diff options
author | takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp> | 2020-11-02 11:07:33 +0900 |
---|---|---|
committer | takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp> | 2020-11-02 11:07:33 +0900 |
commit | 1c7d6584a7811b7785ae5c1e378f14b5ba0971cf (patch) | |
tree | cd70a267a5ef105ba32f200aa088e281fbd85747 /external/poky/meta/recipes-support/sqlite/files | |
parent | 4204309872da5cb401cbb2729d9e2d4869a87f42 (diff) |
basesystem-jjsandbox/ToshikazuOhiwa/master-jj
recipes
Diffstat (limited to 'external/poky/meta/recipes-support/sqlite/files')
7 files changed, 290 insertions, 260 deletions
diff --git a/external/poky/meta/recipes-support/sqlite/files/CVE-2018-20505.patch b/external/poky/meta/recipes-support/sqlite/files/CVE-2018-20505.patch deleted file mode 100644 index d1119f3b..00000000 --- a/external/poky/meta/recipes-support/sqlite/files/CVE-2018-20505.patch +++ /dev/null @@ -1,31 +0,0 @@ -From: D. Richard Hipp <drh@hwaci.com> -Date: Sat, 3 Nov 2018 13:11:24 +0000 (+0000) -Subject: Fix a assert() in the query planner that can arise when doing row-value -X-Git-Tag: version-3.26.0~59 -X-Git-Url: https://repo.or.cz/sqlite.git/commitdiff_plain/24298027a30cf7941f16a8cc878d0c1f9f14308f - -Fix a assert() in the query planner that can arise when doing row-value -operations on a PRIMARY KEY that contains duplicate columns. -Ticket [1a84668dcfdebaf12415d]. - -https://sqlite.org/src/info/1a84668dcfdebaf12415d - -upstream-Status: Backport -CVE: CVE-2018-20505 -affects <= 3.26.0 - -Signed-off-by: Armin Kuster <akuster@mvista.com> - -Index: sqlite-autoconf-3230100/sqlite3.c -=================================================================== ---- sqlite-autoconf-3230100.orig/sqlite3.c -+++ sqlite-autoconf-3230100/sqlite3.c -@@ -131231,7 +131231,7 @@ static Expr *removeUnindexableInClauseTe - for(i=iEq; i<pLoop->nLTerm; i++){ - if( pLoop->aLTerm[i]->pExpr==pX ){ - int iField = pLoop->aLTerm[i]->iField - 1; -- assert( pOrigRhs->a[iField].pExpr!=0 ); -+ if( pOrigRhs->a[iField].pExpr==0 ) continue; /* Duplicate PK column */ - pRhs = sqlite3ExprListAppend(pParse, pRhs, pOrigRhs->a[iField].pExpr); - pOrigRhs->a[iField].pExpr = 0; - assert( pOrigLhs->a[iField].pExpr!=0 ); diff --git a/external/poky/meta/recipes-support/sqlite/files/CVE-2018-20506.patch b/external/poky/meta/recipes-support/sqlite/files/CVE-2018-20506.patch deleted file mode 100644 index 7919f9b5..00000000 --- a/external/poky/meta/recipes-support/sqlite/files/CVE-2018-20506.patch +++ /dev/null @@ -1,103 +0,0 @@ -From: Dan Kennedy <danielk1977@gmail.com> -Date: Sat, 3 Nov 2018 16:51:30 +0000 (+0000) -Subject: Add extra defenses against strategically corrupt databases to fts3/4. -X-Git-Tag: version-3.26.0~58 -X-Git-Url: https://repo.or.cz/sqlite.git/commitdiff_plain/19816852d4e82e115338b1997540c26a1b794d18 - -Add extra defenses against strategically corrupt databases to fts3/4. - -https://sqlite.org/src/info/940f2adc8541a838 - -Upstream-Status: Backport -CVE: CVE-2018-20506 -Affects <= 3.26.0 - -Signed-off-by: Armin Kuster <akuster@mvista.com> - -Index: sqlite-autoconf-3230100/sqlite3.c -=================================================================== ---- sqlite-autoconf-3230100.orig/sqlite3.c -+++ sqlite-autoconf-3230100/sqlite3.c -@@ -152368,7 +152368,7 @@ static int fts3ScanInteriorNode( - const char *zCsr = zNode; /* Cursor to iterate through node */ - const char *zEnd = &zCsr[nNode];/* End of interior node buffer */ - char *zBuffer = 0; /* Buffer to load terms into */ -- int nAlloc = 0; /* Size of allocated buffer */ -+ i64 nAlloc = 0; /* Size of allocated buffer */ - int isFirstTerm = 1; /* True when processing first term on page */ - sqlite3_int64 iChild; /* Block id of child node to descend to */ - -@@ -152406,14 +152406,14 @@ static int fts3ScanInteriorNode( - zCsr += fts3GetVarint32(zCsr, &nSuffix); - - assert( nPrefix>=0 && nSuffix>=0 ); -- if( &zCsr[nSuffix]>zEnd ){ -+ if( nPrefix>zCsr-zNode || nSuffix>zEnd-zCsr ){ - rc = FTS_CORRUPT_VTAB; - goto finish_scan; - } -- if( nPrefix+nSuffix>nAlloc ){ -+ if( (i64)nPrefix+nSuffix>nAlloc ){ - char *zNew; -- nAlloc = (nPrefix+nSuffix) * 2; -- zNew = (char *)sqlite3_realloc(zBuffer, nAlloc); -+ nAlloc = ((i64)nPrefix+nSuffix) * 2; -+ zNew = (char *)sqlite3_realloc64(zBuffer, nAlloc); - if( !zNew ){ - rc = SQLITE_NOMEM; - goto finish_scan; -@@ -162012,15 +162012,19 @@ static int fts3SegReaderNext( - ** safe (no risk of overread) even if the node data is corrupted. */ - pNext += fts3GetVarint32(pNext, &nPrefix); - pNext += fts3GetVarint32(pNext, &nSuffix); -- if( nPrefix<0 || nSuffix<=0 -- || &pNext[nSuffix]>&pReader->aNode[pReader->nNode] -+ if( nSuffix<=0 -+ || (&pReader->aNode[pReader->nNode] - pNext)<nSuffix -+ || nPrefix>pReader->nTermAlloc - ){ - return FTS_CORRUPT_VTAB; - } - -- if( nPrefix+nSuffix>pReader->nTermAlloc ){ -- int nNew = (nPrefix+nSuffix)*2; -- char *zNew = sqlite3_realloc(pReader->zTerm, nNew); -+ /* Both nPrefix and nSuffix were read by fts3GetVarint32() and so are -+ ** between 0 and 0x7FFFFFFF. But the sum of the two may cause integer -+ ** overflow - hence the (i64) casts. */ -+ if( (i64)nPrefix+nSuffix>(i64)pReader->nTermAlloc ){ -+ i64 nNew = ((i64)nPrefix+nSuffix)*2; -+ char *zNew = sqlite3_realloc64(pReader->zTerm, nNew); - if( !zNew ){ - return SQLITE_NOMEM; - } -@@ -162042,7 +162046,7 @@ static int fts3SegReaderNext( - ** b-tree node. And that the final byte of the doclist is 0x00. If either - ** of these statements is untrue, then the data structure is corrupt. - */ -- if( &pReader->aDoclist[pReader->nDoclist]>&pReader->aNode[pReader->nNode] -+ if( (&pReader->aNode[pReader->nNode] - pReader->aDoclist)<pReader->nDoclist - || (pReader->nPopulate==0 && pReader->aDoclist[pReader->nDoclist-1]) - ){ - return FTS_CORRUPT_VTAB; -@@ -164367,7 +164371,9 @@ static int nodeReaderNext(NodeReader *p) - p->iOff += fts3GetVarint32(&p->aNode[p->iOff], &nPrefix); - } - p->iOff += fts3GetVarint32(&p->aNode[p->iOff], &nSuffix); -- -+ if( nPrefix>p->iOff || nSuffix>p->nNode-p->iOff ){ -+ return SQLITE_CORRUPT_VTAB; -+ } - blobGrowBuffer(&p->term, nPrefix+nSuffix, &rc); - if( rc==SQLITE_OK ){ - memcpy(&p->term.a[nPrefix], &p->aNode[p->iOff], nSuffix); -@@ -164375,6 +164381,9 @@ static int nodeReaderNext(NodeReader *p) - p->iOff += nSuffix; - if( p->iChild==0 ){ - p->iOff += fts3GetVarint32(&p->aNode[p->iOff], &p->nDoclist); -+ if( (p->nNode-p->iOff)<p->nDoclist ){ -+ return SQLITE_CORRUPT_VTAB; -+ } - p->aDoclist = &p->aNode[p->iOff]; - p->iOff += p->nDoclist; - } diff --git a/external/poky/meta/recipes-support/sqlite/files/CVE-2019-8457.patch b/external/poky/meta/recipes-support/sqlite/files/CVE-2019-8457.patch deleted file mode 100644 index 5883774e..00000000 --- a/external/poky/meta/recipes-support/sqlite/files/CVE-2019-8457.patch +++ /dev/null @@ -1,126 +0,0 @@ -From fbf2392644f0ae4282fa4583c9bb67260995d983 Mon Sep 17 00:00:00 2001 -From: Shubham Agrawal <shuagr@microsoft.com> -Date: Mon, 23 Sep 2019 20:58:47 +0000 -Subject: [PATCH] sqlite: fix for CVE-2019-8457 - -Upstream-Status: Backport -CVE: CVE-2019-8457 -Signed-off-by: Shubham Agrawal <shuagr@microsoft.com> ---- - sqlite3.c | 50 +++++++++++++++++++++++++++++++------------------- - 1 file changed, 31 insertions(+), 19 deletions(-) - -diff --git a/sqlite3.c b/sqlite3.c -index 00513d4..5c8c7f4 100644 ---- a/sqlite3.c -+++ b/sqlite3.c -@@ -172325,6 +172325,33 @@ - } - - -+/* Allocate and initialize a new dynamic string object */ -+StrAccum *sqlite3_str_new(sqlite3 *db){ -+ StrAccum *p = sqlite3DbMallocRaw(db, sizeof(*p)); -+ if( p ){ -+ sqlite3StrAccumInit(p, db, 0, 0, SQLITE_MAX_LENGTH); -+ } -+ return p; -+} -+ -+/* Finalize a string created using sqlite3_str_new(). -+*/ -+ -+char *sqlite3_str_finish(StrAccum *p){ -+ char *z; -+ if( p ){ -+ z = sqlite3StrAccumFinish(p); -+ sqlite3DbFree(p->db, p); -+ }else{ -+ z = 0; -+ } -+ return z; -+} -+/* Return any error code associated with p */ -+int sqlite3_str_errcode(StrAccum *p){ -+ return p ? p->accError : SQLITE_NOMEM; -+} -+ - /* - ** Implementation of a scalar function that decodes r-tree nodes to - ** human readable strings. This can be used for debugging and analysis. -@@ -172342,49 +172369,53 @@ - ** <num-dimension>*2 coordinates. - */ - static void rtreenode(sqlite3_context *ctx, int nArg, sqlite3_value **apArg){ -- char *zText = 0; -+ - RtreeNode node; - Rtree tree; - int ii; -+ int nData; -+ int errCode; -+ StrAccum *pOut; - - UNUSED_PARAMETER(nArg); - memset(&node, 0, sizeof(RtreeNode)); - memset(&tree, 0, sizeof(Rtree)); - tree.nDim = (u8)sqlite3_value_int(apArg[0]); -+ if( tree.nDim<1 || tree.nDim>5 ) return; - tree.nDim2 = tree.nDim*2; - tree.nBytesPerCell = 8 + 8 * tree.nDim; - node.zData = (u8 *)sqlite3_value_blob(apArg[1]); -+ nData = sqlite3_value_bytes(apArg[1]); -+ if( nData<4 ) return; -+ if( nData<NCELL(&node)*tree.nBytesPerCell ) return; - -+ pOut = sqlite3_str_new(0); - for(ii=0; ii<NCELL(&node); ii++){ -- char zCell[512]; -- int nCell = 0; -+ -+ - RtreeCell cell; - int jj; - - nodeGetCell(&tree, &node, ii, &cell); -- sqlite3_snprintf(512-nCell,&zCell[nCell],"%lld", cell.iRowid); -- nCell = (int)strlen(zCell); -+ if( ii>0 ) sqlite3StrAccumAppend(pOut, " ", 1); -+ sqlite3XPrintf(pOut, "{%lld", cell.iRowid); -+ - for(jj=0; jj<tree.nDim2; jj++){ - #ifndef SQLITE_RTREE_INT_ONLY -- sqlite3_snprintf(512-nCell,&zCell[nCell], " %g", -- (double)cell.aCoord[jj].f); -+ -+ sqlite3XPrintf(pOut, " %g", (double)cell.aCoord[jj].f); - #else -- sqlite3_snprintf(512-nCell,&zCell[nCell], " %d", -- cell.aCoord[jj].i); -+ -+ sqlite3XPrintf(pOut, " %d", cell.aCoord[jj].i); - #endif -- nCell = (int)strlen(zCell); -- } - -- if( zText ){ -- char *zTextNew = sqlite3_mprintf("%s {%s}", zText, zCell); -- sqlite3_free(zText); -- zText = zTextNew; -- }else{ -- zText = sqlite3_mprintf("{%s}", zCell); - } -+ sqlite3StrAccumAppend(pOut, "}", 1); - } -- -- sqlite3_result_text(ctx, zText, -1, sqlite3_free); -+ -+ errCode = sqlite3_str_errcode(pOut); -+ sqlite3_result_text(ctx, sqlite3_str_finish(pOut), -1, sqlite3_free); -+ sqlite3_result_error_code(ctx, errCode); - } - - /* This routine implements an SQL function that returns the "depth" parameter --- -2.7.4 - diff --git a/external/poky/meta/recipes-support/sqlite/files/CVE-2020-11655.patch b/external/poky/meta/recipes-support/sqlite/files/CVE-2020-11655.patch new file mode 100644 index 00000000..e30c482b --- /dev/null +++ b/external/poky/meta/recipes-support/sqlite/files/CVE-2020-11655.patch @@ -0,0 +1,32 @@ +From a4601326d61bf1a11151ac6b78b50804bfd03b4d Mon Sep 17 00:00:00 2001 +From: Sakib Sajal <sakib.sajal@windriver.com> +Date: Thu, 30 Apr 2020 10:46:16 -0700 +Subject: [PATCH 2/2] In the event of a semantic error in an aggregate query, + early-out the resetAccumulator() function to prevent problems due to + incomplete or incorrect initialization of the AggInfo object. Fix for ticket + [af4556bb5c285c08]. + +FossilOrigin-Name: 4a302b42c7bf5e11ddb5522ca999f74aba397d3a7eb91b1844bb02852f772441 +Upstream Status: Backport [c415d91007e1680e4eb17def583b202c3c83c718] + +CVE: CVE-2020-11655 +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + sqlite3.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/sqlite3.c b/sqlite3.c +index 1df6633..726adf7 100644 +--- a/sqlite3.c ++++ b/sqlite3.c +@@ -133242,6 +133242,7 @@ static void resetAccumulator(Parse *pParse, AggInfo *pAggInfo){ + struct AggInfo_func *pFunc; + int nReg = pAggInfo->nFunc + pAggInfo->nColumn; + if( nReg==0 ) return; ++ if( pParse->nErr ) return; + #ifdef SQLITE_DEBUG + /* Verify that all AggInfo registers are within the range specified by + ** AggInfo.mnReg..AggInfo.mxReg */ +-- +2.17.1 + diff --git a/external/poky/meta/recipes-support/sqlite/files/CVE-2020-11656.patch b/external/poky/meta/recipes-support/sqlite/files/CVE-2020-11656.patch new file mode 100644 index 00000000..b88a724e --- /dev/null +++ b/external/poky/meta/recipes-support/sqlite/files/CVE-2020-11656.patch @@ -0,0 +1,70 @@ +From 2d69a520d027eb73eb6da9f2653d23e33b10e8bb Mon Sep 17 00:00:00 2001 +From: Sakib Sajal <sakib.sajal@windriver.com> +Date: Thu, 30 Apr 2020 10:14:36 -0700 +Subject: [PATCH 1/2] Fix a case when a pointer might be used after + being freed in the ALTER TABLE code. Fix for [4722bdab08cb1]. + +FossilOrigin-Name: d09f8c3621d5f7f8c6d99d7d82bcaa8421855b3f470bea2b26c858106382b906 +Upstream Status: Backport [fb99e388ec7f30fe43e4878236e3695ff24ae58d] + +[PATCH 2/2] Do not suppress errors when resolving