diff --git a/manifest b/manifest index 27d2ab24de..165aebdb5e 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Limit\sthe\ssize\sof\sSrcList\sobjects\sto\s200\sentries\s(compile-time\sconfigurable\nusing\s-DSQLITE_MAX_SRCLIST=n).\s\sThe\smaximum\snumber\sof\stables\sin\sa\sjoin\shas\nalways\sbeen\s64,\sso\sthis\sis\snot\sa\sreal\sconstraint\son\scapability.\s\sLimiting\sthe\nsize\sof\sa\sSrcList\sprevents\sDOS\sattacks\s(discovered\sby\sOSSFuzz)\susing\scrazy\nnexted\sCTE\sjoins. -D 2019-01-17T14:34:46.282 +C Revamp\sthe\sSrcList\sallocator\sroutines\sto\sbe\smethods\sof\sParse\sinstead\sof\nbeing\smethods\sof\sthe\s"sqlite3"\sobject,\sso\sthat\sthey\scan\sleave\sbetter\serror\nmessages\swhen\sthe\sSrcList\sobject\sgrows\stoo\slarge. +D 2019-01-17T15:40:41.525 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F Makefile.in 2a9d0331ab57c68173a4c2fe9046fe89c4d916a888e04dd7a2d36958c2bff777 @@ -457,17 +457,17 @@ F src/btmutex.c 8acc2f464ee76324bf13310df5692a262b801808984c1b79defb2503bbafadb6 F src/btree.c a1030989a43bb21fde08fbe26e201009b70956560e5663317106f75c45937ac9 F src/btree.h febb2e817be499570b7a2e32a9bbb4b607a9234f6b84bb9ae84916d4806e96f2 F src/btreeInt.h 620ab4c7235f43572cf3ac2ac8723cbdf68073be4d29da24897c7b77dda5fd96 -F src/build.c eb0ab28d8e7ab0e567d67a86208abd2409f8a378a1333e209a72fde95c407d37 +F src/build.c f07c0b154c23737d1699ee63bba31c8ca8b323e2446b957bc6bfec81a62295fc F src/callback.c 25dda5e1c2334a367b94a64077b1d06b2553369f616261ca6783c48bcb6bda73 F src/complete.c a3634ab1e687055cd002e11b8f43eb75c17da23e F src/ctime.c 109e58d00f62e8e71ee1eb5944ac18b90171c928ab2e082e058056e1137cc20b F src/date.c ebe1dc7c8a347117bb02570f1a931c62dd78f4a2b1b516f4837d45b7d6426957 F src/dbpage.c 135eb3b5e74f9ef74bde5cec2571192c90c86984fa534c88bf4a055076fa19b7 F src/dbstat.c c12833de69cb655751487d2c5a59607e36be1c58ba1f4bd536609909ad47b319 -F src/delete.c 209cd8345b15d1843abeff2d91a6d9c765cf32ff4abcb24411c38fe08e18baab +F src/delete.c d08c9e01a2664afd12edcfa3a9c6578517e8ff8735f35509582693adbe0edeaf F src/expr.c b660eb4d6d273946a8341efb9d38320ddceb9c2931d04478c74b85c35e053a5e F src/fault.c 460f3e55994363812d9d60844b2a6de88826e007 -F src/fkey.c aaf28be73ab21e1e8bf4ac6b94269ebc8c93238d1e6997cb44b527b622e8ae6f +F src/fkey.c bd0138acdc008c1845ccf92f8e73787880562de649471804801c06fed814c765 F src/func.c 6cf832abbc2815fdb46fee654df32a66ab77deb47bf4cff04a5774dafecd497a F src/global.c 8291eee0782b83124de14ec0389ec9fd6ae1873358a6b0d9469fe17a46ad803b F src/hash.c a12580e143f10301ed5166ea4964ae2853d3905a511d4e0c44497245c7ce1f7a @@ -502,7 +502,7 @@ F src/os_win.c 85d9e532d0444ab6c16d7431490c2e279e282aa0917b0e988996b1ae0de5c5a0 F src/os_win.h 7b073010f1451abe501be30d12f6bc599824944a F src/pager.c 75e0f3cfa3962c714f519f8a3d1e67ecca1c91de0e010a036b988e40ce9e4c73 F src/pager.h 217921e81eb5fe455caa5cda96061959706bcdd29ddb57166198645ef7822ac3 -F src/parse.y e801b38c434b9cb30506dcf8e16b5641a5d54f26ca957a8313372c5156ded86e +F src/parse.y 