Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Remove two incorrect assert() statements from the logic used to derive column names and types from subqueries. |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
712e47714863a8ed7ff73324d9fec569 |
User & Date: | drh 2019-08-10 14:16:17 |
References
2020-04-03
| ||
11:45 | • New ticket [af4556bb5c] Segfault while trying to prepare a malformed window-function query. (artifact: f36b87cd50 user: drh) | |
Context
2021-07-13
| ||
15:30 | Remove two incorrect assert() statements from the logic used to derive column names and types from subqueries. This allows the SQL associated with CVE-2020-13871 (ticket [c8d3b9f0a750a529]) to be tested. (Closed-Leaf check-in: d2e6722037 user: dan tags: branch-3.28a) | |
2019-08-10
| ||
14:35 | Add extra test cases related to the previous commit. (check-in: 3c690b2b05 user: dan tags: trunk) | |
14:16 | Remove two incorrect assert() statements from the logic used to derive column names and types from subqueries. (check-in: 712e477148 user: drh tags: trunk) | |
2019-08-09
| ||
20:26 | Allow the RHS of a row-value IN operator to use a compound query with an ORDER BY clause. (check-in: eaf15d9bae user: drh tags: trunk) | |
Changes
Changes to src/select.c.
︙ | ︙ | |||
1640 1641 1642 1643 1644 1645 1646 | char const *zOrigDb = 0; char const *zOrigTab = 0; char const *zOrigCol = 0; #endif assert( pExpr!=0 ); assert( pNC->pSrcList!=0 ); | < < | 1640 1641 1642 1643 1644 1645 1646 1647 1648 1649 1650 1651 1652 1653 | char const *zOrigDb = 0; char const *zOrigTab = 0; char const *zOrigCol = 0; #endif assert( pExpr!=0 ); assert( pNC->pSrcList!=0 ); switch( pExpr->op ){ case TK_COLUMN: { /* The expression is a column. Locate the table the column is being ** extracted from in NameContext.pSrcList. This table may be real ** database table or a subquery. */ Table *pTab = 0; /* Table structure column is extracted from */ |
︙ | ︙ | |||
1963 1964 1965 1966 1967 1968 1969 | /* If the column contains an "AS <name>" phrase, use <name> as the name */ }else{ Expr *pColExpr = sqlite3ExprSkipCollate(pEList->a[i].pExpr); while( pColExpr->op==TK_DOT ){ pColExpr = pColExpr->pRight; assert( pColExpr!=0 ); } | < | 1961 1962 1963 1964 1965 1966 1967 1968 1969 1970 1971 1972 1973 1974 | /* If the column contains an "AS <name>" phrase, use <name> as the name */ }else{ Expr *pColExpr = sqlite3ExprSkipCollate(pEList->a[i].pExpr); while( pColExpr->op==TK_DOT ){ pColExpr = pColExpr->pRight; assert( pColExpr!=0 ); } if( pColExpr->op==TK_COLUMN ){ /* For columns use the column name name */ int iCol = pColExpr->iColumn; Table *pTab = pColExpr->y.pTab; assert( pTab!=0 ); if( iCol<0 ) iCol = pTab->iPKey; zName = iCol>=0 ? pTab->aCol[iCol].zName : "rowid"; |
︙ | ︙ |
Changes to test/colname.test.
︙ | ︙ | |||
395 396 397 398 399 400 401 402 403 404 405 406 407 408 | } {Bbb 123} ifcapable vtab { do_execsql_test colname-9.320 { CREATE TABLE t2 AS SELECT BBb FROM (SELECT aaa AS Bbb FROM t1); SELECT name FROM pragma_table_info('t2'); } {Bbb} } # Issue detected by OSSFuzz on 2017-12-24 (Christmas Eve) # caused by check-in https://sqlite.org/src/info/6b2ff26c25 # # Prior to being fixed, the following CREATE TABLE was dereferencing # a NULL pointer and segfaulting. # | > > > > > > | 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 | } {Bbb 123} ifcapable vtab { do_execsql_test colname-9.320 { CREATE TABLE t2 AS SELECT BBb FROM (SELECT aaa AS Bbb FROM t1); SELECT name FROM pragma_table_info('t2'); } {Bbb} } do_execsql_test colname-9.330 { -- added 2019-08-10 to invalidate DROP TABLE IF EXISTS t1; -- a couple assert()s that were CREATE TABLE t1(a); -- added by ticket 3b44500725 INSERT INTO t1 VALUES(17),(2),(99),(-3),(7); SELECT (SELECT avg(a) UNION SELECT min(a) OVER()) FROM t1; } {17} # Issue detected by OSSFuzz on 2017-12-24 (Christmas Eve) # caused by check-in https://sqlite.org/src/info/6b2ff26c25 # # Prior to being fixed, the following CREATE TABLE was dereferencing # a NULL pointer and segfaulting. # |
︙ | ︙ |