Fix a corner-case error in the new UPDATE FROM logic helpfully discovered

by OSSFuzz.

FossilOrigin-Name: 5cc200939d3a33566ddb858fc74c878acc72cfe5cf4c9b1d08e7b13e4d5ff566
This commit is contained in:
drh 2020-07-20 18:07:35 +00:00
parent a192807c13
commit 09cf569292
4 changed files with 27 additions and 9 deletions

View File

@ -1,6 +1,6 @@
B 7a876209a678a34c198b54ceef9e3c041f128a14dc73357f6a57cadadaa6cf7b B 7a876209a678a34c198b54ceef9e3c041f128a14dc73357f6a57cadadaa6cf7b
C Faster\scolumn\sname\slookup\sin\sthe\scolumnIndex()\sroutine\susing\shashing. C Fix\sa\scorner-case\serror\sin\sthe\snew\sUPDATE\sFROM\slogic\shelpfully\sdiscovered\nby\sOSSFuzz.
D 2020-07-20T13:11:19.877 D 2020-07-20T18:07:35.022
F Makefile.in 19374a5db06c3199ec1bab71ab74a103d8abf21053c05e9389255dc58083f806 F Makefile.in 19374a5db06c3199ec1bab71ab74a103d8abf21053c05e9389255dc58083f806
F Makefile.msc 48f5a3fc32672c09ad73795749f6253e406a31526935fbbffd8f021108d54574 F Makefile.msc 48f5a3fc32672c09ad73795749f6253e406a31526935fbbffd8f021108d54574
F autoconf/Makefile.am a8d1d24affe52ebf8d7ddcf91aa973fa0316618ab95bb68c87cabf8faf527dc8 F autoconf/Makefile.am a8d1d24affe52ebf8d7ddcf91aa973fa0316618ab95bb68c87cabf8faf527dc8
@ -28,7 +28,7 @@ F src/parse.y 5bdb760a29c0b25caf7e80e82210b81cd2ea3066d5199ca29e6eac40b34bc184
F src/pragma.c ae499b5ab8f4e833f67e28bf2322500e9aa612aadf12581d1324333f848d8b51 F src/pragma.c ae499b5ab8f4e833f67e28bf2322500e9aa612aadf12581d1324333f848d8b51
F src/pragma.h 8dc78ab7e9ec6ce3ded8332810a2066f1ef6267e2e03cd7356ee00276125c6cf F src/pragma.h 8dc78ab7e9ec6ce3ded8332810a2066f1ef6267e2e03cd7356ee00276125c6cf
F src/resolve.c 2dd6821aac2cd27de9fcf6aa6d1f8c41b4b5841c9bc58bf1c9109008009a3a2e F src/resolve.c 2dd6821aac2cd27de9fcf6aa6d1f8c41b4b5841c9bc58bf1c9109008009a3a2e
F src/select.c 835a86f1064b5b744c22166ef10a9f598be266feccef3128122ad5f8e9bd9dbc F src/select.c 39c6b63d996f9a24b34d2ccf38f67a7283355056011c2bb1b135daed7a715cf5
F src/shell.c.in 81fa23ac1a3d6ac9ed13e9ae711a3d8806396ca7cc12c5d6a2e2536f70b0c7ad F src/shell.c.in 81fa23ac1a3d6ac9ed13e9ae711a3d8806396ca7cc12c5d6a2e2536f70b0c7ad
F src/sqliteInt.h 9682c3ce6b970b3a997d65c140bdb5b286a04188e4e1c8489b64a525161ecb30 F src/sqliteInt.h 9682c3ce6b970b3a997d65c140bdb5b286a04188e4e1c8489b64a525161ecb30
F src/test1.c fe56c4bcaa2685ca9aa25d817a0ee9345e189aff4a5a71a3d8ba946c7776feb8 F src/test1.c fe56c4bcaa2685ca9aa25d817a0ee9345e189aff4a5a71a3d8ba946c7776feb8
@ -57,7 +57,7 @@ F test/speedtest1.c a8b5afe72d78ff365012aba48d3f0c579e957facb7630f765f58a6ae4656
F test/tester.tcl 174f668fcb4569a775bf24534ac8e59ce47d3a56d37c3465d1857f027e7ec136 F test/tester.tcl 174f668fcb4569a775bf24534ac8e59ce47d3a56d37c3465d1857f027e7ec136
F test/triggerupfrom.test d25961fa70a99b6736193da7b49a36d8c1d28d56188f0be6406d4366315cd6e4 F test/triggerupfrom.test d25961fa70a99b6736193da7b49a36d8c1d28d56188f0be6406d4366315cd6e4
F test/upfrom1.tcl 8859d9d437f03b44174c4524a7a734a391fd4526fcff65be08285dafc9dc9041 F test/upfrom1.tcl 8859d9d437f03b44174c4524a7a734a391fd4526fcff65be08285dafc9dc9041
F test/upfrom1.test c0a99a3f44b42beaca37c62e05332d64768c326c75b4edf976533a2d1ef76895 F test/upfrom1.test d18f69f7c691bc791e7f31bf0e354eeff04cf2f44edc32d6b1928bad71697073
F test/upfrom2.test 6ebd3be8c3fac984e89a177d823686f04605b512fc167392bce6d8ba2ba63325 F test/upfrom2.test 6ebd3be8c3fac984e89a177d823686f04605b512fc167392bce6d8ba2ba63325
F test/upfrom3.test 7dab379d128e8dd7beb2055b295fb113c7ba93e8c2038f5ddb7a4a10f0ebb348 F test/upfrom3.test 7dab379d128e8dd7beb2055b295fb113c7ba93e8c2038f5ddb7a4a10f0ebb348
F test/upfromfault.test 70ecf8eb85559727a487283f69374e3ae39879e994d8a2437c49d7c05ecb70c9 F test/upfromfault.test 70ecf8eb85559727a487283f69374e3ae39879e994d8a2437c49d7c05ecb70c9
@ -70,7 +70,7 @@ F tool/mksqlite3c.tcl f4ef476510eca4124c874a72029f1e01bc54a896b1724e8f9eef0d8bfa
F tool/mksqlite3h.tcl 1f5e4a1dbbbc43c83cc6e74fe32c6c620502240b66c7c0f33a51378e78fc4edf F tool/mksqlite3h.tcl 1f5e4a1dbbbc43c83cc6e74fe32c6c620502240b66c7c0f33a51378e78fc4edf
F tool/showlocks.c 9cc5e66d4ebbf2d194f39db2527ece92077e86ae627ddd233ee48e16e8142564 F tool/showlocks.c 9cc5e66d4ebbf2d194f39db2527ece92077e86ae627ddd233ee48e16e8142564
F tool/speed-check.sh 615cbdf50f1409ef3bbf9f682e396df80f49d97ed93ed3e61c8e91fae6afde58 F tool/speed-check.sh 615cbdf50f1409ef3bbf9f682e396df80f49d97ed93ed3e61c8e91fae6afde58
P 020dbfa2aef20e5872cc3e785d99f45903843401292114b5092b9c8aa829b9c3 P de2a90812498e504c9b8eeb83bfc48a948b45e87bdfa242c0aa9f0377d90740f
R dd7292537766c9a2f1a52ad731c64848 R 63d0c6e2d5ef247c5f1458f1099377ab
U drh U drh
Z b4e9384168d028fbccb483cf5527f35f Z b970f4086adbbc294d690e39a6ac70c0

