Index: src/update.c
==================================================================
--- src/update.c
+++ src/update.c
@@ -206,10 +206,11 @@
         break;
       }
     }
     if( j>=pTab->nCol ){
       if( sqlite3IsRowid(pChanges->a[i].zName) ){
+        j = -1;
         chngRowid = 1;
         pRowidExpr = pChanges->a[i].pExpr;
       }else{
         sqlite3ErrorMsg(pParse, "no such column: %s", pChanges->a[i].zName);
         pParse->checkSchema = 1;
@@ -218,11 +219,12 @@
     }
 #ifndef SQLITE_OMIT_AUTHORIZATION
     {
       int rc;
       rc = sqlite3AuthCheck(pParse, SQLITE_UPDATE, pTab->zName,
-                           pTab->aCol[j].zName, db->aDb[iDb].zName);
+                            j<0 ? "ROWID" : pTab->aCol[j].zName,
+                            db->aDb[iDb].zName);
       if( rc==SQLITE_DENY ){
         goto update_cleanup;
       }else if( rc==SQLITE_IGNORE ){
         aXRef[j] = -1;
       }

Index: test/auth.test
==================================================================
--- test/auth.test
+++ test/auth.test
@@ -2366,10 +2366,33 @@
   do_test auth-5.3.2 {
     execsql { SELECT * FROM t5 }
   } {1}
 }
 
+# Ticket [0eb70d77cb05bb22720]:  Invalid pointer passsed to the authorizer
+# callback when updating a ROWID.
+#
+do_test auth-6.1 {
+  execsql {
+    CREATE TABLE t6(a,b,c,d,e,f,g,h);
+    INSERT INTO t6 VALUES(1,2,3,4,5,6,7,8);
+  }
+} {}
+set ::authargs [list]
+proc auth {args} {
+  eval lappend ::authargs $args
+  return SQLITE_OK
+}
+do_test auth-6.2 {
+  execsql {UPDATE t6 SET rowID=rowID+100}
+  set ::authargs
+} [list SQLITE_READ   t6 ROWID main {} \
+        SQLITE_UPDATE t6 ROWID main {} \
+]
+do_test auth-6.3 {
+  execsql {SELECT rowid, * FROM t6}
+} {101 1 2 3 4 5 6 7 8}
 
 rename proc {}
 rename proc_real proc