Fix a (almost always harmless) read past the end of a memory allocation

that comes about because the Expr.pTab field is checked on an EXPR_REDUCEDSIZE Expr object before checking the Expr.op field to know that the Expr.pTab field is meaningless. FossilOrigin-Name: e098de691002a78270540430b0df1e120582b53f
2025-07-30 19:03:16 +03:00 · 2015-01-27 13:17:05 +00:00
parent 1466e84187
commit a58d4a9612
4 changed files with 20 additions and 10 deletions
--- a/test/misc1.test
+++ b/test/misc1.test
@ -621,4 +621,14 @@ do_test misc1-19.2 {
  set fault_callbacks
 } {0}

+# 2015-01-26:  Valgrind-detected over-read.
+# Reported on sqlite-users@sqlite.org by Michal Zalewski.  Found by afl-fuzz
+# presumably.
+#
+do_execsql_test misc1-20.1 {
+  CREATE TABLE t0(x INTEGER DEFAULT(0==0) NOT NULL);
+  REPLACE INTO t0(x) VALUES('');
+  SELECT rowid, quote(x) FROM t0;
+} {1 ''}
+
 finish_test