From 00c12a51e3f69ca8f1a01447bfae8216a3039a53 Mon Sep 17 00:00:00 2001
From: drh <drh@noemail.net>
Date: Wed, 24 Jul 2019 23:15:19 +0000
Subject: [PATCH] Fix faulty asserts in the code generator. Ticket
 [c52b09c7f38903b1]

FossilOrigin-Name: 01cdc590f7894ea23ee0d674747d7ebf8196efbef3c87d47e72dbc1ab6ae2883
---
 manifest          | 16 ++++++------
 manifest.uuid     |  2 +-
 src/select.c      | 13 +++++++---
 test/select1.test | 65 +++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 84 insertions(+), 12 deletions(-)

diff --git a/manifest b/manifest
index 9ab5996e0d..4aa0aab8f7 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Improve\sthe\s".recover"\scommand\sso\sthat\sit\shandles\sintkey\spages\slinked\sinto\snon-intkey\sb-trees,\sand\svice-versa,\sbetter.
-D 2019-07-24T20:10:27.248
+C Fix\sfaulty\sasserts\sin\sthe\scode\sgenerator.\nTicket\s[c52b09c7f38903b1]
+D 2019-07-24T23:15:19.192
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -522,7 +522,7 @@ F src/printf.c 9be6945837c839ba57837b4bc3af349eba630920fa5532aa518816defe42a7d4
 F src/random.c 80f5d666f23feb3e6665a6ce04c7197212a88384
 F src/resolve.c edf29463177e9fa9dad5346e9adf482f24db9f180c693d0ba993e25dc797f6b7
 F src/rowset.c d977b011993aaea002cab3e0bb2ce50cf346000dff94e944d547b989f4b1fe93
-F src/select.c 9817d812b13c956ac28d27390602751a8add217f87224d2636fb3ef7e4d646a7
+F src/select.c 1b8b5afee76e7d662b34c61705a638f7a6a20d5109515ca973c12343c84fb2d6
 F src/shell.c.in 9c203a8c643fd638ab67a911e1fad1f51138c13a4d0ea3cedf7526fba5de60f2
 F src/sqlite.h.in 83ebc8ab1a2e82d92214006ea2c15bf8a0604f3fac2c31dd9ce9021f568c71f2
 F src/sqlite3.rc 5121c9e10c3964d5755191c80dd1180c122fc3a8
@@ -1283,7 +1283,7 @@ F test/schema6.test e4bd1f23d368695eb9e7b51ef6e02ca0642ea2ab4a52579959826b5e7dce
 F test/schemafault.test 1936bceca55ac82c5efbcc9fc91a1933e45c8d1e1d106b9a7e56c972a5a2a51e
 F test/securedel.test 2f70b2449186a1921bd01ec9da407fbfa98c3a7a5521854c300c194b2ff09384
 F test/securedel2.test 2d54c28e46eb1fd6902089958b20b1b056c6f1c5
-F test/select1.test 7d41f354998524070317207d4e2b68e725e4cf14a57835fc746d4bea686a8714
+F test/select1.test 703154cbf66d0a9fbbd5b771dc3d2c4d3700121d133d695958d4a9c5a33251e8
 F test/select2.test 352480e0e9c66eda9c3044e412abdf5be0215b56
 F test/select3.test 3905450067c28766bc83ee397f6d87342de868baa60f2bcfd00f286dfbd62cb9
 F test/select4.test 5389d9895968d1196c457d59b3ee6515d771d328
@@ -1837,7 +1837,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P becaaa4d29d17ad613f2a120f0b173e53403b3de26f22beaf83f66ebf369bf60
-R 94d74886c98500c187a9db329f6aede4
-U dan
-Z 32ff5ab3849650d0809e5271f9614a81
+P 9c458acba5a100a76148a3efb78ea9f57b85751e80788e4532694bd8976608a0
+R bef3b356415d2b00c3ff0794e1a2bd40
+U drh
+Z 3eaa65a1e0f80aa0cf734d748434dc11
diff --git a/manifest.uuid b/manifest.uuid
index 0c855a409c..667af28ab4 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-9c458acba5a100a76148a3efb78ea9f57b85751e80788e4532694bd8976608a0
\ No newline at end of file
+01cdc590f7894ea23ee0d674747d7ebf8196efbef3c87d47e72dbc1ab6ae2883
\ No newline at end of file
diff --git a/src/select.c b/src/select.c
index 6e0eeb2f4e..1feee02b7e 100644
--- a/src/select.c
+++ b/src/select.c
@@ -5869,8 +5869,15 @@ int sqlite3Select(
     ** technically harmless for it to be generated multiple times. The
     ** following assert() will detect if something changes to cause
     ** the same subquery to be coded multiple times, as a signal to the
-    ** developers to try to optimize the situation. */
-    assert( pItem->addrFillSub==0 );
+    ** developers to try to optimize the situation.
+    **
+    ** Update 2019-07-24:
+    ** See ticket https://sqlite.org/src/tktview/c52b09c7f38903b1311cec40.
+    ** The dbsqlfuzz fuzzer found a case where the same subquery gets
+    ** coded twice.  So this assert() now becomes a testcase().  It should
+    ** be very rare, though.
+    */
+    testcase( pItem->addrFillSub!=0 );
 
