Do not allow the subtype of a value to cross a subquery boundary. This

fixes the problem identified by [forum:/forumpost/3d9caa45cbe38c78|forum post 3d9caa45cbe38c78]. FossilOrigin-Name: bbaf1f2eb1e1637b356ed7ab1d1cf5bbc8e1fe3bb2fb46a8f37de091726f38af
2022-06-09 20:26:06 +00:00 · 2022-06-09 20:26:06 +00:00 · 65458dc146
parent 0483668007 e5dea28482
commit 65458dc146
6 changed files with 77 additions and 12 deletions
--- a/19
+++ b/19
@ -1,5 +1,5 @@
-C Move\san\s#ifdef\sin\sshell.c\sto\savoid\sa\sharmless\s"unused\sfunction"\s\ncompiler\swarning.
-D 2022-06-08T18:29:23.637
+C Do\snot\sallow\sthe\ssubtype\sof\sa\svalue\sto\scross\sa\ssubquery\sboundary.\s\sThis\nfixes\sthe\sproblem\sidentified\sby\n[forum:/forumpost/3d9caa45cbe38c78|forum\spost\s3d9caa45cbe38c78].
+D 2022-06-09T20:26:06.297
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@ -521,7 +521,7 @@ F src/date.c 15082566229d4b1e5f24fdb490bf9bcc68824b911d70e3573ef075a1b9e2d26f
 F src/dbpage.c 90661a87e1db8bfbc8d2ebbdcd3749651ddb287c555c07a28fb17c7c591ffb68
 F src/dbstat.c 861e08690fcb0f2ee1165eff0060ea8d4f3e2ea10f80dab7d32ad70443a6ff2d
 F src/delete.c a8e844af211a48b13b5b358be77a12c860c6a557c21990ad51a548e2536500ce
-F src/expr.c 69c833a8faa081f1a97c17cc40db15fd5295647b4885fa5d3efe93a46fc21a3b
+F src/expr.c 4907afcb86d72b5525d8767515ce425ec53c7a2d3664441b46cef5b376ee0cba
 F src/fault.c 460f3e55994363812d9d60844b2a6de88826e007
 F src/fkey.c d965ede15d8360c09ed59348940649ee647b192e784466837d7aefa836d1d91e
 F src/func.c 8f72e88cccdee22185133c10f96ccd61dc34c5ea4b1fa9a73c237ef59b2e64f1
@ -642,7 +642,7 @@ F src/upsert.c 8789047a8f0a601ea42fa0256d1ba3190c13746b6ba940fe2d25643a7e991937
 F src/utf.c ee39565f0843775cc2c81135751ddd93eceb91a673ea2c57f61c76f288b041a0
 F src/util.c 602fe229f32a96ceccae4f40824129669582096f7c355f53dbac156c9fecef23
 F src/vacuum.c bb346170b0b54c6683bba4a5983aea40485597fdf605c87ec8bc2e199fe88cd8
-F src/vdbe.c d4c46579b471421bda8403fb0f1c7e7eaa6522653e4f06b2591a33c0ac8f77ac
+F src/vdbe.c 388ced8d8c8724f8c1e9395b0727c628d7b9b813dfcb4fc67a67c56e46896be2
 F src/vdbe.h 07641758ca8b4f4c6d81ea667ea167c541e6ece21f5574da11e3d21ec37e2662
 F src/vdbeInt.h ef43f7fdc5fde29fc3fd29c506c12830f366178fdb4edbbf0cbc3dfbd1278b5f
 F src/vdbeapi.c 354c893f1500cf524cc45c32879b9c68893a28b77e3442c24668d6afe4236217
@ -657,7 +657,7 @@ F src/vxworks.h d2988f4e5a61a4dfe82c6524dd3d6e4f2ce3cdb9
 F src/wal.c b9df133a705093da8977da5eb202eaadb844839f1c7297c08d33471f5491843d
 F src/wal.h c3aa7825bfa2fe0d85bef2db94655f99870a285778baa36307c0a16da32b226a
 F src/walker.c f890a3298418d7cba3b69b8803594fdc484ea241206a8dfa99db6dd36f8cbb3b
-F src/where.c 7da9e0c1275fb3f180beb0d63551ea4d246e028908809bbbcd7f56005872d1bd
