Take care when checking the table of a TK_COLUMN expression node to see if the

table is a virtual table to first ensure that the Expr.y.pTab pointer is not
null due to generated column optimizations.  Ticket [4374860b29383380].

FossilOrigin-Name: 9d0d4ab95dc0c56e053c2924ed322a9ea7b25439e6f74599f706905a1994e454
This commit is contained in:
drh 2020-02-17 00:12:04 +00:00
parent ac9e184e1f
commit bf48ce49f7
5 changed files with 25 additions and 15 deletions

View File

@ -1,5 +1,5 @@
C Avoid\san\sinfinite\srecursion\son\san\sillegal\srecursive\sdefinition\sof\san\nfts5vocab\stable. C Take\scare\swhen\schecking\sthe\stable\sof\sa\sTK_COLUMN\sexpression\snode\sto\ssee\sif\sthe\ntable\sis\sa\svirtual\stable\sto\sfirst\sensure\sthat\sthe\sExpr.y.pTab\spointer\sis\snot\nnull\sdue\sto\sgenerated\scolumn\soptimizations.\s\sTicket\s[4374860b29383380].
D 2020-02-16T17:40:35.632 D 2020-02-17T00:12:04.817
F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724 F LICENSE.md df5091916dbb40e6e9686186587125e1b2ff51f022cc334e886c19a0e9982724
@ -483,7 +483,7 @@ F src/date.c 6c408fdd2e9ddf6e8431aba76315a2d061bea2cec8fbb75e25d7c1ba08274712
F src/dbpage.c 8a01e865bf8bc6d7b1844b4314443a6436c07c3efe1d488ed89e81719047833a F src/dbpage.c 8a01e865bf8bc6d7b1844b4314443a6436c07c3efe1d488ed89e81719047833a
F src/dbstat.c 0f55297469d4244ab7df395849e1af98eb5e95816af7c661e7d2d8402dea23da F src/dbstat.c 0f55297469d4244ab7df395849e1af98eb5e95816af7c661e7d2d8402dea23da
F src/delete.c 11000121c4281c0bce4e41db29addfaea0038eaa127ece02557c9207bc3e541d F src/delete.c 11000121c4281c0bce4e41db29addfaea0038eaa127ece02557c9207bc3e541d
F src/expr.c 6617ca8d4cc808b82348ae0c2844000b665de86aacc60fa0524f1b29b1918921 F src/expr.c af70e9a131624dac1c482dd6ed4f73df24a905987447ec8f70a17c7ee55dd2d7
F src/fault.c 460f3e55994363812d9d60844b2a6de88826e007 F src/fault.c 460f3e55994363812d9d60844b2a6de88826e007
F src/fkey.c 4b575423b0a5d4898b1a7868ce985cf1a8ad91c741c9abbb108ff02536d20f41 F src/fkey.c 4b575423b0a5d4898b1a7868ce985cf1a8ad91c741c9abbb108ff02536d20f41
F src/func.c 108577cebe8a50c86d849a93b99493a54e348dd0b846f00d13b52ca973d5baf4 F src/func.c 108577cebe8a50c86d849a93b99493a54e348dd0b846f00d13b52ca973d5baf4
@ -536,7 +536,7 @@ F src/shell.c.in c2e20c43a44fb5588a6c27ce60589538fbf4794fd7686f5b2598eca22eaae1f
F src/sqlite.h.in 0d9ef312509cb7c8445f4dc25fedfe103c147668a78a36a607a1064f1e0612a4 F src/sqlite.h.in 0d9ef312509cb7c8445f4dc25fedfe103c147668a78a36a607a1064f1e0612a4
