Fix a possible NULL pointer dereference caused by using a "VALUES(...)" as a component of a compound SELECT with non-integer ORDER BY clause terms.

FossilOrigin-Name: 9d791116420f4e3f613775569e0a0cba2fc22da568b2fb2df920bcf9c9002938
2025-08-10 01:02:56 +03:00 · 2020-01-03 14:27:08 +00:00
parent 90996885fc
commit 607dd6e608
4 changed files with 15 additions and 14 deletions
--- a/src/resolve.c
+++ b/src/resolve.c
@@ -453,8 +453,7 @@ static int lookupName(
      for(j=0; j<pEList->nExpr; j++){
        char *zAs = pEList->a[j].zEName;
        if( pEList->a[j].eEName==ENAME_NAME
-         && ALWAYS(zAs!=0)
-         && sqlite3StrICmp(zAs, zCol)==0
+         && sqlite3_stricmp(zAs, zCol)==0
        ){
          Expr *pOrig;
          assert( pExpr->pLeft==0 && pExpr->pRight==0 );
@@ -1123,10 +1122,8 @@ static int resolveAsName(
  if( pE->op==TK_ID ){
    char *zCol = pE->u.zToken;
    for(i=0; i<pEList->nExpr; i++){
-      char *zAs = pEList->a[i].zEName;
      if( pEList->a[i].eEName==ENAME_NAME
-       && ALWAYS(zAs!=0)
-       && sqlite3StrICmp(zAs, zCol)==0
+       && sqlite3_stricmp(pEList->a[i].zEName, zCol)==0
      ){
        return i+1;
      }