/ Check-in [2b690dbd]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix another problem found by Matthew Denton's new fuzzer.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256:2b690dbdffe144bd69ca0aa291c230faf3d9d73f7a2985d50f016fe54003f9a9
User & Date: drh 2018-12-12 21:34:17
Context
2018-12-13
12:28
Fix the Makefile so that it honors CFLAGS when building sessionfuzz. check-in: 54231ac4 user: drh tags: trunk
03:36
New database corruption test cases discovered by dbfuzz2. The new cases have been added to test/fuzzdata7.db, but have not yet all been fixed, so tests will not currently pass. check-in: b4210d32 user: drh tags: dbfuzz2-cases
2018-12-12
21:34
Fix another problem found by Matthew Denton's new fuzzer. check-in: 2b690dbd user: drh tags: trunk
20:11
Remove an ALWAYS() from a branch that is not always taken. The test case found by OSSFuzz has been added to TH3. check-in: 5c7dab85 user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/expr.c.

137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
...
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
CollSeq *sqlite3ExprCollSeq(Parse *pParse, Expr *pExpr){
  sqlite3 *db = pParse->db;
  CollSeq *pColl = 0;
  Expr *p = pExpr;
  while( p ){
    int op = p->op;
    if( p->flags & EP_Generic ) break;
    if( (op==TK_AGG_COLUMN || op==TK_COLUMN
          || op==TK_REGISTER || op==TK_TRIGGER)
     && p->y.pTab!=0
    ){
      /* op==TK_REGISTER && p->y.pTab!=0 happens when pExpr was originally
      ** a TK_COLUMN but was previously evaluated and cached in a register */
      int j = p->iColumn;
      if( j>=0 ){
        const char *zColl = p->y.pTab->aCol[j].zColl;
................................................................................
      }
      break;
    }
    if( op==TK_CAST || op==TK_UPLUS ){
      p = p->pLeft;
      continue;
    }
    if( op==TK_COLLATE || (op==TK_REGISTER && p->op2==TK_COLLATE) ){
      pColl = sqlite3GetCollSeq(pParse, ENC(db), 0, p->u.zToken);
      break;
    }
    if( p->flags & EP_Collate ){
      if( p->pLeft && (p->pLeft->flags & EP_Collate)!=0 ){
        p = p->pLeft;
      }else{







|
|







 







|







137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
...
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
CollSeq *sqlite3ExprCollSeq(Parse *pParse, Expr *pExpr){
  sqlite3 *db = pParse->db;
  CollSeq *pColl = 0;
  Expr *p = pExpr;
  while( p ){
    int op = p->op;
    if( p->flags & EP_Generic ) break;
    if( op==TK_REGISTER ) op = p->op2;
    if( (op==TK_AGG_COLUMN || op==TK_COLUMN || op==TK_TRIGGER)
     && p->y.pTab!=0
    ){
      /* op==TK_REGISTER && p->y.pTab!=0 happens when pExpr was originally
      ** a TK_COLUMN but was previously evaluated and cached in a register */
      int j = p->iColumn;
      if( j>=0 ){
        const char *zColl = p->y.pTab->aCol[j].zColl;
................................................................................
      }
      break;
    }
    if( op==TK_CAST || op==TK_UPLUS ){
      p = p->pLeft;
      continue;
    }
    if( op==TK_COLLATE ){
      pColl = sqlite3GetCollSeq(pParse, ENC(db), 0, p->u.zToken);
      break;
    }
    if( p->flags & EP_Collate ){
      if( p->pLeft && (p->pLeft->flags & EP_Collate)!=0 ){
        p = p->pLeft;
      }else{

Added test/fuzz4.test.





































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
# 2018-12-12
#
# The author disclaims copyright to this source code.  In place of
# a legal notice, here is a blessing:
#
#    May you do good and not evil.
#    May you find forgiveness for yourself and forgive others.
#    May you share freely, never taking more than you give.
#
#***********************************************************************
# 
# Test cases found by Matthew Denton's fuzzer at Chrome.
#


set testdir [file dirname $argv0]
source $testdir/tester.tcl

do_execsql_test fuzz4-100 {
  CREATE TABLE Table0 (Col0  NOT NULL DEFAULT (CURRENT_TIME IS 1 > 1));
  INSERT OR REPLACE INTO Table0 DEFAULT VALUES ;
  SELECT * FROM Table0;
} {0}

do_execsql_test fuzz4-110 {
  CREATE TABLE Table1(
    Col0 TEXT DEFAULT (CASE WHEN 1 IS 3530822107858468864 
                            THEN 1 ELSE quote(1) IS 3530822107858468864 END)
  );
  INSERT INTO Table1 DEFAULT VALUES;
  SELECT * FROM Table1;
} {0}

do_execsql_test fuzz4-200 {
  CREATE TABLE Table2a(
     Col0  NOT NULL   DEFAULT (CURRENT_TIME IS 1  IS NOT 1  > 1)
  );
  INSERT OR REPLACE INTO Table2a DEFAULT VALUES;
  SELECT * FROM Table2a;
} {0}

do_execsql_test fuzz4-210 {
  CREATE TABLE Table2b (Col0  NOT NULL  DEFAULT (CURRENT_TIME  IS NOT FALSE)) ;
  INSERT OR REPLACE INTO Table2b DEFAULT VALUES ;
  SELECT * FROM Table2b;
} {1}

do_execsql_test fuzz4-300 {
  CREATE TABLE Table3 (Col0 DEFAULT (CURRENT_TIMESTAMP BETWEEN 1 AND 1));
  INSERT INTO Table3 DEFAULT VALUES;
  SELECT * FROM Table3;
} {0}

do_execsql_test fuzz4-400 {
  CREATE TABLE Table4 (Col0 DEFAULT (1 BETWEEN CURRENT_TIMESTAMP AND 1));
  INSERT INTO Table4 DEFAULT VALUES;
  SELECT * FROM Table4;
} {0}

do_execsql_test fuzz4-500 {
  CREATE TABLE Table5 (Col0 DEFAULT (1 BETWEEN 1 AND CURRENT_TIMESTAMP));
  INSERT INTO Table5 DEFAULT VALUES;
  SELECT * FROM Table5;
} {1}

do_execsql_test fuzz4-600 {
  CREATE TEMPORARY TABLE Table6(
    Col0 DEFAULT (CASE x'5d' WHEN 1 THEN
        CASE CURRENT_TIMESTAMP WHEN 1 THEN 1 ELSE 1 END
        ELSE CASE WHEN 1 THEN FALSE END  END )
  );
  INSERT INTO temp.Table6 DEFAULT VALUES ;
  SELECT * FROM Table6;
} {0}
do_execsql_test fuzz4-610 {
  WITH TableX AS (SELECT DISTINCT * ORDER BY 1  , 1 COLLATE RTRIM)
      DELETE FROM Table6  WHERE Col0 || +8388608  ;
  SELECT * FROM Table6;
} {}


finish_test