Fix a bug in the new WHERE-clause processing that tries to use an

index to resolve IS NOT NULL constraints when SQLITE_ENABLE_STAT2 is
defined.  The bug could cause memory overruns and segfaults.  The bug
was new to the code and has not appeared in an official release.
Found during structural testing.

FossilOrigin-Name: a5c36b9f39ab9629b857ec9c550f3892c0d94fb4

manifest

@@ -1,8 +1,8 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
-C Allow\san\sindex\spaired\swith\sa\sNOT\sNULL\sconstraint\sto\sbe\sused\sfor\ssorting\nunder\sthe\scondition\sthat\sthe\sindex\sbe\streated\sas\sa\snon-unique\sindex.
-D 2011-02-11T03:56:11.449
+C Fix\sa\sbug\sin\sthe\snew\sWHERE-clause\sprocessing\sthat\stries\sto\suse\san\nindex\sto\sresolve\sIS\sNOT\sNULL\sconstraints\swhen\sSQLITE_ENABLE_STAT2\sis\ndefined.\s\sThe\sbug\scould\scause\smemory\soverruns\sand\ssegfaults.\s\sThe\sbug\nwas\snew\sto\sthe\scode\sand\shas\snot\sappeared\sin\san\sofficial\srelease.\nFound\sduring\sstructural\stesting.
+D 2011-02-11T06:59:02.077
 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
 F Makefile.in 27701a1653595a1f2187dc61c8117e00a6c1d50f
 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
@@ -244,7 +244,7 @@ F src/vtab.c b297e8fa656ab5e66244ab15680d68db0adbec30
 F src/wal.c aca10a60655e103fc8630a75345000f43c6d47ca
 F src/wal.h 7a5fbb00114b7f2cd40c7e1003d4c41ce9d26840
 F src/walker.c 3112bb3afe1d85dc52317cb1d752055e9a781f8f
-F src/where.c 96d634b85310cfcfe89f004aa8525b57d8898315
+F src/where.c 9c140acd52f4526983cba7203e6a5bb0ccadb5fb
 F test/aggerror.test a867e273ef9e3d7919f03ef4f0e8c0d2767944f2
 F test/alias.test 4529fbc152f190268a15f9384a5651bbbabc9d87
 F test/all.test 51756962d522e474338e9b2ebb26e7364d4aa125
@@ -909,14 +909,14 @@ F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff
 F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224
 F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e
 F tool/vdbe-compress.tcl d70ea6d8a19e3571d7ab8c9b75cba86d1173ff0f
-P 5ecd11788269e78dc26639b2503a10b7e25b2483
-R efe2bc1def692179832d1c52a5f44bf5
+P d78949fc93077e1aa7f05cf9f7e947727939cc96
+R 8bf997eb58840da6ea5fc0460a5915e4
 U drh
-Z 7fabc9263a982330a71ce326ddcb4d5b
+Z ecfd6670d90bd69fb37c6fe27914ad94
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.6 (GNU/Linux)
 
-iD8DBQFNVLNeoxKgR168RlERAnOpAKCHCIoShZYXHuUaFypK9VIeAKx74QCfeuXj
-wxJDR+7h4QKi3fBF3WRZCW4=
-=fdWc
+iD8DBQFNVN45oxKgR168RlERAvEcAKCKMMGQphlQ+Hn4oqkHISuiniFSUwCfWmNB
+RyNIDwf8qVSXpFcCAhKBw4Q=
+=C6OR
 -----END PGP SIGNATURE-----

manifest.uuid

@@ -1 +1 @@
-d78949fc93077e1aa7f05cf9f7e947727939cc96
+a5c36b9f39ab9629b857ec9c550f3892c0d94fb4

src/where.c

@@ -1354,16 +1354,18 @@ static void exprAnalyze(
 
     idxNew = whereClauseInsert(pWC, pNewExpr,
                               TERM_VIRTUAL|TERM_DYNAMIC|TERM_VNULL);
-    testcase( idxNew==0 );
-    pNewTerm = &pWC->a[idxNew];
-    pNewTerm->leftCursor = pLeft->iTable;
-    pNewTerm->u.leftColumn = pLeft->iColumn;
-    pNewTerm->eOperator = WO_GT;
-    pNewTerm->iParent = idxTerm;
-    pTerm = &pWC->a[idxTerm];
-    pTerm->nChild = 1;
-    pTerm->wtFlags |= TERM_COPIED;
-    pNewTerm->prereqAll = pTerm->prereqAll;
+    if( idxNew ){
+      pNewTerm = &pWC->a[idxNew];
+      pNewTerm->prereqRight = 0;
+      pNewTerm->leftCursor = pLeft->iTable;
+      pNewTerm->u.leftColumn = pLeft->iColumn;
+      pNewTerm->eOperator = WO_GT;
+      pNewTerm->iParent = idxTerm;
+      pTerm = &pWC->a[idxTerm];
+      pTerm->nChild = 1;
+      pTerm->wtFlags |= TERM_COPIED;
+      pNewTerm->prereqAll = pTerm->prereqAll;
+    }
   }
 #endif /* SQLITE_ENABLE_STAT2 */