489673ac424c1d3ec3c97f65df572652b32a47bbcee5be1492ad7d4874d47430 F src/pcache.c 696a01f1a6370c1b50a09c15972bc3bee3333f8fcd1f2da8e9a76b1b062c59ee F src/pcache.h 4f87acd914cef5016fae3030343540d75f5b85a1877eed1a2a19b9f284248586 F src/pcache1.c fffd5250a323579384a3b3904302b9fe87e186ba24602af3013f749a0234ae98 @@ -513,12 +513,12 @@ F src/printf.c 0f1177cf1dd4d7827bf64d840768514ec76409abecaca9e8b577dbd065150381 F src/random.c 80f5d666f23feb3e6665a6ce04c7197212a88384 F src/resolve.c a40867ce07a9b58121d6f9a8fc969555d3c9bdcb6c2b5fc202670815af8dbd91 F src/rowset.c d977b011993aaea002cab3e0bb2ce50cf346000dff94e944d547b989f4b1fe93 -F src/select.c 5cbd6ab60bd017cf5857f9153680a64d04678a9d2a0ea56b90cae2f61deb18b3 +F src/select.c f7260c833c87c52ac187bc160ccc675a67d5a226cacd7eb1cdcb3c3ff25bde76 F src/shell.c.in b3cd745b53439674fdc3dc4db12e094d11cff91495be68bb09ac52726084b583 F src/sqlite.h.in b54cd42d2f3b739a00de540cafe2dcd0de3b8e1748a2db33a68def487e9e602f F src/sqlite3.rc 5121c9e10c3964d5755191c80dd1180c122fc3a8 F src/sqlite3ext.h 960f1b86c3610fa23cb6a267572a97dcf286e77aa0dd3b9b23292ffaa1ea8683 -F src/sqliteInt.h 348bc49c8e03865d1bdbe350e3e5708af972210d92307c5b467caa25544705c0 +F src/sqliteInt.h a2330a569d8c5461aa35fe3ad29a1885e13ddfd07088a3e833131490c3a99ca9 F src/sqliteLimit.h 1513bfb7b20378aa0041e7022d04acb73525de35b80b252f1b83fedb4de6a76b F src/status.c 46e7aec11f79dad50965a5ca5fa9de009f7d6bde08be2156f1538a0a296d4d0e F src/table.c b46ad567748f24a326d9de40e5b9659f96ffff34 @@ -578,7 +578,7 @@ F src/test_wsd.c 41cadfd9d97fe8e3e4e44f61a4a8ccd6f7ca8fe9 F src/threads.c 4ae07fa022a3dc7c5beb373cf744a85d3c5c6c3c F src/tokenize.c c8af4feebd8bf5a4d60a14018d91f61013f658ec864dfce7661bae73d86b3191 F src/treeview.c c6ff90da4cc1813ff2d9bb11f17d4d927db62c47e552faa1835edc47269d753d -F src/trigger.c 77546bf525854aa4dc09f3a0450fa801c3e99d5f13a3eb2efd07bfe521e3b5d6 +F src/trigger.c bb034c08eca111e66a19cda045903a12547c1be2294b5570d794b869d9c44a73 F src/update.c 4e630e47852e206d0b29ec63ea0402e0b7ba328a1c19dd645ae8ac7bd0a378cf F src/upsert.c 0dd81b40206841814d46942a7337786932475f085716042d0cb2fc7791bf8ca4 F src/utf.c 810fbfebe12359f10bc2a011520a6e10879ab2a163bcb26c74768eab82ea62a5 @@ -602,7 +602,7 @@ F src/where.c dc293ea4230adf9a323fb2e5750eff565347567a3cd6538f7d0fa93b11c2baae F src/whereInt.h 5f14db426ca46a83eabab1ae9aa6d4b8f27504ad35b64c290916289b1ddb2e88 F src/wherecode.c 89d2ec668aec884dfa7ac500c6744e42ec0590fcd72fb740a8b48326a8412811 F src/whereexpr.c 36b47f7261d6b6f1a72d774c113b74beddf6745aba1018e64b196e29db233442 -F src/window.c 5950fb4dd9fd5dcefffd082fa2b8832ca8bef2d2297a151929ce06aeb4f58139 +F src/window.c 1f4f7c69f23992b91c82e71fe47dd4e3ed70ceae12ce5ca6a1e757fdb158dcae F test/8_3_names.test ebbb5cd36741350040fd28b432ceadf495be25b2 F test/affinity2.test a6d901b436328bd67a79b41bb0ac2663918fe3bd F test/affinity3.test 6a101af2fc945ce2912f6fe54dd646018551710d @@ -1681,7 +1681,7 @@ F test/window4.test c5d6bf3403e4ade2f19df2afe4c16f29fb817c392c6c1c8017edb7165c19 F test/window5.test