F src/sqlite3.rc 5121c9e10c3964d5755191c80dd1180c122fc3a8 F src/sqlite3.rc 5121c9e10c3964d5755191c80dd1180c122fc3a8
F src/sqlite3ext.h 27951f294f29cd875c6027f2707d644ef99f469bd97514568b5a8581a114db8c F src/sqlite3ext.h 27951f294f29cd875c6027f2707d644ef99f469bd97514568b5a8581a114db8c
F src/sqliteInt.h f5011c0f42a7f2d943ebc13819efb41f48c7730e5ad0111a52340e71c08d7383 F src/sqliteInt.h a8979f41b823f4bc8ee0c446f5a9190074a14570fd4022194a7299c453f3c00c
F src/sqliteLimit.h 95cb8479ca459496d9c1c6a9f76b38aee12203a56ce1092fe13e50ae2454c032 F src/sqliteLimit.h 95cb8479ca459496d9c1c6a9f76b38aee12203a56ce1092fe13e50ae2454c032
F src/status.c 9ff2210207c6c3b4d9631a8241a7d45ab1b26a0e9c84cb07a9b5ce2de9a3b278 F src/status.c 9ff2210207c6c3b4d9631a8241a7d45ab1b26a0e9c84cb07a9b5ce2de9a3b278
F src/table.c b46ad567748f24a326d9de40e5b9659f96ffff34 F src/table.c b46ad567748f24a326d9de40e5b9659f96ffff34
@ -620,7 +620,7 @@ F src/walker.c a137468bf36c92e64d2275caa80c83902e3a0fc59273591b96c6416d3253d05d
F src/where.c cbad14f1d8e11b9f052e937274315c7c17266a89eda408c86084ee894debb7d5 F src/where.c cbad14f1d8e11b9f052e937274315c7c17266a89eda408c86084ee894debb7d5
F src/whereInt.h 9157228db086f436a574589f8cc5749bd971e94017c552305ad9ec472ed2e098 F src/whereInt.h 9157228db086f436a574589f8cc5749bd971e94017c552305ad9ec472ed2e098
F src/wherecode.c f5df56e395ade2240cabb2d39500c681bd29f8cc0636c3301c4996ad160df94d F src/wherecode.c f5df56e395ade2240cabb2d39500c681bd29f8cc0636c3301c4996ad160df94d
F src/whereexpr.c 4b34be1434183e7bb8a05d4bf42bd53ea53021b0b060936fbd12062b4ff6b396 F src/whereexpr.c 512b6d4b0c5710d45ec4efeec19523c457b86d47bb9f02e582d2ee47b423aa2e
F src/window.c f8ba2ee12a19b51d3ba42c16277c74185ee9215306bc0d5a03974ade8b5bc98f F src/window.c f8ba2ee12a19b51d3ba42c16277c74185ee9215306bc0d5a03974ade8b5bc98f
F test/8_3_names.test ebbb5cd36741350040fd28b432ceadf495be25b2 F test/8_3_names.test ebbb5cd36741350040fd28b432ceadf495be25b2
F test/affinity2.test ce1aafc86e110685b324e9a763eab4f2a73f737842ec3b687bd965867de90627 F test/affinity2.test ce1aafc86e110685b324e9a763eab4f2a73f737842ec3b687bd965867de90627
@ -1858,7 +1858,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
P c9a8defcef35a1fee6bcbb88252a2d0076dabe8381b0128b2257b5b5cc494e0f P 109ee07433b274a39954cef62bf67d47bcda960df9bef56127210ebf1c3c104c
R 0101ab02a39ed4688807aaed2ccc70ad R 6f9ad25842fa66c90901a82d5cd39115
U drh U drh
Z 56b3b85f6cc480b092cb7b99dbf6bceb Z 68fbba6154ce295a8c685f40a10cb886

