diff --git a/.gitignore b/.gitignore
index 15e9ee3..12d440d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
 SOURCES/icu4c-77_1-data-bin-b.zip
 SOURCES/icu4c-77_1-data-bin-l.zip
-SOURCES/node-v22.16.0-stripped.tar.gz
+SOURCES/node-v22.19.0-stripped.tar.gz
diff --git a/.nodejs.metadata b/.nodejs.metadata
index 8108320..d1119dd 100644
--- a/.nodejs.metadata
+++ b/.nodejs.metadata
@@ -1,3 +1,3 @@
 c459faa36dedc60af6a0c6d5b9b84b6198389bf0 SOURCES/icu4c-77_1-data-bin-b.zip
 c602459f93a43dfe7440686b46430e93a85dfc06 SOURCES/icu4c-77_1-data-bin-l.zip
-ee39da75967d13f66ce76e31caaa0058b022d7ff SOURCES/node-v22.16.0-stripped.tar.gz
+fcb143615038d08f68d1c53636bec5f7f1c95d3b SOURCES/node-v22.19.0-stripped.tar.gz
diff --git a/SOURCES/0002-sqlite-CVE-2025-6965.patch b/SOURCES/0002-sqlite-CVE-2025-6965.patch
deleted file mode 100644
index e8fabef..0000000
--- a/SOURCES/0002-sqlite-CVE-2025-6965.patch
+++ /dev/null
@@ -1,11026 +0,0 @@
-diff --color -ruN node-v22.16.0/deps/sqlite/sqlite3.c node-modded/deps/sqlite/sqlite3.c
---- node-v22.16.0/deps/sqlite/sqlite3.c	2025-05-21 06:12:48.000000000 +0200
-+++ node-modded/deps/sqlite/sqlite3.c	2025-07-17 16:20:17.619643827 +0200
-@@ -1,6 +1,6 @@
- /******************************************************************************
- ** This file is an amalgamation of many separate C source files from SQLite
--** version 3.49.1.  By combining all the individual C code files into this
-+** version 3.50.3.  By combining all the individual C code files into this
- ** single large file, the entire code can be compiled as a single translation
- ** unit.  This allows many compilers to do optimizations that would not be
- ** possible if the files were compiled separately.  Performance improvements
-@@ -18,7 +18,7 @@
- ** separate file. This file contains only code for the core SQLite library.
- **
- ** The content in this amalgamation comes from Fossil check-in
--** 873d4e274b4988d260ba8354a9718324a1c2 with changes in files:
-+** 3ce993b8657d6d9deda380a93cdd6404a8c8 with changes in files:
- **
- **    
- */
-@@ -452,7 +452,7 @@
- **
- ** Since [version 3.6.18] ([dateof:3.6.18]),
- ** SQLite source code has been stored in the
--** <a href="http://www.fossil-scm.org/">Fossil configuration management
-+** <a href="http://fossil-scm.org/">Fossil configuration management
- ** system</a>.  ^The SQLITE_SOURCE_ID macro evaluates to
- ** a string which identifies a particular check-in of SQLite
- ** within its configuration management system.  ^The SQLITE_SOURCE_ID
-@@ -465,9 +465,9 @@
- ** [sqlite3_libversion_number()], [sqlite3_sourceid()],
- ** [sqlite_version()] and [sqlite_source_id()].
- */
--#define SQLITE_VERSION        "3.49.1"
--#define SQLITE_VERSION_NUMBER 3049001
--#define SQLITE_SOURCE_ID      "2025-02-18 13:38:58 873d4e274b4988d260ba8354a9718324a1c26187a4ab4c1cc0227c03d0f10e70"
-+#define SQLITE_VERSION        "3.50.3"
-+#define SQLITE_VERSION_NUMBER 3050003
-+#define SQLITE_SOURCE_ID      "2025-07-17 13:25:10 3ce993b8657d6d9deda380a93cdd6404a8c8ba1b185b2bc423703e41ae5f2543"
- 
- /*
- ** CAPI3REF: Run-Time Library Version Numbers
-@@ -1482,6 +1482,12 @@
- ** the value that M is to be set to. Before returning, the 32-bit signed
- ** integer is overwritten with the previous value of M.
- **
-+** <li>[[SQLITE_FCNTL_BLOCK_ON_CONNECT]]
-+** The [SQLITE_FCNTL_BLOCK_ON_CONNECT] opcode is used to configure the
-+** VFS to block when taking a SHARED lock to connect to a wal mode database.
-+** This is used to implement the functionality associated with
-+** SQLITE_SETLK_BLOCK_ON_CONNECT.
-+**
- ** <li>[[SQLITE_FCNTL_DATA_VERSION]]
- ** The [SQLITE_FCNTL_DATA_VERSION] opcode is used to detect changes to
- ** a database file.  The argument is a pointer to a 32-bit unsigned integer.
-@@ -1578,6 +1584,7 @@
- #define SQLITE_FCNTL_CKSM_FILE              41
- #define SQLITE_FCNTL_RESET_CACHE            42
- #define SQLITE_FCNTL_NULL_IO                43
-+#define SQLITE_FCNTL_BLOCK_ON_CONNECT       44
- 
- /* deprecated names */
- #define SQLITE_GET_LOCKPROXYFILE      SQLITE_FCNTL_GET_LOCKPROXYFILE
-@@ -2308,13 +2315,16 @@
- **
- ** [[SQLITE_CONFIG_LOOKASIDE]] <dt>SQLITE_CONFIG_LOOKASIDE</dt>
- ** <dd> ^(The SQLITE_CONFIG_LOOKASIDE option takes two arguments that determine
--** the default size of lookaside memory on each [database connection].
-+** the default size of [lookaside memory] on each [database connection].