d328dd18221217c49c144181975eea17339eaeaf0e9aa558cee3afb84652821e F test/window6.test 5eae4ae7a590ccf1e605880969ca0bad3955616ac91cad3031baea38748badb3 F test/windowfault.test 12ceb6bbb355d13e8fcd88c5731a57256dfdf77b9a7ae20842a76fcd4623df5b -F test/with1.test ff15177e0ee6d3c8f89cf309410148f2f1bd4f0d67224223455b95460a577ebb +F test/with1.test f1fcc3e35e5c8729f63bb91c4122c05130ce65838f72156c973cac1d1a29b9e4 F test/with2.test e0030e2f0267a910d6c0e4f46f2dfe941c1cc0d4f659ba69b3597728e7e8f1ab F test/with3.test 8d26920c88283e0a473ceebd3451554922108ce7b2a6a1157c47eb0a7011212c F test/with4.test 257be66c0c67fee1defbbac0f685c3465e2cad037f21ce65f23f86084f198205 @@ -1800,7 +1800,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 9a425051e7ba59e797636f5cf32b5f6efafdb21c8d5300e099b8008b829c1439 -R f3aab0ca635e2360149e2d627d6e008d +P 7cac614d5df55eb092b863163483b6782b942b21bd15fd787576fef5619fa849 +R da09aa743220f427a887585645e049c3 U drh -Z a156b7037d7ea15cc025fd5eab01a1d7 +Z ff9e28f4d3d071b71e3451811b9f6688 diff --git a/manifest.uuid b/manifest.uuid index dedb24b220..8b5cfe7559 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -7cac614d5df55eb092b863163483b6782b942b21bd15fd787576fef5619fa849 \ No newline at end of file +df08d472b090b212fb77ce2aae0e1ffe79ae5db4b1accf55e6fdb18e8b0a7098 \ No newline at end of file diff --git a/src/build.c b/src/build.c index ce7014683c..64585f85f9 100644 --- a/src/build.c +++ b/src/build.c @@ -3851,11 +3851,12 @@ int sqlite3IdListIndex(IdList *pList, const char *zName){ ** the iStart value would be 0. The result then would ** be: nil, nil, nil, A, B. ** -** If a memory allocation fails the SrcList is unchanged. The -** db->mallocFailed flag will be set to true. +** If a memory allocation fails or the SrcList becomes too large, leave +** the original SrcList unchanged, return NULL, and leave an error message +** in pParse. */ SrcList *sqlite3SrcListEnlarge( - sqlite3 *db, /* Database connection to notify of OOM errors */ + Parse *pParse, /* Parsing context into which errors are reported */ SrcList *pSrc, /* The SrcList to be enlarged */ int nExtra, /* Number of new slots to add to pSrc->a[] */ int iStart /* Index in pSrc->a[] of first new slot */ @@ -3873,22 +3874,19 @@ SrcList *sqlite3SrcListEnlarge( SrcList *pNew; int nAlloc = pSrc->nSrc*2+nExtra; int nGot; + sqlite3 *db = pParse->db; if( pSrc->nSrc+nExtra>=SQLITE_MAX_SRCLIST ){ - /* FIXME: Return a better error than SQLITE_NOMEM when the size - ** of a SrcList object gets to be too big. To fix this will require - ** replumbing to pass Parse* instead of sqlite3* as the first parameter - ** to the SrcList allocators. As this never comes up in real-world - ** usage, the fix is a low priority. */ - sqlite3OomFault(db); - return pSrc; + sqlite3ErrorMsg(pParse, "too many FROM clause terms, max: %d", + SQLITE_MAX_SRCLIST); + return 0; } if( nAlloc>SQLITE_MAX_SRCLIST ) nAlloc = SQLITE_MAX_SRCLIST; pNew = sqlite3DbRealloc(db, pSrc, sizeof(*pSrc) + (nAlloc-1)*sizeof(pSrc->a[0]) ); if( pNew==0 ){ assert( db->mallocFailed ); - return pSrc; + return 0; } pSrc = pNew; nGot = (sqlite3DbMallocSize(db, pNew) - sizeof(*pSrc))/sizeof(pSrc->a[0])+1; @@ -3917,7 +3915,8 @@ SrcList *sqlite3SrcListEnlarge( ** Append a new table name to the given SrcList. Create a new SrcList if ** need be. A new entry is created in the SrcList even if pTable is NULL. ** -** A SrcList is returned, or NULL if there is an OOM error. The returned +** A SrcList is returned, or NULL if there is an OOM error or if the +** SrcList grows to large. The returned ** SrcList might be the same as the SrcList that was input or it might be ** a new one. If an OOM error does occurs, then the prior value of pList ** that is input to this routine is automatically freed. @@ -3948,27 +3947,32 @@ SrcList *sqlite3SrcListEnlarge( ** before being added to the SrcList. */ SrcList *sqlite3SrcListAppend( - sqlite3 *db, /* Connection to notify of malloc failures */ + Parse *pParse, /* Parsing context, in which errors are reported */ SrcList *pList, /* Append to this SrcList. NULL creates a new SrcList */ Token *pTable, /* Table to append */ Token *pDatabase /* Database of the table */ ){ struct SrcList_item *pItem; + sqlite3 *db; assert( pDatabase==0 || pTable!=0 ); /* Cannot have C without B */ - assert( db!=0 ); + assert( pParse!=0 ); + assert( pParse->db!=0 ); + db = pParse->db; if( pList==0 ){ - pList = sqlite3DbMallocRawNN(db, sizeof(SrcList) ); + pList = sqlite3DbMallocRawNN(pParse->db, sizeof(SrcList) ); if( pList==0 ) return 0; pList->nAlloc = 1; pList->nSrc = 1; memset(&pList->a[0], 0, sizeof(pList->a[0])); pList->a[0].iCursor = -1; }else{ - pList = sqlite3SrcListEnlarge(db, pList, 1, pList->nSrc); - } - if( db->mallocFailed ){ - sqlite3SrcListDelete(db, pList); - return 0; + SrcList *pNew = sqlite3SrcListEnlarge(pParse, pList, 1, pList->nSrc); + if( pNew==0 ){ + sqlite3SrcListDelete(db, pList); + return 0; + }else{ + pList = pNew; + } } pItem = &pList->a[pList->nSrc-1]; if( pDatabase && pDatabase->z==0 ){ @@ -4057,7 +4061,7 @@ SrcList *sqlite3SrcListAppendFromTerm( ); goto append_from_error; } - p = sqlite3SrcListAppend(db, p, pTable, pDatabase); + p = sqlite3SrcListAppend(pParse, p, pTable, pDatabase); if( p==0 ){ goto append_from_error; } diff --git a/src/delete.c b/src/delete.c index 0525dfd3f7..e3a0abc2c0 100644 --- a/src/delete.c +++ b/src/delete.c @@ -117,7 +117,7 @@ void sqlite3MaterializeView( sqlite3 *db = pParse->db; int iDb = sqlite3SchemaToIndex(db, pView->pSchema); pWhere = sqlite3ExprDup(db, pWhere, 0); - pFrom = sqlite3SrcListAppend(db, 0, 0, 0); + pFrom = sqlite3SrcListAppend(pParse, 0, 0, 0); if( pFrom ){ assert( pFrom->nSrc==1 ); pFrom->a[0].zName = sqlite3DbStrDup(db, pView->zName); diff --git a/src/fkey.c b/src/fkey.c index b7af4d4734..9633c41449 100644 --- a/src/fkey.c +++ b/src/fkey.c @@ -1014,7 +1014,7 @@ void sqlite3FkCheck( /* Create a SrcList structure containing the child table. We need the ** child table as a SrcList for sqlite3WhereBegin() */ - pSrc = sqlite3SrcListAppend(db, 0, 0, 0); + pSrc = sqlite3SrcListAppend(pParse, 0, 0, 0); if( pSrc ){ struct SrcList_item *pItem = pSrc->a; pItem->pTab = pFKey->pFrom; @@ -1291,7 +1291,7 @@ static Trigger *fkActionTrigger( } pSelect = sqlite3SelectNew(pParse, sqlite3ExprListAppend(pParse, 0, pRaise), - sqlite3SrcListAppend(db, 0, &tFrom, 0), + sqlite3SrcListAppend(pParse, 0, &tFrom, 0), pWhere, 0, 0, 0, 0, 0 ); diff --git a/src/parse.y b/src/parse.y index d75ba611dc..95dfc028fc 100644 --- a/src/parse.y +++ b/src/parse.y @@ -690,26 +690,26 @@ dbnm(A) ::= DOT nm(X). {A = X;} %type fullname {SrcList*} %destructor fullname {sqlite3SrcListDelete(pParse->db, $$);} fullname(A) ::= nm(X). { - A = sqlite3SrcListAppend(pParse->db,0,&X,0); + A = sqlite3SrcListAppend(pParse,0,&X,0); if( IN_RENAME_OBJECT && A ) sqlite3RenameTokenMap(pParse, A->a[0].zName, &X); } fullname(A) ::= nm(X) DOT nm(Y). { - A = sqlite3SrcListAppend(pParse->db,0,&X,&Y); + A = sqlite3SrcListAppend(pParse,0,&X,&Y); if( IN_RENAME_OBJECT && A ) sqlite3RenameTokenMap(pParse, A->a[0].zName, &Y); } %type xfullname {SrcList*} %destructor xfullname {sqlite3SrcListDelete(pParse->db, $$);} xfullname(A) ::= nm(X). - {A = sqlite3SrcListAppend(pParse->db,0,&X,0); /*A-overwrites-X*/} + {A = sqlite3SrcListAppend(pParse,0,&X,0); /*A-overwrites-X*/} xfullname(A) ::= nm(X) DOT nm(Y). - {A = sqlite3SrcListAppend(pParse->db,0,&X,&Y); /*A-overwrites-X*/} + {A = sqlite3SrcListAppend(pParse,0,&X,&Y); /*A-overwrites-X*/} xfullname(A) ::= nm(X) DOT nm(Y) AS nm(Z). { - A = sqlite3SrcListAppend(pParse->db,0,&X,&Y); /*A-overwrites-X*/ + A = sqlite3SrcListAppend(pParse,0,&X,&Y); /*A-overwrites-X*/ if( A ) A->a[0].zAlias = sqlite3NameFromToken(pParse->db, &Z); } xfullname(A) ::= nm(X) AS nm(Z). { - A = sqlite3SrcListAppend(pParse->db,0,&X,0); /*A-overwrites-X*/ + A = sqlite3SrcListAppend(pParse,0,&X,0); /*A-overwrites-X*/ if( A ) A->a[0].zAlias = sqlite3NameFromToken(pParse->db, &Z); } @@ -1216,7 +1216,7 @@ expr(A) ::= expr(A) between_op(N) expr(X) AND expr(Y). [BETWEEN] { if( N ) A = sqlite3PExpr(pParse, TK_NOT, A, 0); } expr(A) ::= expr(A) in_op(N) nm(Y) dbnm(Z) paren_exprlist(E). [IN] { - SrcList *pSrc = sqlite3SrcListAppend(pParse->db, 0,&Y,&Z); + SrcList *pSrc = sqlite3SrcListAppend(pParse, 0,&Y,&Z); Select *pSelect = sqlite3SelectNew(pParse, 0,pSrc,0,0,0,0,0,0); if( E ) sqlite3SrcListFuncArgs(pParse, pSelect ? pSrc : 0, E); A = sqlite3PExpr(pParse, TK_IN, A, 0); @@ -1287,7 +1287,7 @@ paren_exprlist(A) ::= LP exprlist(X) RP. {A = X;} cmd ::= createkw(S) uniqueflag(U) INDEX ifnotexists(NE) nm(X) dbnm(D) ON nm(Y) LP sortlist(Z) RP where_opt(W). { sqlite3CreateIndex(pParse, &X, &D, - sqlite3SrcListAppend(pParse->db,0,&Y,0), Z, U, + sqlite3SrcListAppend(pParse,0,&Y,0), Z, U, &S, W, SQLITE_SO_ASC, NE, SQLITE_IDXTYPE_APPDEF); if( IN_RENAME_OBJECT && pParse->pNewIndex ){ sqlite3RenameTokenMap(pParse, pParse->pNewIndex->zName, &Y); diff --git a/src/select.c b/src/select.c index 7d384398b3..3b9a0c3756 100644 --- a/src/select.c +++ b/src/select.c @@ -3960,11 +3960,9 @@ static int flattenSubquery( jointype = pSubitem->fg.jointype; }else{ assert( pParent!