From f8937f9034e4df499734ec7bb330616a49ad6d1f Mon Sep 17 00:00:00 2001 From: drh Date: Sun, 23 Sep 2018 02:01:42 +0000 Subject: [PATCH] Fix a faulty assert() in the validation logic for the LEFT JOIN strength reduction optimization. Problem found by OSSFuzz. FossilOrigin-Name: 2fd62fccd13e326dbd7dd730112542c6faa56e466bf4f7b8e22ced543031280c --- manifest | 14 +++++++------- manifest.uuid | 2 +- src/expr.c | 15 ++++++--------- test/fuzzdata5.db | Bin 7197696 -> 7197696 bytes 4 files changed, 14 insertions(+), 17 deletions(-) diff --git a/manifest b/manifest index 71ed8fba04..d693735ef8 100644 --- a/manifest +++ b/manifest @@ -1,5 +1,5 @@ -C Enhance\sWhereLoopBuilder.iPlanLimit\sto\shandle\sa\scase\sinvolving\sthe\sOR\noptimization\sdiscovered\sovernight\sby\sOSSFuzz. -D 2018-09-22T15:05:32.605 +C Fix\sa\sfaulty\sassert()\sin\sthe\svalidation\slogic\sfor\sthe\sLEFT\sJOIN\sstrength\nreduction\soptimization.\s\sProblem\sfound\sby\sOSSFuzz. +D 2018-09-23T02:01:42.716 F .fossil-settings/empty-dirs dbb81e8fc0401ac46a1491ab34a7f2c7c0452f2f06b54ebb845d024ca8283ef1 F .fossil-settings/ignore-glob 35175cdfcf539b2318cb04a9901442804be81cd677d8b889fcc9149c21f239ea F Makefile.in 01e95208a78b57d056131382c493c963518f36da4c42b12a97eb324401b3a334 @@ -454,7 +454,7 @@ F src/date.c ebe1dc7c8a347117bb02570f1a931c62dd78f4a2b1b516f4837d45b7d6426957 F src/dbpage.c 4aa7f26198934dbd002e69418220eae3dbc71b010bbac32bd78faf86b52ce6c3 F src/dbstat.c edabb82611143727511a45ca0859b8cd037851ebe756ae3db289859dd18b6f91 F src/delete.c 107e28d3ef8bd72fd11953374ca9107cd74e8b09c3ded076a6048742d26ce7d2 -F src/expr.c 610eea078f240e8d55e81666a65b05a42e52008d24059c59093dd18b3d15b565 +F src/expr.c cd7a294bff49641032e2a5511a8e77bfa7e71fd0a2f714de8f3c560d31d273d9 F src/fault.c 460f3e55994363812d9d60844b2a6de88826e007 F src/fkey.c 972a4ba14296bef2303a0abbad1e3d82bc3c61f9e6ce4e8e9528bdee68748812 F src/func.c 7c288b4ce309b5a8b8473514b88e1f8e69a80134509a8c0db8e39c858e367e7f @@ -967,7 +967,7 @@ F test/fuzzdata1.db 7ee3227bad0e7ccdeb08a9e6822916777073c664 F test/fuzzdata2.db 128b3feeb78918d075c9b14b48610145a0dd4c8d6f1ca7c2870c7e425f5bf31f F test/fuzzdata3.db c6586d3e3cef0fbc18108f9bb649aa77bfc38aba F test/fuzzdata4.db b502c7d5498261715812dd8b3c2005bad08b3a26e6489414bd13926cd3e42ed2 -F test/fuzzdata5.db 181aa05f8ca1e4f43a3618ddd4193dfca4499e81bbb9b3e03bce46961a670891 +F test/fuzzdata5.db e35f64af17ec48926481cfaf3b3855e436bd40d1cfe2d59a9474cb4b748a52a5 F test/fuzzdata6.db 92a80e4afc172c24f662a10a612d188fb272de4a9bd19e017927c95f737de6d7 F test/fuzzer1.test 3d4c4b7e547aba5e5511a2991e3e3d07166cfbb8 F test/fuzzer2.test a85ef814ce071293bce1ad8dffa217cbbaad4c14 @@ -1769,7 +1769,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0 -P 50f2fa19532e0f849d61d9e2a97427cfbf64cfb787ca481ef8c860d0f24f6cfe -R a522b9d1d3efe4bffcf66fba31076dce +P 7b59930a1d7b664b54d5a2bc9fa385925b5f4c8f34bf401c798307e3e2dae2c6 +R f03877dafbf8630475fd3e62d89e76e5 U drh -Z cead1160ed2d9cc4ef006a761294eca9 +Z b1773f19e1d7fe0cd47b4aa3fa8da701 diff --git a/manifest.uuid b/manifest.uuid index 490bf19931..f4bb602f2d 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -7b59930a1d7b664b54d5a2bc9fa385925b5f4c8f34bf401c798307e3e2dae2c6 \ No newline at end of file +2fd62fccd13e326dbd7dd730112542c6faa56e466bf4f7b8e22ced543031280c \ No newline at end of file diff --git a/src/expr.c b/src/expr.c index 1692822840..fa0bcd86af 100644 --- a/src/expr.c +++ b/src/expr.c @@ -4849,18 +4849,15 @@ int sqlite3ExprImpliesExpr(Parse *pParse, Expr *pE1, Expr *pE2, int iTab){ /* ** This is the Expr node callback for sqlite3ExprImpliesNotNullRow(). ** If the expression node requires that the table at pWalker->iCur -** have a non-NULL column, then set pWalker->eCode to 1 and abort. +** have one or more non-NULL column, then set pWalker->eCode to 1 and abort. +** +** This routine controls an optimization. False positives (setting +** pWalker->eCode to 1 when it should not be) are deadly, but false-negatives +** (never setting pWalker->eCode) is a harmless missed optimization. */ static int impliesNotNullRow(Walker *pWalker, Expr *pExpr){ - /* This routine is only called for WHERE clause expressions and so it - ** cannot have any TK_AGG_COLUMN entries because those are only found - ** in HAVING clauses. We can get a TK_AGG_FUNCTION in a WHERE clause, - ** but that is an illegal construct and the query will be rejected at - ** a later stage of processing, so the TK_AGG_FUNCTION case does not - ** need to be considered here. */ - assert( pExpr->op!