- ** The first argument is the
--** size of each lookaside buffer slot and the second is the number of
--** slots allocated to each database connection.)^  ^(SQLITE_CONFIG_LOOKASIDE
--** sets the <i>default</i> lookaside size. The [SQLITE_DBCONFIG_LOOKASIDE]
--** option to [sqlite3_db_config()] can be used to change the lookaside
--** configuration on individual connections.)^ </dd>
-+** size of each lookaside buffer slot ("sz") and the second is the number of
-+** slots allocated to each database connection ("cnt").)^
-+** ^(SQLITE_CONFIG_LOOKASIDE sets the <i>default</i> lookaside size.
-+** The [SQLITE_DBCONFIG_LOOKASIDE] option to [sqlite3_db_config()] can
-+** be used to change the lookaside configuration on individual connections.)^
-+** The [-DSQLITE_DEFAULT_LOOKASIDE] option can be used to change the
-+** default lookaside configuration at compile-time.
-+** </dd>
- **
- ** [[SQLITE_CONFIG_PCACHE2]] <dt>SQLITE_CONFIG_PCACHE2</dt>
- ** <dd> ^(The SQLITE_CONFIG_PCACHE2 option takes a single argument which is
-@@ -2551,31 +2561,50 @@
- ** [[SQLITE_DBCONFIG_LOOKASIDE]]
- ** <dt>SQLITE_DBCONFIG_LOOKASIDE</dt>
- ** <dd> The SQLITE_DBCONFIG_LOOKASIDE option is used to adjust the
--** configuration of the lookaside memory allocator within a database
-+** configuration of the [lookaside memory allocator] within a database
- ** connection.
- ** The arguments to the SQLITE_DBCONFIG_LOOKASIDE option are <i>not</i>
- ** in the [DBCONFIG arguments|usual format].
- ** The SQLITE_DBCONFIG_LOOKASIDE option takes three arguments, not two,
- ** so that a call to [sqlite3_db_config()] that uses SQLITE_DBCONFIG_LOOKASIDE
- ** should have a total of five parameters.
--** ^The first argument (the third parameter to [sqlite3_db_config()] is a
-+** <ol>
-+** <li><p>The first argument ("buf") is a
- ** pointer to a memory buffer to use for lookaside memory.
--** ^The first argument after the SQLITE_DBCONFIG_LOOKASIDE verb
--** may be NULL in which case SQLite will allocate the
--** lookaside buffer itself using [sqlite3_malloc()]. ^The second argument is the
--** size of each lookaside buffer slot.  ^The third argument is the number of
--** slots.  The size of the buffer in the first argument must be greater than
--** or equal to the product of the second and third arguments.  The buffer
--** must be aligned to an 8-byte boundary.  ^If the second argument to
--** SQLITE_DBCONFIG_LOOKASIDE is not a multiple of 8, it is internally
--** rounded down to the next smaller multiple of 8.  ^(The lookaside memory
-+** The first argument may be NULL in which case SQLite will allocate the
-+** lookaside buffer itself using [sqlite3_malloc()].
-+** <li><P>The second argument ("sz") is the
-+** size of each lookaside buffer slot.  Lookaside is disabled if "sz"
-+** is less than 8.  The "sz" argument should be a multiple of 8 less than
-+** 65536.  If "sz" does not meet this constraint, it is reduced in size until
-+** it does.
-+** <li><p>The third argument ("cnt") is the number of slots. Lookaside is disabled
-+** if "cnt"is less than 1.  The "cnt" value will be reduced, if necessary, so
-+** that the product of "sz" and "cnt" does not exceed 2,147,418,112.  The "cnt"
-+** parameter is usually chosen so that the product of "sz" and "cnt" is less
-+** than 1,000,000.
-+** </ol>
-+** <p>If the "buf" argument is not NULL, then it must
-+** point to a memory buffer with a size that is greater than
-+** or equal to the product of "sz" and "cnt".
-+** The buffer must be aligned to an 8-byte boundary.
-+** The lookaside memory
- ** configuration for a database connection can only be changed when that
- ** connection is not currently using lookaside memory, or in other words
--** when the "current value" returned by
--** [sqlite3_db_status](D,[SQLITE_DBSTATUS_LOOKASIDE_USED],...) is zero.
-+** when the value returned by [SQLITE_DBSTATUS_LOOKASIDE_USED] is zero.
- ** Any attempt to change the lookaside memory configuration when lookaside
- ** memory is in use leaves the configuration unchanged and returns
--** [SQLITE_BUSY].)^</dd>
-+** [SQLITE_BUSY].
-+** If the "buf" argument is NULL and an attempt
-+** to allocate memory based on "sz" and "cnt" fails, then
-+** lookaside is silently disabled.
-+** <p>
-+** The [SQLITE_CONFIG_LOOKASIDE] configuration option can be used to set the
-+** default lookaside configuration at initialization.  The
-+** [-DSQLITE_DEFAULT_LOOKASIDE] option can be used to set the default lookaside
-+** configuration at compile-time.  Typical values for lookaside are 1200 for
-+** "sz" and 40 to 100 for "cnt".
-+** </dd>
- **
- ** [[SQLITE_DBCONFIG_ENABLE_FKEY]]
- ** <dt>SQLITE_DBCONFIG_ENABLE_FKEY</dt>
-@@ -3313,6 +3342,44 @@
- SQLITE_API int sqlite3_busy_timeout(sqlite3*, int ms);
- 
- /*
-+** CAPI3REF: Set the Setlk Timeout
-+** METHOD: sqlite3
-+**
-+** This routine is only useful in SQLITE_ENABLE_SETLK_TIMEOUT builds. If
-+** the VFS supports blocking locks, it sets the timeout in ms used by
-+** eligible locks taken on wal mode databases by the specified database
-+** handle. In non-SQLITE_ENABLE_SETLK_TIMEOUT builds, or if the VFS does
-+** not support blocking locks, this function is a no-op.
-+**
-+** Passing 0 to this function disables blocking locks altogether. Passing
-+** -1 to this function requests that the VFS blocks for a long time -
-+** indefinitely if possible. The results of passing any other negative value
-+** are undefined.
