SQLite: View Ticket

Ticket Hash:	c36cdb4afd504dc1891e0e3aa61c543d23e28683
Title:	Segfault due to SQL inputs
Status:	Fixed	Type:	Code_Defect
Severity:	Critical	Priority:	High
Subsystem:	Code_Generator	Resolution:	Fixed
Last Modified:	2023-03-16 21:01:12 2.14 years ago	Created:	2023-03-16 20:28:41 2.14 years ago
Version Found In:	3.41.1

User Comments:

drh added on 2023-03-16 20:28:41:

This is test7.sql from forum post d24ec63447:

EXPLAIN  CREATE  TABLE t2 AS  SELECT  DISTINCT ':memory:', 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7 ORDER  BY '%J%j%w%s', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', '%J%j%w%s', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 'unixepoch', 42e-300, 'unixepoch', 'unixepoch', 'unixepoch' LIMIT 0xda;

drh added on 2023-03-16 21:01:12:

The problem is a confusion between the sorting required for DISTINCT and ORDER BY. If the distinct sort is satisfied for all result set terms and if there are more result-set terms than order by terms, then the sorter might be initialized incorrectly, resulting in memory errors. The problem was introduced by check-in [13b584869f40ea6a] which was part of release 3.39.0. The problem therefore exists in 3.39.0 through 3.41.1.