Fix three crash problems discovered by afl-fuzz.

Ticket [a59ae93ee990a55].

FossilOrigin-Name: fe5788633131281a0f27c5b75993ce2ff958bfeb

test/fuzz2.test

@@ -12,7 +12,6 @@
 #
 # This file checks error recovery from malformed SQL strings.
 #
-# $Id: fuzz2.test,v 1.3 2007/05/15 16:51:37 drh Exp $
 
 set testdir [file dirname $argv0]
 source $testdir/tester.tcl
@@ -105,4 +104,26 @@ do_test fuzz2-5.5 {
   fuzzcatch {SELECT ALL * GROUP BY EXISTS ( SELECT "AAAAAA" . * , AAAAAA ( * ) AS AAAAAA FROM "AAAAAA" . "AAAAAA" AS "AAAAAA" USING ( AAAAAA , "AAAAAA" , "AAAAAA" ) WHERE AAAAAA ( DISTINCT ) - RAISE ( FAIL , "AAAAAA" ) HAVING "AAAAAA" . "AAAAAA" . AAAAAA ORDER BY #182 , #55 ) BETWEEN EXISTS ( SELECT ALL * FROM ( ( }
 } {1}
 
+# Test cases discovered by Michal Zalewski on 2015-01-03 and reported on the
+# sqlite-users mailing list.  All of these cases cause segfaults in 
+# SQLite 3.8.7.4 and earlier.
+#
+do_test fuzz2-6.1 {
+  catchsql {SELECT n()AND+#0;}
+} {1 {near "#0": syntax error}}
+do_test fuzz2-6.2 {
+  catchsql {SELECT strftime()}
+} {0 {{}}}
+do_test fuzz2-6.3 {
+  catchsql {DETACH(SELECT group_concat(q));}
+} {1 {no such column: q}}
+do_test fuzz2-6.4a {
+  db eval {DROP TABLE IF EXISTS t0; CREATE TABLE t0(t);}
+  catchsql {INSERT INTO t0 SELECT strftime();}
+} {0 {}}
+do_test fuzz2-6.4b {
+  db eval {SELECT quote(t) FROM t0} 
+} {NULL}
+
+
 finish_test