Index: Makefile.in
==================================================================
--- Makefile.in
+++ Makefile.in
@@ -1246,14 +1246,10 @@
 # Fuzz testing
 fuzztest:	fuzzcheck$(TEXE) $(FUZZDATA) sessionfuzz$(TEXE) $(TOP)/test/sessionfuzz-data1.db
 	./fuzzcheck$(TEXE) $(FUZZDATA)
 	./sessionfuzz$(TEXE) run $(TOP)/test/sessionfuzz-data1.db
 
-fastfuzztest:	fuzzcheck$(TEXE) $(FUZZDATA) sessionfuzz$(TEXE) $(TOP)/test/sessionfuzz-data1.db
-	./fuzzcheck$(TEXE) --limit-mem 100M $(FUZZDATA)
-	./sessionfuzz$(TEXE) run $(TOP)/test/sessionfuzz-data1.db
-
 valgrindfuzz:	fuzzcheck$(TEXT) $(FUZZDATA) sessionfuzz$(TEXE) $(TOP)/test/sessionfuzz-data1.db
 	valgrind ./fuzzcheck$(TEXE) --cell-size-check --limit-mem 10M --timeout 600 $(FUZZDATA)
 	valgrind ./sessionfuzz$(TEXE) run $(TOP)/test/sessionfuzz-data1.db
 
 # The veryquick.test TCL tests.
@@ -1267,11 +1263,11 @@
 	./testfixture$(TEXE) $(TOP)/test/extraquick.test $(TESTOPTS)
 
 # This is the common case.  Run many tests that do not take too long,
 # including fuzzcheck, sqlite3_analyzer, and sqldiff tests.
 #
-test:	fastfuzztest sourcetest $(TESTPROGS) tcltest
+test:	fuzztest sourcetest $(TESTPROGS) tcltest
 
 # Run a test using valgrind.  This can take a really long time
 # because valgrind is so much slower than a native machine.
 #
 valgrindtest:	$(TESTPROGS) valgrindfuzz

Index: Makefile.msc
==================================================================
--- Makefile.msc
+++ Makefile.msc
@@ -2408,23 +2408,20 @@
 	.\testfixture.exe $(TOP)\test\permutations.test queryplanner $(TESTOPTS)
 
 fuzztest:	fuzzcheck.exe
 	.\fuzzcheck.exe $(FUZZDATA)
 
-fastfuzztest:	fuzzcheck.exe
-	.\fuzzcheck.exe --limit-mem 100M $(FUZZDATA)
-
 # Minimal testing that runs in less than 3 minutes (on a fast machine)
 #
 quicktest:	testfixture.exe sourcetest
 	@set PATH=$(LIBTCLPATH);$(PATH)
 	.\testfixture.exe $(TOP)\test\extraquick.test $(TESTOPTS)
 
 # This is the common case.  Run many tests that do not take too long,
 # including fuzzcheck, sqlite3_analyzer, and sqldiff tests.
 #
-test:	$(TESTPROGS) sourcetest fastfuzztest
+test:	$(TESTPROGS) sourcetest fuzztest
 	@set PATH=$(LIBTCLPATH);$(PATH)
 	.\testfixture.exe $(TOP)\test\veryquick.test $(TESTOPTS)
 
 smoketest:	$(TESTPROGS)
 	@set PATH=$(LIBTCLPATH);$(PATH)

Index: ext/fts5/fts5_config.c
==================================================================
--- ext/fts5/fts5_config.c
+++ ext/fts5/fts5_config.c
@@ -21,11 +21,11 @@
 #define FTS5_DEFAULT_USERMERGE      4
 #define FTS5_DEFAULT_CRISISMERGE   16
 #define FTS5_DEFAULT_HASHSIZE    (1024*1024)
 
 /* Maximum allowed page size */
-#define FTS5_MAX_PAGE_SIZE (128*1024)
+#define FTS5_MAX_PAGE_SIZE (64*1024)
 
 static int fts5_iswhitespace(char x){
   return (x==' ');
 }
 

Index: ext/fts5/test/fts5misc.test
==================================================================
--- ext/fts5/test/fts5misc.test
+++ ext/fts5/test/fts5misc.test
@@ -148,8 +148,32 @@
 