=p ); /* 2nd and subsequent times through the loop */ - pSrc = pParent->pSrc = sqlite3SrcListAppend(db, 0, 0, 0); - if( pSrc==0 ){ - assert( db->mallocFailed ); - break; - } + pSrc = sqlite3SrcListAppend(pParse, 0, 0, 0); + if( pSrc==0 ) break; + pParent->pSrc = pSrc; } /* The subquery uses a single slot of the FROM clause of the outer @@ -3983,10 +3981,9 @@ static int flattenSubquery( ** for the two elements in the FROM clause of the subquery. */ if( nSubSrc>1 ){ - pParent->pSrc = pSrc = sqlite3SrcListEnlarge(db, pSrc, nSubSrc-1,iFrom+1); - if( db->mallocFailed ){ - break; - } + pSrc = sqlite3SrcListEnlarge(pParse, pSrc, nSubSrc-1,iFrom+1); + if( pSrc==0 ) break; + pParent->pSrc = pSrc; } /* Transfer the FROM clause terms from the subquery into the diff --git a/src/sqliteInt.h b/src/sqliteInt.h index fe0bd62261..00991a969c 100644 --- a/src/sqliteInt.h +++ b/src/sqliteInt.h @@ -3929,8 +3929,8 @@ void sqlite3Insert(Parse*, SrcList*, Select*, IdList*, int, Upsert*); void *sqlite3ArrayAllocate(sqlite3*,void*,int,int*,int*); IdList *sqlite3IdListAppend(Parse*, IdList*, Token*); int sqlite3IdListIndex(IdList*,const char*); -SrcList *sqlite3SrcListEnlarge(sqlite3*, SrcList*, int, int); -SrcList *sqlite3SrcListAppend(sqlite3*, SrcList*, Token*, Token*); +SrcList *sqlite3SrcListEnlarge(Parse*, SrcList*, int, int); +SrcList *sqlite3SrcListAppend(Parse*, SrcList*, Token*, Token*); SrcList *sqlite3SrcListAppendFromTerm(Parse*, SrcList*, Token*, Token*, Token*, Select*, Expr*, IdList*); void sqlite3SrcListIndexedBy(Parse *, SrcList *, Token *); diff --git a/src/trigger.c b/src/trigger.c index 617afd9e72..c37f76da72 100644 --- a/src/trigger.c +++ b/src/trigger.c @@ -731,7 +731,7 @@ static SrcList *targetSrcList( int iDb; /* Index of the database to use */ SrcList *pSrc; /* SrcList to be returned */ - pSrc = sqlite3SrcListAppend(db, 0, 0, 0); + pSrc = sqlite3SrcListAppend(pParse, 0, 0, 0); if( pSrc ){ assert( pSrc->nSrc>0 ); pSrc->a[pSrc->nSrc-1].zName = sqlite3DbStrDup(db, pStep->zTarget); diff --git a/src/window.c b/src/window.c index 18a4f7054c..bb9bfa93e6 100644 --- a/src/window.c +++ b/src/window.c @@ -823,8 +823,7 @@ int sqlite3WindowRewrite(Parse *pParse, Select *p){ pSub = sqlite3SelectNew( pParse, pSublist, pSrc, pWhere, pGroupBy, pHaving, pSort, 0, 0 ); - p->pSrc = sqlite3SrcListAppend(db, 0, 0, 0); - assert( p->pSrc || db->mallocFailed ); + p->pSrc = sqlite3SrcListAppend(pParse, 0, 0, 0); if( p->pSrc ){ p->pSrc->a[0].pSelect = pSub; sqlite3SrcListAssignCursors(pParse, p->pSrc); diff --git a/test/with1.test b/test/with1.test index 83ea44b439..9566b67cd3 100644 --- a/test/with1.test +++ b/test/with1.test @@ -1089,6 +1089,6 @@ do_catchsql_test 22.1 { SELECT 3 FROM c,c,c,c,c,c,c,c,c ) SELECT 4 FROM c,c,c,c,c,c,c,c,c; -} {1 {out of memory}} +} {1 {at most 64 tables in a join}} finish_test