From 1bc183a935799050919eecf4f5deffb6d98e7905 Mon Sep 17 00:00:00 2001
From: drh <>
Date: Sat, 29 Nov 2025 12:06:12 +0000
Subject: [PATCH] Fix an assertion fault in sqlite3Dequote() that can occur
 with ALTER TABLE DROP CONSTRAINT on a corrupt schema. dbsqlfuzz
 509a778e8a0c21a6448003feb773a1e55ed751e7.  Test case in TH3.

FossilOrigin-Name: 2dc73eb2d215178c448b182ebb227bc4753ad7baf46c8bd58f20a2b22e998726
---
 manifest      | 14 +++++++-------
 manifest.uuid |  2 +-
 src/alter.c   |  9 +++++++--
 3 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/manifest b/manifest
index ff2f3c3e24..4adc8024a5 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Correct\sa\sdoc\sfalsehood\s-\sjquery.terminal\sdoes\snot\srequire\spre-building.
-D 2025-11-28T17:56:22.595
+C Fix\san\sassertion\sfault\sin\ssqlite3Dequote()\sthat\scan\soccur\swith\nALTER\sTABLE\sDROP\sCONSTRAINT\son\sa\scorrupt\sschema.\ndbsqlfuzz\s509a778e8a0c21a6448003feb773a1e55ed751e7.\s\sTest\scase\sin\sTH3.
+D 2025-11-29T12:06:12.932
 F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
@@ -668,7 +668,7 @@ F mptest/multiwrite01.test dab5c5f8f9534971efce679152c5146da265222d
 F sqlite.pc.in 42b7bf0d02e08b9e77734a47798d1a55a9e0716b
 F sqlite3.1 1b9c24374a85dfc7eb8fa7c4266ee0db4f9609cceecfc5481cd8307e5af04366
 F sqlite3.pc.in e6dee284fba59ef500092fdc1843df3be8433323a3733c91da96690a50a5b398
-F src/alter.c f31437552c733957f19351cdfae8fad8e8f0c7d11041e5b7966aae57206ad91f
+F src/alter.c fe6fa35700b968f8f9d2515939455e70f6b6ff2586a6e3ce9827bf44756354f2
 F src/analyze.c 03bcfc083fc0cccaa9ded93604e1d4244ea245c17285d463ef6a60425fcb247d
 F src/attach.c 9af61b63b10ee702b1594ecd24fb8cea0839cfdb6addee52fba26fa879f5db9d
 F src/auth.c 54ab9c6c5803b47c0d45b76ce27eff22a03b4b1f767c5945a3a4eb13aa4c78dc
@@ -2180,8 +2180,8 @@ F tool/version-info.c 33d0390ef484b3b1cb685d59362be891ea162123cea181cb8e6d2cf6dd
 F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee87c1b31a7
 F tool/warnings.sh d924598cf2f55a4ecbc2aeb055c10bd5f48114793e7ba25f9585435da29e7e98
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
-P 9dd16f8e3b8e181ff138b4061c9dbc116cbc6f85ee867a97cd8af6e9e874c7d1
-R 19f071d72e95cabbab2f39a77dde2c1c
-U stephan
-Z 1378159a2aa74fa957ced5b9c6aaf0e0
+P 4384c9a108b58a0b8c38c51678aad871f088358b9bff3922299cc7ddb3d247ce
+R 7319a92f6ed0f94183ac2bcfe4bf386d
+U drh
+Z 43127c85d2631bbec7cc913abbee76ec
 # Remove this line to create a well-formed Fossil manifest.
diff --git a/manifest.uuid b/manifest.uuid
index 191325cb3f..c211e023f7 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-4384c9a108b58a0b8c38c51678aad871f088358b9bff3922299cc7ddb3d247ce
+2dc73eb2d215178c448b182ebb227bc4753ad7baf46c8bd58f20a2b22e998726
diff --git a/src/alter.c b/src/alter.c
index c5a64211f8..21b90abdb5 100644
--- a/src/alter.c
+++ b/src/alter.c
@@ -2449,6 +2449,7 @@ static int getConstraint(const u8 *z){
 */
 static int quotedCompare(
   sqlite3_context *ctx,  /* Function context on which to report errors */
+  int t,                 /* Token type */
   const u8 *zQuote,      /* Possibly quoted text.  Not zero-terminated. */
   int nQuote,            /* Length of zQuote in bytes */
   const u8 *zCmp,        /* Zero-terminated, unquoted name to compare against */
@@ -2456,6 +2457,10 @@ static int quotedCompare(
 ){
   char *zCopy = 0;       /* De-quoted, zero-terminated copy of zQuote[] */
 
+  if( t==TK_ILLEGAL ){
+    *pRes = 1;
+    return SQLITE_OK;
+  }
   zCopy = sqlite3MallocZero(nQuote+1);
   if( zCopy==0 ){
     sqlite3_result_error_nomem(ctx);
@@ -2554,7 +2559,7 @@ static void dropConstraintFunc(
         ** the constraint being dropped.  */
         nTok = getConstraintToken(&zSql[iOff], &t);
         if( zCons ){
-          if( quotedCompare(ctx, &zSql[iOff], nTok, zCons, &cmp) ) return;
+          if( quotedCompare(ctx, t, &zSql[iOff], nTok, zCons, &cmp) ) return;
         }
         iOff += nTok;
 
@@ -2948,7 +2953,7 @@ static void findConstraintFunc(
       int cmp = 0;
       iOff += getWhitespace(&zSql[iOff]);
       nTok = getConstraintToken(&zSql[iOff], &t);
-      if( quotedCompare(ctx, &zSql[iOff], nTok, zCons, &cmp) ) return;
+      if( quotedCompare(ctx, t, &zSql[iOff], nTok, zCons, &cmp) ) return;
       if( cmp==0 ){
         sqlite3_result_int(ctx, 1);
         return;
-- 
2.47.3