references in an ORDER + BY clause belonging to a compound SELECT within a view or trigger within + ALTER TABLE. Fix for ticket [a10a14e9b4ba2]. + +FossilOrigin-Name: 684293882c302600e112cf52553c19d84fdb31663d96e5dd7f8ac17dda00a026 +Upstream Status: Backport [4db7ab53f9c30e2e22731ace93ab6b18eef6c4ae] + +The two patches were converted to amalgamation format. + +CVE: CVE-2020-11656 +Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> +--- + sqlite3.c | 18 +++++++++++++++++- + 1 file changed, 17 insertions(+), 1 deletion(-) + +diff --git a/sqlite3.c b/sqlite3.c +index 64fae04..1df6633 100644 +--- a/sqlite3.c ++++ b/sqlite3.c +@@ -97945,7 +97945,7 @@ static int resolveOrderByTermToExprList( + nc.nErr = 0; + db = pParse->db; + savedSuppErr = db->suppressErr; +- db->suppressErr = 1; ++ if( IN_RENAME_OBJECT==0 ) db->suppressErr = 1; + rc = sqlite3ResolveExprNames(&nc, pE); + db->suppressErr = savedSuppErr; + if( rc ) return 0; +@@ -105383,6 +105383,21 @@ static void renameWalkWith(Walker *pWalker, Select *pSelect){ + } + } + ++/* ++** Unmap all tokens in the IdList object passed as the second argument. ++*/ ++static void unmapColumnIdlistNames( ++ Parse *pParse, ++ IdList *pIdList ++){ ++ if( pIdList ){ ++ int ii; ++ for(ii=0; ii<pIdList->nId; ii++){ ++ sqlite3RenameTokenRemap(pParse, 0, (void*)pIdList->a[ii].zName); ++ } ++ } ++} ++ + /* + ** Walker callback used by sqlite3RenameExprUnmap(). + */ +@@ -105404,6 +105419,7 @@ static int renameUnmapSelectCb(Walker *pWalker, Select *p){ + for(i=0; i<pSrc->nSrc; i++){ + sqlite3RenameTokenRemap(pParse, 0, (void*)pSrc->a[i].zName); + if( sqlite3WalkExpr(pWalker, pSrc->a[i].pOn) ) return WRC_Abort; ++ unmapColumnIdlistNames(pParse, pSrc->a[i].pUsing); + } + } + +-- +2.17.1 + diff --git a/external/poky/meta/recipes-support/sqlite/files/CVE-2020-15358.patch b/external/poky/meta/recipes-support/sqlite/files/CVE-2020-15358.patch new file mode 100644 index 00000000..086f6ef9 --- /dev/null +++ b/external/poky/meta/recipes-support/sqlite/files/CVE-2020-15358.patch @@ -0,0 +1,47 @@ +Fix a defect in the query-flattener optimization identified by ticket [8f157e8010b22af0]. + +Upstream-Status: Backport +https://www.sqlite.org/src/info/10fa79d00f8091e5 +CVE: CVE-2020-15358 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +Index: sqlite-autoconf-3310100/sqlite3.c +=================================================================== +--- sqlite-autoconf-3310100.orig/sqlite3.c ++++ sqlite-autoconf-3310100/sqlite3.c +@@ -18349,6 +18349,7 @@ struct Select { + #define SF_WhereBegin 0x0080000 /* Really a WhereBegin() call. Debug Only */ + #define SF_WinRewrite 0x0100000 /* Window function rewrite accomplished */ + #define SF_View 0x0200000 /* SELECT statement is a view */ ++#define SF_NoopOrderBy 0x0400000 /* ORDER BY is ignored for this query */ + + /* + ** The results of a SELECT can be distributed in several ways, as defined +@@ -130607,9 +130608,7 @@ static int multiSelect( + selectOpName(p->op))); + rc = sqlite3Select(pParse, p, &uniondest); + testcase( rc!