aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordrh <>2025-03-18 20:28:53 +0000
committerdrh <>2025-03-18 20:28:53 +0000
commit5b92ef7440c3e59a8066d6778e477c1f4a101eb0 (patch)
treeab8287d4bdf3a9c6c36c7a625ba31cdefa4bdb9f
parenta4542bcf4a8127c203ccb0c67640afe0898fbe5e (diff)
downloadsqlite-5b92ef7440c3e59a8066d6778e477c1f4a101eb0.tar.gz
sqlite-5b92ef7440c3e59a8066d6778e477c1f4a101eb0.zip
Fix two obscure logic problems that cause incorrect answers, found by a
third-party fuzzer. FossilOrigin-Name: 1a8f763c31be5603862d20f1ee2a71bde159516bb6025fc254a43e3076e882df
Diffstat
-rw-r--r--ext/misc/series.c15
-rw-r--r--manifest23
-rw-r--r--manifest.uuid2
-rw-r--r--src/select.c1
-rw-r--r--test/bloom1.test41
-rw-r--r--test/shell2.test12
-rw-r--r--test/tabfunc01.test17
7 files changed, 83 insertions, 28 deletions
diff --git a/ext/misc/series.c b/ext/misc/series.c
index aff979692..2d662c727 100644
--- a/ext/misc/series.c
+++ b/ext/misc/series.c
@@ -60,8 +60,7 @@
** step HIDDEN
** );
**
-** The virtual table also has a rowid, logically equivalent to n+1 where
-** "n" is the ascending integer in the aforesaid production definition.
+** The virtual table also has a rowid which is an alias for the value.
**
** Function arguments in queries against this virtual table are translated
** into equality constraints against successive hidden columns. In other
@@ -276,6 +275,7 @@ static int seriesConnect(
int rc;
/* Column numbers */
+#define SERIES_COLUMN_ROWID (-1)
#define SERIES_COLUMN_VALUE 0
#define SERIES_COLUMN_START 1
#define SERIES_COLUMN_STOP 2
@@ -363,13 +363,11 @@ static int seriesColumn(
#endif
/*
-** Return the rowid for the current row, logically equivalent to n+1 where
-** "n" is the ascending integer in the aforesaid production definition.
+** The rowid is the same as the value.
*/
static int seriesRowid(sqlite3_vtab_cursor *cur, sqlite_int64 *pRowid){
series_cursor *pCur = (series_cursor*)cur;
- sqlite3_uint64 n = pCur->ss.uSeqIndexNow;
- *pRowid = (sqlite3_int64)((n<LARGEST_UINT64)? n+1 : 0);
+ *pRowid = pCur->ss.iValueNow;
return SQLITE_OK;
}
@@ -659,7 +657,10 @@ static int seriesBestIndex(
continue;
}
if( pConstraint->iColumn<SERIES_COLUMN_START ){
- if( pConstraint->iColumn==SERIES_COLUMN_VALUE && pConstraint->usable ){
+ if( (pConstraint->iColumn==SERIES_COLUMN_VALUE ||
+ pConstraint->iColumn==SERIES_COLUMN_ROWID)
+ && pConstraint->usable
+ ){
switch( op ){
case SQLITE_INDEX_CONSTRAINT_EQ:
case SQLITE_INDEX_CONSTRAINT_IS: {
diff --git a/manifest b/manifest
index a5d32e5c1..aa58e9f94 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Disable\sthe\s[d1ba200234f40b84|count-of-view\soptimization]\sif\sany\ssubquery\nis\sDISTINCT,\sas\sthe\soptimization\sdoes\snot\swork\sin\sthat\scase.
-D 2025-03-10T10:39:52.802
+C Fix\stwo\sobscure\slogic\sproblems\sthat\scause\sincorrect\sanswers,\sfound\sby\sa\nthird-party\sfuzzer.
