The reuse-subroutine optimization [c9a3498113074bbc] might have generated

byte-code that loops forever.  This check-in fixes the problem.

FossilOrigin-Name: 0cc4ed8c6e53aca1f5e94c132bedbc7f561c04a77f1a30b965ffe7560634bfeb

5 files changed, 43 insertions, 10 deletions

diff --git a/manifest b/manifest
index 40bab9c95..99247a99e 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Remove\san\sunused\sparameter\sfrom\san\sinternal-use\ssubroutine\sin\sthe\sTCL\sinterface.
-D 2025-01-30T16:07:51.559
+C The\sreuse-subroutine\soptimization\s[c9a3498113074bbc]\smight\shave\sgenerated\nbyte-code\sthat\sloops\sforever.\s\sThis\scheck-in\sfixes\sthe\sproblem.
+D 2025-01-30T21:12:58.438
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F LICENSE.md e108e1e69ae8e8a59e93c455654b8ac9356a11720d3345df2a4743e9590fb20d
@@ -730,7 +730,7 @@ F src/date.c 842c08ac143a56a627b05ac51d68624f2b7b03e3b4cba596205e735eed64ee57
 F src/dbpage.c e90410e5d4c0217dfddc4184a81e38ec4903c25d4ec0f201060a0e54e7c2099f
 F src/dbstat.c 73362c0df0f40ad5523a6f5501224959d0976757b511299bf892313e79d14f5c
 F src/delete.c 03a77ba20e54f0f42ebd8eddf15411ed6bdb06a2c472ac4b6b336521bf7cea42
-F src/expr.c ce83e7361454a195f8393fa0baad694e2fee6c49a44c0d6db44d8a2b92534aeb
+F src/expr.c 8705be31ee713aaa43c97d91399db09f16ee41b88250406eb99de6b47f550a98
 F src/fault.c 460f3e55994363812d9d60844b2a6de88826e007
 F src/fkey.c 928ed2517e8732113d2b9821aa37af639688d752f4ea9ac6e0e393d713eeb76f
 F src/func.c f5b31c805679930cc5afcdfb1e657f9dd273053f52ff51133df5a448c519e5d9
@@ -850,7 +850,7 @@ F src/utf.c 8b29d9a5956569ea2700f869669b8ef67a9662ee5e724ff77ab3c387e27094ba
 F src/util.c e5f6a5eeaa26b69054a43bbd0048cfe3d2851f6961052b35aed8f695df922850
 F src/vacuum.c b763b6457bd058d2072ef9364832351fd8d11e8abf70cbb349657360f7d55c40
 F src/vdbe.c b428a751953c0c2ff85e3e152ec16e29d488895cd541c8c20876ff9f3bf6978a
-F src/vdbe.h 9676348d342bd04e21e384c63b57224171ce84fac77853357334ef94c4d33cf4
+F src/vdbe.h 3d26d5c7660c5c7bd33ffb0d8784615072d8b23c81f8110870efe2631136bc89
 F src/vdbeInt.h 895b1ab7536f018d3d70d690f6c0adbd1062b6dddce1c2cad912927856d4033c
 F src/vdbeapi.c 08d0445b6066b04e5014d5d322b75736a61fe847ed88eb6e1a186c79dd9ed117
 F src/vdbeaux.c 885e16100597507fbbe09d82cbb963bff3fd8a9c1e358dc4f463fc95feb18e8b
@@ -1307,7 +1307,7 @@ F test/in3.test 3cbf58c87f4052cee3a58b37b6389777505aa0c0
 F test/in4.test bb767ec1cfd1730256f0a83219f0acda36bc251b63f8b8bb7d8c7cff17875a4f
 F test/in5.test 4fd79c70dfa0681313e8cdca07f5ff0400bdc0e20f808a5c59eaef1e4b48082a
 F test/in6.test f5f40d6816a8bb7c784424b58a10ac38efb76ab29127a2c17399e0cbeeda0e4b
-F test/in7.test 5050b648510d88bd27ff6b40991a45e1cc277c20e258162e81650e01069a56bb
+F test/in7.test d9efdee00b074a60c6343993b2eda78bc369ab080dad864513c73f8aca89d566
 F test/incrblob.test c9b96afc292aeff43d6687bcb09b0280aa599822
 F test/incrblob2.test a494c9e848560039a23974b9119cfc2cf3ad3bd15cc2694ee6367ae537ef8f1f
 F test/incrblob3.test 67621a04b3084113bf38ce03797d70eca012d9d8f948193b8f655df577b0da6f
@@ -2209,8 +2209,8 @@ F tool/version-info.c 3b36468a90faf1bbd59c65fd0eb66522d9f941eedd364fabccd7227350
 F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee87c1b31a7
 F tool/warnings.sh 49a486c5069de041aedcbde4de178293e0463ae9918ecad7539eedf0ec77a139
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
-P d76c5db866de2732b68401a4c3e39acddc7a99bed965160c1796477c062b478a
-R e81adcf32270498fe2fdd74c590e8f70
+P a700692b39e24f5ca9ea6f879d413e20c2ad2b85f62c867407dafe111f13d931
+R ceeb6c1a37b1d6d8b66aa63af2b79d4d
 U drh
-Z baccdbeebeaa149b6573e44db1cfe14f
+Z d3c9eaae04d6f46273321f256c2b9c5c
 # Remove this line to create a well-formed Fossil manifest.
diff --git a/manifest.uuid b/manifest.uuid
index 6d745253d..9a908b795 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-a700692b39e24f5ca9ea6f879d413e20c2ad2b85f62c867407dafe111f13d931
+0cc4ed8c6e53aca1f5e94c132bedbc7f561c04a77f1a30b965ffe7560634bfeb
diff --git a/src/expr.c b/src/expr.c
index fcd3da213..8f898a1e3 100644
--- a/src/expr.c
+++ b/src/expr.c
@@ -3462,6 +3462,7 @@ static int findCompatibleInRhsSubrtn(
     assert( pOp->opcode==OP_BeginSubrtn );
     pSig = pOp->p4.pSubrtnSig;
     assert( pSig!=0 );
+    if( !pSig->bComplete ) continue;
     if( pNewSig->selId!=pSig->selId ) continue;
     if( strcmp(pNewSig->zAff,pSig->zAff)!=0 ) continue;
     pExpr->y.sub.iAddr = pSig->iAddr;
@@ -3508,6 +3509,7 @@ void sqlite3CodeRhsOfIN(
   KeyInfo *pKeyInfo = 0;      /* Key information */
   int nVal;                   /* Size of vector pLeft */
   Vdbe *v;                    /* The prepared statement under construction */
+  SubrtnSig *pSig = 0;        /* Signature for this subroutine */
 
