Avoid a double-free in an out-of-memory situation with a USING

clause or NATURAL JOIN.  Ticket #2789. (CVS 4551)

FossilOrigin-Name: 596694752c5935ae50ad38d3b41bbda39ca999d8

manifest

@@ -1,5 +1,5 @@
-C Change\sto\ssqlite3.pc.in\srecommended\sby\sticket\s#2786.\s(CVS\s4550)
-D 2007-11-22T00:47:41
+C Avoid\sa\sdouble-free\sin\san\sout-of-memory\ssituation\swith\sa\sUSING\nclause\sor\sNATURAL\sJOIN.\s\sTicket\s#2789.\s(CVS\s4551)
+D 2007-11-23T13:42:52
 F Makefile.arm-wince-mingw32ce-gcc ac5f7b2cef0cd850d6f755ba6ee4ab961b1fadf7
 F Makefile.in 30c7e3ba426ddb253b8ef037d1873425da6009a8
 F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654
@@ -129,7 +129,7 @@ F src/pragma.c cb1486e76dbcad757968afc4083d3472032e62b5
 F src/prepare.c 5dd06102c4c538fcbb9c71d35e505abb9fcbd269
 F src/printf.c 96c8d55315a13fc53cb3754cb15046f3ff891ea2
 F src/random.c 4a22746501bf36b0a088c66e38dde5daba6a35da
-F src/select.c 963e2b68f7ca357cdd1a975db90c76153efca646
+F src/select.c 7c0ab94b8f287eb94fdb1eb101be603832ecfc34
 F src/server.c 087b92a39d883e3fa113cae259d64e4c7438bc96
 F src/shell.c 5b950381f6fb030f123fcd41ae3fdf431c9b0689
 F src/sqlite.h.in 75ae0863db3a0b074868a6157e34b646dbe143dd
@@ -366,7 +366,7 @@ F test/mallocA.test 5ee8d42ff90e5b1aeee6fb645e73ffcb35bffd21
 F test/mallocB.test 83bdbea443cc81758a57b0287807b0941218819a
 F test/mallocC.test 6f02fa2b4baa943bc6d6db323d5d07067967e728
 F test/mallocD.test d638fb8f214b47fd31edfae8af738b92bd943dc0
-F test/mallocE.test 810c0fe01c1548cfdd24767dc72c31f77b55ccfe
+F test/mallocE.test e15333c394d7c330c8372a7cdf7b0f7c16573082
 F test/malloc_common.tcl b47137fb36e95fdafb0267745afefcd6b0a5b9dc
 F test/manydb.test 8de36b8d33aab5ef295b11d9e95310aeded31af8
 F test/memdb.test a67bda4ff90a38f2b19f6c7f95aa7289e051d893
@@ -588,7 +588,7 @@ F www/tclsqlite.tcl 8be95ee6dba05eabcd27a9d91331c803f2ce2130
 F www/vdbe.tcl 87a31ace769f20d3627a64fa1fade7fed47b90d0
 F www/version3.tcl 890248cf7b70e60c383b0e84d77d5132b3ead42b
 F www/whentouse.tcl fc46eae081251c3c181bd79c5faef8195d7991a5
-P 2655a3f2d18fe16a36a6cf3776261ee0507e6912
-R 57613eb980e0d66d4315373d250fab0a
+P 247fa2eac0789be48cae3587643ab07576ae7b76
+R fadab18fb0a0bf50417bc8c670c993f9
 U drh
-Z 099ffa84cb86898af38ee472e1aed808
+Z 099e4af1d341dbdcd9f41e78699e9abe

manifest.uuid

@@ -1 +1 @@
-247fa2eac0789be48cae3587643ab07576ae7b76
+596694752c5935ae50ad38d3b41bbda39ca999d8

src/select.c

@@ -12,7 +12,7 @@
 ** This file contains C code routines that are called by the parser
 ** to handle SELECT statements in SQLite.
 **
-** $Id: select.c,v 1.362 2007/11/21 15:24:01 drh Exp $
+** $Id: select.c,v 1.363 2007/11/23 13:42:52 drh Exp $
 */
 #include "sqliteInt.h"
 
@@ -248,10 +248,7 @@ static void addWhereTerm(
     ExprSetProperty(pE, EP_FromJoin);
     pE->iRightJoinTable = iRightJoinTable;
   }
-  pE = sqlite3ExprAnd(pParse->db,*ppExpr, pE);
-  if( pE ){
-    *ppExpr = pE;
-  }
+  *ppExpr = sqlite3ExprAnd(pParse->db,*ppExpr, pE);
 }
 
 /*

test/mallocE.test

@@ -9,9 +9,9 @@
 #
 #***********************************************************************
 #
-# This test script checks that ticket #2784 has been fixed.
+# This test script checks that tickets #2784 and #2789 have been fixed.
 # 
-# $Id: mallocE.test,v 1.1 2007/11/21 15:24:01 drh Exp $
+# $Id: mallocE.test,v 1.2 2007/11/23 13:42:53 drh Exp $
 
 set testdir [file dirname $argv0]
 source $testdir/tester.tcl
@@ -25,15 +25,24 @@ ifcapable !memdebug {
 }
 source $testdir/malloc_common.tcl
 
+# ticket #2784
+#
 set PREP { 
   PRAGMA page_size = 1024;
   CREATE TABLE t1(a, b, c);
   CREATE TABLE t2(x, y, z);
 }
-
 do_malloc_test mallocE-1 -sqlprep $PREP -sqlbody { 
   SELECT p, q FROM (SELECT a+b AS p, b+c AS q FROM t1, t2 WHERE c>5)
               LEFT JOIN t2 ON p=x;
 }
 
+# Ticket #2789
+#
+do_malloc_test mallocE-2 -sqlprep $PREP -sqlbody { 
+  SELECT x, y2 FROM (SELECT a+b AS x, b+c AS y2 FROM t1, t2 WHERE c>5)
+              LEFT JOIN t2 USING(x) WHERE y2>11;
+}
+
+
 finish_test