|14:13||New test cases for ticket [b899b6042f97f5] derived from a bug report on the mailing list from Wout Mertens. (check-in: ef94ea06 user: drh tags: trunk)|
|23:47||• Fixed ticket [b899b604]: Segfault on correlated subquery on the RHS of an IN operator in the WHERE clause plus 5 other changes (artifact: b9905e14 user: drh)|
|23:46||New test case for ticket [b899b6042f97f52d]. (check-in: 9d91ee5e user: drh tags: trunk)|
|00:33||Proposed fix for ticket [b899b6042f97f5] (check-in: c7f9f47b user: drh tags: trunk)|
|23:27||• New ticket [b899b604] Segfault on correlated subquery on the RHS of an IN operator in the WHERE clause. (artifact: 95580e0c user: drh)|
|Title:||Segfault on correlated subquery on the RHS of an IN operator in the WHERE clause|
|Last Modified:||2017-09-11 23:47:15|
|Version Found In:||3.20.1|
drh added on 2017-09-03 23:27:25:
The following SQL results in a segfault:
CREATE TABLE t1(x); SELECT * FROM t1 WHERE 1 IN (SELECT value FROM json_each(x));
Bisecting shows that this problem was introduced by check-in [712267c9c0] on 2017-06-23 and was first released with SQLite 3.20.0. Preliminary analysis suggests that the problem has nothing to do with the JSON1 extension, but is instead a code-generator fault of some kinds that causes an OP_Column opcode to be run on a cursor for the "t1" table before that cursor has been opened.
This problem was reported on the public mailing list by Martin Thierer.