Make sure the WhereInfo.pExprMods list is properly cleared when existing

sqlite3WhereBegin() early due to an OOM fault.
dbsqlfuzz 1247a51318047aba42e7f6991dfa62577cb7a151.

FossilOrigin-Name: 0e19af72d84f96245cb4a5cfc37232579b6f5fdebd525f8b6515a4f2cc84e273

src/where.c

@@ -1983,6 +1983,17 @@ static void whereInfoFree(sqlite3 *db, WhereInfo *pWInfo){
   sqlite3DbFreeNN(db, pWInfo);
 }
 
+/* Undo all Expr node modifications
+*/
+static void whereUndoExprMods(WhereInfo *pWInfo){
+  while( pWInfo->pExprMods ){
+    WhereExprMod *p = pWInfo->pExprMods;
+    pWInfo->pExprMods = p->pNext;
+    memcpy(p->pExpr, &p->orig, sizeof(p->orig));
+    sqlite3DbFree(pWInfo->pParse->db, p);
+  }
+}
+
 /*
 ** Return TRUE if all of the following are true:
 **
@@ -5314,6 +5325,8 @@ WhereInfo *sqlite3WhereBegin(
   /* Jump here if malloc fails */
 whereBeginError:
   if( pWInfo ){
+    testcase( pWInfo->pExprMods!=0 );
+    whereUndoExprMods(pWInfo);
     pParse->nQueryLoop = pWInfo->savedNQueryLoop;
     whereInfoFree(db, pWInfo);
   }
@@ -5613,16 +5626,9 @@ void sqlite3WhereEnd(WhereInfo *pWInfo){
     }
   }
 
-  /* Undo all Expr node modifications */
-  while( pWInfo->pExprMods ){
-    WhereExprMod *p = pWInfo->pExprMods;
-    pWInfo->pExprMods = p->pNext;
-    memcpy(p->pExpr, &p->orig, sizeof(p->orig));
-    sqlite3DbFree(db, p);
-  }
-
   /* Final cleanup
   */
+  if( pWInfo->pExprMods ) whereUndoExprMods(pWInfo);
   pParse->nQueryLoop = pWInfo->savedNQueryLoop;
   whereInfoFree(db, pWInfo);
   return;