/ Check-in [18bf6aca]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Remove an obsolete assert() in the IN operator code generation.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 18bf6aca2ac86478fd12d5020f3a41cfd2bd2dc3defe2298411f79ad308a6f73
User & Date: drh 2017-03-12 19:39:00
Context
2017-03-12
20:28
Fix a possible NULL pointer dereference in following an OOM error in sqlite3ExprIsInteger(). Problem found by OSS-Fuzz. check-in: 5ec655e8 user: drh tags: trunk
19:39
Remove an obsolete assert() in the IN operator code generation. check-in: 18bf6aca user: drh tags: trunk
2017-03-11
13:02
Make sure the translateColumnToCopy() routine in the query planner does not try to access an array that failed to be fully allocated due to a prior OOM. This fixes an issue discovered by OSSFuzz. check-in: 3299a261 user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/expr.c.

  2528   2528           /* If the LHS and RHS of the IN operator do not match, that
  2529   2529           ** error will have been caught long before we reach this point. */
  2530   2530           if( ALWAYS(pEList->nExpr==nVal) ){
  2531   2531             SelectDest dest;
  2532   2532             int i;
  2533   2533             sqlite3SelectDestInit(&dest, SRT_Set, pExpr->iTable);
  2534   2534             dest.zAffSdst = exprINAffinity(pParse, pExpr);
  2535         -          assert( (pExpr->iTable&0x0000FFFF)==pExpr->iTable );
  2536   2535             pSelect->iLimit = 0;
  2537   2536             testcase( pSelect->selFlags & SF_Distinct );
  2538   2537             testcase( pKeyInfo==0 ); /* Caused by OOM in sqlite3KeyInfoAlloc() */
  2539   2538             if( sqlite3Select(pParse, pSelect, &dest) ){
  2540   2539               sqlite3DbFree(pParse->db, dest.zAffSdst);
  2541   2540               sqlite3KeyInfoUnref(pKeyInfo);
  2542   2541               return 0;