 do_execsql_test 4.4 {
   INSERT INTO vt0(vt0) VALUES('integrity-check');
 }
 
+#-------------------------------------------------------------------------
+# Ticket [81a7f7b9].
+#
+reset_db
+do_execsql_test 5.0 {
+  CREATE VIRTUAL TABLE vt0 USING fts5(c0, c1);
+  INSERT INTO vt0(vt0, rank) VALUES('pgsz', '65536');
+  WITH s(i) AS (
+    SELECT 1 UNION ALL SELECT i+1 FROM s WHERE i<1236
+  )
+  INSERT INTO vt0(c0) SELECT '0' FROM s;
+} {}
+
+do_execsql_test 5.1 {
+  UPDATE vt0 SET c1 = 'T,D&p^y/7#3*v<b<4j7|f';
+}
+
+do_execsql_test 5.2 {
+  INSERT INTO vt0(vt0) VALUES('integrity-check');
+}
+
+do_catchsql_test 5.3 {
+  INSERT INTO vt0(vt0, rank) VALUES('pgsz', '65537');
+} {1 {SQL logic error}}
 
 finish_test
 

Index: main.mk
==================================================================
--- main.mk
+++ main.mk
@@ -935,14 +935,10 @@
 
 fuzztest:	fuzzcheck$(EXE) $(FUZZDATA) sessionfuzz$(EXE) $(TOP)/test/sessionfuzz-data1.db
 	./fuzzcheck$(EXE) $(FUZZDATA)
 	./sessionfuzz run $(TOP)/test/sessionfuzz-data1.db
 
-fastfuzztest:	fuzzcheck$(EXE) $(FUZZDATA) sessionfuzz$(EXE) $(TOP)/test/sessionfuzz-data1.db
-	./fuzzcheck$(EXE) --limit-mem 100M $(FUZZDATA)
-	./sessionfuzz run $(TOP)/test/sessionfuzz-data1.db
-
 valgrindfuzz:	fuzzcheck$(EXE) $(FUZZDATA) sessionfuzz$(EXE) $(TOP)/test/sessionfuzz-data1.db
 	valgrind ./fuzzcheck$(EXE) --cell-size-check --limit-mem 10M --timeout 600 $(FUZZDATA)
 	valgrind ./sessionfuzz run $(TOP)/test/sessionfuzz-data1.db
 
 # The veryquick.test TCL tests.
@@ -956,11 +952,11 @@
 quicktest:	./testfixture$(EXE)
 	./testfixture$(EXE) $(TOP)/test/extraquick.test $(TESTOPTS)
 
 # The default test case.  Runs most of the faster standard TCL tests,
 # and fuzz tests, and sqlite3_analyzer and sqldiff tests.
-test:	fastfuzztest sourcetest $(TESTPROGS) tcltest
+test:	fuzztest sourcetest $(TESTPROGS) tcltest
 
 # Run a test using valgrind.  This can take a really long time
 # because valgrind is so much slower than a native machine.
 #
 valgrindtest:	$(TESTPROGS) valgrindfuzz

Index: src/expr.c
==================================================================
--- src/expr.c
+++ src/expr.c
@@ -184,11 +184,14 @@
         /* The Expr.x union is never used at the same time as Expr.pRight */
         assert( p->x.pList==0 || p->pRight==0 );
         /* p->flags holds EP_Collate and p->pLeft->flags does not.  And
         ** p->x.pSelect cannot.  So if p->x.pLeft exists, it must hold at
         ** least one EP_Collate. Thus the following two ALWAYS. */
-        if( p->x.pList!=0 && ALWAYS(!ExprHasProperty(p, EP_xIsSelect)) ){
+        if( p->x.pList!=0 
+         && !db->mallocFailed
+         && ALWAYS(!ExprHasProperty(p, EP_xIsSelect))
+        ){
           int i;
           for(i=0; ALWAYS(i<p->x.pList->nExpr); i++){
             if( ExprHasProperty(p->x.pList->a[i].pExpr, EP_Collate) ){
               pNext = p->x.pList->a[i].pExpr;
               break;

Index: src/prepare.c
==================================================================
--- src/prepare.c
+++ src/prepare.c
@@ -641,52 +641,28 @@
   }else{
     sqlite3RunParser(&sParse, zSql, &zErrMsg);
   }
   assert( 0==sParse.nQueryLoop );
 
