/ View Ticket
Login
2012-12-19
17:10
Backport to the 3.7.15 branch the fix to the segfault problem of ticket [a7b7803e8d1e869] which involved the use of "AS" named result columns as logical terms of the WHERE clause. Also, change the version number to 3.7.15.1. (check-in: bae528f4 user: drh tags: branch-3.7.15)
16:58 Fixed ticket [a7b7803e]: crash when filtering twice by same predicate using aliases plus 3 other changes (artifact: 94765940 user: drh)
16:58
Fix the segfault problem of ticket [a7b7803e8d1e869] which involved the use of "AS" named result columns as logical terms of the WHERE clause. (check-in: b3c9e8f8 user: drh tags: trunk)
16:25
Additional test cases involving the use of a result column specified by its "AS" name as a logical term of the WHERE clause. Ticket [a7b7803e8d1e8699cd]. (check-in: d7cc364e user: drh tags: tkt-a7b7803e)
15:53
Proposed fix for ticket [a7b7803e8d1e8699cd8a]. (check-in: 3d0e00c7 user: drh tags: tkt-a7b7803e)
15:16 Ticket [a7b7803e] crash when filtering twice by same predicate using aliases status still Open with 4 other changes (artifact: 2cbd563d user: drh)
15:13 Ticket [a7b7803e]: 6 changes (artifact: bef65fd5 user: anonymous)
15:01 New ticket [a7b7803e]. (artifact: 275fd252 user: anonymous)

Ticket Hash: a7b7803e8d1e8699cd8a460a38133b98892d2e17
Title: crash when filtering twice by same predicate using aliases
Status: Fixed Type: Code_Defect
Severity: Critical Priority: Immediate
Subsystem: Code_Generator Resolution: Fixed
Last Modified: 2012-12-19 16:58:04
Version Found In: 3.7.15
User Comments:
nobody added on 2012-12-19 15:01:05:

Try the following:

 create table name (
   type integer,
   path text primary key);

select (name.type = 0) as container from Name name where name.type = 0 or container order by name.path

---

The select statement crashes during query preparation.

[7b96115e81deab0aa0472839cf787ba3f2fc64a7]

  char sqlite3ExprAffinity(Expr *pExpr){
    int op;
    pExpr = sqlite3ExprSkipCollate(pExpr);
    int op = pExpr->op;                               
    op = pExpr->op;
    ...
last line crashes because sqlite3ExprSkipCollate returns null.


nobody added on 2012-12-19 15:13:42:
pExpr is already NULL from caller 'exprAnalyzeOrTerm' -> affRight = sqlite3ExprAffinity(pOrTerm->pExpr->pRight);

drh added on 2012-12-19 15:16:52:

Bisecting shows that the bug was introduced by the refactoring of COLLATE at check-in [8542e6180d4321d45b], just a few days prior to the release of version 3.7.15, and needed to address bug [71e333e7d2e642afc96d2].

So, we fixed one bug but in the process introduced another....