-+**
-+** Internally, each SQLite database handle store two timeout values - the
-+** busy-timeout (used for rollback mode databases, or if the VFS does not
-+** support blocking locks) and the setlk-timeout (used for blocking locks
-+** on wal-mode databases). The sqlite3_busy_timeout() method sets both
-+** values, this function sets only the setlk-timeout value. Therefore,
-+** to configure separate busy-timeout and setlk-timeout values for a single
-+** database handle, call sqlite3_busy_timeout() followed by this function.
-+**
-+** Whenever the number of connections to a wal mode database falls from
-+** 1 to 0, the last connection takes an exclusive lock on the database,
-+** then checkpoints and deletes the wal file. While it is doing this, any
-+** new connection that tries to read from the database fails with an
-+** SQLITE_BUSY error. Or, if the SQLITE_SETLK_BLOCK_ON_CONNECT flag is
-+** passed to this API, the new connection blocks until the exclusive lock
-+** has been released.
-+*/
-+SQLITE_API int sqlite3_setlk_timeout(sqlite3*, int ms, int flags);
-+
-+/*
-+** CAPI3REF: Flags for sqlite3_setlk_timeout()
-+*/
-+#define SQLITE_SETLK_BLOCK_ON_CONNECT 0x01
-+
-+/*
- ** CAPI3REF: Convenience Routines For Running Queries
- ** METHOD: sqlite3
- **
-@@ -4331,7 +4398,7 @@
- **
- ** The sqlite3_create_filename(D,J,W,N,P) allocates memory to hold a version of
- ** database filename D with corresponding journal file J and WAL file W and
--** with N URI parameters key/values pairs in the array P.  The result from
-+** an array P of N URI Key/Value pairs.  The result from
- ** sqlite3_create_filename(D,J,W,N,P) is a pointer to a database filename that
- ** is safe to pass to routines like:
- ** <ul>
-@@ -5012,7 +5079,7 @@
- ** METHOD: sqlite3_stmt
- **
- ** ^(In the SQL statement text input to [sqlite3_prepare_v2()] and its variants,
--** literals may be replaced by a [parameter] that matches one of following
-+** literals may be replaced by a [parameter] that matches one of the following
- ** templates:
- **
- ** <ul>
-@@ -5057,7 +5124,7 @@
- **
- ** [[byte-order determination rules]] ^The byte-order of
- ** UTF16 input text is determined by the byte-order mark (BOM, U+FEFF)
--** found in first character, which is removed, or in the absence of a BOM
-+** found in the first character, which is removed, or in the absence of a BOM
- ** the byte order is the native byte order of the host
- ** machine for sqlite3_bind_text16() or the byte order specified in
- ** the 6th parameter for sqlite3_bind_text64().)^
-@@ -5077,7 +5144,7 @@
- ** or sqlite3_bind_text16() or sqlite3_bind_text64() then
- ** that parameter must be the byte offset
- ** where the NUL terminator would occur assuming the string were NUL
--** terminated.  If any NUL characters occurs at byte offsets less than
-+** terminated.  If any NUL characters occur at byte offsets less than
- ** the value of the fourth parameter then the resulting string value will
- ** contain embedded NULs.  The result of expressions involving strings
- ** with embedded NULs is undefined.
-@@ -5289,7 +5356,7 @@
- ** METHOD: sqlite3_stmt
- **
- ** ^These routines provide a means to determine the database, table, and
--** table column that is the origin of a particular result column in
-+** table column that is the origin of a particular result column in a
- ** [SELECT] statement.
- ** ^The name of the database or table or column can be returned as
- ** either a UTF-8 or UTF-16 string.  ^The _database_ routines return
-@@ -5427,7 +5494,7 @@
- ** other than [SQLITE_ROW] before any subsequent invocation of
- ** sqlite3_step().  Failure to reset the prepared statement using
- ** [sqlite3_reset()] would result in an [SQLITE_MISUSE] return from
--** sqlite3_step().  But after [version 3.6.23.1] ([dateof:3.6.23.1],
-+** sqlite3_step().  But after [version 3.6.23.1] ([dateof:3.6.23.1]),
- ** sqlite3_step() began
- ** calling [sqlite3_reset()] automatically in this circumstance rather
- ** than returning [SQLITE_MISUSE].  This is not considered a compatibility
-@@ -5858,8 +5925,8 @@
- **
- ** For best security, the [SQLITE_DIRECTONLY] flag is recommended for
- ** all application-defined SQL functions that do not need to be
--** used inside of triggers, view, CHECK constraints, or other elements of
--** the database schema.  This flags is especially recommended for SQL
-+** used inside of triggers, views, CHECK constraints, or other elements of
-+** the database schema.  This flag is especially recommended for SQL
- ** functions that have side effects or reveal internal application state.
- ** Without this flag, an attacker might be able to modify the schema of
- ** a database file to include invocations of the function with parameters
-@@ -5890,7 +5957,7 @@
- ** [user-defined window functions|available here].
- **
- ** ^(If the final parameter to sqlite3_create_function_v2() or
--** sqlite3_create_window_function() is not NULL, then it is destructor for
-+** sqlite3_create_window_function() is not NULL, then it is the destructor for
- ** the application data pointer. The destructor is invoked when the function
- ** is deleted, either by being overloaded or when the database connection
- ** closes.)^ ^The destructor is also invoked if the call to
-@@ -6290,7 +6357,7 @@
- ** METHOD: sqlite3_value
- **
- ** ^The sqlite3_value_dup(V) interface makes a copy of the [sqlite3_value]
--** object D and returns a pointer to that copy.  ^The [sqlite3_value] returned
-+** object V and returns a pointer to that copy.  ^The [sqlite3_value] returned
- ** is a [protected sqlite3_value] object even if the input is not.
- ** ^The sqlite3_value_dup(V) interface returns NULL if V is NULL or if a
- ** memory allocation fails. ^If V is a [pointer value], then the result
-@@ -6328,7 +6395,7 @@
- ** allocation error occurs.
