Make sure an imbalance in the number of columns on a compound SELECT is

detected and reported as an error before it can cause an assertion fault
or array-bounds overflow in the code generator.
Oops: part of the fix for ticket #3015 got included with this
check-in by mistake. (CVS 4917)

FossilOrigin-Name: 50de87dc808820a70d3a99277f532e418a2f97e2

manifest

@@ -1,5 +1,5 @@
-C Modify\sthe\s{quote:\sIdxDelete}\sopcode\sso\sthat\sit\stakes\san\sarray\sof\sregisters\srather\r\nthan\sa\srecord\sformed\susing\s{quote:\sMakeRecord.}\s\sThis\savoids\sa\sneedless\spacking\r\nand\sunpacking\sof\sthe\srecord\sto\sbe\sdeleted.\s(CVS\s4916)
-D 2008-03-25T17:23:33
+C Make\ssure\san\simbalance\sin\sthe\snumber\sof\scolumns\son\sa\scompound\sSELECT\sis\r\ndetected\sand\sreported\sas\san\serror\sbefore\sit\scan\scause\san\sassertion\sfault\r\nor\sarray-bounds\soverflow\sin\sthe\scode\sgenerator.\r\nOops:\spart\sof\sthe\sfix\sfor\sticket\s#3015\sgot\sincluded\swith\sthis\r\ncheck-in\sby\smistake.\s(CVS\s4917)
+D 2008-03-26T12:46:24
 F Makefile.arm-wince-mingw32ce-gcc ac5f7b2cef0cd850d6f755ba6ee4ab961b1fadf7
 F Makefile.in cf434ce8ca902e69126ae0f94fc9f7dc7428a5fa
 F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654
@@ -135,12 +135,12 @@ F src/pragma.c 99cec6d99d0241436494aab15b05da97b0e70683
 F src/prepare.c 185fb47f1fb3e45a345d523eb391d673f5eb367c
 F src/printf.c 05d2b44d7b5b80c8a4a09108ddad9c20e254370d
 F src/random.c 2b2db2de4ab491f5a14d3480466f8f4b5a5db74a
-F src/select.c 831714d4f09f4b9f4be43d2399eff12dcf281c86
+F src/select.c 84f9392a7b39bae8351b19cde74d6806e2c51984
 F src/server.c 087b92a39d883e3fa113cae259d64e4c7438bc96
 F src/shell.c 22297fffa6f00a6c6d44020fa13b1184a1bb372d
 F src/sqlite.h.in 61d8d1cefcbf0803c03c2179be138a78bfd1d335
 F src/sqlite3ext.h faacd0e6a81aabee0861c6d7883c9172e74ef5b3
-F src/sqliteInt.h 50a9313829041721d34f20c8be4562c3197dcff9
+F src/sqliteInt.h db668a07004d53a47c5d570963842489c6c4c3f3
 F src/sqliteLimit.h eecbc288b410ae5565e71aaa4a439aae57bb0707
 F src/table.c 2c48c575dd59b3a6c5c306bc55f51a9402cf429a
 F src/tclsqlite.c 1367762764772a233643524c3585b4711a9adcda
@@ -423,7 +423,7 @@ F test/schema2.test 35e1c9696443d6694c8980c411497c2b5190d32e
 F test/select1.test 871df931cbbc0e78170605628e8b5fc60765e265
 F test/select2.test f3c2678c3a9f3cf08ec4988a3845bda64be6d9e3
 F test/select3.test 2ce595f8fb8e2ac10071d3b4e424cadd4634a054
-F test/select4.test ba1c276ce20376c3bfe682ad8233c0a63fac04c6
+F test/select4.test 7cc135c8343e6e433bdad185de6a720b112c40e7
 F test/select5.test 5ad14ea338aada2e6394ba98fa9aa40e3e50aec0
 F test/select6.test 399f14b9ba37b768afe5d2cd8c12e4f340a69db8
 F test/select7.test 7906735805cfbee4dddc0bed4c14e68d7f5f9c5f
@@ -617,7 +617,7 @@ F www/tclsqlite.tcl 8be95ee6dba05eabcd27a9d91331c803f2ce2130
 F www/vdbe.tcl 87a31ace769f20d3627a64fa1fade7fed47b90d0
 F www/version3.tcl 890248cf7b70e60c383b0e84d77d5132b3ead42b
 F www/whentouse.tcl fc46eae081251c3c181bd79c5faef8195d7991a5
-P 24c3ebc0c5c53c234516d16dce761d713fb29578
-R 66dfc33f9c0d1eba54064363b17cc27e
+P ee381b43563e1b0637ee74389d076dff77deddf9
+R f3e75355d329511babf6e18fb8f87503
 U drh
-Z 040d5190ae2e9926a42f3065a9864529
+Z bd0897ff66b66f3a439dad571ea8c95d

manifest.uuid

@@ -1 +1 @@
-ee381b43563e1b0637ee74389d076dff77deddf9
+50de87dc808820a70d3a99277f532e418a2f97e2

src/select.c

@@ -12,7 +12,7 @@
 ** This file contains C code routines that are called by the parser
 ** to handle SELECT statements in SQLite.
 **
-** $Id: select.c,v 1.419 2008/03/25 17:23:33 drh Exp $
+** $Id: select.c,v 1.420 2008/03/26 12:46:24 drh Exp $
 */
 #include "sqliteInt.h"
 
