Make sure the authenticator does not try to authenticate columns in

subqueries.   Ticket #1607. (CVS 2939)

FossilOrigin-Name: 55b7dfaf4d3a6d01fffdaf1707e88bcd215d7333

1 files changed, 7 insertions, 2 deletions

diff --git a/src/auth.c b/src/auth.c
index b24976e57..964ae66a6 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -14,7 +14,7 @@
 ** systems that do not need this facility may omit it by recompiling
 ** the library with -DSQLITE_OMIT_AUTHORIZATION=1
 **
-** $Id: auth.c,v 1.23 2006/01/05 11:34:34 danielk1977 Exp $
+** $Id: auth.c,v 1.24 2006/01/13 13:55:45 drh Exp $
 */
 #include "sqliteInt.h"
 
@@ -118,6 +118,11 @@ void sqlite3AuthRead(
   if( pExpr->op==TK_AS ) return;
   assert( pExpr->op==TK_COLUMN );
   iDb = sqlite3SchemaToIndex(pParse->db, pExpr->pSchema);
+  if( iDb<0 ){
+    /* An attempt to read a column out of a subquery or other
+    ** temporary table. */
+    return;
+  }
   for(iSrc=0; pTabList && iSrc<pTabList->nSrc; iSrc++){
     if( pExpr->iTable==pTabList->a[iSrc].iCursor ) break;
   }
@@ -142,7 +147,7 @@ void sqlite3AuthRead(
   }else{
     zCol = "ROWID";
   }
-  assert( iDb<db->nDb );
+  assert( iDb>=0 && iDb<db->nDb );
   zDBase = db->aDb[iDb].zName;
   rc = db->xAuth(db->pAuthArg, SQLITE_READ, pTab->zName, zCol, zDBase, 
                  pParse->zAuthContext);