From b663587890f557c9926964710f6f1e8121040c88 Mon Sep 17 00:00:00 2001
From: drh <drh@noemail.net>
Date: Mon, 31 Mar 2014 13:42:42 +0000
Subject: [PATCH 1/4] Avoid a (harmless) buffer overread that is possible on an
 OOM when MEMSYS5 is engaged.

FossilOrigin-Name: b3296267fb67b9f59719a37093253062edde3746
---
 manifest      | 12 ++++++------
 manifest.uuid |  2 +-
 src/mem5.c    |  2 +-
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/manifest b/manifest
index 52d212de1d..887bb92f5b 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Disable\sthe\swal64k.test\sscript\sfor\snon-unix\ssystems\ssince\sit\sdepends\son\nunix-only\sfeatures.
-D 2014-03-28T14:41:35.536
+C Avoid\sa\s(harmless)\sbuffer\soverread\sthat\sis\spossible\son\san\sOOM\swhen\nMEMSYS5\sis\sengaged.
+D 2014-03-31T13:42:42.977
 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
 F Makefile.in 2ef13430cd359f7b361bb863504e227b25cc7f81
 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
@@ -192,7 +192,7 @@ F src/mem0.c 6a55ebe57c46ca1a7d98da93aaa07f99f1059645
 F src/mem1.c c0c990fcaddff810ea277b4fb5d9138603dd5d4b
 F src/mem2.c dce31758da87ec2cfa52ba4c5df1aed6e07d8e8f
 F src/mem3.c 61c9d47b792908c532ca3a62b999cf21795c6534
-F src/mem5.c aeb019f271ea53de83d651ec526877e6ba863450
+F src/mem5.c 74670012946c4adc8a6ad84d03acc80959c3e529
 F src/memjournal.c 0683aac6cab6ec2b5374c0db37c0deb2436a3785
 F src/mutex.c d3b66a569368015e0fcb1ac15f81c119f504d3bc
 F src/mutex.h 5bc526e19dccc412b7ff04642f6fdad3fdfdabea
@@ -1159,7 +1159,7 @@ F tool/vdbe_profile.tcl 67746953071a9f8f2f668b73fe899074e2c6d8c1
 F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
 F tool/warnings.sh d1a6de74685f360ab718efda6265994b99bbea01
 F tool/win/sqlite.vsix 030f3eeaf2cb811a3692ab9c14d021a75ce41fff
-P a4e47150f32b3a4120b1f89ccc66d633d829e3bb
-R 578568415288cd31fe0adba6128329da
+P 27deb6e49bcc76714dbdc61b34748603155ac770
+R 74e3f11f049d7792447568e00e413b7f
 U drh
-Z 045e2748905f8bd05ecf1197b97d7f20
+Z 4989508149fff1b415b46911a02fce9e
diff --git a/manifest.uuid b/manifest.uuid
index d9c988d4d5..70f95ac337 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-27deb6e49bcc76714dbdc61b34748603155ac770
\ No newline at end of file
+b3296267fb67b9f59719a37093253062edde3746
\ No newline at end of file
diff --git a/src/mem5.c b/src/mem5.c
index 5d75611a32..67615bb964 100644
--- a/src/mem5.c
+++ b/src/mem5.c
@@ -248,7 +248,7 @@ static void *memsys5MallocUnsafe(int nByte){
   ** block.  If not, then split a block of the next larger power of
   ** two in order to create a new free block of size iLogsize.
   */
-  for(iBin=iLogsize; mem5.aiFreelist[iBin]<0 && iBin<=LOGMAX; iBin++){}
+  for(iBin=iLogsize; iBin<=LOGMAX && mem5.aiFreelist[iBin]<0; iBin++){}
   if( iBin>LOGMAX ){
     testcase( sqlite3GlobalConfig.xLog!=0 );
     sqlite3_log(SQLITE_NOMEM, "failed to allocate %u bytes", nByte);

From 54d0d2dd9a5898ac33363877b0aba360a81d1d5e Mon Sep 17 00:00:00 2001
From: drh <drh@noemail.net>
Date: Thu, 3 Apr 2014 00:32:13 +0000
Subject: [PATCH 2/4] In the command-line shell, run set writable_schema before
 running the ".clone" command.