@@ -41,6 +41,7 @@ void sqlite3SelectDestInit(SelectDest *pDest, int eDest, int iParm){
   pDest->iParm = iParm;
   pDest->affinity = 0;
   pDest->iMem = 0;
+  pDest->nMem = 0;
 }
 
 
@@ -235,7 +236,8 @@ static void addWhereTerm(
   const Table *pTab2,      /* Second table */
   const char *zAlias2,     /* Alias for second table.  May be NULL */
   int iRightJoinTable,     /* VDBE cursor for the right table */
-  Expr **ppExpr            /* Add the equality term to this expression */
+  Expr **ppExpr,           /* Add the equality term to this expression */
+  int isOuterJoin          /* True if dealing with an OUTER join */
 ){
   Expr *pE1a, *pE1b, *pE1c;
   Expr *pE2a, *pE2b, *pE2c;
@@ -254,7 +256,7 @@ static void addWhereTerm(
   pE1c = sqlite3PExpr(pParse, TK_DOT, pE1b, pE1a, 0);
   pE2c = sqlite3PExpr(pParse, TK_DOT, pE2b, pE2a, 0);
   pE = sqlite3PExpr(pParse, TK_EQ, pE1c, pE2c, 0);
-  if( pE ){
+  if( pE && isOuterJoin ){
     ExprSetProperty(pE, EP_FromJoin);
     pE->iRightJoinTable = iRightJoinTable;
   }
@@ -322,8 +324,10 @@ static int sqliteProcessJoin(Parse *pParse, Select *p){
   for(i=0; i<pSrc->nSrc-1; i++, pRight++, pLeft++){
     Table *pLeftTab = pLeft->pTab;
     Table *pRightTab = pRight->pTab;
+    int isOuter;
 
     if( pLeftTab==0 || pRightTab==0 ) continue;
+    isOuter = (pRight->jointype & JT_OUTER)!=0;
 
     /* When the NATURAL keyword is present, add WHERE clause terms for
     ** every column that the two tables have in common.
@@ -339,7 +343,7 @@ static int sqliteProcessJoin(Parse *pParse, Select *p){
         if( columnIndex(pRightTab, zName)>=0 ){
           addWhereTerm(pParse, zName, pLeftTab, pLeft->zAlias, 
                               pRightTab, pRight->zAlias,
-                              pRight->iCursor, &p->pWhere);
+                              pRight->iCursor, &p->pWhere, isOuter);
           
         }
       }
@@ -357,7 +361,7 @@ static int sqliteProcessJoin(Parse *pParse, Select *p){
     ** an AND operator.
     */
     if( pRight->pOn ){
-      setJoinExpr(pRight->pOn, pRight->iCursor);
+      if( isOuter ) setJoinExpr(pRight->pOn, pRight->iCursor);
       p->pWhere = sqlite3ExprAnd(pParse->db, p->pWhere, pRight->pOn);
       pRight->pOn = 0;
     }
@@ -380,7 +384,7 @@ static int sqliteProcessJoin(Parse *pParse, Select *p){
         }
         addWhereTerm(pParse, zName, pLeftTab, pLeft->zAlias, 
                             pRightTab, pRight->zAlias,
-                            pRight->iCursor, &p->pWhere);
+                            pRight->iCursor, &p->pWhere, isOuter);
       }
     }
   }
@@ -543,6 +547,9 @@ static void selectInnerLoop(
   }
   if( pDest->iMem==0 ){
     pDest->iMem = sqlite3GetTempRange(pParse, nResultCol);
+    pDest->nMem = nResultCol;
+  }else if( pDest->nMem!=nResultCol ){
+    return;
   }
   regResult = pDest->iMem;
   if( nColumn>0 ){
@@ -2268,6 +2275,7 @@ static int multiSelect(
 
 multi_select_end:
   pDest->iMem = dest.iMem;
+  pDest->nMem = dest.nMem;
   return rc;
 }
 #endif /* SQLITE_OMIT_COMPOUND_SELECT */

src/sqliteInt.h

@@ -11,7 +11,7 @@
 *************************************************************************
 ** Internal interface definitions for SQLite.
 **
-** @(#) $Id: sqliteInt.h,v 1.680 2008/03/25 17:23:33 drh Exp $
+** @(#) $Id: sqliteInt.h,v 1.681 2008/03/26 12:46:24 drh Exp $
 */
 #ifndef _SQLITEINT_H_
 #define _SQLITEINT_H_
@@ -1423,6 +1423,7 @@ struct SelectDest {
   u8 affinity;      /* Affinity used when eDest==SRT_Set */
   int iParm;        /* A parameter used by the eDest disposal method */
   int iMem;         /* Base register where results are written */
+  int nMem;         /* Number of registers allocated */
 };
 
