blob: ca5c31c57b9f65c14128868e243773ba006a7160 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
CVE: CVE-2019-19880
Upstream-Status: Backport
Signed-off-by: Ross Burton <ross.burton@intel.com>
From 3622d20ad10dfac9586d4423547ed960cbc66fcf Mon Sep 17 00:00:00 2001
From: "D. Richard Hipp" <drh@hwaci.com>
Date: Wed, 18 Dec 2019 00:05:50 +0000
Subject: [PATCH] When processing constant integer values in ORDER BY clauses
of window definitions (see check-in [7e4 ---
---
sqlite3.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/sqlite3.c b/sqlite3.c
index db1c649..a83b3d2 100644
--- a/sqlite3.c
+++ b/sqlite3.c
@@ -147584,9 +147584,11 @@ static ExprList *exprListAppendList(
int nInit = pList ? pList->nExpr : 0;
for(i=0; i<pAppend->nExpr; i++){
Expr *pDup = sqlite3ExprDup(pParse->db, pAppend->a[i].pExpr, 0);
+ assert( pDup==0 || !ExprHasProperty(pDup, EP_MemToken) );
if( bIntToNull && pDup && pDup->op==TK_INTEGER ){
pDup->op = TK_NULL;
pDup->flags &= ~(EP_IntValue|EP_IsTrue|EP_IsFalse);
+ pDup->u.zToken = 0;
}
pList = sqlite3ExprListAppend(pParse, pList, pDup);
if( pList ) pList->a[nInit+i].sortFlags = pAppend->a[i].sortFlags;
--
2.24.1
|