- **
- ** ^(The amount of space allocated by sqlite3_aggregate_context(C,N) is
--** determined by the N parameter on first successful call.  Changing the
-+** determined by the N parameter on the first successful call.  Changing the
- ** value of N in any subsequent call to sqlite3_aggregate_context() within
- ** the same aggregate function instance will not resize the memory
- ** allocation.)^  Within the xFinal callback, it is customary to set
-@@ -6490,7 +6557,7 @@
- **
- ** Security Warning:  These interfaces should not be exposed in scripting
- ** languages or in other circumstances where it might be possible for an
--** an attacker to invoke them.  Any agent that can invoke these interfaces
-+** attacker to invoke them.  Any agent that can invoke these interfaces
- ** can probably also take control of the process.
- **
- ** Database connection client data is only available for SQLite
-@@ -6604,7 +6671,7 @@
- ** pointed to by the 2nd parameter are taken as the application-defined
- ** function result.  If the 3rd parameter is non-negative, then it
- ** must be the byte offset into the string where the NUL terminator would
--** appear if the string where NUL terminated.  If any NUL characters occur
-+** appear if the string were NUL terminated.  If any NUL characters occur
- ** in the string at a byte offset that is less than the value of the 3rd
- ** parameter, then the resulting string will contain embedded NULs and the
- ** result of expressions operating on strings with embedded NULs is undefined.
-@@ -6662,7 +6729,7 @@
- ** string and preferably a string literal. The sqlite3_result_pointer()
- ** routine is part of the [pointer passing interface] added for SQLite 3.20.0.
- **
--** If these routines are called from within the different thread
-+** If these routines are called from within a different thread
- ** than the one containing the application-defined function that received
- ** the [sqlite3_context] pointer, the results are undefined.
- */
-@@ -7068,7 +7135,7 @@
- ** METHOD: sqlite3
- **
- ** ^The sqlite3_db_name(D,N) interface returns a pointer to the schema name
--** for the N-th database on database connection D, or a NULL pointer of N is
-+** for the N-th database on database connection D, or a NULL pointer if N is
- ** out of range.  An N value of 0 means the main database file.  An N of 1 is
- ** the "temp" schema.  Larger values of N correspond to various ATTACH-ed
- ** databases.
-@@ -7163,7 +7230,7 @@
- ** <dd>The SQLITE_TXN_READ state means that the database is currently
- ** in a read transaction.  Content has been read from the database file
- ** but nothing in the database file has changed.  The transaction state
--** will advanced to SQLITE_TXN_WRITE if any changes occur and there are
-+** will be advanced to SQLITE_TXN_WRITE if any changes occur and there are
- ** no other conflicting concurrent write transactions.  The transaction
- ** state will revert to SQLITE_TXN_NONE following a [ROLLBACK] or
- ** [COMMIT].</dd>
-@@ -7172,7 +7239,7 @@
- ** <dd>The SQLITE_TXN_WRITE state means that the database is currently
- ** in a write transaction.  Content has been written to the database file
- ** but has not yet committed.  The transaction state will change to
--** to SQLITE_TXN_NONE at the next [ROLLBACK] or [COMMIT].</dd>
-+** SQLITE_TXN_NONE at the next [ROLLBACK] or [COMMIT].</dd>
- */
- #define SQLITE_TXN_NONE  0
- #define SQLITE_TXN_READ  1
-@@ -7323,6 +7390,8 @@
- **
- ** ^The second argument is a pointer to the function to invoke when a
- ** row is updated, inserted or deleted in a rowid table.
-+** ^The update hook is disabled by invoking sqlite3_update_hook()
-+** with a NULL pointer as the second parameter.
- ** ^The first argument to the callback is a copy of the third argument
- ** to sqlite3_update_hook().
- ** ^The second callback argument is one of [SQLITE_INSERT], [SQLITE_DELETE],
-@@ -7451,7 +7520,7 @@
- ** CAPI3REF: Impose A Limit On Heap Size
- **
- ** These interfaces impose limits on the amount of heap memory that will be
--** by all database connections within a single process.
-+** used by all database connections within a single process.
- **
- ** ^The sqlite3_soft_heap_limit64() interface sets and/or queries the
- ** soft limit on the amount of heap memory that may be allocated by SQLite.
-@@ -7509,7 +7578,7 @@
- ** </ul>)^
- **
- ** The circumstances under which SQLite will enforce the heap limits may
--** changes in future releases of SQLite.
-+** change in future releases of SQLite.
- */
- SQLITE_API sqlite3_int64 sqlite3_soft_heap_limit64(sqlite3_int64 N);
- SQLITE_API sqlite3_int64 sqlite3_hard_heap_limit64(sqlite3_int64 N);
-@@ -7624,8 +7693,8 @@
- ** ^The entry point is zProc.
- ** ^(zProc may be 0, in which case SQLite will try to come up with an
- ** entry point name on its own.  It first tries "sqlite3_extension_init".
--** If that does not work, it constructs a name "sqlite3_X_init" where the
--** X is consists of the lower-case equivalent of all ASCII alphabetic
-+** If that does not work, it constructs a name "sqlite3_X_init" where
-+** X consists of the lower-case equivalent of all ASCII alphabetic
- ** characters in the filename from the last "/" to the first following
- ** "." and omitting any initial "lib".)^
- ** ^The sqlite3_load_extension() interface returns
-@@ -7696,7 +7765,7 @@
- ** ^(Even though the function prototype shows that xEntryPoint() takes
- ** no arguments and returns void, SQLite invokes xEntryPoint() with three
- ** arguments and expects an integer result as if the signature of the
--** entry point where as follows:
-+** entry point were as follows:
- **
- ** <blockquote><pre>
- ** &nbsp;  int xEntryPoint(
-@@ -7860,7 +7929,7 @@
- ** virtual table and might not be checked again by the byte code.)^ ^(The
- ** aConstraintUsage[].omit flag is an optimization hint. When the omit flag
- ** is left in its default setting of false, the constraint will always be
--** checked separately in byte code.  If the omit flag is change to true, then
-+** checked separately in byte code.  If the omit flag is changed to true, then
- ** the constraint may or may not be checked in byte code.  In other words,
- ** when the omit flag is true there is no guarantee that the constraint will
- ** not be checked again using byte code.)^
-@@ -7886,7 +7955,7 @@
- ** The xBestIndex method may optionally populate the idxFlags field with a
- ** mask of SQLITE_INDEX_SCAN_* flags. One such flag is
- ** [SQLITE_INDEX_SCAN_HEX], which if set causes the [EXPLAIN QUERY PLAN]
--** output to show the idxNum has hex instead of as decimal.  Another flag is
-+** output to show the idxNum as hex instead of as decimal.  Another flag is
- ** SQLITE_INDEX_SCAN_UNIQUE, which if set indicates that the query plan will
- ** return at most one row.
