no check for a failled malloc
as subject says, it looks like you missed some malloc checks a few times.
pSubis dereferenced and unchecked. you may claim that allocation of
p->pSrcis checked before and therefore there's no chance that
pSubis not allocated but size of
struct SrcList(which is
sizeof(*p->pSrc)) is MUCH smaller than size of
struct Select(which is
sizeof(*pSub)) therefore one could succeed and one could not. to me it would be better if a condition on a line 1069 would check state of the flag
here you may see that
pE2is unchecked. yeah, here it is very unlikely that pE2 allocation would fail and pEq allocation would succeed because they have the same size but to me it looks like juggling with knives to some extent. to me it would also be better if in the condition on line 350 you would check for a flag
Thanks for the report.
The first bullet is not possible because of this line that forces p->pSrc to be NULL if pSub is NULL. Similarly the second bullet is not possible because the test of db->mallocFailed down inside of sqlite3DbMallocRawNN() causes pEq to be NULL if pE2 is NULL.
So, neither of these cases are actual problems. No action required.
Edit: See also check-in 83a83475c5064ea6.