diff options
| author | dan <dan@noemail.net> | 2016-08-24 12:22:17 +0000 |
|---|---|---|
| committer | dan <dan@noemail.net> | 2016-08-24 12:22:17 +0000 |
| commit | 7887d7f24d176b75a77dd8a86abcdbb70a83b957 (patch) | |
| tree | 88fc1011b26a03d02285d177d3dc1e9a1128c233 /src/wherecode.c | |
| parent | ac6b47d164a73101d700f244384a2339f31a8e5b (diff) | |
| download | sqlite-7887d7f24d176b75a77dd8a86abcdbb70a83b957.tar.gz sqlite-7887d7f24d176b75a77dd8a86abcdbb70a83b957.zip | |
Fix a buffer overrun in the code for handling IN(...) operators when the LHS of the operator contains indexed columns or expressions.
FossilOrigin-Name: f41a0391b732a8c4ad188163f34a0f4a22237bb5
Diffstat (limited to 'src/wherecode.c')
| -rw-r--r-- | src/wherecode.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/wherecode.c b/src/wherecode.c index fbf6ad194..65079872e 100644 --- a/src/wherecode.c +++ b/src/wherecode.c @@ -471,7 +471,7 @@ static int codeEqualityTerm( if( pIn ){ int iMap = 0; /* Index in aiMap[] */ pIn += i; - for(i=iEq;i<pLoop->nLTerm; i++, pIn++){ + for(i=iEq;i<pLoop->nLTerm; i++){ int iOut = iReg; if( pLoop->aLTerm[i]->pExpr==pX ){ if( eType==IN_INDEX_ROWID ){ @@ -489,6 +489,7 @@ static int codeEqualityTerm( }else{ pIn->eEndLoopOp = OP_Noop; } + pIn++; } } }else{ |