Fix a bug in the new WHERE-clause processing that tries to use an

index to resolve IS NOT NULL constraints when SQLITE_ENABLE_STAT2 is
defined.  The bug could cause memory overruns and segfaults.  The bug
was new to the code and has not appeared in an official release.
Found during structural testing.

FossilOrigin-Name: a5c36b9f39ab9629b857ec9c550f3892c0d94fb4

1 files changed, 12 insertions, 10 deletions

diff --git a/src/where.c b/src/where.c
index c6f0cbe3f..a57884c4b 100644
--- a/src/where.c
+++ b/src/where.c
@@ -1354,16 +1354,18 @@ static void exprAnalyze(
 
     idxNew = whereClauseInsert(pWC, pNewExpr,
                               TERM_VIRTUAL|TERM_DYNAMIC|TERM_VNULL);
-    testcase( idxNew==0 );
-    pNewTerm = &pWC->a[idxNew];
-    pNewTerm->leftCursor = pLeft->iTable;
-    pNewTerm->u.leftColumn = pLeft->iColumn;
-    pNewTerm->eOperator = WO_GT;
-    pNewTerm->iParent = idxTerm;
-    pTerm = &pWC->a[idxTerm];
-    pTerm->nChild = 1;
-    pTerm->wtFlags |= TERM_COPIED;
-    pNewTerm->prereqAll = pTerm->prereqAll;
+    if( idxNew ){
+      pNewTerm = &pWC->a[idxNew];
+      pNewTerm->prereqRight = 0;
+      pNewTerm->leftCursor = pLeft->iTable;
+      pNewTerm->u.leftColumn = pLeft->iColumn;
+      pNewTerm->eOperator = WO_GT;
+      pNewTerm->iParent = idxTerm;
+      pTerm = &pWC->a[idxTerm];
+      pTerm->nChild = 1;
+      pTerm->wtFlags |= TERM_COPIED;
+      pNewTerm->prereqAll = pTerm->prereqAll;
+    }
   }
 #endif /* SQLITE_ENABLE_STAT2 */