Index: src/alter.c
==================================================================
--- src/alter.c
+++ src/alter.c
@@ -10,11 +10,11 @@
 **
 *************************************************************************
 ** This file contains C code routines that used to generate VDBE code
 ** that implements the ALTER TABLE command.
 **
-** $Id: alter.c,v 1.22 2006/09/08 12:27:37 drh Exp $
+** $Id: alter.c,v 1.23 2007/05/08 12:37:46 danielk1977 Exp $
 */
 #include "sqliteInt.h"
 #include <ctype.h>
 
 /*
@@ -55,10 +55,15 @@
   ** statement is that the table name is the first token that is immediatedly
   ** followed by a left parenthesis - TK_LP.
   */
   if( zSql ){
     do {
+      if( !*zCsr ){
+        /* Ran out of input before finding an opening bracket. Return NULL. */
+        return;
+      }
+
       /* Store the token that zCsr points to in tname. */
       tname.z = zCsr;
       tname.n = len;
 
       /* Advance zCsr to the next token. Store that token type in 'token',
@@ -105,10 +110,16 @@
   ** preceded by either TK_ON or TK_DOT and immediatedly followed by one
   ** of TK_WHEN, TK_BEGIN or TK_FOR.
   */
   if( zSql ){
     do {
+
+      if( !*zCsr ){
+        /* Ran out of input before finding the table name. Return NULL. */
+        return;
+      }
+
       /* Store the token that zCsr points to in tname. */
       tname.z = zCsr;
       tname.n = len;
 
       /* Advance zCsr to the next token. Store that token type in 'token',

Index: test/alter.test
==================================================================
--- test/alter.test
+++ test/alter.test
@@ -9,11 +9,11 @@
 #
 #*************************************************************************
 # This file implements regression tests for SQLite library.  The
 # focus of this script is testing the ALTER TABLE statement.
 #
-# $Id: alter.test,v 1.19 2007/04/06 02:32:34 drh Exp $
+# $Id: alter.test,v 1.20 2007/05/08 12:37:46 danielk1977 Exp $
 #
 
 set testdir [file dirname $argv0]
 source $testdir/tester.tcl
 
@@ -647,8 +647,25 @@
 do_test alter-8.2 {
   execsql {
     SELECT a, sum(b) FROM t2 GROUP BY a;
   }
 } {1 18 2 9}
+
+#--------------------------------------------------------------------------
+# alter-9.X - Special test: Make sure the sqlite_rename_trigger() and
+# rename_table() functions do not crash when handed bad input.
+#
+ifcapable trigger {
+  do_test alter-9.1 {
+    execsql {SELECT SQLITE_RENAME_TRIGGER(0,0)}
+  } {{}}
+}
+do_test alter-9.2 {
+    execsql {
+    SELECT SQLITE_RENAME_TABLE(0,0);
+    SELECT SQLITE_RENAME_TABLE(10,20);
+    SELECT SQLITE_RENAME_TABLE("foo", "foo");
+  }
+} {{} {} {}}
 
 
 finish_test