   v = pParse->pVdbe;
   assert( v!=0 );
@@ -3528,7 +3530,6 @@ void sqlite3CodeRhsOfIN(
     ** Compute a signature for the RHS of the IN operator to facility
     ** finding and reusing prior instances of the same IN operator.
     */
-    SubrtnSig *pSig = 0;
     assert( !ExprUseXSelect(pExpr) || pExpr->x.pSelect!=0 );
     if( ExprUseXSelect(pExpr) && (pExpr->x.pSelect->selFlags & SF_All)==0 ){
       pSig = sqlite3DbMallocRawNN(pParse->db, sizeof(pSig[0]));
@@ -3571,6 +3572,7 @@ void sqlite3CodeRhsOfIN(
     pExpr->y.sub.iAddr =
       sqlite3VdbeAddOp2(v, OP_BeginSubrtn, 0, pExpr->y.sub.regReturn) + 1;
     if( pSig ){
+      pSig->bComplete = 0;
       pSig->iAddr = pExpr->y.sub.iAddr;
       pSig->regReturn = pExpr->y.sub.regReturn;
       pSig->iTable = iTab;
@@ -3706,6 +3708,7 @@ void sqlite3CodeRhsOfIN(
     sqlite3ReleaseTempReg(pParse, r1);
     sqlite3ReleaseTempReg(pParse, r2);
   }
+  if( pSig ) pSig->bComplete = 1;
   if( pKeyInfo ){
     sqlite3VdbeChangeP4(v, addr, (void *)pKeyInfo, P4_KEYINFO);
   }
diff --git a/src/vdbe.h b/src/vdbe.h
index 71aae29a0..476f1b4ea 100644
--- a/src/vdbe.h
+++ b/src/vdbe.h
@@ -40,6 +40,7 @@ typedef struct SubrtnSig SubrtnSig;
 */
 struct SubrtnSig {
   int selId;          /* SELECT-id for the SELECT statement on the RHS */
+  u8 bComplete;       /* True if fully coded and available for reusable */
   char *zAff;         /* Affinity of the overall IN expression */
   int iTable;         /* Ephemeral table generated by the subroutine */
   int iAddr;          /* Subroutine entry address */
diff --git a/test/in7.test b/test/in7.test
index 4dc0821d1..763396140 100644
--- a/test/in7.test
+++ b/test/in7.test
@@ -219,4 +219,33 @@ do_execsql_test 3.8 {
   SELECT t1.a, t2.b FROM t1, t2 WHERE (t1.a, t2.b) IN ((1, 2));
 } {1 2}
 
+# 2025-01-30 Inifinite loop in byte-code discovered by dbsqlfuzz
+# having to do with SubrtnSig logic.  The code was using a Subroutine
+# from within itself resulting in infinite recursion.
+#
+# This test will spin forever if the bug has not been fixed, or if
+# it reappears.
+#
+reset_db
+do_execsql_test 4.0 {
+  CREATE TABLE t1(a INTEGER PRIMARY KEY, b);
+  INSERT INTO t1 VALUES(1,x'1111');
+  CREATE TABLE t2(c);
+  CREATE TABLE t3(d);
+  CREATE TRIGGER t1tr UPDATE ON t1 BEGIN
+    UPDATE t1 SET b=x'2222' FROM t2;
+    UPDATE t1
+       SET b = (SELECT a IN (SELECT a
+                               FROM t1
+                              WHERE (b,a) IN (SELECT rowid, d
+                                                FROM t3
+                                             )
+                            )
+                  FROM t1 NATURAL RIGHT JOIN t1
+               );
+  END;
+  UPDATE t1 SET b=x'3333';
+  SELECT quote(b) FROM t1;
+} {X'3333'}
+
 finish_test