View File

@ -1 +1 @@
de2a90812498e504c9b8eeb83bfc48a948b45e87bdfa242c0aa9f0377d90740f 5cc200939d3a33566ddb858fc74c878acc72cfe5cf4c9b1d08e7b13e4d5ff566

View File

@ -1138,7 +1138,14 @@ static void selectInnerLoop(
{ {
int i2 = pDest->iSDParm2; int i2 = pDest->iSDParm2;
int r1 = sqlite3GetTempReg(pParse); int r1 = sqlite3GetTempReg(pParse);
sqlite3VdbeAddOp3(v, OP_MakeRecord,regResult+(i2<0),nResultCol-(i2<0),r1);
/* If the UPDATE FROM join is an aggregate that matches no rows, it
** might still be trying to return one row, because that is what
** aggregates do. Don't record that empty row in the output table. */
sqlite3VdbeAddOp2(v, OP_IsNull, regResult, iBreak); VdbeCoverage(v);
sqlite3VdbeAddOp3(v, OP_MakeRecord,
regResult+(i2<0), nResultCol-(i2<0), r1);
if( i2<0 ){ if( i2<0 ){
sqlite3VdbeAddOp3(v, OP_Insert, iParm, r1, regResult); sqlite3VdbeAddOp3(v, OP_Insert, iParm, r1, regResult);
}else{ }else{

View File

@ -164,4 +164,15 @@ do_test 2.3.2 { catch { execsql {
UPDATE t5 AS apples SET b=1 FROM t5 AS apples; UPDATE t5 AS apples SET b=1 FROM t5 AS apples;
} } } 1 } } } 1
# Problem found by OSSFuzz on 2020-07-20
# https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24282
#
reset_db
do_execsql_test 3.1 {
CREATE TABLE t0(a);
CREATE TABLE t1(b);
UPDATE t1 SET b=sum(a) FROM t0;
SELECT * FROM t0, t1;
} {}
finish_test finish_test