FossilOrigin-Name: 9d2ae6342c8afa904bec591ebe134ff7f536b71c
---
 manifest      | 12 ++++++------
 manifest.uuid |  2 +-
 src/shell.c   |  2 ++
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/manifest b/manifest
index 887bb92f5b..8f224e8e55 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Avoid\sa\s(harmless)\sbuffer\soverread\sthat\sis\spossible\son\san\sOOM\swhen\nMEMSYS5\sis\sengaged.
-D 2014-03-31T13:42:42.977
+C In\sthe\scommand-line\sshell,\srun\sset\swritable_schema\sbefore\srunning\sthe\n".clone"\scommand.
+D 2014-04-03T00:32:13.777
 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
 F Makefile.in 2ef13430cd359f7b361bb863504e227b25cc7f81
 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
@@ -218,7 +218,7 @@ F src/random.c d10c1f85b6709ca97278428fd5db5bbb9c74eece
 F src/resolve.c 273d5f47c4e2c05b2d3d2bffeda939551ab59e66
 F src/rowset.c 64655f1a627c9c212d9ab497899e7424a34222e0
 F src/select.c 269c3e31a450fce642a10569221a49180348c88e
-F src/shell.c cee9f46f2688a261601b1fd3d7f4b3cddf9b5cdf
+F src/shell.c 5260f2ada8dd06e9f5ae0a448c8c01e7a75dd881
 F src/sqlite.h.in a2ef671f92747a5a1c8a47bad5c585a8dd9eca80
 F src/sqlite3.rc 11094cc6a157a028b301a9f06b3d03089ea37c3e
 F src/sqlite3ext.h 886f5a34de171002ad46fae8c36a7d8051c190fc
@@ -1159,7 +1159,7 @@ F tool/vdbe_profile.tcl 67746953071a9f8f2f668b73fe899074e2c6d8c1
 F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
 F tool/warnings.sh d1a6de74685f360ab718efda6265994b99bbea01
 F tool/win/sqlite.vsix 030f3eeaf2cb811a3692ab9c14d021a75ce41fff
-P 27deb6e49bcc76714dbdc61b34748603155ac770
-R 74e3f11f049d7792447568e00e413b7f
+P b3296267fb67b9f59719a37093253062edde3746
+R 3857796e3bb74e57525267a0574c950a
 U drh
-Z 4989508149fff1b415b46911a02fce9e
+Z e5eef1fbe323934e85f2b63b760c4a7b
diff --git a/manifest.uuid b/manifest.uuid
index 70f95ac337..e11bac748d 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-b3296267fb67b9f59719a37093253062edde3746
\ No newline at end of file
+9d2ae6342c8afa904bec591ebe134ff7f536b71c
\ No newline at end of file
diff --git a/src/shell.c b/src/shell.c
index 1313112709..f380962a86 100644
--- a/src/shell.c
+++ b/src/shell.c
@@ -2130,10 +2130,12 @@ static void tryToClone(struct callback_data *p, const char *zNewDb){
     fprintf(stderr, "Cannot create output database: %s\n",
             sqlite3_errmsg(newDb));
   }else{
+    sqlite3_exec(p->db, "PRAGMA writable_schema=ON;", 0, 0, 0);
     sqlite3_exec(newDb, "BEGIN EXCLUSIVE;", 0, 0, 0);
     tryToCloneSchema(p, newDb, "type='table'", tryToCloneData);
     tryToCloneSchema(p, newDb, "type!='table'", 0);
     sqlite3_exec(newDb, "COMMIT;", 0, 0, 0);
+    sqlite3_exec(p->db, "PRAGMA writable_schema=OFF;", 0, 0, 0);
   }
   sqlite3_close(newDb);
 }

From 831116d1646b01498ca8d7d2b2280eaaea61052b Mon Sep 17 00:00:00 2001
From: drh <drh@noemail.net>
Date: Thu, 3 Apr 2014 14:31:00 +0000
Subject: [PATCH 3/4] Fix a typo in the "Synopsis:" comment for the OP_VFilter
 opcode.

