The complex CTE below generates a segmentation fault depending on the order of the joined tables in its body.
The problem was spotted on 3.35.2 and 3.35.1. It does not affect 3.34.1.
I used the SQLite amalgamation compiled with:
```
gcc shell.c sqlite3.c -lpthread -ldl -lm -g
```
On 3.35.2, here is the GDB session log with the backtrace:
```
(gdb) r < bug-cte-materialize.sql
Starting program: /home/mm/sqlite-test/sqlite-amalgamation-3350200/a.out < bug-cte-materialize.sql
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x000000000044eeff in sqlite3BtreeCursor (p=0x0, iTable=1, wrFlag=4,
pKeyInfo=0x0, pCur=0x767a28) at sqlite3.c:69440
69440 if( p->sharable ){
(gdb) bt
#0 0x000000000044eeff in sqlite3BtreeCursor (p=0x0, iTable=1, wrFlag=4,
pKeyInfo=0x0, pCur=0x767a28) at sqlite3.c:69440
#1 0x000000000046c3d2 in sqlite3VdbeExec (p=0x742778) at sqlite3.c:89843
#2 0x0000000000464b5b in sqlite3Step (p=0x742778) at sqlite3.c:84321
#3 0x0000000000464dad in sqlite3_step (pStmt=0x742778) at sqlite3.c:84378
#4 0x0000000000416ec3 in exec_prepared_stmt (pArg=0x7fffffffcb40,
pStmt=0x742778) at shell.c:13374
#5 0x0000000000417b73 in shell_exec (pArg=0x7fffffffcb40,
zSql=0x7264c0 "WITH\n\tcst(rsx, rsy) AS (\n\t\tSELECT 100, 100\n\t),\n\n\tcst2(minx, maxx, stepx, miny, maxy, stepy, qualitativex, qualitativey) AS (\t\t\n\t\tSELECT NULL, NULL, NULL, NULL, NULL, NULL, 0, 0\n\t),\n\n\tds0(m, n, x, y, "..., pzErrMsg=0x7fffffffc9c8) at shell.c:13683
#6 0x000000000042647e in runOneSqlLine (p=0x7fffffffcb40,
zSql=0x7264c0 "WITH\n\tcst(rsx, rsy) AS (\n\t\tSELECT 100, 100\n\t),\n\n\tcst2(minx, maxx, stepx, miny, maxy, stepy, qualitativex, qualitativey) AS (\t\t\n\t\tSELECT NULL, NULL, NULL, NULL, NULL, NULL, 0, 0\n\t),\n\n\tds0(m, n, x, y, "..., in=0x7ffff76ac640 <_IO_2_1_stdin_>, startline=1) at shell.c:20613
#7 0x0000000000426a5f in process_input (p=0x7fffffffcb40) at shell.c:20727
#8 0x0000000000428560 in main (argc=1, argv=0x7fffffffde38) at shell.c:21522
```
Obviously, the problem is caused by sqlite3BtreeCursor() being called with a NULL pointer as its first parameter.
The CTE query below is already a simplified version of an original (and larger one) that started misbehaving after upgrading to 3.35.
This bug and a previous one (reported a few minutes ago) were discovered when trying to debug issues with the original query.