- **
-@@ -8027,7 +8096,7 @@
- ** the implementation of the [virtual table module].   ^The fourth
- ** parameter is an arbitrary client data pointer that is passed through
- ** into the [xCreate] and [xConnect] methods of the virtual table module
--** when a new virtual table is be being created or reinitialized.
-+** when a new virtual table is being created or reinitialized.
- **
- ** ^The sqlite3_create_module_v2() interface has a fifth parameter which
- ** is a pointer to a destructor for the pClientData.  ^SQLite will
-@@ -8192,7 +8261,7 @@
- ** in *ppBlob. Otherwise an [error code] is returned and, unless the error
- ** code is SQLITE_MISUSE, *ppBlob is set to NULL.)^ ^This means that, provided
- ** the API is not misused, it is always safe to call [sqlite3_blob_close()]
--** on *ppBlob after this function it returns.
-+** on *ppBlob after this function returns.
- **
- ** This function fails with SQLITE_ERROR if any of the following are true:
- ** <ul>
-@@ -8312,7 +8381,7 @@
- **
- ** ^Returns the size in bytes of the BLOB accessible via the
- ** successfully opened [BLOB handle] in its only argument.  ^The
--** incremental blob I/O routines can only read or overwriting existing
-+** incremental blob I/O routines can only read or overwrite existing
- ** blob content; they cannot change the size of a blob.
- **
- ** This routine only works on a [BLOB handle] which has been created
-@@ -8462,7 +8531,7 @@
- ** ^The sqlite3_mutex_alloc() routine allocates a new
- ** mutex and returns a pointer to it. ^The sqlite3_mutex_alloc()
- ** routine returns NULL if it is unable to allocate the requested
--** mutex.  The argument to sqlite3_mutex_alloc() must one of these
-+** mutex.  The argument to sqlite3_mutex_alloc() must be one of these
- ** integer constants:
- **
- ** <ul>
-@@ -8695,7 +8764,7 @@
- ** CAPI3REF: Retrieve the mutex for a database connection
- ** METHOD: sqlite3
- **
--** ^This interface returns a pointer the [sqlite3_mutex] object that
-+** ^This interface returns a pointer to the [sqlite3_mutex] object that
- ** serializes access to the [database connection] given in the argument
- ** when the [threading mode] is Serialized.
- ** ^If the [threading mode] is Single-thread or Multi-thread then this
-@@ -8818,7 +8887,7 @@
- ** CAPI3REF: SQL Keyword Checking
- **
- ** These routines provide access to the set of SQL language keywords
--** recognized by SQLite.  Applications can uses these routines to determine
-+** recognized by SQLite.  Applications can use these routines to determine
- ** whether or not a specific identifier needs to be escaped (for example,
- ** by enclosing in double-quotes) so as not to confuse the parser.
- **
-@@ -8986,7 +9055,7 @@
- ** content of the dynamic string under construction in X.  The value
- ** returned by [sqlite3_str_value(X)] is managed by the sqlite3_str object X
- ** and might be freed or altered by any subsequent method on the same
--** [sqlite3_str] object.  Applications must not used the pointer returned
-+** [sqlite3_str] object.  Applications must not use the pointer returned by
- ** [sqlite3_str_value(X)] after any subsequent method call on the same
- ** object.  ^Applications may change the content of the string returned
- ** by [sqlite3_str_value(X)] as long as they do not write into any bytes
-@@ -9072,7 +9141,7 @@
- ** allocation which could not be satisfied by the [SQLITE_CONFIG_PAGECACHE]
- ** buffer and where forced to overflow to [sqlite3_malloc()].  The
- ** returned value includes allocations that overflowed because they
--** where too large (they were larger than the "sz" parameter to
-+** were too large (they were larger than the "sz" parameter to
- ** [SQLITE_CONFIG_PAGECACHE]) and allocations that overflowed because
- ** no space was left in the page cache.</dd>)^
- **
-@@ -9156,28 +9225,29 @@
- ** [[SQLITE_DBSTATUS_LOOKASIDE_HIT]] ^(<dt>SQLITE_DBSTATUS_LOOKASIDE_HIT</dt>
- ** <dd>This parameter returns the number of malloc attempts that were
- ** satisfied using lookaside memory. Only the high-water value is meaningful;
--** the current value is always zero.)^
-+** the current value is always zero.</dd>)^
- **
- ** [[SQLITE_DBSTATUS_LOOKASIDE_MISS_SIZE]]
- ** ^(<dt>SQLITE_DBSTATUS_LOOKASIDE_MISS_SIZE</dt>
--** <dd>This parameter returns the number malloc attempts that might have
-+** <dd>This parameter returns the number of malloc attempts that might have
- ** been satisfied using lookaside memory but failed due to the amount of
- ** memory requested being larger than the lookaside slot size.
- ** Only the high-water value is meaningful;
--** the current value is always zero.)^
-+** the current value is always zero.</dd>)^
- **
- ** [[SQLITE_DBSTATUS_LOOKASIDE_MISS_FULL]]
- ** ^(<dt>SQLITE_DBSTATUS_LOOKASIDE_MISS_FULL</dt>
--** <dd>This parameter returns the number malloc attempts that might have
-+** <dd>This parameter returns the number of malloc attempts that might have
- ** been satisfied using lookaside memory but failed due to all lookaside
- ** memory already being in use.
