| Ticket Hash: | b899b6042f97f52d36f9cbd0b719b245310fcc4c | |||
| Title: | Segfault on correlated subquery on the RHS of an IN operator in the WHERE clause | |||
| Status: | Fixed | Type: | Code_Defect | |
| Severity: | Severe | Priority: | Immediate | |
| Subsystem: | Unknown | Resolution: | Fixed | |
| Last Modified: | 2017-09-11 23:47:15 | |||
| Version Found In: | 3.20.1 | |||
| User Comments: | ||||
|
drh added on 2017-09-03 23:27:25:
The following SQL results in a segfault: CREATE TABLE t1(x); SELECT * FROM t1 WHERE 1 IN (SELECT value FROM json_each(x)); Bisecting shows that this problem was introduced by check-in [712267c9c0] on 2017-06-23 and was first released with SQLite 3.20.0. Preliminary analysis suggests that the problem has nothing to do with the JSON1 extension, but is instead a code-generator fault of some kinds that causes an OP_Column opcode to be run on a cursor for the "t1" table before that cursor has been opened. This problem was reported on the public mailing list by Martin Thierer. | ||||