+D 2025-03-18T20:28:53.715
F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
F LICENSE.md e108e1e69ae8e8a59e93c455654b8ac9356a11720d3345df2a4743e9590fb20d
@@ -436,7 +436,7 @@ F ext/misc/regexp.c 388e7f237307c7dfbfb8dde44e097946f6c437801d63f0d7ad63f3320d4e
F ext/misc/remember.c add730f0f7e7436cd15ea3fd6a90fd83c3f706ab44169f7f048438b7d6baa69c
F ext/misc/rot13.c 51ac5f51e9d5fd811db58a9c23c628ad5f333c173f1fc53c8491a3603d38556c
F ext/misc/scrub.c 2a44b0d44c69584c0580ad2553f6290a307a49df4668941d2812135bfb96a946
-F ext/misc/series.c cbdda2e2eb8159a1331974d246984c6e2693c6ea93930e6165046c8dbb8db0e9
+F ext/misc/series.c cb6b6ad58231ebc8003603195056a6aa3eddf7bda503fed97dbb908d2b261708
F ext/misc/sha1.c cb5002148c2661b5946f34561701e9105e9d339b713ec8ac057fd888b196dcb9
F ext/misc/shathree.c f3a778f27bf3e71b666a77f28e463a3b931c4dbe4219447e61bb678b4bc121c3
F ext/misc/showauth.c 732578f0fe4ce42d577e1c86dc89dd14a006ab52
@@ -780,7 +780,7 @@ F src/printf.c 96f7f8baeedc7639da94e4e7a4a2c200e2537c4eec9e5e1c2ffc821f40eb3105
F src/random.c 606b00941a1d7dd09c381d3279a058d771f406c5213c9932bbd93d5587be4b9c
F src/resolve.c c8a5372b97b2a2e972a280676f06ddb5b74e885d3b1f5ce383f839907b57ef68
F src/rowset.c 8432130e6c344b3401a8874c3cb49fefe6873fec593294de077afea2dce5ec97
-F src/select.c cf91234ef909e0f9550a7ce649ec1d6dccdd6f680468eb8cc08eb4719bcf1200
+F src/select.c c94f7fe33a3f481cc68472ba845301e343e0412c216fee06f58ad64e7e88bf45
F src/shell.c.in b377a59822f207106424f08aead37e78b609222e98f86f04cc8a03563ccf3237
F src/sqlite.h.in d2902f13ace94d3d3609646bd6d12a2d7a4f6cbdf6a5a4097580ac305f54c3f0
F src/sqlite3.rc 5121c9e10c3964d5755191c80dd1180c122fc3a8
@@ -972,7 +972,7 @@ F test/bind2.test 918bc35135f4141809ead7585909cde57d44db90a7a62aef540127148f91aa
F test/bindxfer.test efecd12c580c14df5f4ad3b3e83c667744a4f7e0
F test/bitvec.test 75894a880520164d73b1305c1c3f96882615e142
F test/blob.test e7ac6c7d3a985cc4678c64f325292529a69ae252
-F test/bloom1.test cf613a27054bbaf61c5bfc440a5cfd3ff76798d0695f3fc5e5d1bbc819b8dab1
+F test/bloom1.test 04f3a17df8912bfdc292c41b59d79f93893fe69799f3089a64451f9112f9658f
F test/boundary1.tcl 6421b2d920d8b09539503a8673339d32f7609eb1
F test/boundary1.test 66d7f4706ccdb42d58eafdb081de07b0eb42d77b
F test/boundary2.tcl e34ef4e930cf1083150d4d2c603e146bd3b76bcb
@@ -1638,7 +1638,7 @@ F test/sharedB.test 1a84863d7a2204e0d42f2e1606577c5e92e4473fa37ea0f5bdf829e4bf8e
F test/shared_err.test 32634e404a3317eeb94abc7a099c556a346fdb8fb3858dbe222a4cbb8926a939
F test/sharedlock.test 5ede3c37439067c43b0198f580fd374ebf15d304
F test/shell1.test 5d84e415adf7cc4edd5913c4f23c761104ff135b9c190fcf7b430a4cbca6cb65
-F test/shell2.test 01a01f76ed98088ce598794fbf5b359e148271541a8ddbf79d21cc353cc67a24
+F test/shell2.test ac102ebc0a9ec166257600c4ee8bdefec242163afced295f10b004f4af3fc9dd
F test/shell3.test db1953a8e59d08e9240b7cc5948878e184f7eb2623591587f8fd1f1a5bd536d8
F test/shell4.test 522fdc628c55eff697b061504fb0a9e4e6dfc5d9087a633ab0f3dd11bcc4f807
