Fix a use-after-free error that could occur when processing "SELECT aggregate(DISTINCT <expr>)..." queries.

FossilOrigin-Name: 0e4789860b81c31d3a6d1f9f8340042ce1d08a82bf6119c783fcab85180b1b63
2025-11-11 01:42:22 +03:00 · 2021-04-08 20:29:12 +00:00
parent 55938b5fa0
commit bfd6f1bcd5
4 changed files with 19 additions and 11 deletions
--- a/src/select.c
+++ b/src/select.c
@@ -6912,8 +6912,10 @@ int sqlite3Select(
      pWInfo = sqlite3WhereBegin(pParse, pTabList, pWhere, pGroupBy, pDistinct,
          WHERE_GROUPBY | (orderByGrp ? WHERE_SORTBYGROUP : 0) | distFlag, 0
      );
-      sqlite3ExprListDelete(db, pDistinct);
-      if( pWInfo==0 ) goto select_end;
+      if( pWInfo==0 ){
+        sqlite3ExprListDelete(db, pDistinct);
+        goto select_end;
+      }
      eDist = sqlite3WhereIsDistinct(pWInfo);
      SELECTTRACE(1,pParse,p,("WhereBegin returns\n"));
      if( sqlite3WhereIsOrdered(pWInfo)==pGroupBy->nExpr ){
@@ -7046,6 +7048,7 @@ int sqlite3Select(
        sqlite3WhereEnd(pWInfo);
        sqlite3VdbeChangeToNoop(v, addrSortingIdx);
      }
+      sqlite3ExprListDelete(db, pDistinct);

      /* Output the final row of result
      */