/ Check-in [90d6e4f1]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix an assertion fault on a syntax error input caused by check-in [6b2ff26c25bb9da3]. Problem discovered by OSSFuzz.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 90d6e4f10d3055a776d24854c442a2a68e726af8fc382cdb6241a834082e4c4c
User & Date: drh 2017-12-25 13:43:54
Context
2017-12-26
14:30
Add options to speedtest1.c and speed-check.sh for testing performance of floating-point computatations. check-in: ebfea872 user: dan tags: trunk
14:11
Fix crashes that could occur if SQL NULL values were passed to the built-in FTS5 snippet function. Edit: breaks amalgamation builds. check-in: 553a3ad3 user: dan tags: mistake
2017-12-25
13:43
Fix an assertion fault on a syntax error input caused by check-in [6b2ff26c25bb9da3]. Problem discovered by OSSFuzz. check-in: 90d6e4f1 user: drh tags: trunk
2017-12-24
18:56
Fix a NULL pointer dereference after a syntax error that can occur as a result of check-in [6b2ff26c25bb9da3] yesterday. This problem was discovered by the OSSFuzz. check-in: d49afb8f user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/build.c.

  1972   1972         p->nCol = pSelTab->nCol;
  1973   1973         p->aCol = pSelTab->aCol;
  1974   1974         pSelTab->nCol = 0;
  1975   1975         pSelTab->aCol = 0;
  1976   1976         sqlite3DeleteTable(db, pSelTab);
  1977   1977         sqlite3SelectDestInit(&dest, SRT_Coroutine, regYield);
  1978   1978         sqlite3Select(pParse, pSelect, &dest);
         1979  +      if( pParse->nErr ) return;
  1979   1980         sqlite3VdbeEndCoroutine(v, regYield);
  1980   1981         sqlite3VdbeJumpHere(v, addrTop - 1);
  1981   1982         addrInsLoop = sqlite3VdbeAddOp1(v, OP_Yield, dest.iSDParm);
  1982   1983         VdbeCoverage(v);
  1983   1984         sqlite3VdbeAddOp3(v, OP_MakeRecord, dest.iSdst, dest.nSdst, regRec);
  1984   1985         sqlite3TableAffinity(v, p, 0);
  1985   1986         sqlite3VdbeAddOp2(v, OP_NewRowid, 1, regRowid);

Changes to test/colname.test.

   394    394     execsql2 {SELECT BBb FROM (SELECT aaa AS Bbb FROM t1)}
   395    395   } {Bbb 123}
   396    396   do_execsql_test colname-9.320 {
   397    397     CREATE TABLE t2 AS SELECT BBb FROM (SELECT aaa AS Bbb FROM t1);
   398    398     SELECT name FROM pragma_table_info('t2');
   399    399   } {Bbb}
   400    400   
   401         -# Issue detected by clusterfuzz on 2017-12-24 (Christmas Eve)
          401  +# Issue detected by OSSFuzz on 2017-12-24 (Christmas Eve)
   402    402   # caused by check-in https://sqlite.org/src/info/6b2ff26c25
   403    403   #
   404    404   # Prior to being fixed, the following CREATE TABLE was dereferencing
   405    405   # a NULL pointer and segfaulting.
   406    406   #
   407    407   do_catchsql_test colname-9.400 {
   408    408     CREATE TABLE t4 AS SELECT #0;
   409    409   } {1 {near "#0": syntax error}}
   410    410   
          411  +# Issue detected by OSSFuzz on 2017-12-25 (Christmas Day)
          412  +# also caused by check-in https://sqlite.org/src/info/6b2ff26c25
          413  +#
          414  +# Prior to being fixed, the following CREATE TABLE caused an
          415  +# assertion fault.
          416  +#
          417  +do_catchsql_test colname-9.410 {
          418  +  CREATE TABLE t5 AS SELECT RAISE(abort,a);
          419  +} {1 {RAISE() may only be used within a trigger-program}}
   411    420   
   412    421   # Make sure the quotation marks get removed from the column names
   413    422   # when constructing a new table from an aggregate SELECT.
   414    423   # Email from Juergen Palm on 2017-07-11.
   415    424   #
   416    425   do_execsql_test colname-10.100 {
   417    426     DROP TABLE IF EXISTS t1;