F test/shell5.test 0e5f8ce08206b9998a778cfe1989e20e47839153c05af2da29198150172e22fc
@@ -1715,7 +1715,7 @@ F test/sync.test 89539f4973c010eda5638407e71ca7fddbcd8e0594f4c9980229f804d433309
F test/sync2.test 8f9f7d4f6d5be8ca8941a8dadcc4299e558cb6a1ff653a9469146c7a76ef2039
F test/syscall.test a067468b43b8cb2305e9f9fe414e5f40c875bb5d2cba5f00b8154396e95fcf37
F test/sysfault.test c9f2b0d8d677558f74de750c75e12a5454719d04
-F test/tabfunc01.test 7be82bd50c7ede7f01b2dd17cd1b84f352c516078222d0b067d858f081e3f9a7
+F test/tabfunc01.test 80496e856c22b063e3599291166445730cd6b2ff9d307567c09b60385eba7062
F test/table.test 7862a00b58b5541511a26757ea9c5c7c3f8298766e98aa099deec703d9c0a8e0
F test/tableapi.test ecbcc29c4ab62c1912c3717c48ea5c5e59f7d64e4a91034e6148bd2b82f177f4
F test/tableopts.test dba698ba97251017b7c80d738c198d39ab747930
@@ -2209,9 +2209,10 @@ F tool/version-info.c 3b36468a90faf1bbd59c65fd0eb66522d9f941eedd364fabccd7227350
F tool/warnings-clang.sh bbf6a1e685e534c92ec2bfba5b1745f34fb6f0bc2a362850723a9ee87c1b31a7
F tool/warnings.sh 49a486c5069de041aedcbde4de178293e0463ae9918ecad7539eedf0ec77a139
F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
-P 167d6314c5125c79a9f147b36de2d1c65f99ec5462c90742c436e872f3ac8fdf
-Q +d7013b63932b2f5750572ae6bdd259a2b6e6548c20fb9a5559edd22d2f2fc6cb
-R b4d41f32d749d9481bd68c2f8af0de8a
+P bae270b988139e070ac52fe8e12ddb946ae9c3be6d4229dfb3169ddc6ed6b121
+Q +7101ccd5331e36fd1a539f540e79ce0ce159be76ec422e1d9436eec6f3908c6e
+Q +77db4d85e70fbf358ae2321c2601966666bdb4d971d7c113ce30a3e541458ee8
+R 38cdc42417211974f2d105684aa857ce
U drh
-Z 111e7e39dc2c6504be378be8bf3293e0
+Z 1539ad3876f6427e82fb6e412315437e
# Remove this line to create a well-formed Fossil manifest.
diff --git a/manifest.uuid b/manifest.uuid
index df39d046a..6fb581124 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-bae270b988139e070ac52fe8e12ddb946ae9c3be6d4229dfb3169ddc6ed6b121
+1a8f763c31be5603862d20f1ee2a71bde159516bb6025fc254a43e3076e882df
diff --git a/src/select.c b/src/select.c
index e2bf4ded0..2f11297bf 100644
--- a/src/select.c
+++ b/src/select.c
@@ -3224,6 +3224,7 @@ static int multiSelect(
multi_select_end:
pDest->iSdst = dest.iSdst;
pDest->nSdst = dest.nSdst;
+ pDest->iSDParm2 = dest.iSDParm2;
if( pDelete ){
sqlite3ParserAddCleanup(pParse, sqlite3SelectDeleteGeneric, pDelete);
}
diff --git a/test/bloom1.test b/test/bloom1.test
index 151f364ae..f8efcc184 100644
--- a/test/bloom1.test
+++ b/test/bloom1.test
@@ -183,6 +183,47 @@ do_execsql_test 4.3 {
do_execsql_test 4.4 {
SELECT * FROM t0 LEFT JOIN t1 LEFT JOIN t2 ON (b NOTNULL)==(c IN ()) WHERE c;
} {xyz {} 7.0}
+
+reset_db
+do_execsql_test 5.0 {
+ CREATE TABLE t1 (c1);
+ INSERT INTO t1 VALUES (101);
+ CREATE TABLE t2 ( x );
+ INSERT INTO t2 VALUES(404);
+}
+
+do_execsql_test 5.1 {
+ SELECT 'val' in (
+ select 'val' from ( select 'valueB' from t1 order by 1 )
+ union all
+ select 'val'
+ );
+} {1}
+
+do_execsql_test 5.2 {
+ select * from t2