View File

@ -1 +1 @@
109ee07433b274a39954cef62bf67d47bcda960df9bef56127210ebf1c3c104c 9d0d4ab95dc0c56e053c2924ed322a9ea7b25439e6f74599f706905a1994e454

View File

@ -2244,6 +2244,15 @@ int sqlite3ExprIsInteger(Expr *p, int *pValue){
return rc; return rc;
} }
/*
** Return true if p is a Column node that references a virtual table.
*/
int sqlite3ExprIsVtabRef(Expr *p){
if( p->op!=TK_COLUMN ) return 0;
if( p->y.pTab==0 ) return 0;
return IsVirtual(p->y.pTab);
}
/* /*
** Return FALSE if there is no chance that the expression can be NULL. ** Return FALSE if there is no chance that the expression can be NULL.
** **
@ -5479,8 +5488,8 @@ static int impliesNotNullRow(Walker *pWalker, Expr *pExpr){
testcase( pExpr->op==TK_LE ); testcase( pExpr->op==TK_LE );
testcase( pExpr->op==TK_GT ); testcase( pExpr->op==TK_GT );
testcase( pExpr->op==TK_GE ); testcase( pExpr->op==TK_GE );
if( (pExpr->pLeft->op==TK_COLUMN && IsVirtual(pExpr->pLeft->y.pTab)) if( sqlite3ExprIsVtabRef(pExpr->pLeft)
|| (pExpr->pRight->op==TK_COLUMN && IsVirtual(pExpr->pRight->y.pTab)) || sqlite3ExprIsVtabRef(pExpr->pRight)
){ ){
return WRC_Prune; return WRC_Prune;
} }

View File

@ -4278,6 +4278,7 @@ int sqlite3ExprIsTableConstant(Expr*,int);
int sqlite3ExprContainsSubquery(Expr*); int sqlite3ExprContainsSubquery(Expr*);
#endif #endif
int sqlite3ExprIsInteger(Expr*, int*); int sqlite3ExprIsInteger(Expr*, int*);
int sqlite3ExprIsVtabRef(Expr*);
int sqlite3ExprCanBeNull(const Expr*); int sqlite3ExprCanBeNull(const Expr*);
int sqlite3ExprNeedsNoAffinityChange(const Expr*, char); int sqlite3ExprNeedsNoAffinityChange(const Expr*, char);
int sqlite3IsRowid(const char*); int sqlite3IsRowid(const char*);

View File

@ -377,7 +377,7 @@ static int isAuxiliaryVtabOperator(
** MATCH(expression,vtab_column) ** MATCH(expression,vtab_column)
*/ */
pCol = pList->a[1].pExpr; pCol = pList->a[1].pExpr;
if( pCol->op==TK_COLUMN && IsVirtual(pCol->y.pTab) ){ if( sqlite3ExprIsVtabRef(pCol) ){
for(i=0; i<ArraySize(aOp); i++){ for(i=0; i<ArraySize(aOp); i++){
if( sqlite3StrICmp(pExpr->u.zToken, aOp[i].zOp)==0 ){ if( sqlite3StrICmp(pExpr->u.zToken, aOp[i].zOp)==0 ){
*peOp2 = aOp[i].eOp2; *peOp2 = aOp[i].eOp2;
@ -399,7 +399,7 @@ static int isAuxiliaryVtabOperator(
** with function names in an arbitrary case. ** with function names in an arbitrary case.
*/ */
pCol = pList->a[0].pExpr; pCol = pList->a[0].pExpr;
if( pCol->op==TK_COLUMN && IsVirtual(pCol->y.pTab) ){ if( sqlite3ExprIsVtabRef(pCol) ){
sqlite3_vtab *pVtab; sqlite3_vtab *pVtab;
sqlite3_module *pMod; sqlite3_module *pMod;
void (*xNotUsed)(sqlite3_context*,int,sqlite3_value**); void (*xNotUsed)(sqlite3_context*,int,sqlite3_value**);
@ -422,10 +422,10 @@ static int isAuxiliaryVtabOperator(
int res = 0; int res = 0;
Expr *pLeft = pExpr->pLeft; Expr *pLeft = pExpr->pLeft;
Expr *pRight = pExpr->pRight; Expr *pRight = pExpr->pRight;
if( pLeft->op==TK_COLUMN && IsVirtual(pLeft->y.pTab) ){ if( sqlite3ExprIsVtabRef(pLeft) ){
res++; res++;
} }
if( pRight && pRight->op==TK_COLUMN && IsVirtual(pRight->y.pTab) ){ if( pRight && sqlite3ExprIsVtabRef(pRight) ){
res++; res++;
SWAP(Expr*, pLeft, pRight); SWAP(Expr*, pLeft, pRight);
} }