FossilOrigin-Name: 48ecdd4aff03741f96c070dced69c3c273b652cb
---
 manifest      | 12 ++++++------
 manifest.uuid |  2 +-
 src/vdbe.c    |  2 +-
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/manifest b/manifest
index 8f224e8e55..a63a365841 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C In\sthe\scommand-line\sshell,\srun\sset\swritable_schema\sbefore\srunning\sthe\n".clone"\scommand.
-D 2014-04-03T00:32:13.777
+C Fix\sa\stypo\sin\sthe\s"Synopsis:"\scomment\sfor\sthe\sOP_VFilter\sopcode.
+D 2014-04-03T14:31:00.074
 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
 F Makefile.in 2ef13430cd359f7b361bb863504e227b25cc7f81
 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
@@ -278,7 +278,7 @@ F src/update.c 5b3e74a03b3811e586b4f2b4cbd7c49f01c93115
 F src/utf.c 6dc9ec9f1b3db43ae8ba0365377f11df1ee4c01c
 F src/util.c c46c90459ef9bdc0c6c73803cf4c55425b4771cf
 F src/vacuum.c 3728d74919d4fb1356f9e9a13e27773db60b7179
-F src/vdbe.c 74c7386e83eee56f921a17bb4a0396c9551f5bc7
+F src/vdbe.c e811a0081149fb90db367026d154cd7efb3c7098
 F src/vdbe.h 394464909ed682334aa3d5831aae0c2fe2abef94
 F src/vdbeInt.h e6d83e5bfd62fc6685ba1ed6153f7099f82de9f7
 F src/vdbeapi.c 0ed6053f947edd0b30f64ce5aeb811872a3450a4
@@ -1159,7 +1159,7 @@ F tool/vdbe_profile.tcl 67746953071a9f8f2f668b73fe899074e2c6d8c1
 F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
 F tool/warnings.sh d1a6de74685f360ab718efda6265994b99bbea01
 F tool/win/sqlite.vsix 030f3eeaf2cb811a3692ab9c14d021a75ce41fff
-P b3296267fb67b9f59719a37093253062edde3746
-R 3857796e3bb74e57525267a0574c950a
+P 9d2ae6342c8afa904bec591ebe134ff7f536b71c
+R 06523ad1e0d97e48aa9a162217a28d3b
 U drh
-Z e5eef1fbe323934e85f2b63b760c4a7b
+Z 64c7c8526eed6d4962d61576f8ab00f6
diff --git a/manifest.uuid b/manifest.uuid
index e11bac748d..5984b7794c 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-9d2ae6342c8afa904bec591ebe134ff7f536b71c
\ No newline at end of file
+48ecdd4aff03741f96c070dced69c3c273b652cb
\ No newline at end of file
diff --git a/src/vdbe.c b/src/vdbe.c
index 84f720b526..2d1d23e079 100644
--- a/src/vdbe.c
+++ b/src/vdbe.c
@@ -5929,7 +5929,7 @@ case OP_VOpen: {
 
 #ifndef SQLITE_OMIT_VIRTUALTABLE
 /* Opcode: VFilter P1 P2 P3 P4 *
-** Synopsis: iPlan=r[P3] zPlan='P4'
+** Synopsis: iplan=r[P3] zplan='P4'
 **
 ** P1 is a cursor opened using VOpen.  P2 is an address to jump to if
 ** the filtered result set is empty.

From c438df1be06f636ef68265f083aff4af95d326e6 Mon Sep 17 00:00:00 2001
From: drh <drh@noemail.net>
Date: Thu, 3 Apr 2014 16:29:31 +0000
Subject: [PATCH 4/4] Use OP_Copy instead of OP_SCopy when moving results out
 of a subquery, to prevent the subquery results from changing out from under
 the outer query.  Fix for ticket [1e64dd782a126f48d78].

FossilOrigin-Name: d5513dfa23baa0b0a095aaf17d19aacd30dcef61
---
 manifest         | 15 ++++++++-------
 manifest.uuid    |  2 +-
 src/where.c      |  2 +-
 test/whereG.test | 13 +++++++++++++
 4 files changed, 23 insertions(+), 9 deletions(-)