+ where 'val' in (
+ select 'val' from ( select 'valueB' from t1 order by 1 )
+ union all
+ select 'val'
+ );
+} {404}
+
+do_execsql_test 5.3 {
+ SELECT subq_1.c_0 as c_0
+ FROM ( SELECT 0 as c_0) as subq_1
+ WHERE (subq_1.c_0) IN (
+ SELECT subq_2.c_0 as c_0
+ FROM (
+ SELECT 0 as c_0
+ FROM t1 as ref_1
+ WHERE (ref_1.c1) = (2)
+ ORDER BY c_0 desc
+ ) as subq_2
+ UNION ALL
+ SELECT 0 as c_0
+ );
+} {0}
finish_test
diff --git a/test/shell2.test b/test/shell2.test
index ee5ae4bdd..3f9fec9ef 100644
--- a/test/shell2.test
+++ b/test/shell2.test
@@ -224,24 +224,24 @@ do_test shell2-1.4.10 {
set res [catchcmd :memory: [string trim {
SELECT * FROM generate_series(9223372036854775807,9223372036854775807,1);
SELECT * FROM generate_series(9223372036854775807,9223372036854775807,-1);
- SELECT avg(rowid),min(value),max(value) FROM generate_series(
+ SELECT avg(value),min(value),max(value) FROM generate_series(
-9223372036854775808,9223372036854775807,1085102592571150095);
SELECT * FROM generate_series(-9223372036854775808,9223372036854775807,
9223372036854775807);
- SELECT value,rowid FROM generate_series(-4611686018427387904,
+ SELECT value FROM generate_series(-4611686018427387904,
4611686018427387904, 4611686018427387904) ORDER BY value DESC;
SELECT * FROM generate_series(0,-2,-1);
SELECT * FROM generate_series(0,-2);
SELECT * FROM generate_series(0,2) LIMIT 3;}]]
} {0 {9223372036854775807
9223372036854775807
-9.5|-9223372036854775808|9223372036854775807
+-0.5|-9223372036854775808|9223372036854775807
-9223372036854775808
-1
9223372036854775806
-4611686018427387904|3
-0|2
--4611686018427387904|1
+4611686018427387904
+0
+-4611686018427387904
0
-1
-2
diff --git a/test/tabfunc01.test b/test/tabfunc01.test
index b6797171e..f58ecacd4 100644
--- a/test/tabfunc01.test
+++ b/test/tabfunc01.test
@@ -61,10 +61,10 @@ do_execsql_test tabfunc01-1.8 {
} {30 25 20 15 10 5 0}
do_execsql_test tabfunc01-1.9 {
SELECT rowid, * FROM generate_series(0,32,5) ORDER BY value DESC;
-} {7 30 6 25 5 20 4 15 3 10 2 5 1 0}
+} {30 30 25 25 20 20 15 15 10 10 5 5 0 0}
do_execsql_test tabfunc01-1.10 {
SELECT rowid, * FROM generate_series(0,32,5) ORDER BY +value DESC;
-} {7 30 6 25 5 20 4 15 3 10 2 5 1 0}
+} {30 30 25 25 20 20 15 15 10 10 5 5 0 0}
do_execsql_test tabfunc01-1.20 {
CREATE VIEW v1(a,b) AS VALUES(1,2),(3,4);
@@ -370,7 +370,18 @@ do_execsql_test 1100 {
where (ref_3.value) in (select 1);
} {1}
-
+# 2025-03-18 /forumpost/1e17219c88
+# The generate_series() table-valued function is modified so that its
+# rowid is always its value. That way it can be used on the RHS of a
+# RIGHT JOIN.
+#
+do_execsql_test 1200 {
+ DROP TABLE IF EXISTS t1;
+ CREATE TABLE t1(value INT);
+ INSERT INTO t1 VALUES (1),(2),(3);
+ SELECT t1.value, t2.value
+ FROM t1 RIGHT JOIN generate_series(1,3,1) AS t2 USING(value);
+} {1 1 2 2 3 3}
# Free up memory allocations
intarray_addr
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-08 06:31:34 +0000