Fix a use-after-free error that could occur when processing "SELECT aggregate(DISTINCT <expr>)..." queries.

FossilOrigin-Name: 0e4789860b81c31d3a6d1f9f8340042ce1d08a82bf6119c783fcab85180b1b63
author: dan <Dan Kennedy> 2021-04-08 20:29:12 +0000
committer: dan <Dan Kennedy> 2021-04-08 20:29:12 +0000
commit: bfd6f1bcd5d7744d830e70b7bc72a27011a5e2b5 (patch)
tree: a79bdd74ced785bc6588213934df09aef77bcfda /src
parent: 55938b5fa0cb637ff6fe2bf000122ac110ca0ed0 (diff)
download: sqlite-bfd6f1bcd5d7744d830e70b7bc72a27011a5e2b5.tar.gz
sqlite-bfd6f1bcd5d7744d830e70b7bc72a27011a5e2b5.zip
1 files changed, 5 insertions, 2 deletions
diff --git a/src/select.c b/src/select.c
index 1da3137b1..261696fb6 100644
--- a/src/select.c
+++ b/src/select.c
@@ -6912,8 +6912,10 @@ int sqlite3Select(
       pWInfo = sqlite3WhereBegin(pParse, pTabList, pWhere, pGroupBy, pDistinct,
           WHERE_GROUPBY | (orderByGrp ? WHERE_SORTBYGROUP : 0) | distFlag, 0
       );
-      sqlite3ExprListDelete(db, pDistinct);
-      if( pWInfo==0 ) goto select_end;
+      if( pWInfo==0 ){
+        sqlite3ExprListDelete(db, pDistinct);
+        goto select_end;
+      }
       eDist = sqlite3WhereIsDistinct(pWInfo);
       SELECTTRACE(1,pParse,p,("WhereBegin returns\n"));
       if( sqlite3WhereIsOrdered(pWInfo)==pGroupBy->nExpr ){
@@ -7046,6 +7048,7 @@ int sqlite3Select(
         sqlite3WhereEnd(pWInfo);
         sqlite3VdbeChangeToNoop(v, addrSortingIdx);
       }
+      sqlite3ExprListDelete(db, pDistinct);
 
       /* Output the final row of result
       */
author	dan <Dan Kennedy>	2021-04-08 20:29:12 +0000
committer	dan <Dan Kennedy>	2021-04-08 20:29:12 +0000
commit	bfd6f1bcd5d7744d830e70b7bc72a27011a5e2b5 (patch)
tree	a79bdd74ced785bc6588213934df09aef77bcfda /src
parent	55938b5fa0cb637ff6fe2bf000122ac110ca0ed0 (diff)
download	sqlite-bfd6f1bcd5d7744d830e70b7bc72a27011a5e2b5.tar.gz sqlite-bfd6f1bcd5d7744d830e70b7bc72a27011a5e2b5.zip