     /* Increment Parse.nHeight by the height of the largest expression
     ** tree referred to by this, the parent select. The child select
@@ -5944,7 +5951,7 @@ int sqlite3Select(
       int retAddr;
       struct SrcList_item *pPrior;
 
-      assert( pItem->addrFillSub==0 );
+      testcase( pItem->addrFillSub==0 ); /* Ticket c52b09c7f38903b1311 */
       pItem->regReturn = ++pParse->nMem;
       topAddr = sqlite3VdbeAddOp2(v, OP_Integer, 0, pItem->regReturn);
       pItem->addrFillSub = topAddr+1;
diff --git a/test/select1.test b/test/select1.test
index 468f118c41..27191caf67 100644
--- a/test/select1.test
+++ b/test/select1.test
@@ -1100,4 +1100,69 @@ do_execsql_test select1-17.3 {
          UNION ALL SELECT * FROM t2 WHERE y=3 ORDER BY y,z LIMIT 4);
 } {1 2 3}
 
+# 2019-07-24 Ticket https://sqlite.org/src/tktview/c52b09c7f38903b1311
+#
+do_execsql_test select1-18.1 {
+  DROP TABLE IF EXISTS t1;
+  DROP TABLE IF EXISTS t2;
+  CREATE TABLE t1(c);
+  CREATE TABLE t2(x PRIMARY KEY, y);
+  INSERT INTO t1(c) VALUES(123);
+  INSERT INTO t2(x) VALUES(123);
+  SELECT x FROM t2, t1 WHERE x BETWEEN c AND null OR x AND
+  x IN ((SELECT x FROM (SELECT x FROM t2, t1 
+  WHERE x BETWEEN (SELECT x FROM (SELECT x COLLATE rtrim 
+  FROM t2, t1 WHERE x BETWEEN c AND null
+  OR x AND x IN (c)), t1 WHERE x BETWEEN c AND null
+  OR x AND x IN (c)) AND null
+  OR NOT EXISTS(SELECT -4.81 FROM t1, t2 WHERE x BETWEEN c AND null
+  OR x AND x IN ((SELECT x FROM (SELECT x FROM t2, t1
+  WHERE x BETWEEN (SELECT x FROM (SELECT x BETWEEN c AND null
+  OR x AND x IN (c)), t1 WHERE x BETWEEN c AND null
+  OR x AND x IN (c)) AND null
+  OR x AND x IN (c)), t1 WHERE x BETWEEN c AND null
+  OR x AND x IN (c)))) AND x IN (c)
+  ), t1 WHERE x BETWEEN c AND null
+  OR x AND x IN (c)));
+} {}
+do_execsql_test select1-18.2 {
+  DROP TABLE IF EXISTS t1;
+  DROP TABLE IF EXISTS t2;
+  CREATE TABLE t1(c);
+  CREATE TABLE t2(x PRIMARY KEY, y);
+  INSERT INTO t1(c) VALUES(123);
+  INSERT INTO t2(x) VALUES(123);
+  SELECT x FROM t2, t1 WHERE x BETWEEN c AND (c+1) OR x AND
+  x IN ((SELECT x FROM (SELECT x FROM t2, t1 
+  WHERE x BETWEEN (SELECT x FROM (SELECT x COLLATE rtrim 
+  FROM t2, t1 WHERE x BETWEEN c AND (c+1)
+  OR x AND x IN (c)), t1 WHERE x BETWEEN c AND (c+1)
+  OR x AND x IN (c)) AND (c+1)
+  OR NOT EXISTS(SELECT -4.81 FROM t1, t2 WHERE x BETWEEN c AND (c+1)
+  OR x AND x IN ((SELECT x FROM (SELECT x FROM t2, t1
+  WHERE x BETWEEN (SELECT x FROM (SELECT x BETWEEN c AND (c+1)
+  OR x AND x IN (c)), t1 WHERE x BETWEEN c AND (c+1)
+  OR x AND x IN (c)) AND (c+1)
+  OR x AND x IN (c)), t1 WHERE x BETWEEN c AND (c+1)
+  OR x AND x IN (c)))) AND x IN (c)
+  ), t1 WHERE x BETWEEN c AND (c+1)
+  OR x AND x IN (c)));
+} {123}
+do_execsql_test select1-18.3 {
+  SELECT 1 FROM t1 WHERE (
+    SELECT 2 FROM t2 WHERE (
+      SELECT 3 FROM (
+        SELECT x FROM t2 WHERE x=c OR x=(SELECT x FROM (VALUES(0)))
+      ) WHERE x>c OR x=c
+    )
+  );
+} {1}
+do_execsql_test select1-18.4 {
+  SELECT 1 FROM t1, t2 WHERE (
+    SELECT 3 FROM (
+      SELECT x FROM t2 WHERE x=c OR x=(SELECT x FROM (VALUES(0)))
+    ) WHERE x>c OR x=c
+  );
+} {1}
+
 finish_test