Skip to content

Commit 75e95e1

Browse files
author
drh
committed
When processing constant integer values in ORDER BY clauses of window
definitions (see check-in [7e4809eadfe99ebf]) be sure to fully disable the constant value to avoid an invalid pointer dereference if the expression is ever duplicated. This fixes a crash report from Yongheng and Rui. FossilOrigin-Name: 1ca0bd982ab1183bbafce0d260e4dceda5eb766ed2e7793374a88d1ae0bdd2ca
1 parent 646975c commit 75e95e1

File tree

3 files changed

+9
-7
lines changed

3 files changed

+9
-7
lines changed

Diff for: manifest

+6-6
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
1-
C Clean\sup\sthe\sExprList\sthat\sholds\sthe\snames\sof\scolumns\sin\sa\sCTE\sbefore\schecking\nfor\sunused\sreferences\sin\sthe\sALTER\sTABLE\simplementation.
2-
D 2019-12-17T12:03:30.587
1+
C When\sprocessing\sconstant\sinteger\svalues\sin\sORDER\sBY\sclauses\sof\swindow\ndefinitions\s(see\scheck-in\s[7e4809eadfe99ebf])\sbe\ssure\sto\sfully\sdisable\nthe\sconstant\svalue\sto\savoid\san\sinvalid\spointer\sdereference\sif\sthe\sexpression\nis\sever\sduplicated.\sThis\sfixes\sa\scrash\sreport\sfrom\sYongheng\sand\sRui.
2+
D 2019-12-18T00:05:50.510
33
F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
44
F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
55
F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -617,7 +617,7 @@ F src/where.c c51ebd505c8417285ca1db8f94933a12224bf636ad93f27d821c07f93d59c035
617617
F src/whereInt.h 4a296fd4fa79fdcbc2b5e8c1b898901617655811223e1082b899c23ecb092217
618618
F src/wherecode.c 7efa97f4dc2f95548611deba68f0210ab357725899a9bae5391a525e48271875
619619
F src/whereexpr.c 39b6a538804c6e1248c22b33e09d00f89ae6a099c849c4d841ce3995562287b4
620-
F src/window.c a77f12078dd4b10e655d4ba5a73ca32dbe00e0206018305185c7e86445d3f429
620+
F src/window.c 913a10696f5197adae32738a7c7cabc03e1f1553240d6c9ce868ee57f5cee88e
621621
F test/8_3_names.test ebbb5cd36741350040fd28b432ceadf495be25b2
622622
F test/affinity2.test ce1aafc86e110685b324e9a763eab4f2a73f737842ec3b687bd965867de90627
623623
F test/affinity3.test 6a101af2fc945ce2912f6fe54dd646018551710d
@@ -1852,7 +1852,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
18521852
F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
18531853
F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
18541854
F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
1855-
P 0271491438ad2a985aeff355173a8d0f1e5813954c82147bc68cb26cca5804c8
1856-
R c68dc3ba4d5d231b86e4d84e0586fee0
1855+
P 8223e79f987feda5c8e51ec52cec6798cca16d070b10558939e2888ca1a25b8e
1856+
R b2173cceb9c7cb44c37df84c9f42b08c
18571857
U drh
1858-
Z 71205fed544fdcd4f0e940dde5d4548f
1858+
Z 156cc4a0e438e4b57215f0738876dab1

Diff for: manifest.uuid

+1-1
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
8223e79f987feda5c8e51ec52cec6798cca16d070b10558939e2888ca1a25b8e
1+
1ca0bd982ab1183bbafce0d260e4dceda5eb766ed2e7793374a88d1ae0bdd2ca

Diff for: src/window.c

+2
Original file line numberDiff line numberDiff line change
@@ -895,9 +895,11 @@ static ExprList *exprListAppendList(
895895
int nInit = pList ? pList->nExpr : 0;
896896
for(i=0; i<pAppend->nExpr; i++){
897897
Expr *pDup = sqlite3ExprDup(pParse->db, pAppend->a[i].pExpr, 0);
898+
assert( pDup==0 || !ExprHasProperty(pDup, EP_MemToken) );
898899
if( bIntToNull && pDup && pDup->op==TK_INTEGER ){
899900
pDup->op = TK_NULL;
900901
pDup->flags &= ~(EP_IntValue|EP_IsTrue|EP_IsFalse);
902+
pDup->u.zToken = 0;
901903
}
902904
pList = sqlite3ExprListAppend(pParse, pList, pDup);
903905
if( pList ) pList->a[nInit+i].sortFlags = pAppend->a[i].sortFlags;

0 commit comments

Comments
 (0)