From: drh <>
Date: Sun, 31 May 2026 19:41:16 +0000 (+0000)
Subject: Fix the carray virtual table so that it gives no solution if it cannot
X-Git-Url: http://git.ipfire.org/index.cgi?a=commitdiff_plain;h=ca8593ce68390e3ac3801230cf05a3c80ce60e32;p=thirdparty%2Fsqlite.git

Fix the carray virtual table so that it gives no solution if it cannot
find a usable first parameter.  dbsqlfuzz find.

FossilOrigin-Name: 3c0a277e6741c72281e12c44d85902aa6780890a7f59bacc3ac2b35ba27f7211
---

diff --git a/manifest b/manifest
index b55a2f23ef..9197575116 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Test\scase\sto\scover\sthe\sbug\sfix\sin\sthe\sprevious\scheck-in.
-D 2026-05-31T17:01:44.627
+C Fix\sthe\scarray\svirtual\stable\sso\sthat\sit\sgives\sno\ssolution\sif\sit\scannot\nfind\sa\susable\sfirst\sparameter.\s\sdbsqlfuzz\sfind.
+D 2026-05-31T19:41:16.173
 F .fossil-settings/binary-glob 61195414528fb3ea9693577e1980230d78a1f8b0a54c78cf1b9b24d0a409ed6a x
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
@@ -682,7 +682,7 @@ F src/btree.h e823c46d87f63d904d735a24b76146d19f51f04445ea561f71cc3382fd1307f0
 F src/btreeInt.h 9c0f9ea5c9b5f4dcaea18111d43efe95f2ac276cd86d770dce10fd99ccc93886
 F src/build.c 866e584cdf40fbc83f530af9fd4d0991582a6fdbd8a9911b7cdbbea5f26a4a9e
 F src/callback.c 3605bbf02bd7ed46c79cd48346db4a32fc51d67624400539c0532f4eead804ad
-F src/carray.c 3efe3982d5fb323334c29328a4e189ccaef6b95612a6084ad5fa124fd5db1179
+F src/carray.c 980bd544ec715b0f3b3143fa3cb1096440ed02ddf5c0b72c2b68d239a5734ccd
 F src/complete.c f216b970ce99c5a657556cf1f17e7ddd494515d3beb63df426bf59ff43bd3d9a
 F src/date.c 61e92f1f7e2e88e1cd91e91dc69eb2b2854e7877254470f9fabd776bfac922b8
 F src/dbpage.c c6a9de13b0a01f0bc94a41e16213ab1ecd15ccfe86df7255ced40fda9446257d
@@ -958,8 +958,8 @@ F test/capi3b.test efb2b9cfd127efa84433cd7a2d72ce0454ae0dc4
 F test/capi3c.test 31d3a6778f2d06f2d9222bd7660c41a516d1518a059b069e96ebbeadb5a490f7
 F test/capi3d.test 8b778794af891b0dca3d900bd345fbc8ebd2aa2aae425a9dccdd10d5233dfbde
 F test/capi3e.test 3d49c01ef2a1a55f41d73cba2b23b5059ec460fe
-F test/carray01.test 17c1cf8287862b15dda949dba626fd5fee5c58471dcc1cae0341471c2ae7da01
-F test/carray02.test 9d070b54f24a34d1f3b3c552ba34db0375a9d1c4219067416fb07d1595987c9d
+F test/carray01.test b21e62c974267bd17cf0e23674aaa55e694097ea3ca5ff9888a9e790cc89d3fa
+F test/carray02.test 68b23ee1724313ffa80e655cdb20b75dd4bee763fd7a9d5fefc0627f6efad2b2
 F test/carrayfault.test 108a7d83904fc267c448e27c13b2a857c700bd6ddaa2f1e2518be718b159cb6b
 F test/cast.test a2a3b32df86e3c0601ffa2e9f028a18796305d251801efea807092dbf374a040
 F test/cffault.test 9d6b20606afe712374952eec4f8fd74b1a8097ef
@@ -2207,8 +2207,8 @@ F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee
 F tool/warnings.sh a554d13f6e5cf3760f041b87939e3d616ec6961859c3245e8ef701d1eafc2ca2
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
 F tool/winmain.c 00c8fb88e365c9017db14c73d3c78af62194d9644feaf60e220ab0f411f3604c
-P c12ff342a90c61a0a82c8e63d2d94fecec10dff498da666873ff6aaa15c23dfd
-R da0aa2a9ae80d0a854cd68cce7d28710
+P 5b28d49b61d5edc9fef896e685bf227b7e1716c0cc666fd2ebe0d5ea0d11af06
+R 24fdaaae920a53e494b91686c58a4022
 U drh
-Z 88071b103745d00e1bd0018428f7117e
+Z 709ba817b7c4afdbcfe10f4861d69da4
 # Remove this line to create a well-formed Fossil manifest.
diff --git a/manifest.uuid b/manifest.uuid
index 0d79c39f0b..e0e6f51902 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-5b28d49b61d5edc9fef896e685bf227b7e1716c0cc666fd2ebe0d5ea0d11af06
