From 47bcc34271435e376b57a8482e06803f4a7a6c4f Mon Sep 17 00:00:00 2001
From: drh <drh@noemail.net>
Date: Sat, 16 Nov 2019 11:33:39 +0000
Subject: [PATCH] Fix a potential NULL pointer dereference on a RENAME TABLE
 that references a VIEW with a logic error in a window function in the ORDER
 BY clause.

FossilOrigin-Name: 0adb273f7e7671efb0e0a1619887e369500dfd2db7ef1b1e125c2414ea96e96f
---
 manifest          | 14 +++++++-------
 manifest.uuid     |  2 +-
 src/window.c      |  4 ++--
 test/window1.test |  9 +++++++++
 4 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/manifest b/manifest
index e3e4ac51a1..ac188b51dd 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Modify\sthree\stest\scases\sso\sthat\sthey\swork\seven\swith\sunusual\sversions\sof\sthe\nlibrary\sprintf().
-D 2019-11-15T21:16:34.727
+C Fix\sa\spotential\sNULL\spointer\sdereference\son\sa\sRENAME\sTABLE\sthat\sreferences\na\sVIEW\swith\sa\slogic\serror\sin\sa\swindow\sfunction\sin\sthe\sORDER\sBY\sclause.
+D 2019-11-16T11:33:39.324
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@@ -616,7 +616,7 @@ F src/where.c 874845fb5d93b3bc07123df8fee805e9650bd091e3ed62988273c7e2141ab8bd
 F src/whereInt.h 4a296fd4fa79fdcbc2b5e8c1b898901617655811223e1082b899c23ecb092217
 F src/wherecode.c 9b84737fd68134249a439813d27b1c61de17a01e121eb98949548d1e7f8e400a
 F src/whereexpr.c 39b6a538804c6e1248c22b33e09d00f89ae6a099c849c4d841ce3995562287b4
-F src/window.c ea53cef29a5c32aa37ea22e87c247cf8e999fa3b70c6268d266af84608cb77f4
+F src/window.c b5bed964a04c23fa335d6b1d2d8011ed518b36b692c1a999ae1777a023a45e1d
 F test/8_3_names.test ebbb5cd36741350040fd28b432ceadf495be25b2
 F test/affinity2.test ce1aafc86e110685b324e9a763eab4f2a73f737842ec3b687bd965867de90627
 F test/affinity3.test 6a101af2fc945ce2912f6fe54dd646018551710d
@@ -1710,7 +1710,7 @@ F test/win32heap.test 10fd891266bd00af68671e702317726375e5407561d859be1aa04696f2
 F test/win32lock.test fbf107c91d8f5512be5a5b87c4c42ab9fdd54972
 F test/win32longpath.test 169c75a3b2e43481f4a62122510210c67b08f26d
 F test/win32nolock.test ac4f08811a562e45a5755e661f45ca85892bdbbc
-F test/window1.test 453bb9dcb1b447eddbb4777c97620f02543a4375359723b7372ff09dcf847045
+F test/window1.test e88f674b5de9d3bd2787bc1ff22e8c04c10c7e9773212f3c3c3396cb8dccb096
 F test/window2.tcl 66db96fd9fd202bc31ee7f8ce7904cb469564864cff3f74e009bfef8102333f4
 F test/window2.test af2a001ded703bb8f2474fb0edfef170d5aba00f5c1f2aa9f65935b5da13df90
 F test/window3.tcl acea6e86a4324a210fd608d06741010ca83ded9fde438341cb978c49928faf03
@@ -1849,7 +1849,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 2c35d3f67b67a53ead08b1c395e7ca8e5bf65f94a5a962a0562994a3c66c95d9
-R 7e76caf5a43775466025ab95a11d7867
+P 8f4a3750b7d272daf96831655ffee80d457875ee121fc4537008046b9a00d0e7
+R 383755df3f3f1cd4ca570f1c560cd1a6
 U drh
-Z 171108a9819041920dbbf1b0a00e9325
+Z 409cd14f4eb3f55f82c878e2e6adf71b
diff --git a/manifest.uuid b/manifest.uuid
index 669b6e72ba..0a86a19526 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-8f4a3750b7d272daf96831655ffee80d457875ee121fc4537008046b9a00d0e7
\ No newline at end of file
+0adb273f7e7671efb0e0a1619887e369500dfd2db7ef1b1e125c2414ea96e96f
\ No newline at end of file
diff --git a/src/window.c b/src/window.c
index fb806a506b..ccd19024fe 100644
--- a/src/window.c
+++ b/src/window.c
@@ -1244,8 +1244,8 @@ void sqlite3WindowAttach(Parse *pParse, Expr *p, Window *pWin){
 ** SELECT, or (b) the windows already linked use a compatible window frame.
 */
 void sqlite3WindowLink(Select *pSel, Window *pWin){
-  if( 0==pSel->pWin 
-   || 0==sqlite3WindowCompare(0, pSel->pWin, pWin, 0)
+  if( pSel!=0
+   && (0==pSel->pWin || 0==sqlite3WindowCompare(0, pSel->pWin, pWin, 0))
   ){
     pWin->pNextWin = pSel->pWin;
     if( pSel->pWin ){
diff --git a/test/window1.test b/test/window1.test
index 7a41e7268d..ff2f86516b 100644
--- a/test/window1.test
+++ b/test/window1.test
@@ -1234,4 +1234,13 @@ do_catchsql_test 31.3 {
   );
 } {1 {frame ending offset must be a non-negative integer}}
 
+# 2019-11-16 chromium issue 1025467
+db close
+sqlite3 db :memory:
+do_catchsql_test 32.10 {
+  CREATE VIEW a AS SELECT NULL INTERSECT SELECT NULL ORDER BY s() OVER R;
+  CREATE TABLE a0 AS SELECT 0;
+  ALTER TABLE a0 RENAME TO S;
+} {1 {error in view a: 1st ORDER BY term does not match any column in the result set}}
+
 finish_test