=TK_AGG_COLUMN ); + testcase( pExpr->op==TK_AGG_COLUMN ); testcase( pExpr->op==TK_AGG_FUNCTION ); - if( ExprHasProperty(pExpr, EP_FromJoin) ) return WRC_Prune; switch( pExpr->op ){ case TK_ISNOT: diff --git a/test/fuzzdata5.db b/test/fuzzdata5.db index 2cf125414c6da8a566a947a6caa4a73b4fcd66fb..cfb0ebe7d8cf01899814f38e21c30b62acd9184c 100644 GIT binary patch delta 6146 zcmb_gd3Y4ZmG7GA)<{BV5IRN&LZiz%W+cr>fY1RtM@WE9gawGBge-(gT_BJIh(khx z0$(v;VxD7T4zn2SWR0;MdV^yurrTEx-{K>7Hea&AN!HmfaTYt9Wa9)|`&zOk$d~fHTpz8%~7xX?sI|SVzXy^CoMlrMPK8&qRUxOH+uR>Jx6^OEaFQQdnhG@|n5s6-p zDCu>Q6g#FbLj0>y2R}vQtcd}TL z3CHng%_@I}EDaYd^DXsNG&|cj_iyS;&*<8e-cr+C?QD0JEla<*Z0T~}vUE>I#)MK* zQdLuZEy|Yqs+ygP>uc)LD>7QDeNDckqzqG({*7J+ThUUpQOBTEO?!MlSj9DdWs?uXJ{EJ*uR9}6TTPy4i=ePU7O z$L;KTCwuGdWSf$jjd*Wg@C2|8T#*0K^{lKV&}a8D#Y& zU%NiY?kA)XvWHm|+&IW)!r)#ui!{KKd)XqT9%C8_C-<_Fz@*HirAg)fI#aU}vW8g_ ze0!KB!&cMq`Y_8OOW@04mZ~g9o1kMO$SxRRnR1O)T8?*-uy=%o$<*k4IAWE^CRm1P*SX=a>L;P^onuQcI(*yOzfzBtG}@NAlV zxXa}&cFnQ-`5lbQ<@(DLxqelaUhbN354?w%6X;u=;hN_GW+S8<=0C_v34?(L@%`z7 zD-W`@GdE5~HS^b(Kl*U4zZ0?_V)C!| z%Pc8#XtFa|=^ppRj0pdrRm%BB(Swtzz>Sl4jeie}US{jaZg9TB=Gt~yrFv9?vCC|B zY=nR3l#R1(eQ&zgobc8D0r>VSY;pLGsb@Hy-i}k&TQ}+YM}2d6&iG0fNor28QL#& zRxQ^=O+B*2?aeB&>ydXe^Xz)Wos1{TW7or{m^`$a*PzdYp0`*N37hEFx=~y*ZoS1K z!2cF5(4Mzh1hJa|kA-z_GnW!7OCz1oIEpjTIpXlb&9~WFGTrpCPzgaM9E#x9b^qFN<1TTRpcjc&Y3S>Xp~QuM&gr_-DkV@-}9Sp9&&2~M0ikah1@uJSGDaKovTZlSwlT3C&jyDH&V#k>r zbF%Xrkvg?cGnhlL>78U2XuJcrAAsBy7kl*8+ao-DXiLW$A%Mra}nOcKk-_LVQ}--?}N0>#WiMeBQOt8|W&+PM7Po@cixW%J8Mws|hEH zoV#~BebxFBP`>P5Ocq1Km)$;6qh0^1+eJeB&tCcAbI-kKjO6LnCMAfu?>~YmOsM*8 zIAK?9-~WT!Et5uVt)jLO(x8n7s8JTU7OMUjXq*}bJV0GyTi(>PZ>!#LAH1*^%>9e`KQ+0|E-6}ZMHn9tpA zTCRdnhpHc&sm@ngP!K*T*aWUHbtZ&{t2X$r5H(-h8m^us$|~G`mY7N{z$4Xnl$CcG ztxMM+6n&i&4 zK~I|+Ypc@NkMGVU!(EZbE;NS1-ZwI2D9%yC;pZy2#0HX{p> z8g9fjMkeBFBMq_DxCe2ik&4)2Bq82wBp@y~W+OHm@rX@E+z|dW8nK8CMhs$|5skRS za3EG2coK`NG9nQxjR?eYBOI~Vn2DHc*bzNOFk+4ogqURnBDxJ5qRR+COgCi2G{cH` zk6}SfHSlm3m!g}`P1XmcAt^3N--9=ax)}+lz7sJ)--~I-{o_*&o^3Ab=u_+kT|s=_zYXy@e=p**{w;{-{XK~1{F@Qa_%|Uw?Qcgs?Z?wp z>?uDET6E4K1Od*J58&|0 z%0=MWtTw|7-D>TzmnuuabE&dQyS-UGFUy!B4#2}lc?w+XQzM89ANQ$6m>2aIca3j3%ZpjRo@lr)7oO-;nTl?`g^#pNjoqBD`eT!=9 zs`V}SHblbd9cmUhcW{TbToe7!Xl@0{M8t?