+F src/where.c 7a5c084800eab6ed9006bccd5d3116a7a6a998c56c525b22f62f131b3b133189
 F src/whereInt.h b48ca529ffe293c18cbfa8326af18a09e39910de66fb3e96ef788c7cbf8ef3a7
 F src/wherecode.c 0b09abfcb88c61c6a6984a3e065786631ff35495e9bdf865e6b74ab0a1299c5b
 F src/whereexpr.c 20255cf03e0b765b742301197d165511ff99e95da0d7ee9c8a2ebc1e888dd049
@ -1479,7 +1479,7 @@ F test/subquery.test 3a1a5b600b8d4f504d2a2c61f33db820983dba94a0ef3e4aedca8f0165e
 F test/subquery2.test 90cf944b9de8204569cf656028391e4af1ccc8c0cc02d4ef38ee3be8de1ffb12
 F test/subselect.test 0966aa8e720224dbd6a5e769a3ec2a723e332303
 F test/substr.test a673e3763e247e9b5e497a6cacbaf3da2bd8ec8921c0677145c109f2e633f36b
-F test/subtype1.test 7fe09496352f97053af1437150751be2d0a0cae8
+F test/subtype1.test 45c85632abd38f7ea9b33f17448d966d67550f552e0822bab74576814d0d1718
 F test/superlock.test ec94f0556b6488d97f71c79f9061ae08d9ab8f12
 F test/swarmvtab.test 250231404fcac88f61a6c147bb0e3a118ed879278cd3ccb0ae2d3a729e1e8e26
 F test/swarmvtab2.test c948cb2fdfc5b01d85e8f6d6504854202dc1a0782ab2a0ed61538f27cbd0aa5c
@ -1976,8 +1976,9 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 09c8f9f1970cd5b369d98a2b38f0b04d44ed095cb0bda80f7968bb6be4e0263b
-R 1dfc7c7d24e49c7701ee2b2304893786
+P 5abb5ef500f52c52dac33e54d824cf89481fec1643c27943f34f0ca4560a7e00 9e51a6c0fbfb1899b2b01888430125fba6d4da9bad9eeaa3ad41e29fca54bbe5
+R c35df4ec51cfa3b0337adabea0f5033f
+T +closed 9e51a6c0fbfb1899b2b01888430125fba6d4da9bad9eeaa3ad41e29fca54bbe5
 U drh
-Z ac5a8d59f2f998b129bdd56d29189077
+Z 82d5ec3076328af16c21723acf89deff
 # Remove this line to create a well-formed Fossil manifest.
--- a/manifest.uuid
+++ b/manifest.uuid
@ -1 +1 @@
-5abb5ef500f52c52dac33e54d824cf89481fec1643c27943f34f0ca4560a7e00
+bbaf1f2eb1e1637b356ed7ab1d1cf5bbc8e1fe3bb2fb46a8f37de091726f38af
--- a/src/expr.c
+++ b/src/expr.c
@ -4577,8 +4577,24 @@ expr_code_doover:
      exprCodeBetween(pParse, pExpr, target, 0, 0);
      return target;
    }
+    case TK_COLLATE: {
+      if( !ExprHasProperty(pExpr, EP_Collate)
+       && ALWAYS(pExpr->pLeft)
+       && pExpr->pLeft->op==TK_FUNCTION
+      ){
+        inReg = sqlite3ExprCodeTarget(pParse, pExpr->pLeft, target);
+        if( inReg!=target ){
+          sqlite3VdbeAddOp2(v, OP_SCopy, inReg, target);
+          inReg = target;
+        }
+        sqlite3VdbeAddOp1(v, OP_ClrSubtype, inReg);
+        return inReg;
+      }else{
+        pExpr = pExpr->pLeft;
+        goto expr_code_doover; /* 2018-04-28: Prevent deep recursion. */
+      }
+    }
    case TK_SPAN:
-    case TK_COLLATE: 
    case TK_UPLUS: {
      pExpr = pExpr->pLeft;
      goto expr_code_doover; /* 2018-04-28: Prevent deep recursion. OSSFuzz. */
--- a/src/vdbe.c
+++ b/src/vdbe.c
@ -1479,11 +1479,16 @@ case OP_Move: {
  break;
 }