 /*

test/select4.test

@@ -12,7 +12,7 @@
 # focus of this file is testing UNION, INTERSECT and EXCEPT operators
 # in SELECT statements.
 #
-# $Id: select4.test,v 1.26 2008/01/16 18:20:42 danielk1977 Exp $
+# $Id: select4.test,v 1.27 2008/03/26 12:46:25 drh Exp $
 
 set testdir [file dirname $argv0]
 source $testdir/tester.tcl
@@ -662,11 +662,135 @@ do_test select4-10.8 {
   }
 } {}
 do_test select4-10.9 {
-breakpoint
   execsql {
     SELECT DISTINCT max(n), log FROM t1 ORDER BY +log; -- LIMIT 2 OFFSET 1
   }
 } {31 5}
 
+# Make sure compound SELECTs with wildly different numbers of columns
+# do not cause assertion faults due to register allocation issues.
+#
+do_test select4-11.1 {
+  catchsql {
+    SELECT x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x FROM t2
+    UNION
+    SELECT x FROM t2
+  }
+} {1 {SELECTs to the left and right of UNION do not have the same number of result columns}}
+do_test select4-11.2 {
+  catchsql {
+    SELECT x FROM t2
+    UNION
+    SELECT x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x FROM t2
+  }
+} {1 {SELECTs to the left and right of UNION do not have the same number of result columns}}
+do_test select4-11.3 {
+  catchsql {
+    SELECT x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x FROM t2
+    UNION ALL
+    SELECT x FROM t2
+  }
+} {1 {SELECTs to the left and right of UNION ALL do not have the same number of result columns}}
+do_test select4-11.4 {
+  catchsql {
+    SELECT x FROM t2
+    UNION ALL
+    SELECT x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x FROM t2
+  }
+} {1 {SELECTs to the left and right of UNION ALL do not have the same number of result columns}}
+do_test select4-11.5 {
+  catchsql {
+    SELECT x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x FROM t2
+    EXCEPT
+    SELECT x FROM t2
+  }
+} {1 {SELECTs to the left and right of EXCEPT do not have the same number of result columns}}
+do_test select4-11.6 {
+  catchsql {
+    SELECT x FROM t2
+    EXCEPT
+    SELECT x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x FROM t2
+  }
+} {1 {SELECTs to the left and right of EXCEPT do not have the same number of result columns}}
+do_test select4-11.7 {
+  catchsql {
+    SELECT x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x FROM t2
+    INTERSECT
+    SELECT x FROM t2
+  }
+} {1 {SELECTs to the left and right of INTERSECT do not have the same number of result columns}}
+do_test select4-11.8 {
+  catchsql {
+    SELECT x FROM t2
+    INTERSECT
+    SELECT x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x FROM t2
+  }
+} {1 {SELECTs to the left and right of INTERSECT do not have the same number of result columns}}
+
+do_test select4-11.11 {
+  catchsql {
+    SELECT x FROM t2
+    UNION
+    SELECT x FROM t2
+    UNION ALL
+    SELECT x FROM t2
+    EXCEPT
+    SELECT x FROM t2
+    INTERSECT
+    SELECT x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x FROM t2
+  }
+} {1 {SELECTs to the left and right of INTERSECT do not have the same number of result columns}}
+do_test select4-11.12 {
+  catchsql {
+    SELECT x FROM t2
+    UNION
+    SELECT x FROM t2
+    UNION ALL
+    SELECT x FROM t2
+    EXCEPT
+    SELECT x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x FROM t2
+    EXCEPT
+    SELECT x FROM t2
+  }
+} {1 {SELECTs to the left and right of EXCEPT do not have the same number of result columns}}
+do_test select4-11.13 {
+  catchsql {
+    SELECT x FROM t2
+    UNION
+    SELECT x FROM t2
+    UNION ALL
+    SELECT x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x FROM t2
+    UNION ALL
+    SELECT x FROM t2
+    EXCEPT
+    SELECT x FROM t2
+  }
+} {1 {SELECTs to the left and right of UNION ALL do not have the same number of result columns}}
+do_test select4-11.14 {
+  catchsql {
+    SELECT x FROM t2
+    UNION
+    SELECT x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x FROM t2
+    UNION
+    SELECT x FROM t2
+    UNION ALL
+    SELECT x FROM t2
+    EXCEPT
+    SELECT x FROM t2
+  }
+} {1 {SELECTs to the left and right of UNION do not have the same number of result columns}}
+do_test select4-11.15 {
+  catchsql {
+    SELECT x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x,x FROM t2
+    UNION
+    SELECT x FROM t2
+    INTERSECT
+    SELECT x FROM t2
+    UNION ALL
+    SELECT x FROM t2
+    EXCEPT
+    SELECT x FROM t2
+  }
+} {1 {SELECTs to the left and right of UNION do not have the same number of result columns}}
 
 finish_test