Skip to content

Commit 8654186

Browse files
author
drh
committed
When an error occurs while rewriting the parser tree for window functions
in the sqlite3WindowRewrite() routine, make sure that pParse->nErr is set, and make sure that this shuts down any subsequent code generation that might depend on the transformations that were implemented. This fixes a problem discovered by the Yongheng and Rui fuzzer. FossilOrigin-Name: e2bddcd4c55ba3cbe0130332679ff4b048630d0ced9a8899982edb5a3569ba7f
1 parent 34ab941 commit 8654186

File tree

5 files changed

+17
-11
lines changed

5 files changed

+17
-11
lines changed

Diff for: manifest

+8-8
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
1-
C Detect\sthe\sinvalid\suse\sof\sNULLS\sLAST\son\san\sINTEGER\sPRIMARY\sKEY\sdefinition\nof\sa\sWITHOUT\sROWID\stable.
2-
D 2019-12-19T17:42:27.314
1+
C When\san\serror\soccurs\swhile\srewriting\sthe\sparser\stree\sfor\swindow\sfunctions\nin\sthe\ssqlite3WindowRewrite()\sroutine,\smake\ssure\sthat\spParse->nErr\sis\sset,\nand\smake\ssure\sthat\sthis\sshuts\sdown\sany\ssubsequent\scode\sgeneration\sthat\smight\ndepend\son\sthe\stransformations\sthat\swere\simplemented.\s\sThis\sfixes\sa\sproblem\ndiscovered\sby\sthe\sYongheng\sand\sRui\sfuzzer.
2+
D 2019-12-19T20:37:32.070
33
F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
44
F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
55
F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -479,7 +479,7 @@ F src/date.c e1d8ac7102f3f283e63e13867acb0efa33861cf34f0faf4cdbaf9fa7a1eb7041
479479
F src/dbpage.c 135eb3b5e74f9ef74bde5cec2571192c90c86984fa534c88bf4a055076fa19b7
480480
F src/dbstat.c 6c407e549406c10fde9ac3987f6d734459205239ad370369bc5fcd683084a4fa
481481
F src/delete.c a5c59b9c0251cf7682bc52af0d64f09b1aefc6781a63592c8f1136f7b73c66e4
482-
F src/expr.c 8f873d6a411483a0ba14367aebf63c1f9f4346ef755739ec11feb14fa662002d
482+
F src/expr.c 5099de2d6cca77f7c3b5131e0035787fc64ca3d27c267020e7e8bec0e226336c
483483
F src/fault.c 460f3e55994363812d9d60844b2a6de88826e007
484484
F src/fkey.c 92a248ec0fa4ed8ab60c98d9b188ce173aaf218f32e7737ba77deb2a684f9847
485485
F src/func.c ed33e38cd642058182a31a3f518f2e34f4bbe53aa483335705c153c4d3e50b12
@@ -603,7 +603,7 @@ F src/vdbe.c ab3f6e647235fe4fa16b71496468313a1da435eb3a2125c3ffdbb0be0d1cbcba
603603
F src/vdbe.h fdbc0a11e5768a702b46ce63286f60e22e71351a29bd98b3666405e1fccc7802
604604
F src/vdbeInt.h bd589b8b7273286858950717e0e1ec5c88b18af45079a3366dc1371865cea704
605605
F src/vdbeapi.c 1252d80c548711e47a6d84dae88ed4e95d3fbb4e7bd0eaa1347299af7efddf02
606-
F src/vdbeaux.c ede199fe272656338741dd831da86362a3b60e42fb12ef5389ea1325823e9686
606+
F src/vdbeaux.c 858bb43a9d98846cc23fa8c8d0970ada805dd75bc6a01b69e972da608f7f59b1
607607
F src/vdbeblob.c 253ed82894924c362a7fa3079551d3554cd1cdace39aa833da77d3bc67e7c1b1
608608
F src/vdbemem.c 2eb00a4d1a7d2c97510a4d1ccaf4e12c9143f2ced1c6b96b5eddc372183c9121
609609
F src/vdbesort.c a3be032cc3fee0e3af31773af4a7a6f931b7230a34f53282ccf1d9a2a72343be
@@ -617,7 +617,7 @@ F src/where.c c51ebd505c8417285ca1db8f94933a12224bf636ad93f27d821c07f93d59c035
617617
F src/whereInt.h 4a296fd4fa79fdcbc2b5e8c1b898901617655811223e1082b899c23ecb092217
618618
F src/wherecode.c 7efa97f4dc2f95548611deba68f0210ab357725899a9bae5391a525e48271875
619619
F src/whereexpr.c 39b6a538804c6e1248c22b33e09d00f89ae6a099c849c4d841ce3995562287b4
620-
F src/window.c 913a10696f5197adae32738a7c7cabc03e1f1553240d6c9ce868ee57f5cee88e
620+
F src/window.c da010455914c81037dcb5b0c6f4273f8a32c94567865c46a60060b937b018a96
621621
F test/8_3_names.test ebbb5cd36741350040fd28b432ceadf495be25b2
622622
F test/affinity2.test ce1aafc86e110685b324e9a763eab4f2a73f737842ec3b687bd965867de90627
623623
F test/affinity3.test 6a101af2fc945ce2912f6fe54dd646018551710d
@@ -1852,7 +1852,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
18521852
F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
18531853
F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
18541854
F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
1855-
P a80f84b511231204658304226de3e075a55afc2e3f39ac063716f7a57f585c06
1856-
R 7a95b86f1a40201b7706c8c6219ee188
1855+
P 4417c5bf0aabb34ed174f01afd981c924ae965a42128719d8d6735536631d12f
1856+
R f9500979ead80e4e63134871bf8fc127
18571857
U drh
1858-
Z a9ed89712b19f96611f174486447a3a5
1858+
Z b61065dbf7c71aac52e79a354be5735d