diff --git a/manifest b/manifest
index a63a365841..4bcee0a832 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Fix\sa\stypo\sin\sthe\s"Synopsis:"\scomment\sfor\sthe\sOP_VFilter\sopcode.
-D 2014-04-03T14:31:00.074
+C Use\sOP_Copy\sinstead\sof\sOP_SCopy\swhen\smoving\sresults\sout\sof\sa\ssubquery,\nto\sprevent\sthe\ssubquery\sresults\sfrom\schanging\sout\sfrom\sunder\sthe\souter\nquery.\s\sFix\sfor\sticket\s[1e64dd782a126f48d78].
+D 2014-04-03T16:29:31.330
 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
 F Makefile.in 2ef13430cd359f7b361bb863504e227b25cc7f81
 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
@@ -291,7 +291,7 @@ F src/vtab.c 21b932841e51ebd7d075e2d0ad1415dce8d2d5fd
 F src/wal.c 76e7fc6de229bea8b30bb2539110f03a494dc3a8
 F src/wal.h df01efe09c5cb8c8e391ff1715cca294f89668a4
 F src/walker.c 11edb74d587bc87b33ca96a5173e3ec1b8389e45
-F src/where.c 7d539cedb1c6a6d6b5d2075b8fea3a48db4838eb
+F src/where.c ebad891b7494d0c5f925cf7ab135380bd958cba3
 F src/whereInt.h 2564055b440e44ebec8b47f237bbccae6719b7af
 F test/8_3_names.test ebbb5cd36741350040fd28b432ceadf495be25b2
 F test/aggerror.test a867e273ef9e3d7919f03ef4f0e8c0d2767944f2
@@ -1092,7 +1092,7 @@ F test/whereC.test d6f4ecd4fa2d9429681a5b22a25d2bda8e86ab8a
 F test/whereD.test 6c2feb79ef1f68381b07f39017fe5f9b96da8d62
 F test/whereE.test b3a055eef928c992b0a33198a7b8dc10eea5ad2f
 F test/whereF.test 5b2ba0dbe8074aa13e416b37c753991f0a2492d7
-F test/whereG.test eb3a46b3eaf38e25e3013433b2db8a25a866c215
+F test/whereG.test 2533b72ed4a31fd1687230a499b557b911525344
 F test/wherelimit.test 5e9fd41e79bb2b2d588ed999d641d9c965619b31
 F test/wild001.test bca33f499866f04c24510d74baf1e578d4e44b1c
 F test/win32heap.test ea19770974795cff26e11575e12d422dbd16893c
@@ -1159,7 +1159,8 @@ F tool/vdbe_profile.tcl 67746953071a9f8f2f668b73fe899074e2c6d8c1
 F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
 F tool/warnings.sh d1a6de74685f360ab718efda6265994b99bbea01
 F tool/win/sqlite.vsix 030f3eeaf2cb811a3692ab9c14d021a75ce41fff
-P 9d2ae6342c8afa904bec591ebe134ff7f536b71c
-R 06523ad1e0d97e48aa9a162217a28d3b
+P 48ecdd4aff03741f96c070dced69c3c273b652cb
+Q +ec6a06246e04eee5f25f1c28507df73b697099c0
+R b6a2fefa5b61ea0e64da4db2aaa10286
 U drh
-Z 64c7c8526eed6d4962d61576f8ab00f6
+Z f1f1ceb5f31f4e26d736a13a2a5aca0f
diff --git a/manifest.uuid b/manifest.uuid
index 5984b7794c..601b0b4f2e 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-48ecdd4aff03741f96c070dced69c3c273b652cb
\ No newline at end of file
+d5513dfa23baa0b0a095aaf17d19aacd30dcef61
\ No newline at end of file
diff --git a/src/where.c b/src/where.c
index 93ee8c59c3..dd6893f69f 100644
--- a/src/where.c
+++ b/src/where.c
@@ -5924,7 +5924,7 @@ void sqlite3WhereEnd(WhereInfo *pWInfo){
       for(; k<last; k++, pOp++){
         if( pOp->p1!=pLevel->iTabCur ) continue;
         if( pOp->opcode==OP_Column ){
-          pOp->opcode = OP_SCopy;
+          pOp->opcode = OP_Copy;
           pOp->p1 = pOp->p2 + pTabItem->regResult;
           pOp->p2 = pOp->p3;
           pOp->p3 = 0;
diff --git a/test/whereG.test b/test/whereG.test
index 490fffe64e..17d5653223 100644
--- a/test/whereG.test
+++ b/test/whereG.test
@@ -166,5 +166,18 @@ do_eqp_test whereG-3.4 {
   SELECT * FROM a, b WHERE a2=5 AND a1=b1;
 } {/.*SCAN TABLE a.*SEARCH TABLE b USING INDEX .*b_1 .b1=..*/}
 
+# Ticket [1e64dd782a126f48d78c43a664844a41d0e6334e]:
+# Incorrect result in a nested GROUP BY/DISTINCT due to the use of an OP_SCopy
+# where an OP_Copy was needed.
+#
+do_execsql_test whereG-4.0 {
+  CREATE TABLE t4(x);
+  INSERT INTO t4 VALUES('right'),('wrong');
+  SELECT DISTINCT x
+   FROM (SELECT x FROM t4 GROUP BY x)
+   WHERE x='right'
+   ORDER BY x;
+} {right}
+
 
 finish_test