/ Check-in [2b690dbd]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix another problem found by Matthew Denton's new fuzzer.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 2b690dbdffe144bd69ca0aa291c230faf3d9d73f7a2985d50f016fe54003f9a9
User & Date: drh 2018-12-12 21:34:17
Context
2018-12-13
12:28
Fix the Makefile so that it honors CFLAGS when building sessionfuzz. check-in: 54231ac4 user: drh tags: trunk
03:36
New database corruption test cases discovered by dbfuzz2. The new cases have been added to test/fuzzdata7.db, but have not yet all been fixed, so tests will not currently pass. check-in: b4210d32 user: drh tags: dbfuzz2-cases
2018-12-12
21:34
Fix another problem found by Matthew Denton's new fuzzer. check-in: 2b690dbd user: drh tags: trunk
20:11
Remove an ALWAYS() from a branch that is not always taken. The test case found by OSSFuzz has been added to TH3. check-in: 5c7dab85 user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Show Whitespace Changes Patch

Changes to src/expr.c.

   137    137   CollSeq *sqlite3ExprCollSeq(Parse *pParse, Expr *pExpr){
   138    138     sqlite3 *db = pParse->db;
   139    139     CollSeq *pColl = 0;
   140    140     Expr *p = pExpr;
   141    141     while( p ){
   142    142       int op = p->op;
   143    143       if( p->flags & EP_Generic ) break;
   144         -    if( (op==TK_AGG_COLUMN || op==TK_COLUMN
   145         -          || op==TK_REGISTER || op==TK_TRIGGER)
          144  +    if( op==TK_REGISTER ) op = p->op2;
          145  +    if( (op==TK_AGG_COLUMN || op==TK_COLUMN || op==TK_TRIGGER)
   146    146        && p->y.pTab!=0
   147    147       ){
   148    148         /* op==TK_REGISTER && p->y.pTab!=0 happens when pExpr was originally
   149    149         ** a TK_COLUMN but was previously evaluated and cached in a register */
   150    150         int j = p->iColumn;
   151    151         if( j>=0 ){
   152    152           const char *zColl = p->y.pTab->aCol[j].zColl;
................................................................................
   154    154         }
   155    155         break;
   156    156       }
   157    157       if( op==TK_CAST || op==TK_UPLUS ){
   158    158         p = p->pLeft;
   159    159         continue;
   160    160       }
   161         -    if( op==TK_COLLATE || (op==TK_REGISTER && p->op2==TK_COLLATE) ){
          161  +    if( op==TK_COLLATE ){
   162    162         pColl = sqlite3GetCollSeq(pParse, ENC(db), 0, p->u.zToken);
   163    163         break;
   164    164       }
   165    165       if( p->flags & EP_Collate ){
   166    166         if( p->pLeft && (p->pLeft->flags & EP_Collate)!=0 ){
   167    167           p = p->pLeft;
   168    168         }else{

Added test/fuzz4.test.

            1  +# 2018-12-12
            2  +#
            3  +# The author disclaims copyright to this source code.  In place of
            4  +# a legal notice, here is a blessing:
            5  +#
            6  +#    May you do good and not evil.
            7  +#    May you find forgiveness for yourself and forgive others.
            8  +#    May you share freely, never taking more than you give.
            9  +#
           10  +#***********************************************************************
           11  +# 
           12  +# Test cases found by Matthew Denton's fuzzer at Chrome.
           13  +#
           14  +
           15  +
           16  +set testdir [file dirname $argv0]
           17  +source $testdir/tester.tcl
           18  +
           19  +do_execsql_test fuzz4-100 {
           20  +  CREATE TABLE Table0 (Col0  NOT NULL DEFAULT (CURRENT_TIME IS 1 > 1));
           21  +  INSERT OR REPLACE INTO Table0 DEFAULT VALUES ;
           22  +  SELECT * FROM Table0;
           23  +} {0}
           24  +
           25  +do_execsql_test fuzz4-110 {
           26  +  CREATE TABLE Table1(
           27  +    Col0 TEXT DEFAULT (CASE WHEN 1 IS 3530822107858468864 
           28  +                            THEN 1 ELSE quote(1) IS 3530822107858468864 END)
           29  +  );
           30  +  INSERT INTO Table1 DEFAULT VALUES;
           31  +  SELECT * FROM Table1;
           32  +} {0}
           33  +
           34  +do_execsql_test fuzz4-200 {
           35  +  CREATE TABLE Table2a(
           36  +     Col0  NOT NULL   DEFAULT (CURRENT_TIME IS 1  IS NOT 1  > 1)
           37  +  );
           38  +  INSERT OR REPLACE INTO Table2a DEFAULT VALUES;
           39  +  SELECT * FROM Table2a;
           40  +} {0}
           41  +
           42  +do_execsql_test fuzz4-210 {
           43  +  CREATE TABLE Table2b (Col0  NOT NULL  DEFAULT (CURRENT_TIME  IS NOT FALSE)) ;
           44  +  INSERT OR REPLACE INTO Table2b DEFAULT VALUES ;
           45  +  SELECT * FROM Table2b;
           46  +} {1}
           47  +
           48  +do_execsql_test fuzz4-300 {
           49  +  CREATE TABLE Table3 (Col0 DEFAULT (CURRENT_TIMESTAMP BETWEEN 1 AND 1));
           50  +  INSERT INTO Table3 DEFAULT VALUES;
           51  +  SELECT * FROM Table3;
           52  +} {0}
           53  +
           54  +do_execsql_test fuzz4-400 {
           55  +  CREATE TABLE Table4 (Col0 DEFAULT (1 BETWEEN CURRENT_TIMESTAMP AND 1));
           56  +  INSERT INTO Table4 DEFAULT VALUES;
           57  +  SELECT * FROM Table4;
           58  +} {0}
           59  +
           60  +do_execsql_test fuzz4-500 {
           61  +  CREATE TABLE Table5 (Col0 DEFAULT (1 BETWEEN 1 AND CURRENT_TIMESTAMP));
           62  +  INSERT INTO Table5 DEFAULT VALUES;
           63  +  SELECT * FROM Table5;
           64  +} {1}
           65  +
           66  +do_execsql_test fuzz4-600 {
           67  +  CREATE TEMPORARY TABLE Table6(
           68  +    Col0 DEFAULT (CASE x'5d' WHEN 1 THEN
           69  +        CASE CURRENT_TIMESTAMP WHEN 1 THEN 1 ELSE 1 END
           70  +        ELSE CASE WHEN 1 THEN FALSE END  END )
           71  +  );
           72  +  INSERT INTO temp.Table6 DEFAULT VALUES ;
           73  +  SELECT * FROM Table6;
           74  +} {0}
           75  +do_execsql_test fuzz4-610 {
           76  +  WITH TableX AS (SELECT DISTINCT * ORDER BY 1  , 1 COLLATE RTRIM)
           77  +      DELETE FROM Table6  WHERE Col0 || +8388608  ;
           78  +  SELECT * FROM Table6;
           79  +} {}
           80  +
           81  +
           82  +finish_test