=SQLITE_OK ); +- /* Query flattening in sqlite3Select() might refill p->pOrderBy. +- ** Be sure to delete p->pOrderBy, therefore, to avoid a memory leak. */ +- sqlite3ExprListDelete(db, p->pOrderBy); ++ assert( p->pOrderBy==0 ); + pDelete = p->pPrior; + p->pPrior = pPrior; + p->pOrderBy = 0; +@@ -131958,7 +131957,7 @@ static int flattenSubquery( + ** We look at every expression in the outer query and every place we see + ** "a" we substitute "x*3" and every place we see "b" we substitute "y+10". + */ +- if( pSub->pOrderBy ){ ++ if( pSub->pOrderBy && (pParent->selFlags & SF_NoopOrderBy)==0 ){ + /* At this point, any non-zero iOrderByCol values indicate that the + ** ORDER BY column expression is identical to the iOrderByCol'th + ** expression returned by SELECT statement pSub. Since these values +@@ -133659,6 +133658,7 @@ SQLITE_PRIVATE int sqlite3Select( + sqlite3ExprListDelete(db, p->pOrderBy); + p->pOrderBy = 0; + p->selFlags &= ~SF_Distinct; ++ p->selFlags |= SF_NoopOrderBy; + } + sqlite3SelectPrep(pParse, p, 0); + if( pParse->nErr || db->mallocFailed ){ diff --git a/external/poky/meta/recipes-support/sqlite/files/CVE-2020-9327.patch b/external/poky/meta/recipes-support/sqlite/files/CVE-2020-9327.patch new file mode 100644 index 00000000..fecbbabc --- /dev/null +++ b/external/poky/meta/recipes-support/sqlite/files/CVE-2020-9327.patch @@ -0,0 +1,141 @@ +From 45d491851e1bca378de158a5e279fd584ce548e4 Mon Sep 17 00:00:00 2001 +From: "D. Richard Hipp" <drh@hwaci.com> +Date: Mon, 17 Feb 2020 00:12:04 +0000 +Subject: [PATCH] [PATCH 1/2] Take care when checking the table of a TK_COLUMN + expression node to see if the table is a virtual table to first ensure that + the Expr.y.pTab pointer is not null due to generated column optimizations. + Ticket [4374860b29383380]. + +FossilOrigin-Name: 9d0d4ab95dc0c56e053c2924ed322a9ea7b25439e6f74599f706905a1994e454 + +[PATCH 2/2] A better (smaller and faster) solution to ticket + [4374860b29383380]. + +FossilOrigin-Name: abc473fb8fb999005dc79a360e34f97b3b25429decf1820dd2afa5c19577753d + +The two patches were converted to amalgamation format + +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +Upstream-Status: Backport +CVE: CVE-2020-9327 +--- + sqlite3.c | 35 ++++++++++++++++++++++++----------- + sqlite3.h | 2 +- + 2 files changed, 25 insertions(+), 12 deletions(-) + +diff --git a/sqlite3.c b/sqlite3.c +index 55dc686..64fae04 100644 +--- a/sqlite3.c ++++ b/sqlite3.c +@@ -1167,7 +1167,7 @@ extern "C" { + */ + #define SQLITE_VERSION "3.31.1" + #define SQLITE_VERSION_NUMBER 3031001 +-#define SQLITE_SOURCE_ID "2020-01-27 19:55:54 3bfa9cc97da10598521b342961df8f5f68c7388fa117345eeb516eaa837bb4d6" ++#define SQLITE_SOURCE_ID "2020-01-27 19:55:54 3bfa9cc97da10598521b342961df8f5f68c7388fa117345eeb516eaa837balt1" + + /* + ** CAPI3REF: Run-Time Library Version Numbers +@@ -17428,8 +17428,11 @@ struct Table { + */ + #ifndef SQLITE_OMIT_VIRTUALTABLE + # define IsVirtual(X) ((X)->nModuleArg) ++# define ExprIsVtab(X) \ ++ ((X)->op==TK_COLUMN && (X)->y.pTab!