The grammar-based fuzzer ATNwalk found an assertion violation.

Please find below further details and how to reproduce it.

Best regards,

Maik Betka

######## Version ########

$ fossil info
project-name: SQLite
repository:   /home/rocky/sqlite3/sqlite.fossil
local-root:   /home/rocky/sqlite3/
config-db:    /home/rocky/.config/fossil.db
project-code: 2ab58778c2967968b94284e989e43dc11791f548
checkout:     cec49c7d93362f527f0b4744cd1ae95d44a79671 2023-05-23 11:47:56 UTC
parent:       81ffcf41d69ae73ee8c037f675e18e2b46a15bee 2023-05-22 20:36:55 UTC
tags:         trunk
comment:      Add test cases for the recovery extension. No changes to code.
              (user: dan)
check-ins:    28995

$ clang --version
clang version 14.0.6 (Red Hat 14.0.6-4.el9_1)
Target: x86_64-redhat-linux-gnu
Thread model: posix
InstalledDir: /usr/bin


######## Build ########

export ASAN_OPTIONS=detect_leaks=0
export CC="/usr/bin/clang"
export CFLAGS="-fsanitize=address \
    -DSQLITE_DEBUG=1 \
    -DSQLITE_ENABLE_UPDATE_DELETE_LIMIT=1 \
    -DSQLITE_ENABLE_RTREE=1 \
    -DSQLITE_MAX_LENGTH=134217728 \
    -DSQLITE_MAX_SQL_LENGTH=134217728 \
    -DSQLITE_MAX_MEMORY=266338304 \
    -DSQLITE_PRINTF_PRECISION_LIMIT=1048576 \
    -DSQLITE_MAX_PAGE_COUNT=32768" 

./configure
make sqlite3.c
${CC} ${CFLAGS} -I. shell.c sqlite3.c -o sqlite3


######## poc.sql ########

CREATE  TABLE  IF  NOT  EXISTS temp.dbstat(type UNIQUE  ON  CONFLICT  IGNORE );
EXPLAIN  UPDATE dbstat AS sqlite_schema SET (type, type)=( VALUES (type-> TRUE )), (type, type)=( VALUES (payload->cume_dist() OVER ( GROUPS  UNBOUNDED  PRECEDING ))) FROM ( VALUES ( TRUE )) LEFT  OUTER  JOIN ( SELECT *,  TRUE  AS payload FROM ( VALUES ( NULL )))dbstat LIMIT  CURRENT_TIME ;


######## Execute ########

cat poc.sql | ./sqlite3


######## Output ########

sqlite3: sqlite3.c:147369: int sqlite3Select(Parse *, Select *, SelectDest *): Assertion `pExpr->iAgg==i' failed.
Aborted (core dumped)