From 9d44327a83c28bcb743034e5761951e785d57a28 Mon Sep 17 00:00:00 2001
From: dan <dan@noemail.net>
Date: Thu, 23 Jul 2020 13:45:47 +0000
Subject: [PATCH 1/2] Fix another case where a corrupt record could cause an
 assert() to fail in fts3.

FossilOrigin-Name: 28515bbbae4fbc260457dea7a0f7414be1837d6db27fec5514f8da358bfc1f0c
---
 ext/fts3/fts3.c        |  3 ++-
 manifest               | 16 ++++++++--------
 manifest.uuid          |  2 +-
 test/fts3corrupt4.test | 15 +++++++++++++++
 4 files changed, 26 insertions(+), 10 deletions(-)

diff --git a/ext/fts3/fts3.c b/ext/fts3/fts3.c
index 892fc36d33..b4324448d2 100644
--- a/ext/fts3/fts3.c
+++ b/ext/fts3/fts3.c
@@ -5831,7 +5831,8 @@ static int fts3EvalGatherStats(
       fts3EvalRestart(pCsr, pRoot, &rc);
       do {
         fts3EvalNextRow(pCsr, pRoot, &rc);
-        assert( pRoot->bEof==0 );
+        assert_fts3_nc( pRoot->bEof==0 );
+        if( pRoot->bEof ) rc = FTS_CORRUPT_VTAB;
       }while( pRoot->iDocid!=iDocid && rc==SQLITE_OK );
     }
   }
diff --git a/manifest b/manifest
index e992b9f5b3..6c11c9c22c 100644
--- a/manifest
+++ b/manifest
@@ -1,13 +1,13 @@
 B 7a876209a678a34c198b54ceef9e3c041f128a14dc73357f6a57cadadaa6cf7b
-C Add\sthe\sability\sto\sdo\sa\sPRAGMA\sintegrity_check\s(or\squick_check)\son\sa\ssingle\ntable\sby\sspecifying\sthe\stable\sname\sas\sthe\sargument.
-D 2020-07-23T00:45:06.021
+C Fix\sanother\scase\swhere\sa\scorrupt\srecord\scould\scause\san\sassert()\sto\sfail\sin\sfts3.
+D 2020-07-23T13:45:47.044
 F Makefile.in 19374a5db06c3199ec1bab71ab74a103d8abf21053c05e9389255dc58083f806
 F Makefile.msc 48f5a3fc32672c09ad73795749f6253e406a31526935fbbffd8f021108d54574
 F autoconf/Makefile.am a8d1d24affe52ebf8d7ddcf91aa973fa0316618ab95bb68c87cabf8faf527dc8
 F configure a97f98dfff699495aef66ae3d9c424345778a663f583e0d6e7522670518f87c1 x
 F configure.ac 40d01e89cb325c28b33f5957e61fede0bd17da2b5e37d9b223a90c8a318e88d4
 F doc/lemon.html 1edc0f916e771212792d4d077aedc05168bf13fd65d64d41b2c13e46ac0063a8
-F ext/fts3/fts3.c b8ed676b377b1f7f07596aa6272ea623acf087f529a3007b75d1f4908919e6b9
+F ext/fts3/fts3.c a571f1edf85ef07e94ad716d581cdd9875df444dfcfa6f81f0ea818f98d45189
