From fa2bb6da24afe5c8562fd7486dd7e6fb1a42b8d7 Mon Sep 17 00:00:00 2001
From: danielk1977 <danielk1977@noemail.net>
Date: Mon, 14 May 2007 15:49:43 +0000
Subject: [PATCH] Fix a bug in "flattening" optimization. Occured if the parent
 of the flattened sub-query is also the parent of a sub-query that uses a
 compound op (i.e. UNION, INTERSECT etc.). (CVS 3994)

FossilOrigin-Name: 1c33829c9ebcf1ff1bd21b161c73a642471b613a
---
 manifest       | 14 +++++++-------
 manifest.uuid  |  2 +-
 src/select.c   |  3 ++-
 test/fuzz.test | 49 +++++++++++++++++++++++++++++++++++++++++--------
 4 files changed, 51 insertions(+), 17 deletions(-)

diff --git a/manifest b/manifest
index 6c37d32215..c3e4951f17 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Prevent\ssub-queries\swith\s"LIMIT\s0"\sfrom\sleaving\san\sextra\svalue\son\sthe\svdbe\sstack.\sAlso\supdates\sto\sfuzz.test.\s(CVS\s3993)
-D 2007-05-14T14:05:00
+C Fix\sa\sbug\sin\s"flattening"\soptimization.\sOccured\sif\sthe\sparent\sof\sthe\sflattened\ssub-query\sis\salso\sthe\sparent\sof\sa\ssub-query\sthat\suses\sa\scompound\sop\s(i.e.\sUNION,\sINTERSECT\setc.).\s(CVS\s3994)
+D 2007-05-14T15:49:44
 F Makefile.in 87b200ad9970907f76df734d29dff3d294c10935
 F Makefile.linux-gcc 2d8574d1ba75f129aba2019f0b959db380a90935
 F README 9c4e2d6706bdcc3efdd773ce752a8cdab4f90028
@@ -99,7 +99,7 @@ F src/pragma.c 6d5eb19feef9e84117b9b17a4c38b12b8c1c6897
 F src/prepare.c 87c23644986b5e41a58bc76f05abebd899e00089
 F src/printf.c 05b233c7a39aec4c54c79ef87af24f0a6591175d
 F src/random.c 6119474a6f6917f708c1dee25b9a8e519a620e88
-F src/select.c f3e6058cef3aac0fb0a96dfd62fb37b72b8c85ee
+F src/select.c 0075d98428a570b88be68555681dc6d97ada7e2e
 F src/server.c 087b92a39d883e3fa113cae259d64e4c7438bc96
 F src/shell.c d07ae326b3815d80f71c69b3c7584382e47f6447
 F src/sqlite.h.in 664b8702c27dc742584788823c548491ac8935d6
@@ -248,7 +248,7 @@ F test/fts2l.test 4c53c89ce3919003765ff4fd8d98ecf724d97dd3
 F test/fts2m.test 4b30142ead6f3ed076e880a2a464064c5ad58c51
 F test/fts2n.test a70357e72742681eaebfdbe9007b87ff3b771638
 F test/func.test bf30bac1c5ce10448ab739994268cf18f8b3fa30
-F test/fuzz.test e61fbb7097978520c6ae03612c840b57b48ad040
+F test/fuzz.test 0669d41a446b1e4ccc80e868e7a56fbb0f625c34
 F test/fuzz2.test fdbea571808441c12c91e9cd038eb77b4692d42b
 F test/hook.test 7e7645fd9a033f79cce8fdff151e32715e7ec50a
 F test/icu.test e6bfae7f625c88fd14df6f540fe835bdfc1e4329
@@ -490,7 +490,7 @@ F www/tclsqlite.tcl bb0d1357328a42b1993d78573e587c6dcbc964b9
 F www/vdbe.tcl 87a31ace769f20d3627a64fa1fade7fed47b90d0
 F www/version3.tcl 890248cf7b70e60c383b0e84d77d5132b3ead42b
 F www/whentouse.tcl fc46eae081251c3c181bd79c5faef8195d7991a5
-P fc489b53829aa25bc10cc47d679c81d95c746abf
-R fa35ecf9a7f31652dcfcf4751b869430
+P b1d1b16e9857a1c05f60cf2ae15f5a534b0dd0ac
+R b9512c73a0efc847c1f6f52b98d9ff58
 U danielk1977
-Z 0ce8d812cf9df96379b1ebf7ced3b3f4
+Z d0d6b5393092c51da922cfae2e5f56ea
diff --git a/manifest.uuid b/manifest.uuid
index f22be24598..604b4151c3 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-b1d1b16e9857a1c05f60cf2ae15f5a534b0dd0ac
\ No newline at end of file
+1c33829c9ebcf1ff1bd21b161c73a642471b613a
\ No newline at end of file
diff --git a/src/select.c b/src/select.c
index 99d9d7e996..457504f870 100644
--- a/src/select.c
+++ b/src/select.c
@@ -12,7 +12,7 @@
 ** This file contains C code routines that are called by the parser
 ** to handle SELECT statements in SQLite.
 **
-** $Id: select.c,v 1.346 2007/05/14 14:05:00 danielk1977 Exp $
+** $Id: select.c,v 1.347 2007/05/14 15:49:44 danielk1977 Exp $
 */
 #include "sqliteInt.h"
 