- ** Only the high-water value is meaningful;
--** the current value is always zero.)^
-+** the current value is always zero.</dd>)^
- **
- ** [[SQLITE_DBSTATUS_CACHE_USED]] ^(<dt>SQLITE_DBSTATUS_CACHE_USED</dt>
- ** <dd>This parameter returns the approximate number of bytes of heap
- ** memory used by all pager caches associated with the database connection.)^
- ** ^The highwater mark associated with SQLITE_DBSTATUS_CACHE_USED is always 0.
-+** </dd>
- **
- ** [[SQLITE_DBSTATUS_CACHE_USED_SHARED]]
- ** ^(<dt>SQLITE_DBSTATUS_CACHE_USED_SHARED</dt>
-@@ -9186,10 +9256,10 @@
- ** memory used by that pager cache is divided evenly between the attached
- ** connections.)^  In other words, if none of the pager caches associated
- ** with the database connection are shared, this request returns the same
--** value as DBSTATUS_CACHE_USED. Or, if one or more or the pager caches are
-+** value as DBSTATUS_CACHE_USED. Or, if one or more of the pager caches are
- ** shared, the value returned by this call will be smaller than that returned
- ** by DBSTATUS_CACHE_USED. ^The highwater mark associated with
--** SQLITE_DBSTATUS_CACHE_USED_SHARED is always 0.
-+** SQLITE_DBSTATUS_CACHE_USED_SHARED is always 0.</dd>
- **
- ** [[SQLITE_DBSTATUS_SCHEMA_USED]] ^(<dt>SQLITE_DBSTATUS_SCHEMA_USED</dt>
- ** <dd>This parameter returns the approximate number of bytes of heap
-@@ -9199,6 +9269,7 @@
- ** schema memory is shared with other database connections due to
- ** [shared cache mode] being enabled.
- ** ^The highwater mark associated with SQLITE_DBSTATUS_SCHEMA_USED is always 0.
-+** </dd>
- **
- ** [[SQLITE_DBSTATUS_STMT_USED]] ^(<dt>SQLITE_DBSTATUS_STMT_USED</dt>
- ** <dd>This parameter returns the approximate number of bytes of heap
-@@ -9235,7 +9306,7 @@
- ** been written to disk in the middle of a transaction due to the page
- ** cache overflowing. Transactions are more efficient if they are written
- ** to disk all at once. When pages spill mid-transaction, that introduces
--** additional overhead. This parameter can be used help identify
-+** additional overhead. This parameter can be used to help identify
- ** inefficiencies that can be resolved by increasing the cache size.
- ** </dd>
- **
-@@ -9306,13 +9377,13 @@
- ** [[SQLITE_STMTSTATUS_SORT]] <dt>SQLITE_STMTSTATUS_SORT</dt>
- ** <dd>^This is the number of sort operations that have occurred.
- ** A non-zero value in this counter may indicate an opportunity to
--** improvement performance through careful use of indices.</dd>
-+** improve performance through careful use of indices.</dd>
- **
- ** [[SQLITE_STMTSTATUS_AUTOINDEX]] <dt>SQLITE_STMTSTATUS_AUTOINDEX</dt>
- ** <dd>^This is the number of rows inserted into transient indices that
- ** were created automatically in order to help joins run faster.
- ** A non-zero value in this counter may indicate an opportunity to
--** improvement performance by adding permanent indices that do not
-+** improve performance by adding permanent indices that do not
- ** need to be reinitialized each time the statement is run.</dd>
- **
- ** [[SQLITE_STMTSTATUS_VM_STEP]] <dt>SQLITE_STMTSTATUS_VM_STEP</dt>
-@@ -9321,19 +9392,19 @@
- ** to 2147483647.  The number of virtual machine operations can be
- ** used as a proxy for the total work done by the prepared statement.
- ** If the number of virtual machine operations exceeds 2147483647
--** then the value returned by this statement status code is undefined.
-+** then the value returned by this statement status code is undefined.</dd>
- **
- ** [[SQLITE_STMTSTATUS_REPREPARE]] <dt>SQLITE_STMTSTATUS_REPREPARE</dt>
- ** <dd>^This is the number of times that the prepare statement has been
- ** automatically regenerated due to schema changes or changes to
--** [bound parameters] that might affect the query plan.
-+** [bound parameters] that might affect the query plan.</dd>
- **
- ** [[SQLITE_STMTSTATUS_RUN]] <dt>SQLITE_STMTSTATUS_RUN</dt>
- ** <dd>^This is the number of times that the prepared statement has
- ** been run.  A single "run" for the purposes of this counter is one
- ** or more calls to [sqlite3_step()] followed by a call to [sqlite3_reset()].
- ** The counter is incremented on the first [sqlite3_step()] call of each
--** cycle.
-+** cycle.</dd>
- **
- ** [[SQLITE_STMTSTATUS_FILTER_MISS]]
- ** [[SQLITE_STMTSTATUS_FILTER HIT]]
-@@ -9343,7 +9414,7 @@
- ** step was bypassed because a Bloom filter returned not-found.  The
- ** corresponding SQLITE_STMTSTATUS_FILTER_MISS value is the number of
- ** times that the Bloom filter returned a find, and thus the join step
--** had to be processed as normal.
-+** had to be processed as normal.</dd>
- **
- ** [[SQLITE_STMTSTATUS_MEMUSED]] <dt>SQLITE_STMTSTATUS_MEMUSED</dt>
- ** <dd>^This is the approximate number of bytes of heap memory
-@@ -9448,9 +9519,9 @@
- ** SQLite will typically create one cache instance for each open database file,
- ** though this is not guaranteed. ^The
- ** first parameter, szPage, is the size in bytes of the pages that must
--** be allocated by the cache.  ^szPage will always a power of two.  ^The
-+** be allocated by the cache.  ^szPage will always be a power of two.  ^The
- ** second parameter szExtra is a number of bytes of extra storage
--** associated with each page cache entry.  ^The szExtra parameter will
-+** associated with each page cache entry.  ^The szExtra parameter will be
- ** a number less than 250.  SQLite will use the
- ** extra szExtra bytes on each page to store metadata about the underlying
- ** database page on disk.  The value passed into szExtra depends
-@@ -9458,17 +9529,17 @@
- ** ^The third argument to xCreate(), bPurgeable, is true if the cache being
- ** created will be used to cache database pages of a file stored on disk, or
- ** false if it is used for an in-memory database. The cache implementation
--** does not have to do anything special based with the value of bPurgeable;
-+** does not have to do anything special based upon the value of bPurgeable;
- ** it is purely advisory.  ^On a cache where bPurgeable is false, SQLite will
- ** never invoke xUnpin() except to deliberately delete a page.
