Index: src/expr.c ================================================================== --- src/expr.c +++ src/expr.c @@ -2865,10 +2865,11 @@ if( addrOnce ){ sqlite3VdbeJumpHere(v, addrOnce); /* Subroutine return */ sqlite3VdbeAddOp1(v, OP_Return, pExpr->y.sub.regReturn); sqlite3VdbeChangeP1(v, pExpr->y.sub.iAddr-1, sqlite3VdbeCurrentAddr(v)-1); + sqlite3ClearTempRegCache(pParse); } } #endif /* SQLITE_OMIT_SUBQUERY */ /* @@ -2975,10 +2976,11 @@ sqlite3VdbeJumpHere(v, addrOnce); /* Subroutine return */ sqlite3VdbeAddOp1(v, OP_Return, pExpr->y.sub.regReturn); sqlite3VdbeChangeP1(v, pExpr->y.sub.iAddr-1, sqlite3VdbeCurrentAddr(v)-1); + sqlite3ClearTempRegCache(pParse); } return rReg; } #endif /* SQLITE_OMIT_SUBQUERY */ @@ -5606,10 +5608,15 @@ } } /* ** Mark all temporary registers as being unavailable for reuse. +** +** Always invoke this procedure after coding a subroutine or co-routine +** that might be invoked from other parts of the code, to ensure that +** the sub/co-routine does not use registers in common with the code that +** invokes the sub/co-routine. */ void sqlite3ClearTempRegCache(Parse *pParse){ pParse->nTempReg = 0; pParse->nRangeReg = 0; } Index: test/tkt-3a77c9714e.test ================================================================== --- test/tkt-3a77c9714e.test +++ test/tkt-3a77c9714e.test @@ -1,6 +1,6 @@ -# 2011 December 06 +# 2011-12-06 # # The author disclaims copyright to this source code. In place of # a legal notice, here is a blessing: # # May you do good and not evil. @@ -66,7 +66,21 @@ WHERE Connected=SrcWord LIMIT 1 ) ) } {FACTORING FACTOR SWIMMING SWIMM} +# Similar problem discovered by dbsqlfuzz on 2019-09-18 +# +do_execsql_test 3.0 { + DROP TABLE IF EXISTS t1; + CREATE TABLE t1(i INT PRIMARY KEY, a, b); + INSERT INTO t1 VALUES(NULL,'one','i'); + CREATE INDEX i1a ON t1(a); + CREATE INDEX i1b ON t1(b); + SELECT (SELECT 1 + FROM (SELECT 1 FROM t1 WHERE a=1 OR b='i') + WHERE a='o' + OR b IN (SELECT a=('b' IN (SELECT 'a')))) + FROM t1; +} {{}} finish_test