Index: src/update.c ================================================================== --- src/update.c +++ src/update.c @@ -394,11 +394,11 @@ iPk = pParse->nMem+1; pParse->nMem += nPk; regKey = ++pParse->nMem; iEph = pParse->nTab++; - sqlite3VdbeAddOp2(v, OP_Null, 0, iPk); + sqlite3VdbeAddOp3(v, OP_Null, 0, iPk, iPk+nPk-1); addrOpen = sqlite3VdbeAddOp2(v, OP_OpenEphemeral, iEph, nPk); sqlite3VdbeSetP4KeyInfo(pParse, pPk); } /* Begin the database scan. Index: test/without_rowid1.test ================================================================== --- test/without_rowid1.test +++ test/without_rowid1.test @@ -339,8 +339,21 @@ CREATE INDEX t1x ON t1(x); INSERT INTO t1(x,b) VALUES('funny','buffalo'); SELECT type, name, '|' FROM sqlite_master; } {table t1 | index t1x |} +# 2018-04-05: OSSFuzz found that the following was accessing an +# unintialized memory cell. Which was not actually causing a +# malfunction, but does cause an assert() to fail. +# +do_execsql_test 9.0 { + CREATE TABLE t2(b, c, PRIMARY KEY(b,c)) WITHOUT ROWID; + CREATE UNIQUE INDEX t2b ON t2(b); + UPDATE t2 SET b=1 WHERE b=''; +} + +do_execsql_test 10.1 { + DELETE FROM t2 WHERE b=1 +} finish_test