 F ext/fts3/fts3_write.c 723ed1b11ed46ad1b3a23c0d69fa39e77986783a82d5711bf87a5ce29e0a3b52
 F ext/fts5/fts5_index.c de14c9a30f45e2b847ff9284b14776d9d07961e545e8f1546a6aa3f915af721f
 F ext/fts5/test/fts5corrupt3.test 7afe0fea5b2160798fdc3306395048768c6fc13acefc0e7129d4075b6e1bb224
@@ -49,7 +49,7 @@ F test/corruptL.test 01cfda6b28f463d1713ac72a101e65549250568129ce5317ec6729729ec
 F test/decimal.test fcf403fd5585f47342234e153c4a4338cd737b8e0884ac66fc484df47dbcf1a7
 F test/filter1.test 6c483ecf7886c8843a8612c021aa23f33c581f584151f251842b3a3592c95ac8
 F test/fkey5.test 321fd41e8754389526b2b8e8769348dc9ff23a65d4d48b19c27df17459e82ec5
-F test/fts3corrupt4.test b77dcdfa207c11d7966e71837c518cb0639c78fd109dec89c65d45a3bfd36701
+F test/fts3corrupt4.test 0d67e831fd80f091324acbf53403873661ae2016525a8687136d468739638935
 F test/fts4upfrom.test 8df5acb6e10ad73f393d1add082b042ab1db72567888847d098152121e507b34
 F test/fuzzdata8.db 281cbc8166a8bc5843f4a913e803ba76e27905eb02fb9d5cfd581c2429f29855
 F test/gencol1.test b05e6c5edb9b10d48efb634ed07342441bddc89d225043e17095c36e567521a0
@@ -73,7 +73,7 @@ F tool/mksqlite3c.tcl f4ef476510eca4124c874a72029f1e01bc54a896b1724e8f9eef0d8bfa
 F tool/mksqlite3h.tcl 1f5e4a1dbbbc43c83cc6e74fe32c6c620502240b66c7c0f33a51378e78fc4edf
 F tool/showlocks.c 9cc5e66d4ebbf2d194f39db2527ece92077e86ae627ddd233ee48e16e8142564
 F tool/speed-check.sh 615cbdf50f1409ef3bbf9f682e396df80f49d97ed93ed3e61c8e91fae6afde58
-P 9679c0c61131f0e986551701a64191da0ee0f50880eaa57fe4bf520e3fecf634
-R 1540b60a9ff01915fb590422e39c4150
-U drh
-Z 065b95df3af5715cbd2d0f08f8a7d1a3
+P 65dd321432e8f80bc1cb11be8ca06656b41ac997a74a5eb271c797cf0fbb764e
+R f9a13ea428ee03cdd1b9a50a26aa3366
+U dan
+Z 5e6e488fc0c7fab53624bbe30255a98f
diff --git a/manifest.uuid b/manifest.uuid
index d2aa5d622e..906a0736a6 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-65dd321432e8f80bc1cb11be8ca06656b41ac997a74a5eb271c797cf0fbb764e
\ No newline at end of file
+28515bbbae4fbc260457dea7a0f7414be1837d6db27fec5514f8da358bfc1f0c
\ No newline at end of file
diff --git a/test/fts3corrupt4.test b/test/fts3corrupt4.test
index 90a7c7d4c2..749ed270cf 100644
--- a/test/fts3corrupt4.test
+++ b/test/fts3corrupt4.test
@@ -6282,4 +6282,19 @@ do_catchsql_test 46.2 {
 
