Fix another problem found by Matthew Denton's new fuzzer.

FossilOrigin-Name: 2b690dbdffe144bd69ca0aa291c230faf3d9d73f7a2985d50f016fe54003f9a9
author: drh <drh@noemail.net> 2018-12-12 21:34:17 +0000
committer: drh <drh@noemail.net> 2018-12-12 21:34:17 +0000
commit: cb0e04f9295fa954559b5893484b0e23c48d63a6 (patch)
tree: d01f22d74d16f0fd105fdbbd8761c7974dcfa0c4
parent: 89b6de0357a499209c13cf66a3cc406f26f67e6f (diff)
download: sqlite-cb0e04f9295fa954559b5893484b0e23c48d63a6.tar.gz
sqlite-cb0e04f9295fa954559b5893484b0e23c48d63a6.zip
4 files changed, 93 insertions, 10 deletions
diff --git a/manifest b/manifest
index e59fbf2d0..11beb1ceb 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Remove\san\sALWAYS()\sfrom\sa\sbranch\sthat\sis\snot\salways\staken.\s\sThe\stest\scase\nfound\sby\sOSSFuzz\shas\sbeen\sadded\sto\sTH3.
-D 2018-12-12T20:11:23.249
+C Fix\sanother\sproblem\sfound\sby\sMatthew\sDenton's\snew\sfuzzer.
+D 2018-12-12T21:34:17.884
 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1
 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea
 F Makefile.in 68d0ba0f0b533d5bc84c78c13a6ce84ee81183a67014caa47a969e67f028fa1c
@@ -459,7 +459,7 @@ F src/date.c ebe1dc7c8a347117bb02570f1a931c62dd78f4a2b1b516f4837d45b7d6426957
 F src/dbpage.c 135eb3b5e74f9ef74bde5cec2571192c90c86984fa534c88bf4a055076fa19b7
 F src/dbstat.c 3c8bd4e77f0244fd2bd7cc90acf116ad2f8e82d70e536637f35ac2bc99b726f9
 F src/delete.c f7938125847e8ef485448db5fbad29acb2991381a02887dd854c1617315ab9fb
-F src/expr.c 4c6769333c59f3df4d070b30976a27456787c660a71fa82a48acc9763df18000
+F src/expr.c b84c41530d97e28d5c43149d23d4492e26cd4e1e93abba1302d361e71a04b614
 F src/fault.c 460f3e55994363812d9d60844b2a6de88826e007
 F src/fkey.c 972a4ba14296bef2303a0abbad1e3d82bc3c61f9e6ce4e8e9528bdee68748812
 F src/func.c 7c288b4ce309b5a8b8473514b88e1f8e69a80134509a8c0db8e39c858e367e7f
@@ -970,6 +970,7 @@ F test/fuzz-oss1.test e58330d01cbbd8215ee636b17a03fe220b37dbfa
 F test/fuzz.test 96083052bf5765e4518c1ba686ce2bab785670d1
 F test/fuzz2.test 76dc35b32b6d6f965259508508abce75a6c4d7e1
 F test/fuzz3.test 9c813e6613b837cb7a277b0383cd66bfa07042b4cf0317157c35852f30043c31
+F test/fuzz4.test c229bcdb45518a89e1d208a21343e061503460ac69fae1539320a89f572eb634
 F test/fuzz_common.tcl a87dfbb88c2a6b08a38e9a070dabd129e617b45b
 F test/fuzz_malloc.test f348276e732e814802e39f042b1f6da6362a610af73a528d8f76898fde6b22f2
 F test/fuzzcheck.c fda41c0e4e667fae96b002410bb19cece7a33314264ed6bbc6d012909ee9fd58
@@ -1783,7 +1784,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 23b62fb160d86dc9d9073bcc714601f5b7695f96abd893eafecf4b2e565b87f2
-R a39727945ca7912bc94ab91e69c8cc57
+P 5c7dab85535ac42c021977dbd4a39cef5a72e3d9dccff1c5ca5570a1780516cd
+R 0ae00823933e8977db9828c75b6fa876
 U drh
-Z 482c7d62a8f6c65ee861ef4194edc7e1
+Z 040e7dcdd570ef4d870244a63c0ef36b
diff --git a/manifest.uuid b/manifest.uuid
index ce48281f2..ab4b18d6f 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-5c7dab85535ac42c021977dbd4a39cef5a72e3d9dccff1c5ca5570a1780516cd
-\ No newline at end of file
+2b690dbdffe144bd69ca0aa291c230faf3d9d73f7a2985d50f016fe54003f9a9
+\ No newline at end of file
diff --git a/src/expr.c b/src/expr.c
index b4d101451..5d3650201 100644
--- a/src/expr.c
+++ b/src/expr.c
@@ -141,8 +141,8 @@ CollSeq *sqlite3ExprCollSeq(Parse *pParse, Expr *pExpr){
   while( p ){
     int op = p->op;
     if( p->flags & EP_Generic ) break;
-    if( (op==TK_AGG_COLUMN || op==TK_COLUMN
-          || op==TK_REGISTER || op==TK_TRIGGER)
+    if( op==TK_REGISTER ) op = p->op2;
+    if( (op==TK_AGG_COLUMN || op==TK_COLUMN || op==TK_TRIGGER)
      && p->y.pTab!=0
     ){
       /* op==TK_REGISTER && p->y.pTab!=0 happens when pExpr was originally
@@ -158,7 +158,7 @@ CollSeq *sqlite3ExprCollSeq(Parse *pParse, Expr *pExpr){
       p = p->pLeft;
       continue;
     }
-    if( op==TK_COLLATE || (op==TK_REGISTER && p->op2==TK_COLLATE) ){
+    if( op==TK_COLLATE ){
       pColl = sqlite3GetCollSeq(pParse, ENC(db), 0, p->u.zToken);
       break;
     }
diff --git a/test/fuzz4.test b/test/fuzz4.test
new file mode 100644
index 000000000..821cd1655
--- /dev/null
+++ b/test/fuzz4.test
@@ -0,0 +1,82 @@
+# 2018-12-12
+#
+# The author disclaims copyright to this source code.  In place of
+# a legal notice, here is a blessing:
+#
+#    May you do good and not evil.