```
WITH
cst(rsx, rsy) AS (
SELECT 100, 100
),
cst2(minx, maxx, stepx, miny, maxy, stepy, qualitativex, qualitativey) AS (
SELECT NULL, NULL, NULL, NULL, NULL, NULL, 0, 0
),
ds0(m, n, x, y, x2, y2, title, size, mark, label, markmode) AS (
SELECT 1, 2, 3, 4, 5, 6, 7 , 8, 9, 10, 11
)
,
ds(m, n, x, y, x2, y2, title, size, mark, label, markmode) AS (
SELECT m, n, x,
y, x2,
y2,
title, size, mark, label, markmode
FROM ds0
WINDOW w AS (PARTITION BY m, x ORDER BY n)
),
d(m, n, x, y, x2, y2, labelx, labely, title, size, mark, label, markmode) AS (
SELECT m, n, x, y, x2, y2, x, y, title, size, mark, label, markmode
FROM ds, cst2
),
ylabels(y, label) AS (
SELECT y, MIN(labely) FROM d GROUP BY y
),
yaxis(maxy, miny, stepy , minstepy) AS (
WITH
xt0(minx, maxx) AS (
SELECT coalesce(miny, min(min(y2), min(y))), coalesce(maxy, max(max(y2), max(y))) + qualitativey FROM d, cst2
),
xt1(mx, mn) AS (SELECT maxx, minx FROM xt0),
xt2(mx, mn, step) AS (SELECT mx, mn, (mx-mn) FROM xt1),
xt3(mx, mn, ms) AS (
SELECT mx, mn, first_value(rs) OVER (order by x desc) AS ms FROM (SELECT mx, mn, step, f,(mx-mn) as rng, 1.0*step/f as rs, 1.0*(mx-mn)/(step/f) AS x FROM xt2, (SELECT 1 AS f UNION ALL SELECT 2 UNION ALL SELECT 4 UNION ALL SELECT 5)) AS src WHERE x < 10 limit 1),
xt4(minstepy) AS (
SELECT MIN(abs(y2-y)) FROM d WHERE y2 != y
)
SELECT (mx/ms)*ms, (mn/ms)*ms, coalesce(stepy, ms), coalesce(minstepy, ms, stepy) FROM xt3, cst2,xt4
),
distinct_mark_n_m(mark, ze, zem, title) AS (
SELECT DISTINCT mark, n AS ze, m AS zem, title FROM ds0
),
facet0(m, mi, title, radial) AS (
SELECT md, row_number() OVER () - 1, title, 'radial' IN (SELECT mark FROM distinct_mark_n_m WHERE zem = md)
FROM (SELECT DISTINCT zem AS md, title AS title FROM distinct_mark_n_m ORDER BY 2, 1)
),
facet(m, mi, xorigin, yorigin, title, radial) AS (
SELECT m, mi,
rsx * 1.2 * IFNULL(CASE WHEN (
0
) > 0 THEN mi / (
0
) ELSE mi % (
2
) END, mi),
rsy * 1.2 * IFNULL(CASE WHEN (
2
) > 0 THEN mi / (
2
) ELSE mi / (
0
) END, 0),
title, radial FROM facet0, cst
),
radygrid(m, mi, tty, wty, ttx, ttx2, xorigin, yorigin) AS (
SELECT m, mi, rsy / 2 / ((maxy-miny)/stepy) * (value-1) AS tty, coalesce(NULL, miny + stepy * (value-1)) AS wty, xorigin, xorigin+rsx, xorigin + rsx / 2, yorigin + rsy / 2 FROM generate_series(1), yaxis, cst, facet LEFT JOIN ylabels ON ylabels.y = (miny + (value-1) * stepy) WHERE radial AND stop = 1+1.0*(maxy-miny)/stepy
),
ypos(m, mi, pcx, pcy, radial) AS (
SELECT m, mi, xorigin, yorigin + CASE
WHEN 0 BETWEEN miny AND maxy THEN
rsy - (0 - miny) * rsy / (maxy-miny)
WHEN 0 >= maxy THEN 0
ELSE rsy
END, radial FROM yaxis, cst, facet WHERE NOT radial
UNION ALL
SELECT m, mi, xorigin + rsx / 2, yorigin + (CASE
WHEN 0 BETWEEN miny AND maxy THEN
rsy - (0 - miny) * rsy / 2 / (maxy-miny)
WHEN 0 >= maxy THEN 0
ELSE rsy
END ) / 2, radial FROM yaxis, cst, facet WHERE radial
)
-- Segmentation fault
SELECT * FROM radygrid , ypos
-- Inverting the tables order generates no fault
-- SELECT * FROM ypos, radygrid
```