/ Check-in [fc7a7975]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a VDBE stack overflow that occurs when the left-hand side of an IN expression is NULL and the result is stored on the stack rather than used to control a jump. Ticket #668. (CVS 1299)
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:fc7a7975b03c144c2db3566facd008d3701c735e
User & Date: drh 2004-03-17 23:32:08
Context
2004-03-17
23:42
Change the ".database" command in the shell to allocate more characters to the database name and filename. (CVS 1300) check-in: 85238f06 user: drh tags: trunk
23:32
Fix a VDBE stack overflow that occurs when the left-hand side of an IN expression is NULL and the result is stored on the stack rather than used to control a jump. Ticket #668. (CVS 1299) check-in: fc7a7975 user: drh tags: trunk
18:44
The sqlite_trace() API only works for commands started by the user, not for SQL commands run during initialization. (CVS 1298) check-in: 0a12473c user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/expr.c.

     8      8   **    May you find forgiveness for yourself and forgive others.
     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   ** This file contains routines used for analyzing expressions and
    13     13   ** for generating VDBE code that evaluates expressions in SQLite.
    14     14   **
    15         -** $Id: expr.c,v 1.112 2004/02/25 13:47:31 drh Exp $
           15  +** $Id: expr.c,v 1.113 2004/03/17 23:32:08 drh Exp $
    16     16   */
    17     17   #include "sqliteInt.h"
    18     18   #include <ctype.h>
    19     19   
    20     20   /*
    21     21   ** Construct a new expression node and return a pointer to it.  Memory
    22     22   ** for this node is obtained from sqliteMalloc().  The calling function
................................................................................
  1159   1159       }
  1160   1160       case TK_IN: {
  1161   1161         int addr;
  1162   1162         sqliteVdbeAddOp(v, OP_Integer, 1, 0);
  1163   1163         sqliteExprCode(pParse, pExpr->pLeft);
  1164   1164         addr = sqliteVdbeCurrentAddr(v);
  1165   1165         sqliteVdbeAddOp(v, OP_NotNull, -1, addr+4);
  1166         -      sqliteVdbeAddOp(v, OP_Pop, 1, 0);
         1166  +      sqliteVdbeAddOp(v, OP_Pop, 2, 0);
  1167   1167         sqliteVdbeAddOp(v, OP_String, 0, 0);
  1168   1168         sqliteVdbeAddOp(v, OP_Goto, 0, addr+6);
  1169   1169         if( pExpr->pSelect ){
  1170   1170           sqliteVdbeAddOp(v, OP_Found, pExpr->iTable, addr+6);
  1171   1171         }else{
  1172   1172           sqliteVdbeAddOp(v, OP_SetFound, pExpr->iTable, addr+6);
  1173   1173         }

Changes to test/misc3.test.

     9      9   #
    10     10   #***********************************************************************
    11     11   # This file implements regression tests for SQLite library.
    12     12   #
    13     13   # This file implements tests for miscellanous features that were
    14     14   # left out of other test files.
    15     15   #
    16         -# $Id: misc3.test,v 1.9 2004/03/02 18:37:42 drh Exp $
           16  +# $Id: misc3.test,v 1.10 2004/03/17 23:32:08 drh Exp $
    17     17   
    18     18   set testdir [file dirname $argv0]
    19     19   source $testdir/tester.tcl
    20     20   
    21     21   # Ticket #529.  Make sure an ABORT does not damage the in-memory cache
    22     22   # that will be used by subsequent statements in the same transaction.
    23     23   #
................................................................................
   282    282   } 0
   283    283   do_test misc3-7.3 {
   284    284     execsql {
   285    285       SELECT count(*) FROM y3;
   286    286     }
   287    287   } 32
   288    288   
          289  +# Ticket #668:  VDBE stack overflow occurs when the left-hand side
          290  +# of an IN expression is NULL and the result is used as an integer, not
          291  +# as a jump.
          292  +#
          293  +do_test misc-8.1 {
          294  +  execsql {
          295  +    SELECT count(CASE WHEN b IN ('abc','xyz') THEN 'x' END) FROM t3
          296  +  }
          297  +} {2}
          298  +do_test misc-8.2 {
          299  +  execsql {
          300  +    SELECT count(*) FROM t3 WHERE 1+(b IN ('abc','xyz'))==2
          301  +  }
          302  +} {2}
   289    303   
   290    304   finish_test