 set sqlite_fts3_enable_parentheses $saved
 
+#-------------------------------------------------------------------------
+reset_db
+do_execsql_test 47.1 {
+  CREATE VIRTUAL TABLE t1 USING fts3(a,b,c);
+}
+do_execsql_test 47.2 {
+  INSERT INTO t1_segdir VALUES(0,0,0,0,0,X'000130120106000106000106001f030001030001030000083230313630363039090107000107000107000001340901050001050001050000013509010400010400010400010730303030303030091c0400010400010400000662696e6172793c0301020200030102020003010202000301020200030102020003010202000301020200030102020003010202000301020200030102020003010202000008636f6d70696c657209010200010200010200000664627374617409070300010300010300010465627567090402000102000102000006656e61626c653f07020001020001020001020001020001020001020001020001020001020001020001020001010001020001020001020001020001020001020001020001020001087874656e73696f6e091f0400010400010400000466747334090a0300010300010300030135090d03000103000103000003676363090103000103000103000106656f706f6c790910030001030001030000056a736f6e310913030001030001030000046c6f6164091f030001030001030000036d6178091c02000102000102000105656d6f7279091c03000103000103000304737973350916030001030001030000066e6f636173653c02010202000301020200030102020003010202000301020200030102020003010202000301020200030102020003010202000301020200030102020000046f6d6974091f020001020001020000057274726565091903000103000103000302696d3c01010202000301020200030102020003010202000301020200030102020003010202000301a202000301020200030102020003010202000301020200000a746872656164736166650922020001020001020000047674616209070400010400010400000178b401010101020001010102000101010200010101020001010102000101010200010101020001010102000101010200010101020001010102000101010200010101020001010102000101010200010101020001010102000101010200010101020001010102000101010200010101020001010102000101010200010101020001010102000101010200010101020001010102000101010200010101020001010102000101010200010101020001010102000101010200');
+  INSERT INTO t1_segdir VALUES(0,1,0,0,0,X'0001300425061b000008323031363036303903250700000134032505000001350325040001073030303030303003251a000008636f6d70696c657203250200000664627374617403250a00010465627567032508000006656e61626c650925090504040404040001087874656e73696f6e03251d0000046674733403250d0003013503250f000003676363032503000106656f706f6c790325110000056a736f6e310325130000046c6f616403251c0000036d6178032518000105656d6f7279032519000304737973350325150000046f6d697403251b000005727472656503251700000a7468726561647361666503251e0000047674616333250b00');
+}
+
+do_catchsql_test 47.3 {
+  SELECT matchinfo(t1) FROM t1 WHERE t1 MATCH '"json1 enable"';
+} {1 {database disk image is malformed}}
+
+
 finish_test

From 2add24c0d4b467edd0a449c90d305e46dfd6d7a6 Mon Sep 17 00:00:00 2001
From: drh <drh@noemail.net>
Date: Thu, 23 Jul 2020 14:12:47 +0000
Subject: [PATCH 2/2] An ORDER BY clause can slip into an SRT_Upfrom query via
 the query flattener, even without the SQLITE_ENABLE_UPDATE_DELETE_LIMIT
 compile-time option.  So always enable the code to deal with that case.

FossilOrigin-Name: 6a3111cd0693bb51191d55a32ecd436341638d54ecb2df0778de681b4969241b
---
 manifest      | 14 +++++++-------
 manifest.uuid |  2 +-
 src/select.c  |  7 +------
 3 files changed, 9 insertions(+), 14 deletions(-)