- ** ^In other words, calls to xUnpin() on a cache with bPurgeable set to
- ** false will always have the "discard" flag set to true.
--** ^Hence, a cache created with bPurgeable false will
-+** ^Hence, a cache created with bPurgeable set to false will
- ** never contain any unpinned pages.
- **
- ** [[the xCachesize() page cache method]]
- ** ^(The xCachesize() method may be called at any time by SQLite to set the
--** suggested maximum cache-size (number of pages stored by) the cache
-+** suggested maximum cache-size (number of pages stored) for the cache
- ** instance passed as the first argument. This is the value configured using
- ** the SQLite "[PRAGMA cache_size]" command.)^  As with the bPurgeable
- ** parameter, the implementation is not required to do anything with this
-@@ -9495,12 +9566,12 @@
- ** implementation must return a pointer to the page buffer with its content
- ** intact.  If the requested page is not already in the cache, then the
- ** cache implementation should use the value of the createFlag
--** parameter to help it determined what action to take:
-+** parameter to help it determine what action to take:
- **
- ** <table border=1 width=85% align=center>
- ** <tr><th> createFlag <th> Behavior when page is not already in cache
- ** <tr><td> 0 <td> Do not allocate a new page.  Return NULL.
--** <tr><td> 1 <td> Allocate a new page if it easy and convenient to do so.
-+** <tr><td> 1 <td> Allocate a new page if it is easy and convenient to do so.
- **                 Otherwise return NULL.
- ** <tr><td> 2 <td> Make every effort to allocate a new page.  Only return
- **                 NULL if allocating a new page is effectively impossible.
-@@ -9517,7 +9588,7 @@
- ** as its second argument.  If the third parameter, discard, is non-zero,
- ** then the page must be evicted from the cache.
- ** ^If the discard parameter is
--** zero, then the page may be discarded or retained at the discretion of
-+** zero, then the page may be discarded or retained at the discretion of the
- ** page cache implementation. ^The page cache implementation
- ** may choose to evict unpinned pages at any time.
- **
-@@ -9535,7 +9606,7 @@
- ** When SQLite calls the xTruncate() method, the cache must discard all
- ** existing cache entries with page numbers (keys) greater than or equal
- ** to the value of the iLimit parameter passed to xTruncate(). If any
--** of these pages are pinned, they are implicitly unpinned, meaning that
-+** of these pages are pinned, they become implicitly unpinned, meaning that
- ** they can be safely discarded.
- **
- ** [[the xDestroy() page cache method]]
-@@ -9715,7 +9786,7 @@
- ** external process or via a database connection other than the one being
- ** used by the backup operation, then the backup will be automatically
- ** restarted by the next call to sqlite3_backup_step(). ^If the source
--** database is modified by the using the same database connection as is used
-+** database is modified by using the same database connection as is used
- ** by the backup operation, then the backup database is automatically
- ** updated at the same time.
- **
-@@ -9732,7 +9803,7 @@
- ** and may not be used following a call to sqlite3_backup_finish().
- **
- ** ^The value returned by sqlite3_backup_finish is [SQLITE_OK] if no
--** sqlite3_backup_step() errors occurred, regardless or whether or not
-+** sqlite3_backup_step() errors occurred, regardless of whether or not
- ** sqlite3_backup_step() completed.
- ** ^If an out-of-memory condition or IO error occurred during any prior
- ** sqlite3_backup_step() call on the same [sqlite3_backup] object, then
-@@ -9834,7 +9905,7 @@
- ** application receives an SQLITE_LOCKED error, it may call the
- ** sqlite3_unlock_notify() method with the blocked connection handle as
- ** the first argument to register for a callback that will be invoked
--** when the blocking connections current transaction is concluded. ^The
-+** when the blocking connection's current transaction is concluded. ^The
- ** callback is invoked from within the [sqlite3_step] or [sqlite3_close]
- ** call that concludes the blocking connection's transaction.
- **
-@@ -9854,7 +9925,7 @@
- ** blocked connection already has a registered unlock-notify callback,
- ** then the new callback replaces the old.)^ ^If sqlite3_unlock_notify() is
- ** called with a NULL pointer as its second argument, then any existing
--** unlock-notify callback is canceled. ^The blocked connections
-+** unlock-notify callback is canceled. ^The blocked connection's
- ** unlock-notify callback may also be canceled by closing the blocked
- ** connection using [sqlite3_close()].
- **
-@@ -10252,7 +10323,7 @@
- ** support constraints.  In this configuration (which is the default) if
- ** a call to the [xUpdate] method returns [SQLITE_CONSTRAINT], then the entire
- ** statement is rolled back as if [ON CONFLICT | OR ABORT] had been
--** specified as part of the users SQL statement, regardless of the actual
-+** specified as part of the user's SQL statement, regardless of the actual
- ** ON CONFLICT mode specified.
- **
- ** If X is non-zero, then the virtual table implementation guarantees
-@@ -10286,7 +10357,7 @@
- ** [[SQLITE_VTAB_INNOCUOUS]]<dt>SQLITE_VTAB_INNOCUOUS</dt>
- ** <dd>Calls of the form
- ** [sqlite3_vtab_config](db,SQLITE_VTAB_INNOCUOUS) from within the
--** the [xConnect] or [xCreate] methods of a [virtual table] implementation
-+** [xConnect] or [xCreate] methods of a [virtual table] implementation
- ** identify that virtual table as being safe to use from within triggers
- ** and views.  Conceptually, the SQLITE_VTAB_INNOCUOUS tag means that the
- ** virtual table can do no serious harm even if it is controlled by a
-@@ -10454,7 +10525,7 @@
- ** </table>
- **
- ** ^For the purposes of comparing virtual table output values to see if the
--** values are same value for sorting purposes, two NULL values are considered
-+** values are the same value for sorting purposes, two NULL values are considered
- ** to be the same.  In other words, the comparison operator is "IS"
- ** (or "IS NOT DISTINCT FROM") and not "==".
