Index: src/analyze.c
==================================================================
--- src/analyze.c
+++ src/analyze.c
@@ -547,25 +547,28 @@
       while( sqlite3_step(pStmt)==SQLITE_ROW ){
         char *zIndex = (char *)sqlite3_column_text(pStmt, 0);
         Index *pIdx = sqlite3FindIndex(db, zIndex, sInfo.zDatabase);
         if( pIdx ){
           int iSample = sqlite3_column_int(pStmt, 1);
+          sqlite3 *dbMem = pIdx->pTable->dbMem;
+	  assert( dbMem==db || dbMem==0 );
           if( iSample<SQLITE_INDEX_SAMPLES && iSample>=0 ){
             int eType = sqlite3_column_type(pStmt, 2);
 
             if( pIdx->aSample==0 ){
-              static const int nByte = sizeof(IndexSample)*SQLITE_INDEX_SAMPLES;
-              pIdx->aSample = (IndexSample *)sqlite3DbMallocZero(db, nByte);
+              static const int sz = sizeof(IndexSample)*SQLITE_INDEX_SAMPLES;
+              pIdx->aSample = (IndexSample *)sqlite3DbMallocZero(dbMem, sz);
               if( pIdx->aSample==0 ){
+		db->mallocFailed = 1;
                 break;
               }
             }
 
             if( pIdx->aSample ){
               IndexSample *pSample = &pIdx->aSample[iSample];
               if( pSample->eType==SQLITE_TEXT || pSample->eType==SQLITE_BLOB ){
-                sqlite3DbFree(db, pSample->u.z);
+                sqlite3DbFree(dbMem, pSample->u.z);
               }
               pSample->eType = eType;
               if( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT ){
                 pSample->u.r = sqlite3_column_double(pStmt, 2);
               }else if( eType==SQLITE_TEXT || eType==SQLITE_BLOB ){
@@ -577,14 +580,15 @@
                 int n = sqlite3_column_bytes(pStmt, 2);
                 if( n>24 ){
                   n = 24;
                 }
                 pSample->nByte = n;
-                pSample->u.z = sqlite3DbMallocRaw(db, n);
+                pSample->u.z = sqlite3DbMallocRaw(dbMem, n);
                 if( pSample->u.z ){
                   memcpy(pSample->u.z, z, n);
                 }else{
+		  db->mallocFailed = 1;
                   break;
                 }
               }
             }
           }

Index: src/sqliteInt.h
==================================================================
--- src/sqliteInt.h
+++ src/sqliteInt.h
@@ -1576,11 +1576,12 @@
   ** access them will result in a segfault or malfunction.
   *********************************************************************/
 
   int iTable;            /* TK_COLUMN: cursor number of table holding column
                          ** TK_REGISTER: register number */
-  i16 iColumn;           /* TK_COLUMN: column index.  -1 for rowid */
+  i16 iColumn;           /* TK_COLUMN: column index.  -1 for rowid
+                         ** TK_REGISTER: original value of Expr.op */
   i16 iAgg;              /* Which entry in pAggInfo->aCol[] or ->aFunc[] */
   i16 iRightJoinTable;   /* If EP_FromJoin, the right table of the join */
   u16 flags2;            /* Second set of flags.  EP2_... */
   AggInfo *pAggInfo;     /* Used by TK_AGG_COLUMN and TK_AGG_FUNCTION */
   Table *pTab;           /* Table for TK_COLUMN expressions. */