Do not make SQLITE_READ authorizer calls for tables without names, as all

such tables will be internal-use-only tables for subqueries and whatnot. FossilOrigin-Name: 193c87fc96f964984a144c1a4506ef9db033ab2b80e64dd4d09d820fef466407
2025-11-11 01:42:22 +03:00 · 2019-08-07 13:25:21 +00:00
parent 2712b022ab
commit 74c490e045
3 changed files with 9 additions and 9 deletions
--- a/src/select.c
+++ b/src/select.c
@@ -5860,7 +5860,7 @@ int sqlite3Select(
    ** assume the column name is non-NULL and segfault.  The use of an empty
    ** string for the fake column name seems safer.
    */
-    if( pItem->colUsed==0 ){
+    if( pItem->colUsed==0 && pItem->zName!=0 ){
      sqlite3AuthCheck(pParse, SQLITE_READ, pItem->zName, "", pItem->zDatabase);
    }