From f4ce8ed04889329a74f9114bea50bd91afd6e03c Mon Sep 17 00:00:00 2001
From: drh <drh@noemail.net>
Date: Fri, 23 Nov 2007 13:42:51 +0000
Subject: [PATCH] Avoid a double-free in an out-of-memory situation with a
 USING clause or NATURAL JOIN.  Ticket #2789. (CVS 4551)

FossilOrigin-Name: 596694752c5935ae50ad38d3b41bbda39ca999d8
---
 manifest          | 14 +++++++-------
 manifest.uuid     |  2 +-
 src/select.c      |  7 ++-----
 test/mallocE.test | 15 ++++++++++++---
 4 files changed, 22 insertions(+), 16 deletions(-)

diff --git a/manifest b/manifest
index 9e9dd663df..a43fd1a593 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Change\sto\ssqlite3.pc.in\srecommended\sby\sticket\s#2786.\s(CVS\s4550)
-D 2007-11-22T00:47:41
+C Avoid\sa\sdouble-free\sin\san\sout-of-memory\ssituation\swith\sa\sUSING\nclause\sor\sNATURAL\sJOIN.\s\sTicket\s#2789.\s(CVS\s4551)
+D 2007-11-23T13:42:52
 F Makefile.arm-wince-mingw32ce-gcc ac5f7b2cef0cd850d6f755ba6ee4ab961b1fadf7
 F Makefile.in 30c7e3ba426ddb253b8ef037d1873425da6009a8
 F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654
@@ -129,7 +129,7 @@ F src/pragma.c cb1486e76dbcad757968afc4083d3472032e62b5
 F src/prepare.c 5dd06102c4c538fcbb9c71d35e505abb9fcbd269
 F src/printf.c 96c8d55315a13fc53cb3754cb15046f3ff891ea2
 F src/random.c 4a22746501bf36b0a088c66e38dde5daba6a35da
-F src/select.c 963e2b68f7ca357cdd1a975db90c76153efca646
+F src/select.c 7c0ab94b8f287eb94fdb1eb101be603832ecfc34
 F src/server.c 087b92a39d883e3fa113cae259d64e4c7438bc96
 F src/shell.c 5b950381f6fb030f123fcd41ae3fdf431c9b0689
 F src/sqlite.h.in 75ae0863db3a0b074868a6157e34b646dbe143dd
@@ -366,7 +366,7 @@ F test/mallocA.test 5ee8d42ff90e5b1aeee6fb645e73ffcb35bffd21
 F test/mallocB.test 83bdbea443cc81758a57b0287807b0941218819a
 F test/mallocC.test 6f02fa2b4baa943bc6d6db323d5d07067967e728
 F test/mallocD.test d638fb8f214b47fd31edfae8af738b92bd943dc0
-F test/mallocE.test 810c0fe01c1548cfdd24767dc72c31f77b55ccfe
+F test/mallocE.test e15333c394d7c330c8372a7cdf7b0f7c16573082
 F test/malloc_common.tcl b47137fb36e95fdafb0267745afefcd6b0a5b9dc
 F test/manydb.test 8de36b8d33aab5ef295b11d9e95310aeded31af8
 F test/memdb.test a67bda4ff90a38f2b19f6c7f95aa7289e051d893
@@ -588,7 +588,7 @@ F www/tclsqlite.tcl 8be95ee6dba05eabcd27a9d91331c803f2ce2130
 F www/vdbe.tcl 87a31ace769f20d3627a64fa1fade7fed47b90d0
 F www/version3.tcl 890248cf7b70e60c383b0e84d77d5132b3ead42b
 F www/whentouse.tcl fc46eae081251c3c181bd79c5faef8195d7991a5
-P 2655a3f2d18fe16a36a6cf3776261ee0507e6912
-R 57613eb980e0d66d4315373d250fab0a
+P 247fa2eac0789be48cae3587643ab07576ae7b76
+R fadab18fb0a0bf50417bc8c670c993f9
 U drh
-Z 099ffa84cb86898af38ee472e1aed808
+Z 099e4af1d341dbdcd9f41e78699e9abe
diff --git a/manifest.uuid b/manifest.uuid
index 20a89e556a..3dfeced06d 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-247fa2eac0789be48cae3587643ab07576ae7b76
\ No newline at end of file
+596694752c5935ae50ad38d3b41bbda39ca999d8
\ No newline at end of file
diff --git a/src/select.c b/src/select.c
index 556a9019f3..f16bb636bf 100644
--- a/src/select.c
+++ b/src/select.c
@@ -12,7 +12,7 @@
 ** This file contains C code routines that are called by the parser
 ** to handle SELECT statements in SQLite.
 **
-** $Id: select.c,v 1.362 2007/11/21 15:24:01 drh Exp $
+** $Id: select.c,v 1.363 2007/11/23 13:42:52 drh Exp $
 */
 #include "sqliteInt.h"
 
@@ -248,10 +248,7 @@ static void addWhereTerm(
     ExprSetProperty(pE, EP_FromJoin);
     pE->iRightJoinTable = iRightJoinTable;
   }
-  pE = sqlite3ExprAnd(pParse->db,*ppExpr, pE);
-  if( pE ){
-    *ppExpr = pE;
-  }
+  *ppExpr = sqlite3ExprAnd(pParse->db,*ppExpr, pE);
 }
 
 /*
diff --git a/test/mallocE.test b/test/mallocE.test
index e95f9e4b5c..0ab37697d7 100644
--- a/test/mallocE.test
+++ b/test/mallocE.test
@@ -9,9 +9,9 @@
 #
 #***********************************************************************
 #
-# This test script checks that ticket #2784 has been fixed.
+# This test script checks that tickets #2784 and #2789 have been fixed.
 # 
-# $Id: mallocE.test,v 1.1 2007/11/21 15:24:01 drh Exp $
+# $Id: mallocE.test,v 1.2 2007/11/23 13:42:53 drh Exp $
 
 set testdir [file dirname $argv0]
 source $testdir/tester.tcl
@@ -25,15 +25,24 @@ ifcapable !memdebug {
 }
 source $testdir/malloc_common.tcl
 
+# ticket #2784
+#
 set PREP { 
   PRAGMA page_size = 1024;
   CREATE TABLE t1(a, b, c);
   CREATE TABLE t2(x, y, z);
 }
-
 do_malloc_test mallocE-1 -sqlprep $PREP -sqlbody { 
   SELECT p, q FROM (SELECT a+b AS p, b+c AS q FROM t1, t2 WHERE c>5)
               LEFT JOIN t2 ON p=x;
 }
 
+# Ticket #2789
+#
+do_malloc_test mallocE-2 -sqlprep $PREP -sqlbody { 
+  SELECT x, y2 FROM (SELECT a+b AS x, b+c AS y2 FROM t1, t2 WHERE c>5)
+              LEFT JOIN t2 USING(x) WHERE y2>11;
+}
+
+
 finish_test