=mT(Nw<_S(-D(p&wnxpAx0`BV2h?Z?dL||sN)I_A z0}6Fa8h1gX;AznCk;4`;*+P-t4~>KB0@4SE2Gzx+SNrLpT4f=-w8UZcQ>fX8c@L-w+Ls4ZuZ0Z4=y`nSvIkX%M*E^4C0f}-s*`AKhgF+J+xUq37ZPA#()dUj zB!1|4NsBq6epgm3=3A^G5lGrb)oBOAqLjk$;xSCCfRm0}Ph*tW9 z8f#HxY^UBd%OP4%UvwYQEGN}hgGhj>^?^lEWa+fcd`>&u{;pbqNnh#r)O=YEL_0GS z3EJMi=v<3-?L~E7pb{iYM>m_=e}dbusJrCgJGIVPw6fRKCI$1dy>H+;SpbI(^^B5# zB*K_J&M0&7GQ_+*W2Rq6v&@!0&~Cq}o=qV$CyYwq#HZ?+palpw6?zJSxDHpO;I9b=}E2)&)|PV#?Jo`Kq9qUQGB1GM9I<#yD8aag~J~@ zg0p8}O=S^DQxQ>EFe-OlG;8;ODJ68=XeR+bKxn1YQ~I8?#k zSK`pkaiZL+J-dkSmr1-CKFs)?o1^Ptu#WFnX5A5*dcIScjW(Ew{80UZXnjrmvV|m= zHoqiVSPM@fN|G!caZCjMsTJr;;y2@)K;W&FJX~?&*}Yc72t7u${#M?qkW_e=azjZm zHBHOk!v6KVT1o!KayHR!wezF0a*r&1Ysl14;pXv}*?$#=XShr@)T(5S`~B`9j~Um9 z*P{0EXbZ^(j9wDFaLC~>U!57+XM+0)cs^ga171AH_h8w?b3b>;GNx)ZaN;rUfYSVC zn>@VG@B)9BUnQRZvxQV`-60H%cI_CCCh)UkYP?M`=3`jx;Qi2X6g-de9+D5IALWbT z)T2BZJlAl)#?`=Xtv2RD{!zXd^Tm;)ya+2VSB~=QL|KSSNef*4Y~d{U-eY`;jLF=d z$=e`s9^;W%M8Ourq2?IR$4biZF}?(o$?M1XDn%)grIV>pc815mbH{m#)^(h}V^wOf zONnsx6z_){r}zdFl3?^SpB^|IU{vFQCd?F$ShpC9;Kpg*t5jhxY$oS5)dFDXX&z{n zJ_gLDBjME3JegF&0`oCHf111G3aivLA=+0LF*6tslh^+I;rVi-+|;Rr;xpU@-#f!& zWz1>E+ep-YcZQ!OSYJ4DmbZ~*@ZV>7tG&r8#hV4OkQE^-W*LpJ<{3UawZSSmuu4*` z1Q_*JDZHgxnQmZ8nK)4|bKO58ujYjPdw+}-0Iup2AxVloDn8ZB^S zl-FSjd2o$P?)2G395Zk6H&Zx@kUpA`idxD$l$mZVUlA9MAA zvD&e(Kbb}!{LSF*lwRa_q}7$BWH_7Bvvvd+xQ&Hx8>S+cJzESn@h|kYc0w5`TEK#sC4ekiQ8cc0#(a|mK(L;sx zJ6oD>*o;nWz13Nm7-($3@maC$R6%f{(P3VuHCOv=1{P!@SETvU90nG<=B`M~$%H#U z&asSOV?D;ml;BN}fn~3l6=`X{)MT51r7kpfE}UmzX4*SG92Yy%fA8-3Jak1p4EjtLpyy3PgJsa?FzbLAKd zh7`RIe4Su-|NN7&pN!?bE?Fgh3pTySqhRKHJdO-O_IrFjZn>TB@x=jqFfe4iFQ65Jii{Xr7?? zf=(86il9>kEf92?poM}K30f@ZbU|kbI#W=epe2Hq3R))UEJ4c!^$S`d=xjkN1)U@4 zTtVjvI$zK#L8}F=5wup&Izj6NT_9+KpbG_EBxs|civ?XG=u$zO1YIWRazR%J+AJvg zr$x|}g02#DwV-PRZ54FwFX%ckzGW5q)}}8*4APe%DtaTLtS>~g>h*{gy%v$^)rgW_ zB}s9EdIjR&^;wAD>7|I@=p~4k^+LoK^#a5f^jyT}_2_*Sk?ZikO{<7xS8B%vk(VXw zCF>*B9&4fHTk^6N5k}6F;QstTwk+*whp#uYso-g4X-C`GVOZG8%HiWymJ{R6bm8ON zxOqd@nhbB|3~zzQJGm_2f=^InVwP1ZSm2-UpVi>(*wnVZt2HBYc)G*|GQqc&#lfYu z?2jZzJGG8okV&pq$C=$qyjn{KTVhc>vLx(g*Z&D;JJ}H>UzYYZ!#h1J68_M|_Cv{b z7NY&Wiv<&sr+u}VePL0i$kP5Xrbq&WY+>VIu#2T=>D}x(qD)3Z>dYdC_LpsJ9!Z~R zmC}Z_OLn#--{px2%&QJ>O%GJS3;isU_~GMzmM)j$FuxzTd;L$x?6$mO++4 zgJ6@%Vz@`JRMH5~2rOF!zZ1+&7DC8gBpV=SFZ(-L0Ga#PT%{hJHpcXEDjeI#5|ldp zju`oNz<2xD`yM{hxy$99?wV{5sJAgVxBvENUZ7o;UT7OO54;DM6X+XjBQ?)G%ti=< zY4@@c(gxl4;&`otEBCS$!INTJK|7WHlVRj}^+RtkOnE zx;r*n`~7{aGfY`8OFwIb<7e0^=y;NC(mao_R~2Og&fC}#_Aq!