diff options
| author | drh <> | 2023-01-11 17:59:18 +0000 |
|---|---|---|
| committer | drh <> | 2023-01-11 17:59:18 +0000 |
| commit | d29bcd9d081c41a7085e0735e16a55ce567797df (patch) | |
| tree | 4133e61cbcc98ca5c53b70635dfbef11bac7d837 /src | |
| parent | b609a79f4a9a0666d51db6f0f7c05e90308ed8c2 (diff) | |
| parent | d2467a89fd929bf30120d1715ece107c25215f8a (diff) | |
| download | sqlite-d29bcd9d081c41a7085e0735e16a55ce567797df.tar.gz sqlite-d29bcd9d081c41a7085e0735e16a55ce567797df.zip | |
Fix a false-positive in the out-of-range jump detection logic that was
added as part of RIGHT JOIN.
FossilOrigin-Name: ab5bcb91cda45576ae9f3f272ec92eb3be3c26436a440ebb89f51f49c42e0fd2
Diffstat (limited to 'src')
| -rw-r--r-- | src/vdbe.c | 18 | ||||
| -rw-r--r-- | src/window.c | 12 |
2 files changed, 19 insertions, 11 deletions
diff --git a/src/vdbe.c b/src/vdbe.c index f8cffbac4..92dc1e1ed 100644 --- a/src/vdbe.c +++ b/src/vdbe.c @@ -1150,6 +1150,12 @@ case OP_Halt: { #ifdef SQLITE_DEBUG if( pOp->p2==OE_Abort ){ sqlite3VdbeAssertAbortable(p); } #endif + + /* A deliberately coded "OP_Halt SQLITE_INTERNAL * * * *" opcode indicates + ** something is wrong with the code generator. Raise and assertion in order + ** to bring this to the attention of fuzzers and other testing tools. */ + assert( pOp->p1!=SQLITE_INTERNAL ); + if( p->pFrame && pOp->p1==SQLITE_OK ){ /* Halt the sub-program. Return control to the parent frame. */ pFrame = p->pFrame; @@ -6120,6 +6126,9 @@ case OP_Sort: { /* jump */ ** If the table or index is not empty, fall through to the following ** instruction. ** +** If P2 is zero, that is an assertion that the P1 table is never +** empty and hence the jump will never be taken. +** ** This opcode leaves the cursor configured to move in forward order, ** from the beginning toward the end. In other words, the cursor is ** configured to use Next, not Prev. @@ -6131,6 +6140,8 @@ case OP_Rewind: { /* jump, ncycle */ assert( pOp->p1>=0 && pOp->p1<p->nCursor ); assert( pOp->p5==0 ); + assert( pOp->p2>=0 && pOp->p2<p->nOp ); + pC = p->apCsr[pOp->p1]; assert( pC!=0 ); assert( isSorter(pC)==(pOp->opcode==OP_SorterSort) ); @@ -6150,9 +6161,10 @@ case OP_Rewind: { /* jump, ncycle */ } if( rc ) goto abort_due_to_error; pC->nullRow = (u8)res; - assert( pOp->p2>0 && pOp->p2<p->nOp ); - VdbeBranchTaken(res!=0,2); - if( res ) goto jump_to_p2; + if( pOp->p2>0 ){ + VdbeBranchTaken(res!=0,2); + if( res ) goto jump_to_p2; + } break; } diff --git a/src/window.c b/src/window.c index 1ed3e4921..8dd35ee30 100644 --- a/src/window.c +++ b/src/window.c @@ -2944,8 +2944,7 @@ void sqlite3WindowCodeStep( VdbeCoverageNeverNullIf(v, op==OP_Ge); /* NeverNull because bound <expr> */ VdbeCoverageNeverNullIf(v, op==OP_Le); /* values previously checked */ windowAggFinal(&s, 0); - sqlite3VdbeAddOp2(v, OP_Rewind, s.current.csr, 1); - VdbeCoverageNeverTaken(v); + sqlite3VdbeAddOp1(v, OP_Rewind, s.current.csr); windowReturnOneRow(&s); sqlite3VdbeAddOp1(v, OP_ResetSorter, s.current.csr); sqlite3VdbeAddOp2(v, OP_Goto, 0, lblWhereEnd); @@ -2957,13 +2956,10 @@ void sqlite3WindowCodeStep( } if( pMWin->eStart!=TK_UNBOUNDED ){ - sqlite3VdbeAddOp2(v, OP_Rewind, s.start.csr, 1); - VdbeCoverageNeverTaken(v); + sqlite3VdbeAddOp1(v, OP_Rewind, s.start.csr); } - sqlite3VdbeAddOp2(v, OP_Rewind, s.current.csr, 1); - VdbeCoverageNeverTaken(v); - sqlite3VdbeAddOp2(v, OP_Rewind, s.end.csr, 1); - VdbeCoverageNeverTaken(v); + sqlite3VdbeAddOp1(v, OP_Rewind, s.current.csr); + sqlite3VdbeAddOp1(v, OP_Rewind, s.end.csr); if( regPeer && pOrderBy ){ sqlite3VdbeAddOp3(v, OP_Copy, regNewPeer, regPeer, pOrderBy->nExpr-1); sqlite3VdbeAddOp3(v, OP_Copy, regPeer, s.start.reg, pOrderBy->nExpr-1); |