Fix a corner-case error in the new UPDATE FROM logic helpfully discovered

by OSSFuzz. FossilOrigin-Name: 5cc200939d3a33566ddb858fc74c878acc72cfe5cf4c9b1d08e7b13e4d5ff566
author: drh <drh@noemail.net> 2020-07-20 18:07:35 +0000
committer: drh <drh@noemail.net> 2020-07-20 18:07:35 +0000
commit: 09cf569292aaf37a7678524f8c8270c1f6612c67 (patch)
tree: e761b00c71a7dbdb3996e40921c4453204adcd2d /src
parent: a192807c132854b8da42aad2ba0d03b26751fce4 (diff)
download: sqlite-09cf569292aaf37a7678524f8c8270c1f6612c67.tar.gz
sqlite-09cf569292aaf37a7678524f8c8270c1f6612c67.zip
1 files changed, 8 insertions, 1 deletions
diff --git a/src/select.c b/src/select.c
index 903b90a5d..ebb764573 100644
--- a/src/select.c
+++ b/src/select.c
@@ -1138,7 +1138,14 @@ static void selectInnerLoop(
       {
         int i2 = pDest->iSDParm2;
         int r1 = sqlite3GetTempReg(pParse);
-        sqlite3VdbeAddOp3(v, OP_MakeRecord,regResult+(i2<0),nResultCol-(i2<0),r1);
+
+        /* If the UPDATE FROM join is an aggregate that matches no rows, it
+        ** might still be trying to return one row, because that is what
+        ** aggregates do.  Don't record that empty row in the output table. */
+        sqlite3VdbeAddOp2(v, OP_IsNull, regResult, iBreak); VdbeCoverage(v);
+
+        sqlite3VdbeAddOp3(v, OP_MakeRecord,
+                          regResult+(i2<0), nResultCol-(i2<0), r1);
         if( i2<0 ){
           sqlite3VdbeAddOp3(v, OP_Insert, iParm, r1, regResult);
         }else{
author	drh <drh@noemail.net>	2020-07-20 18:07:35 +0000
committer	drh <drh@noemail.net>	2020-07-20 18:07:35 +0000
commit	09cf569292aaf37a7678524f8c8270c1f6612c67 (patch)
tree	e761b00c71a7dbdb3996e40921c4453204adcd2d /src
parent	a192807c132854b8da42aad2ba0d03b26751fce4 (diff)
download	sqlite-09cf569292aaf37a7678524f8c8270c1f6612c67.tar.gz sqlite-09cf569292aaf37a7678524f8c8270c1f6612c67.zip