(u!y54+4rPF`{5*e zOeUM)(KBqlvQd`ybq>jCSo`_0F`GvX@wr?+=kDr27s@1=G9}vf7uW+t>AbDdCAPu> z_7|BK27k%M5i5*)k(DYISvt4?>fU6N;FXuNY_R=BG?Typ{wNZ9G{G#3gOtlGH$2db zgfi@?>utodkC6*+U zVDSAK7uQ#Bu}~-(U}3~&nidD29N}TmIl$sckal2zowg{7EbUIb&DaY%v%xDUfwr?W zsMT@ndHV{>)IQN!r93Bkv`e4co9(mfQFk&^?Rw zzR9xT<{K=E*oPHt9zZRpy@?u!n+}hI<~Ny387oWuYoTrc=b^LT;e{J-vK1uEw6O@1 z-eT!+^4F|S2}P-@VX2C@SU-#(U^(#Dw^);sD@)J_u20d7-fQeN(wj4)knaJvuW-Lz z&%T3kqhan*X7>D=GGtt%OhtW7Rfb*1?f%CN)n_tJyPi49lvbA)J#5!A?qIT!N$Y_?{u$SPq>Z29k;=*PaI_?yHmX=6F&k+BMCcZQIri z6@}<{z{U<2h3j~IW>;kaG3{o>DRyG&}e6^hzINR2iSq)xDqdbl30z7I5BjQ}2` z&a*A7uiw2%uhYUq)iev9Ybd@QE`+IHz_oDoJRG#E(Xb#~?IsH}tobNW8gU0tG`qRm z6k7`64pl!oUY({a!h*<=g7x5vP{%`fq-ulz3R4TTO_AyeqAbC~Wu7V22s~PSOIdtJ zrKK9SmSZ8yU`DLUqnbutQJkEd?c7tQFV(KZs?UX!Rocc36}`C-Y?0PLzhUvL#Bz*MT^kC@7Qd6NeOHC%tX8k015Z~i5 zQgHp~`C@ZOaL%E7mk-6G7t>-VXn)93uOOhQ~}Bp@~z6A|l;xL*9JGhz{IjTppg z!+|)@n1EPmL?c!hczud5HzEOF`l`cA1=ici*e;75{fdcvu9BPQw_5hv*?;zYd_F;-uL7^Sa9 z9Haj~-a&f*`6UFeA{TYEDei(UBR&(r>tx(hflY|#109Ix0viy|2G%2<4sgUL0xJr$ggJAB%u7GtQF zuvx8!XE&=Jcx`;7VBGVw!r|n@9 zGT8y)dvTB0K6H`t?o|`D@As-+3)u++=WyBO^r#MvcEubfTIqeNlPEp71C~P42ae~p z*ay_vR*l}T23z3Z$BqcC`>;CCst|KAYbX&+;O5zeVCX%}6NCF@10%~lW6xp%x%9A_ zLx@GgE+U9l@~9eTQLNZ-jae<1XdPWKT|~2-P+txqiYfKJMUiFcl+EmT72Nu{It#?RZT+txQ2?jLDofW3D6FW=rpDw_aDzq>_l?N57?%gpJ!2B~q3i<67T1{w*?g{^uYPrQMvscPmP? zEFHI-CEKlV@B>Gvb}Nye4OS+|(!Zpcbc0p9>!b|`Uw<_)- ztKaG2u|pCG+JxOa#zL|IeU}W+9&k9!1vF0kTJQh?&o?u-!gKrhPE3w?_H&0UV~jQj zjz7d5P*Tufllx{G9^m)$t0edTY#~i+K7dZa*zNjJ?jZ2HqiTXpF$&PFcJO}SI0Bx- zyn{@IQ-}Fnn0kaqf)8~E&ow;4aci(!D~-ueaD>mrc(MNoFUB;>l_UH*QD)%2(g;_- zo;eYoeu&SLF__yq@)-ioqdXcjCfIBw%sI*nFm2Lzl+V*z4)PeHeGYtUa)Vc--W8{8LU%*HECgjv{c-Dp(6+oyP^ z;zvzvCg(N9f}r;a9&9E&y3MAe;p7uMh0KB(W;Y)_!Ci8hRcae9+Fczr-iCL`Yk&RV z9Q2;%*|7FBk0T|fa27m`?=r@=L+vDKU!LY?2qqQ|o#8D*iG>2#Xy&gjoZ<1{ev&8K z>#R~jb4>P@ zS)Y-;HORo@E^^CYRglqPzEo|=G&aDzSGfxhx4U2Er7JMylCs+0RXVFOJJ}zWY&Xn| z%P0|+Y%|)eQuMOWrqHnlLvJk$Ev+t{zhtRDG|Fhh96-}gI?SnF(BLmE&+H2}*5TZU zZmRcVdh0b#q2p5080dSAJAyD3Q`J;_WaFxs-lCdqjSX+xj8<&D$yt;XY^=fYS-jFNHo z6r0gJRM|Oms)6xq=g@FmT$Ax9cgLS#%IiFnEQjXT`BDt2FTalAMalq=&~CoYK@Qr6 zQ@<_%SFiC>s67*fcbaQF*Mv-PUFU*yYZtHcJUN!2SJ45%uS%%#UwM^>0mi?}<4F(XyvwKI!MyfeJ~wCw`i2a(oCT}i