+3c0a277e6741c72281e12c44d85902aa6780890a7f59bacc3ac2b35ba27f7211
diff --git a/src/carray.c b/src/carray.c
index ff0691a851..4b132d6364 100644
--- a/src/carray.c
+++ b/src/carray.c
@@ -258,36 +258,31 @@ static int carrayFilter(
   carray_cursor *pCur = (carray_cursor *)pVtabCursor;
   pCur->pPtr = 0;
   pCur->iCnt = 0;
-  switch( idxNum ){
-    case 1: {
-      carray_bind *pBind = sqlite3_value_pointer(argv[0], "carray-bind");
-      if( pBind==0 ) break;
+  if( idxNum==1 ){
+    carray_bind *pBind = sqlite3_value_pointer(argv[0], "carray-bind");
+    if( pBind ){
       pCur->pPtr = pBind->aData;
       pCur->iCnt = pBind->nData;
       pCur->eType = pBind->mFlags & 0x07;
-      break;
     }
-    case 2:
-    case 3: {
-      pCur->pPtr = sqlite3_value_pointer(argv[0], "carray");
-      pCur->iCnt = pCur->pPtr ? sqlite3_value_int64(argv[1]) : 0;
-      if( idxNum<3 ){
-        pCur->eType = CARRAY_INT32;
+  }else if( ALWAYS(idxNum==2 || idxNum==3) ){
+    pCur->pPtr = sqlite3_value_pointer(argv[0], "carray");
+    pCur->iCnt = pCur->pPtr ? sqlite3_value_int64(argv[1]) : 0;
+    if( idxNum<3 ){
+      pCur->eType = CARRAY_INT32;
+    }else{
+      unsigned char i;
+      const char *zType = (const char*)sqlite3_value_text(argv[2]);
+      for(i=0; i<sizeof(azCarrayType)/sizeof(azCarrayType[0]); i++){
+        if( sqlite3_stricmp(zType, azCarrayType[i])==0 ) break;
+      }
+      if( i>=sizeof(azCarrayType)/sizeof(azCarrayType[0]) ){
+        pVtabCursor->pVtab->zErrMsg = sqlite3_mprintf(
+          "unknown datatype: %Q", zType);
+        return SQLITE_ERROR;
       }else{
-        unsigned char i;
-        const char *zType = (const char*)sqlite3_value_text(argv[2]);
-        for(i=0; i<sizeof(azCarrayType)/sizeof(azCarrayType[0]); i++){
-          if( sqlite3_stricmp(zType, azCarrayType[i])==0 ) break;
-        }
-        if( i>=sizeof(azCarrayType)/sizeof(azCarrayType[0]) ){
-          pVtabCursor->pVtab->zErrMsg = sqlite3_mprintf(
-            "unknown datatype: %Q", zType);
-          return SQLITE_ERROR;
-        }else{
-          pCur->eType = i;
-        }
+        pCur->eType = i;
       }
-      break;
     }
   }
   pCur->iRowid = 1;
@@ -367,9 +362,7 @@ static int carrayBestIndex(
       return SQLITE_CONSTRAINT;
     }
   }else{
-    pIdxInfo->estimatedCost = (double)2147483647;
-    pIdxInfo->estimatedRows = 2147483647;
-    pIdxInfo->idxNum = 0;
+    return SQLITE_CONSTRAINT;
   }
   return SQLITE_OK;
 }
diff --git a/test/carray01.test b/test/carray01.test
index b17a481e1b..fa20413692 100644
--- a/test/carray01.test
+++ b/test/carray01.test
@@ -164,4 +164,16 @@ do_test 300 {
 sqlite3_finalize $STMT
 sqlite3_finalize $STMT2
 
+# 2026-05-31 dbsqlfuzz case 55c60cf7eb9e0f14c811b7c9227b8d2a0c32f022
+do_catchsql_test 400 {
+  DROP TABLE IF EXISTS t1;
+  CREATE TABLE t1(a INT PRIMARY KEY, b INT) WITHOUT ROWID;
+  WITH c(x) AS (
+    VALUES(1)
+    UNION
+    SELECT x+1 FROM (carray NATURAL FULL JOIN carray(t1.b)), t1, c
+  )
+  SELECT * FROM c;
+} {1 {no query solution}}
+
 finish_test
diff --git a/test/carray02.test b/test/carray02.test
index c75ca42719..63150ecb45 100644
--- a/test/carray02.test
+++ b/test/carray02.test
@@ -135,9 +135,9 @@ foreach {tn sql res} {
 # Test that not binding any pointer, or passing a value that is not a bound
 # pointer to carray() produces no rows of output.
 #
-do_execsql_test 3.0.0 {
+do_catchsql_test 3.0.0 {
   SELECT * FROM carray
-} {}
+} {1 {no query solution}}
 do_execsql_test 3.0.1 {
   SELECT * FROM carray('0xFFFF', 5)
 } {}