=0 && (X)->y.pTab->nModuleArg) + #else + # define IsVirtual(X) 0 ++# define ExprIsVtab(X) 0 + #endif + + /* +@@ -104133,19 +104136,25 @@ static int impliesNotNullRow(Walker *pWalker, Expr *pExpr){ + case TK_LT: + case TK_LE: + case TK_GT: +- case TK_GE: ++ case TK_GE: { ++ Expr *pLeft = pExpr->pLeft; ++ Expr *pRight = pExpr->pRight; + testcase( pExpr->op==TK_EQ ); + testcase( pExpr->op==TK_NE ); + testcase( pExpr->op==TK_LT ); + testcase( pExpr->op==TK_LE ); + testcase( pExpr->op==TK_GT ); + testcase( pExpr->op==TK_GE ); +- if( (pExpr->pLeft->op==TK_COLUMN && IsVirtual(pExpr->pLeft->y.pTab)) +- || (pExpr->pRight->op==TK_COLUMN && IsVirtual(pExpr->pRight->y.pTab)) ++ /* The y.pTab=0 assignment in wherecode.c always happens after the ++ ** impliesNotNullRow() test */ ++ if( (pLeft->op==TK_COLUMN && ALWAYS(pLeft->y.pTab!=0) ++ && IsVirtual(pLeft->y.pTab)) ++ || (pRight->op==TK_COLUMN && ALWAYS(pRight->y.pTab!=0) ++ && IsVirtual(pRight->y.pTab)) + ){ +- return WRC_Prune; ++ return WRC_Prune; + } +- ++ } + default: + return WRC_Continue; + } +@@ -142591,7 +142600,8 @@ static int isAuxiliaryVtabOperator( + ** MATCH(expression,vtab_column) + */ + pCol = pList->a[1].pExpr; +- if( pCol->op==TK_COLUMN && IsVirtual(pCol->y.pTab) ){ ++ testcase( pCol->op==TK_COLUMN && pCol->y.pTab==0 ); ++ if( ExprIsVtab(pCol) ){ + for(i=0; i<ArraySize(aOp); i++){ + if( sqlite3StrICmp(pExpr->u.zToken, aOp[i].zOp)==0 ){ + *peOp2 = aOp[i].eOp2; +@@ -142613,7 +142623,8 @@ static int isAuxiliaryVtabOperator( + ** with function names in an arbitrary case. + */ + pCol = pList->a[0].pExpr; +- if( pCol->op==TK_COLUMN && IsVirtual(pCol->y.pTab) ){ ++ testcase( pCol->op==TK_COLUMN && pCol->y.pTab==0 ); ++ if( ExprIsVtab(pCol) ){ + sqlite3_vtab *pVtab; + sqlite3_module *pMod; + void (*xNotUsed)(sqlite3_context*,int,sqlite3_value**); +@@ -142636,10 +142647,12 @@ static int isAuxiliaryVtabOperator( + int res = 0; + Expr *pLeft = pExpr->pLeft; + Expr *pRight = pExpr->pRight; +- if( pLeft->op==TK_COLUMN && IsVirtual(pLeft->y.pTab) ){ ++ testcase( pLeft->op==TK_COLUMN && pLeft->y.pTab==0 ); ++ if( ExprIsVtab(pLeft) ){ + res++; + } +- if( pRight && pRight->op==TK_COLUMN && IsVirtual(pRight->y.pTab) ){ ++ testcase( pRight && pRight->op==TK_COLUMN && pRight->y.pTab==0 ); ++ if( pRight && ExprIsVtab(pRight) ){ + res++; + SWAP(Expr*, pLeft, pRight); + } +@@ -228440,7 +228453,7 @@ SQLITE_API int sqlite3_stmt_init( + #endif /* !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_STMTVTAB) */ + + /************** End of stmt.c ************************************************/ +-#if __LINE__!=228443 ++#if __LINE__!=228456 + #undef SQLITE_SOURCE_ID + #define SQLITE_SOURCE_ID "2020-01-27 19:55:54 3bfa9cc97da10598521b342961df8f5f68c7388fa117345eeb516eaa837balt2" + #endif +diff --git a/sqlite3.h b/sqlite3.h +index cef6eea..5b9796c 100644 +--- a/sqlite3.h ++++ b/sqlite3.h +@@ -125,7 +125,7 @@ extern "C" { + */ + #define SQLITE_VERSION "3.31.1" + #define SQLITE_VERSION_NUMBER 3031001 +-#define SQLITE_SOURCE_ID "2020-01-27 19:55:54 3bfa9cc97da10598521b342961df8f5f68c7388fa117345eeb516eaa837bb4d6" ++#define SQLITE_SOURCE_ID "2020-01-27 19:55:54 3bfa9cc97da10598521b342961df8f5f68c7388fa117345eeb516eaa837balt1" + + /* + ** CAPI3REF: Run-Time Library Version Numbers +-- +2.25.1 + |