@@ -2079,6 +2079,7 @@ static void substSelect(Select *p, int iTable, ExprList *pEList){
   substExprList(p->pOrderBy, iTable, pEList);
   substExpr(p->pHaving, iTable, pEList);
   substExpr(p->pWhere, iTable, pEList);
+  substSelect(p->pPrior, iTable, pEList);
 }
 #endif /* !defined(SQLITE_OMIT_VIEW) */
 
diff --git a/test/fuzz.test b/test/fuzz.test
index 7e0d34a5b5..439490cd76 100644
--- a/test/fuzz.test
+++ b/test/fuzz.test
@@ -19,13 +19,13 @@
 #
 # The most complicated trees are for SELECT statements.
 #
-# $Id: fuzz.test,v 1.8 2007/05/14 14:05:00 danielk1977 Exp $
+# $Id: fuzz.test,v 1.9 2007/05/14 15:49:44 danielk1977 Exp $
 
 set testdir [file dirname $argv0]
 source $testdir/tester.tcl
 
-set ::REPEATS 20
-# set ::REPEATS 5000
+# set ::REPEATS 20
+set ::REPEATS 5000
 
 proc fuzz {TemplateList} {
   set n [llength $TemplateList]
@@ -112,7 +112,7 @@ proc Expr { {c {}} } {
       {[Literal]} {[Literal]} {[Literal]}                           \
       {[Literal]} {[Literal]} {[Literal]}
   }
-  if {$::SelectDepth < 10} {
+  if {$::SelectDepth < 4} {
     lappend TemplateList \
       {([Select 1])}                       \
       {[Expr $c] IN ([Select 1])}          \
@@ -197,7 +197,12 @@ proc SimpleSelect {{nRes 0}} {
              [SelectKw] * 
              FROM [Table],[Table] AS t2 
              WHERE [Expr $::ColumnList] 
-          }                                                            \
+          } {
+             [SelectKw] * 
+             FROM [Table] LEFT OUTER JOIN [Table] AS t2 
+             ON [Expr $::ColumnList]
+             WHERE [Expr $::ColumnList] 
+          }
     }
   } 
 
@@ -215,7 +220,9 @@ proc Select {{nMulti 0}} {
     {[SimpleSelect $nMulti]} {[SimpleSelect $nMulti]} {[SimpleSelect $nMulti]} 
     {[SimpleSelect $nMulti]} {[SimpleSelect $nMulti]} {[SimpleSelect $nMulti]} 
     {[SimpleSelect $nMulti]} {[SimpleSelect $nMulti]} {[SimpleSelect $nMulti]} 
-    {[SimpleSelect $nMulti] ORDER BY [Expr]}
+    {[SimpleSelect $nMulti] ORDER BY [Expr] DESC}
+    {[SimpleSelect $nMulti] ORDER BY [Expr] ASC}
+    {[SimpleSelect $nMulti] ORDER BY [Expr] ASC, [Expr] DESC}
     {[SimpleSelect $nMulti] ORDER BY [Expr] LIMIT [Expr] OFFSET [Expr]}
   }
 
@@ -284,13 +291,16 @@ proc Statement {} {
 proc Identifier {} {
   set TemplateList {
     This just chooses randomly a fixed 
-    We would also thank the developers for their analysis Samba
+    We would also thank the developers 
+    for their analysis Samba
   }
-
   fuzz $TemplateList
 }
 
 proc Check {} {
+  # Use a large value for $::SelectDepth, because sub-selects are
+  # not allowed in expressions used by CHECK constraints.
+  #
   set sd $::SelectDepth 
   set ::SelectDepth 500
   set TemplateList {
@@ -452,6 +462,29 @@ do_test fuzz-1.11 {
   }
 } {A}
 
+do_test fuzz-1.12.1 {
+  # Create a table with a single row.
+  execsql {
+    CREATE TABLE abc(b);
+    INSERT INTO abc VALUES('ABCDE');
+  }
+
+  # The following query was crashing. The later subquery (in the FROM)
+  # clause was flattened into the parent, but the code was not repairng
+  # the "b" reference in the other sub-query. When the query was executed,
+  # that "b" refered to a non-existant vdbe table-cursor.
+  #
+  execsql {
+    SELECT 1 IN ( SELECT b UNION SELECT 1 ) FROM (SELECT b FROM abc);
+  }
+} {1}
+do_test fuzz-1.12.2 {
+  # Clean up after the previous query.
+  execsql {
+    DROP TABLE abc;
+  }
+} {}
+
 #----------------------------------------------------------------
 # Test some fuzzily generated expressions.
 #