database/sqlite
1
0
Fork 0
mirror of https://github.com/sqlite/sqlite.git synced 2025-07-27 20:41:58 +03:00
Code Activity

Fix a buffer overrun in the code for handling IN(...) operators when the LHS of the operator contains indexed columns or expressions.

Browse Source 
FossilOrigin-Name: f41a0391b732a8c4ad188163f34a0f4a22237bb5
This commit is contained in:
dan
2016-08-24 12:22:17 +00:00
parent ac6b47d164
commit 7887d7f24d
4 changed files with 20 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/wherecode.c
View File

@ -471,7 +471,7 @@ static int codeEqualityTerm(
if( pIn ){
int iMap = 0; /* Index in aiMap[] */
pIn += i;
for(i=iEq;i<pLoop->nLTerm; i++, pIn++){
for(i=iEq;i<pLoop->nLTerm; i++){
int iOut = iReg;
if( pLoop->aLTerm[i]->pExpr==pX ){
if( eType==IN_INDEX_ROWID ){
@ -489,6 +489,7 @@ static int codeEqualityTerm(
}else{
pIn->eEndLoopOp = OP_Noop;
}
pIn++;
}
}
}else{