diff --git a/manifest b/manifest
index 6c11c9c22c..ed9f040748 100644
--- a/manifest
+++ b/manifest
@@ -1,6 +1,6 @@
 B 7a876209a678a34c198b54ceef9e3c041f128a14dc73357f6a57cadadaa6cf7b
-C Fix\sanother\scase\swhere\sa\scorrupt\srecord\scould\scause\san\sassert()\sto\sfail\sin\sfts3.
-D 2020-07-23T13:45:47.044
+C An\sORDER\sBY\sclause\scan\sslip\sinto\san\sSRT_Upfrom\squery\svia\sthe\squery\nflattener,\seven\swithout\sthe\sSQLITE_ENABLE_UPDATE_DELETE_LIMIT\scompile-time\noption.\s\sSo\salways\senable\sthe\scode\sto\sdeal\swith\sthat\scase.
+D 2020-07-23T14:12:47.461
 F Makefile.in 19374a5db06c3199ec1bab71ab74a103d8abf21053c05e9389255dc58083f806
 F Makefile.msc 48f5a3fc32672c09ad73795749f6253e406a31526935fbbffd8f021108d54574
 F autoconf/Makefile.am a8d1d24affe52ebf8d7ddcf91aa973fa0316618ab95bb68c87cabf8faf527dc8
@@ -29,7 +29,7 @@ F src/parse.y 5bdb760a29c0b25caf7e80e82210b81cd2ea3066d5199ca29e6eac40b34bc184
 F src/pragma.c d96ce48697d6a1d9b4fe9b1d624a62745488ecceaab702941d1c7b9f85ced8d5
 F src/pragma.h 8dc78ab7e9ec6ce3ded8332810a2066f1ef6267e2e03cd7356ee00276125c6cf
 F src/resolve.c 2dd6821aac2cd27de9fcf6aa6d1f8c41b4b5841c9bc58bf1c9109008009a3a2e
-F src/select.c 39c6b63d996f9a24b34d2ccf38f67a7283355056011c2bb1b135daed7a715cf5
+F src/select.c 860ee5f1a72e8d4bfa76f5115eb9ae6862be77561130192b7ec6a7e0d72aa3a8
 F src/shell.c.in 352a0a6399ccae40a30f72ea06f52f3791a062bde9b8929a97f345e1584ba310
 F src/sqliteInt.h e07f073568a07e6b96c99a08ec650e2dd88a3a3229dbaeb0ed09a5f1b215e405
 F src/test1.c fe56c4bcaa2685ca9aa25d817a0ee9345e189aff4a5a71a3d8ba946c7776feb8
@@ -73,7 +73,7 @@ F tool/mksqlite3c.tcl f4ef476510eca4124c874a72029f1e01bc54a896b1724e8f9eef0d8bfa
 F tool/mksqlite3h.tcl 1f5e4a1dbbbc43c83cc6e74fe32c6c620502240b66c7c0f33a51378e78fc4edf
 F tool/showlocks.c 9cc5e66d4ebbf2d194f39db2527ece92077e86ae627ddd233ee48e16e8142564
 F tool/speed-check.sh 615cbdf50f1409ef3bbf9f682e396df80f49d97ed93ed3e61c8e91fae6afde58
-P 65dd321432e8f80bc1cb11be8ca06656b41ac997a74a5eb271c797cf0fbb764e
-R f9a13ea428ee03cdd1b9a50a26aa3366
-U dan
-Z 5e6e488fc0c7fab53624bbe30255a98f
+P 28515bbbae4fbc260457dea7a0f7414be1837d6db27fec5514f8da358bfc1f0c
+R 796f4eb68aea986a8f73e6e51252aacd
+U drh
+Z c1de31883a1f8f457abd5c3040dd5d2f
diff --git a/manifest.uuid b/manifest.uuid
index 906a0736a6..44b233273c 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-28515bbbae4fbc260457dea7a0f7414be1837d6db27fec5514f8da358bfc1f0c
\ No newline at end of file
+6a3111cd0693bb51191d55a32ecd436341638d54ecb2df0778de681b4969241b
\ No newline at end of file
diff --git a/src/select.c b/src/select.c
index ebb764573e..763b254125 100644
--- a/src/select.c
+++ b/src/select.c
@@ -1129,13 +1129,10 @@ static void selectInnerLoop(
     }
 
     case SRT_Upfrom: {
-#ifdef SQLITE_ENABLE_UPDATE_DELETE_LIMIT
       if( pSort ){
         pushOntoSorter(
             pParse, pSort, p, regResult, regOrig, nResultCol, nPrefixReg);
-      }else
-#endif
-      {
+      }else{
         int i2 = pDest->iSDParm2;
         int r1 = sqlite3GetTempReg(pParse);
 
@@ -1587,7 +1584,6 @@ static void generateSortTail(
       break;
     }
 #endif
-#ifdef SQLITE_ENABLE_UPDATE_DELETE_LIMIT
     case SRT_Upfrom: {
       int i2 = pDest->iSDParm2;
       int r1 = sqlite3GetTempReg(pParse);
@@ -1599,7 +1595,6 @@ static void generateSortTail(
       }
       break;
     }
-#endif
     default: {
       assert( eDest==SRT_Output || eDest==SRT_Coroutine ); 
       testcase( eDest==SRT_Output );