-  if( sParse.rc==SQLITE_DONE ) sParse.rc = SQLITE_OK;
+  if( sParse.rc==SQLITE_DONE ){
+    sParse.rc = SQLITE_OK;
+  }
   if( sParse.checkSchema ){
     schemaIsValid(&sParse);
   }
-  if( db->mallocFailed ){
-    sParse.rc = SQLITE_NOMEM_BKPT;
-  }
   if( pzTail ){
     *pzTail = sParse.zTail;
   }
-  rc = sParse.rc;
-
-#ifndef SQLITE_OMIT_EXPLAIN
-  /* Justification for the ALWAYS(): The only way for rc to be SQLITE_OK and
-  ** sParse.pVdbe to be NULL is if the input SQL is an empty string, but in
-  ** that case, sParse.explain will be false. */
-  if( sParse.explain && rc==SQLITE_OK && ALWAYS(sParse.pVdbe) ){
-    static const char * const azColName[] = {
-       "addr", "opcode", "p1", "p2", "p3", "p4", "p5", "comment",
-       "id", "parent", "notused", "detail"
-    };
-    int iFirst, mx;
-    if( sParse.explain==2 ){
-      sqlite3VdbeSetNumCols(sParse.pVdbe, 4);
-      iFirst = 8;
-      mx = 12;
-    }else{
-      sqlite3VdbeSetNumCols(sParse.pVdbe, 8);
-      iFirst = 0;
-      mx = 8;
-    }
-    for(i=iFirst; i<mx; i++){
-      sqlite3VdbeSetColName(sParse.pVdbe, i-iFirst, COLNAME_NAME,
-                            azColName[i], SQLITE_STATIC);
-    }
-  }
-#endif
 
   if( db->init.busy==0 ){
     sqlite3VdbeSetSql(sParse.pVdbe, zSql, (int)(sParse.zTail-zSql), prepFlags);
   }
-  if( rc!=SQLITE_OK || db->mallocFailed ){
+  if( db->mallocFailed ){
+    sParse.rc = SQLITE_NOMEM_BKPT;
+  }
+  rc = sParse.rc;
+  if( rc!=SQLITE_OK ){
     if( sParse.pVdbe ) sqlite3VdbeFinalize(sParse.pVdbe);
     assert(!(*ppStmt));
   }else{
     *ppStmt = (sqlite3_stmt*)sParse.pVdbe;
   }

Index: src/vdbeaux.c
==================================================================
--- src/vdbeaux.c
+++ src/vdbeaux.c
@@ -2221,12 +2221,30 @@
   assert( x.nFree>=0 );
   assert( EIGHT_BYTE_ALIGNMENT(&x.pSpace[x.nFree]) );
 
   resolveP2Values(p, &nArg);
   p->usesStmtJournal = (u8)(pParse->isMultiWrite && pParse->mayAbort);
-  if( pParse->explain && nMem<10 ){
-    nMem = 10;
+  if( pParse->explain ){
+    static const char * const azColName[] = {
+       "addr", "opcode", "p1", "p2", "p3", "p4", "p5", "comment",
+       "id", "parent", "notused", "detail"
+    };
+    int iFirst, mx, i;
+    if( nMem<10 ) nMem = 10;
+    if( pParse->explain==2 ){
+      sqlite3VdbeSetNumCols(p, 4);
+      iFirst = 8;
+      mx = 12;
+    }else{
+      sqlite3VdbeSetNumCols(p, 8);
+      iFirst = 0;
+      mx = 8;
+    }
+    for(i=iFirst; i<mx; i++){
+      sqlite3VdbeSetColName(p, i-iFirst, COLNAME_NAME,
+                            azColName[i], SQLITE_STATIC);
+    }
   }
   p->expired = 0;
 
   /* Memory for registers, parameters, cursor, etc, is allocated in one or two
   ** passes.  On the first pass, we try to reuse unused memory at the 

Index: test/collate1.test
==================================================================
--- test/collate1.test
+++ test/collate1.test
@@ -414,7 +414,26 @@
   CREATE TABLE t0(c0 COLLATE RTRIM, c1 BLOB UNIQUE,
                   PRIMARY KEY (c0, c1)) WITHOUT ROWID;
   INSERT INTO t0 VALUES (123, 3), (' ', 1), ('	', 2), ('', 4);
   SELECT * FROM t0 WHERE c1 = 1;
 } {{ } 1}
+
+# 2019-10-09
+# ALWAYS() macro fails following OOM
+# Problem detected by dbsqlfuzz.
+#
+do_execsql_test 9.0 {
+  CREATE TABLE t1(a, b);
+  CREATE TABLE t2(c, d);
+}
+
+do_faultsim_test 9.1 -faults oom* -body {
+  execsql {
+    SELECT * FROM (
+        SELECT b COLLATE nocase IN (SELECT c FROM t2) FROM t1
+    );
+  }
+} -test {
+  faultsim_test_result {0 {}}
+}
 
 finish_test

Index: test/fuzzdata8.db
==================================================================
--- test/fuzzdata8.db
+++ test/fuzzdata8.db
cannot compute difference between binary files