-/* Opcode: Copy P1 P2 P3 * *
+/* Opcode: Copy P1 P2 P3 * P5
 ** Synopsis: r[P2@P3+1]=r[P1@P3+1]
 **
 ** Make a copy of registers P1..P1+P3 into registers P2..P2+P3.
 **
+** If the 0x0002 bit of P5 is set then also clear the MEM_Subtype flag in the
+** destination.  The 0x0001 bit of P5 indicates that this Copy opcode cannot
+** be merged.  The 0x0001 bit is used by the query planner and does not
+** come into play during query execution.
+**
 ** This instruction makes a deep copy of the value.  A duplicate
 ** is made of any string or blob constant.  See also OP_SCopy.
 */
@ -1498,6 +1503,9 @@ case OP_Copy: {
    memAboutToChange(p, pOut);
    sqlite3VdbeMemShallowCopy(pOut, pIn1, MEM_Ephem);
    Deephemeralize(pOut);
+    if( (pOut->flags & MEM_Subtype)!=0 &&  (pOp->p5 & 0x0002)!=0 ){
+      pOut->flags &= ~MEM_Subtype;
+    }
 #ifdef SQLITE_DEBUG
    pOut->pScopyFrom = 0;
 #endif
@ -8306,6 +8314,17 @@ case OP_Function: {            /* group */
  break;
 }

+/* Opcode: ClrSubtype P1 * * * *
+** Synopsis:  r[P1].subtype = 0
+**
+** Clear the subtype from register P1.
+*/
+case OP_ClrSubtype: {   /* in1 */
+  pIn1 = &aMem[pOp->p1];
+  pIn1->flags &= ~MEM_Subtype;
+  break;
+}
+
 /* Opcode: FilterAdd P1 * P3 P4 *
 ** Synopsis: filter(P1) += key(P3@P4)
 **
--- a/src/where.c
+++ b/src/where.c
@ -682,6 +682,7 @@ static void translateColumnToCopy(
      pOp->p1 = pOp->p2 + iRegister;
      pOp->p2 = pOp->p3;
      pOp->p3 = 0;
+      pOp->p5 = 2;  /* Cause the MEM_Subtype flag to be cleared */
    }else if( pOp->opcode==OP_Rowid ){
      pOp->opcode = OP_Sequence;
      pOp->p1 = iAutoidxCur;
--- a/test/subtype1.test
+++ b/test/subtype1.test
@ -28,4 +28,32 @@ do_execsql_test subtype1-130 {
  SELECT test_setsubtype('hello',123);
 } {hello}

+# 2022-06-09
+# https://sqlite.org/forum/forumpost/3d9caa45cbe38c78
+#
+# Avoid carrying subtypes through into a subquery that has been flattened
+# or to which the outer WHERE clause has been pushed down.
+#
+reset_db
+do_execsql_test subtype1-200 {
+  CREATE TABLE t1(a); INSERT INTO t1 VALUES ('x');
+  CREATE VIEW t2(b) AS SELECT json(TRUE);
+  CREATE TABLE t3(b); INSERT INTO t3 VALUES(json(TRUE));
+}
+do_execsql_test subtype1-210 {
+  SELECT * FROM t3, t1 WHERE NOT json_quote(b);
+} {1 x}
+do_execsql_test subtype1-220 {
+  SELECT * FROM t2, t1 WHERE NOT json_quote(b);
+} {1 x}
+do_execsql_test subtype1-230 {
+  WITH t4(a) AS MATERIALIZED (SELECT json(1)) SELECT subtype(a) FROM t4;
+} {0}
+do_execsql_test subtype1-231 {
+  WITH t4(a) AS NOT MATERIALIZED (SELECT json(1)) SELECT subtype(a) FROM t4;
+} {0}
+
+
+
+
 finish_test