| From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
| From: Darwin Huang <huangdarwin@chromium.org> |
| Date: Tue, 7 Jan 2020 13:42:03 -0800 |
| Subject: [PATCH 21/25] Avoid invalid pointer dereference in ORDER BY |
| |
| Backports https://sqlite.org/src/info/1ca0bd982ab1183bbafce0d260e4dceda5eb766ed2e7793374a88d1ae0bdd2ca |
| |
| Bug: 1038863 |
| --- |
| third_party/sqlite/patched/src/window.c | 2 ++ |
| 1 file changed, 2 insertions(+) |
| |
| diff --git a/third_party/sqlite/patched/src/window.c b/third_party/sqlite/patched/src/window.c |
| index c251cd01974d..2d79ffe63d6d 100644 |
| --- a/third_party/sqlite/patched/src/window.c |
| +++ b/third_party/sqlite/patched/src/window.c |
| @@ -883,9 +883,11 @@ static ExprList *exprListAppendList( |
| int nInit = pList ? pList->nExpr : 0; |
| for(i=0; i<pAppend->nExpr; i++){ |
| Expr *pDup = sqlite3ExprDup(pParse->db, pAppend->a[i].pExpr, 0); |
| + assert( pDup==0 || !ExprHasProperty(pDup, EP_MemToken) ); |
| if( bIntToNull && pDup && pDup->op==TK_INTEGER ){ |
| pDup->op = TK_NULL; |
| pDup->flags &= ~(EP_IntValue|EP_IsTrue|EP_IsFalse); |
| + pDup->u.zToken = 0; |
| } |
| pList = sqlite3ExprListAppend(pParse, pList, pDup); |
| if( pList ) pList->a[nInit+i].sortFlags = pAppend->a[i].sortFlags; |
| -- |
| 2.25.0.rc1.283.g88dfdc4193-goog |
| |