Diff for: manifest.uuid

+1-1
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
4417c5bf0aabb34ed174f01afd981c924ae965a42128719d8d6735536631d12f
1+
e2bddcd4c55ba3cbe0130332679ff4b048630d0ced9a8899982edb5a3569ba7f

Diff for: src/expr.c

+1
Original file line numberDiff line numberDiff line change
@@ -376,6 +376,7 @@ static int codeCompare(
376376
int addr;
377377
CollSeq *p4;
378378

379+
if( pParse->nErr ) return 0;
379380
if( isCommuted ){
380381
p4 = sqlite3BinaryCompareCollSeq(pParse, pRight, pLeft);
381382
}else{

Diff for: src/vdbeaux.c

+2-1
Original file line numberDiff line numberDiff line change
@@ -1303,7 +1303,8 @@ void sqlite3VdbeSetP4KeyInfo(Parse *pParse, Index *pIdx){
13031303
*/
13041304
static void vdbeVComment(Vdbe *p, const char *zFormat, va_list ap){
13051305
assert( p->nOp>0 || p->aOp==0 );
1306-
assert( p->aOp==0 || p->aOp[p->nOp-1].zComment==0 || p->db->mallocFailed );
1306+
assert( p->aOp==0 || p->aOp[p->nOp-1].zComment==0 || p->db->mallocFailed
1307+
|| p->pParse->nErr>0 );
13071308
if( p->nOp ){
13081309
assert( p->aOp );
13091310
sqlite3DbFree(p->db, p->aOp[p->nOp-1].zComment);

Diff for: src/window.c

+5-1
Original file line numberDiff line numberDiff line change
@@ -934,7 +934,7 @@ int sqlite3WindowRewrite(Parse *pParse, Select *p){
934934

935935
pTab = sqlite3DbMallocZero(db, sizeof(Table));
936936
if( pTab==0 ){
937-
return SQLITE_NOMEM;
937+
return sqlite3ErrorToParser(db, SQLITE_NOMEM);
938938
}
939939

940940
p->pSrc = 0;
@@ -1039,6 +1039,10 @@ int sqlite3WindowRewrite(Parse *pParse, Select *p){
10391039
sqlite3DbFree(db, pTab);
10401040
}
10411041

1042+
if( rc && pParse->nErr==0 ){
1043+
assert( pParse->db->mallocFailed );
1044+
return sqlite3ErrorToParser(pParse->db, SQLITE_NOMEM);
1045+
}
10421046
return rc;
10431047
}
10441048

0 commit comments

Comments
 (0)