SQLite
View Ticket
Not logged in
Ticket UUID: aa98619ad08ddcab739cefbdd44603cbf8ffa0d4
Title: Assertion fault on an IN operator using a constant index
Status: Fixed Type: Code_Defect
Severity: Severe Priority: Immediate
Subsystem: Unknown Resolution: Fixed
Last Modified: 2017-11-06 12:04:01
Version Found In: 3.19.0
User Comments:
drh added on 2017-08-14 12:52:08: (text/x-fossil-wiki)
The following SQLite causes an assertion fault:

<blockquote><verbatim>
CREATE TABLE t1(x TEXT);
CREATE INDEX t1x1 ON t1(1);
SELECT 1 IN (SELECT 2) FROM t1;
</verbatim></blockquote>

Notice the goofy index - an index on a constant expression.  An index on
a constant expression appears to be required to expression this problem.

Bisecting shows that this problem was introduced by check-in [a47efb7c8520a011]
(2017-04-11) and first appeared in the 3.19.0 release (2017-05-22).

This problem was discovered by OSSFuzz.

dan added on 2017-11-06 12:01:27: (text/x-fossil-wiki)
Another reproduction:

<verbatim>
  CREATE TABLE t1 ( x );
  CREATE INDEX i1 ON t1 ( upper(x) );
  SELECT 1 FROM t1 dfs WHERE upper(x)=1 AND upper(x) IN ('a', 'b', 'c');
</verbatim>

dan added on 2017-11-06 12:04:01: (text/x-fossil-wiki)
Fixed here: [d0da791ba0edfb65]