+#    May you find forgiveness for yourself and forgive others.
+#    May you share freely, never taking more than you give.
+#
+#***********************************************************************
+# 
+# Test cases found by Matthew Denton's fuzzer at Chrome.
+#
+
+
+set testdir [file dirname $argv0]
+source $testdir/tester.tcl
+
+do_execsql_test fuzz4-100 {
+  CREATE TABLE Table0 (Col0  NOT NULL DEFAULT (CURRENT_TIME IS 1 > 1));
+  INSERT OR REPLACE INTO Table0 DEFAULT VALUES ;
+  SELECT * FROM Table0;
+} {0}
+
+do_execsql_test fuzz4-110 {
+  CREATE TABLE Table1(
+    Col0 TEXT DEFAULT (CASE WHEN 1 IS 3530822107858468864 
+                            THEN 1 ELSE quote(1) IS 3530822107858468864 END)
+  );
+  INSERT INTO Table1 DEFAULT VALUES;
+  SELECT * FROM Table1;
+} {0}
+
+do_execsql_test fuzz4-200 {
+  CREATE TABLE Table2a(
+     Col0  NOT NULL   DEFAULT (CURRENT_TIME IS 1  IS NOT 1  > 1)
+  );
+  INSERT OR REPLACE INTO Table2a DEFAULT VALUES;
+  SELECT * FROM Table2a;
+} {0}
+
+do_execsql_test fuzz4-210 {
+  CREATE TABLE Table2b (Col0  NOT NULL  DEFAULT (CURRENT_TIME  IS NOT FALSE)) ;
+  INSERT OR REPLACE INTO Table2b DEFAULT VALUES ;
+  SELECT * FROM Table2b;
+} {1}
+
+do_execsql_test fuzz4-300 {
+  CREATE TABLE Table3 (Col0 DEFAULT (CURRENT_TIMESTAMP BETWEEN 1 AND 1));
+  INSERT INTO Table3 DEFAULT VALUES;
+  SELECT * FROM Table3;
+} {0}
+
+do_execsql_test fuzz4-400 {
+  CREATE TABLE Table4 (Col0 DEFAULT (1 BETWEEN CURRENT_TIMESTAMP AND 1));
+  INSERT INTO Table4 DEFAULT VALUES;
+  SELECT * FROM Table4;
+} {0}
+
+do_execsql_test fuzz4-500 {
+  CREATE TABLE Table5 (Col0 DEFAULT (1 BETWEEN 1 AND CURRENT_TIMESTAMP));
+  INSERT INTO Table5 DEFAULT VALUES;
+  SELECT * FROM Table5;
+} {1}
+
+do_execsql_test fuzz4-600 {
+  CREATE TEMPORARY TABLE Table6(
+    Col0 DEFAULT (CASE x'5d' WHEN 1 THEN
+        CASE CURRENT_TIMESTAMP WHEN 1 THEN 1 ELSE 1 END
+        ELSE CASE WHEN 1 THEN FALSE END  END )
+  );
+  INSERT INTO temp.Table6 DEFAULT VALUES ;
+  SELECT * FROM Table6;
+} {0}
+do_execsql_test fuzz4-610 {
+  WITH TableX AS (SELECT DISTINCT * ORDER BY 1  , 1 COLLATE RTRIM)
+      DELETE FROM Table6  WHERE Col0 || +8388608  ;
+  SELECT * FROM Table6;
+} {}
+
+
+finish_test
author	drh <drh@noemail.net>	2018-12-12 21:34:17 +0000
committer	drh <drh@noemail.net>	2018-12-12 21:34:17 +0000
commit	cb0e04f9295fa954559b5893484b0e23c48d63a6 (patch)
tree	d01f22d74d16f0fd105fdbbd8761c7974dcfa0c4
parent	89b6de0357a499209c13cf66a3cc406f26f67e6f (diff)
download	sqlite-cb0e04f9295fa954559b5893484b0e23c48d63a6.tar.gz sqlite-cb0e04f9295fa954559b5893484b0e23c48d63a6.zip