Fix an obscure memory leak found by libfuzzer that may occur under some circumstances if expanding a "*" expression causes a SELECT to return more than 32767 columns.

FossilOrigin-Name: 60de5f23424552c98aa760ac89149a3d51f895be
author: dan <dan@noemail.net> 2015-11-21 19:43:29 +0000
committer: dan <dan@noemail.net> 2015-11-21 19:43:29 +0000
commit: 8836cbbcb4924f5b78f5749dffc9857acf9b684f (patch)
tree: 33a7f5753e4f5eb670069273742ce7069b56a599 /src
parent: 62aaa6ca885067b241c88cf24a6c40c26df2a9ca (diff)
download: sqlite-8836cbbcb4924f5b78f5749dffc9857acf9b684f.tar.gz
sqlite-8836cbbcb4924f5b78f5749dffc9857acf9b684f.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/src/select.c b/src/select.c
index dc8443e8b..cf486e5b8 100644
--- a/src/select.c
+++ b/src/select.c
@@ -1613,6 +1613,7 @@ int sqlite3ColumnsFromExprList(
     nCol = 0;
     aCol = 0;
   }
+  assert( nCol==(i16)nCol );
   *pnCol = nCol;
   *paCol = aCol;
 
@@ -4455,6 +4456,7 @@ static int selectExpander(Walker *pWalker, Select *p){
 #if SQLITE_MAX_COLUMN
   if( p->pEList && p->pEList->nExpr>db->aLimit[SQLITE_LIMIT_COLUMN] ){
     sqlite3ErrorMsg(pParse, "too many columns in result set");
+    return WRC_Abort;
   }
 #endif
   return WRC_Continue;
author	dan <dan@noemail.net>	2015-11-21 19:43:29 +0000
committer	dan <dan@noemail.net>	2015-11-21 19:43:29 +0000
commit	8836cbbcb4924f5b78f5749dffc9857acf9b684f (patch)
tree	33a7f5753e4f5eb670069273742ce7069b56a599 /src
parent	62aaa6ca885067b241c88cf24a6c40c26df2a9ca (diff)
download	sqlite-8836cbbcb4924f5b78f5749dffc9857acf9b684f.tar.gz sqlite-8836cbbcb4924f5b78f5749dffc9857acf9b684f.zip