile.in 5e41da95d92656a5004b03d3576e8b226858a28e
 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
@@ -283,14 +283,14 @@ F src/vdbeInt.h e9b7c6b165a31a4715c5aa97223d20d265515231
 F src/vdbeapi.c 4d13580bd058b39623e8fcfc233b7df4b8191e8b
 F src/vdbeaux.c a6ea36a9dc714e1128a0173249a0532ddcab0489
 F src/vdbeblob.c 5dc79627775bd9a9b494dd956e26297946417d69
-F src/vdbemem.c f0512045147702adec3ca6388663e243c17d2ea4
+F src/vdbemem.c 4aff02f52e95cad546b47c15a7145a9940a61b67
 F src/vdbesort.c 3937e06b2a0e354500e17dc206ef4c35770a5017
 F src/vdbetrace.c e7ec40e1999ff3c6414424365d5941178966dcbc
 F src/vtab.c 2e8b489db47e20ae36cd247932dc671c9ded0624
 F src/wal.c 7dc3966ef98b74422267e7e6e46e07ff6c6eb1b4
 F src/wal.h df01efe09c5cb8c8e391ff1715cca294f89668a4
 F src/walker.c 4fa43583d0a84b48f93b1e88f11adf2065be4e73
-F src/where.c 5ea698bd91c8c264bd00fb9c6aafc30043a3873b
+F src/where.c a14294548b55404e9f6c082c0e63bc6d24926c8d
 F test/8_3_names.test ebbb5cd36741350040fd28b432ceadf495be25b2
 F test/aggerror.test a867e273ef9e3d7919f03ef4f0e8c0d2767944f2
 F test/aggnested.test 45c0201e28045ad38a530b5a144b73cd4aa2cfd6
@@ -299,7 +299,7 @@ F test/all.test 6ff7b43c2b4b905c74dc4a813d201d0fa64c5783
 F test/alter.test 7e771c3c3f401198557dbbcf4a2c21950ba934f3
 F test/alter2.test 7ea05c7d92ac99349a802ef7ada17294dd647060
 F test/alter3.test 49c9d9fba2b8fcdce2dedeca97bbf1f369cc548d
-F test/alter4.test b2debc14d8cbe4c1d12ccd6a41eef88a8c1f15d5
+F test/alter4.test 8e93bf7a7e6919b14b0c9a6c1e4908bcf21b0165
 F test/altermalloc.test e81ac9657ed25c6c5bb09bebfa5a047cd8e4acfc
 F test/analyze.test 4d08a739c5ec28db93e0465e3b5a468befdf145f
 F test/analyze3.test 4532e5475d2aa68d752627548bdcaf70aff51010
@@ -1106,7 +1106,7 @@ F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
 F tool/warnings.sh fbc018d67fd7395f440c28f33ef0f94420226381
 F tool/wherecosttest.c f407dc4c79786982a475261866a161cd007947ae
 F tool/win/sqlite.vsix 97894c2790eda7b5bce3cc79cb2a8ec2fde9b3ac
-P 7b70b419c43b2c3b2daf11d833a1d60245bfaef5
-R 57059d9c69ace9dccd9c4ceedb6afa1e
+P f783938ea999731ea073cd2c78e278095f7bea6d
+R 5118870e9b33149ca23f1597a77ab495
 U dan
-Z 9ec2673c689c33df3101a910ffd90aa8
+Z e9558b330772b69c8c1b515706fc9347
diff --git a/manifest.uuid b/manifest.uuid
index 5cea5a9336..347dc90377 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-f783938ea999731ea073cd2c78e278095f7bea6d
\ No newline at end of file
+9fec3e38287067d60874530300fbeb602958c951
\ No newline at end of file
diff --git a/src/vdbemem.c b/src/vdbemem.c
index 9c7f579b1f..de0361e64c 100644
--- a/src/vdbemem.c
+++ b/src/vdbemem.c
@@ -1085,7 +1085,9 @@ int valueFromExpr(
     }
   }else if( op==TK_UMINUS ) {
     /* This branch happens for multiple negative signs.  Ex: -(-5) */
-    if( SQLITE_OK==sqlite3ValueFromExpr(db,pExpr->pLeft,enc,affinity,&pVal) ){
+    if( SQLITE_OK==sqlite3ValueFromExpr(db,pExpr->pLeft,enc,affinity,&pVal) 
+     && pVal!=0
+    ){
       sqlite3VdbeMemNumerify(pVal);
       if( pVal->u.i==SMALLEST_INT64 ){
         pVal->flags &= MEM_Int;
diff --git a/src/where.c b/src/where.c
index d230758ed2..c2a5e81b3c 100644
--- a/src/where.c
+++ b/src/where.c
@@ -4242,12 +4242,15 @@ static int whereLoopAddBtreeIndex(
     int nIn = 0;
 #ifdef SQLITE_ENABLE_STAT4
     int nRecValid = pBuilder->nRecValid;
+    assert( pNew->nOut==saved_nOut );
     if( (pTerm->wtFlags & TERM_VNULL)!=0 && pSrc->pTab->aCol[iCol].notNull ){
       continue; /* skip IS NOT NULL constraints on a NOT NULL column */
     }
 #endif
     if( pTerm->prereqRight & pNew->maskSelf ) continue;
 
+    assert( pNew->nOut==saved_nOut );
+
     pNew->wsFlags = saved_wsFlags;
     pNew->u.btree.nEq = saved_nEq;
     pNew->nLTerm = saved_nLTerm;
@@ -4340,9 +4343,9 @@ static int whereLoopAddBtreeIndex(
     ){
       whereLoopAddBtreeIndex(pBuilder, pSrc, pProbe, nInMul+nIn);
     }
+    pNew->nOut = saved_nOut;
 #ifdef SQLITE_ENABLE_STAT4
     pBuilder->nRecValid = nRecValid;
-    pNew->nOut = saved_nOut;
 #endif
   }
   pNew->prereq = saved_prereq;
diff --git a/test/alter4.test b/test/alter4.test
index cda45533c6..59704fed4c 100644
--- a/test/alter4.test
+++ b/test/alter4.test
@@ -143,6 +143,11 @@ do_test alter4-2.6 {
     alter table t1 add column d DEFAULT CURRENT_TIME;
   }
 } {1 {Cannot add a column with non-constant default}}
+do_test alter4-2.7 {
+  catchsql {
+    alter table t1 add column d default (-+1);
+  }
+} {1 {Cannot add a column with non-constant default}}
 do_test alter4-2.99 {
   execsql {
     DROP TABLE t1;
-- 
2.47.2