- **
-@@ -10464,7 +10535,7 @@
- **
- ** ^A virtual table implementation is always free to return rows in any order
- ** it wants, as long as the "orderByConsumed" flag is not set.  ^When the
--** the "orderByConsumed" flag is unset, the query planner will add extra
-+** "orderByConsumed" flag is unset, the query planner will add extra
- ** [bytecode] to ensure that the final results returned by the SQL query are
- ** ordered correctly.  The use of the "orderByConsumed" flag and the
- ** sqlite3_vtab_distinct() interface is merely an optimization.  ^Careful
-@@ -10561,7 +10632,7 @@
- ** sqlite3_vtab_in_next(X,P) should be one of the parameters to the
- ** xFilter method which invokes these routines, and specifically
- ** a parameter that was previously selected for all-at-once IN constraint
--** processing use the [sqlite3_vtab_in()] interface in the
-+** processing using the [sqlite3_vtab_in()] interface in the
- ** [xBestIndex|xBestIndex method].  ^(If the X parameter is not
- ** an xFilter argument that was selected for all-at-once IN constraint
- ** processing, then these routines return [SQLITE_ERROR].)^
-@@ -10616,7 +10687,7 @@
- ** and only if *V is set to a value.  ^The sqlite3_vtab_rhs_value(P,J,V)
- ** inteface returns SQLITE_NOTFOUND if the right-hand side of the J-th
- ** constraint is not available.  ^The sqlite3_vtab_rhs_value() interface
--** can return an result code other than SQLITE_OK or SQLITE_NOTFOUND if
-+** can return a result code other than SQLITE_OK or SQLITE_NOTFOUND if
- ** something goes wrong.
- **
- ** The sqlite3_vtab_rhs_value() interface is usually only successful if
-@@ -10644,8 +10715,8 @@
- ** KEYWORDS: {conflict resolution mode}
- **
- ** These constants are returned by [sqlite3_vtab_on_conflict()] to
--** inform a [virtual table] implementation what the [ON CONFLICT] mode
--** is for the SQL statement being evaluated.
-+** inform a [virtual table] implementation of the [ON CONFLICT] mode
-+** for the SQL statement being evaluated.
- **
- ** Note that the [SQLITE_IGNORE] constant is also used as a potential
- ** return value from the [sqlite3_set_authorizer()] callback and that
-@@ -10685,39 +10756,39 @@
- ** [[SQLITE_SCANSTAT_EST]] <dt>SQLITE_SCANSTAT_EST</dt>
- ** <dd>^The "double" variable pointed to by the V parameter will be set to the
- ** query planner's estimate for the average number of rows output from each
--** iteration of the X-th loop.  If the query planner's estimates was accurate,
-+** iteration of the X-th loop.  If the query planner's estimate was accurate,
- ** then this value will approximate the quotient NVISIT/NLOOP and the
- ** product of this value for all prior loops with the same SELECTID will
--** be the NLOOP value for the current loop.
-+** be the NLOOP value for the current loop.</dd>
- **
- ** [[SQLITE_SCANSTAT_NAME]] <dt>SQLITE_SCANSTAT_NAME</dt>
- ** <dd>^The "const char *" variable pointed to by the V parameter will be set
- ** to a zero-terminated UTF-8 string containing the name of the index or table
--** used for the X-th loop.
-+** used for the X-th loop.</dd>
- **
- ** [[SQLITE_SCANSTAT_EXPLAIN]] <dt>SQLITE_SCANSTAT_EXPLAIN</dt>
- ** <dd>^The "const char *" variable pointed to by the V parameter will be set
- ** to a zero-terminated UTF-8 string containing the [EXPLAIN QUERY PLAN]
--** description for the X-th loop.
-+** description for the X-th loop.</dd>
- **
- ** [[SQLITE_SCANSTAT_SELECTID]] <dt>SQLITE_SCANSTAT_SELECTID</dt>
- ** <dd>^The "int" variable pointed to by the V parameter will be set to the
- ** id for the X-th query plan element. The id value is unique within the
- ** statement. The select-id is the same value as is output in the first
--** column of an [EXPLAIN QUERY PLAN] query.
-+** column of an [EXPLAIN QUERY PLAN] query.</dd>
- **
- ** [[SQLITE_SCANSTAT_PARENTID]] <dt>SQLITE_SCANSTAT_PARENTID</dt>
- ** <dd>The "int" variable pointed to by the V parameter will be set to the
--** the id of the parent of the current query element, if applicable, or
-+** id of the parent of the current query element, if applicable, or
- ** to zero if the query element has no parent. This is the same value as
--** returned in the second column of an [EXPLAIN QUERY PLAN] query.
-+** returned in the second column of an [EXPLAIN QUERY PLAN] query.</dd>
- **
- ** [[SQLITE_SCANSTAT_NCYCLE]] <dt>SQLITE_SCANSTAT_NCYCLE</dt>
- ** <dd>The sqlite3_int64 output value is set to the number of cycles,
- ** according to the processor time-stamp counter, that elapsed while the
- ** query element was being processed. This value is not available for
- ** all query elements - if it is unavailable the output variable is
--** set to -1.
-+** set to -1.</dd>
- ** </dl>
- */
- #define SQLITE_SCANSTAT_NLOOP    0
-@@ -10758,8 +10829,8 @@
- ** sqlite3_stmt_scanstatus_v2() with a zeroed flags parameter.
- **
- ** Parameter "idx" identifies the specific query element to retrieve statistics
--** for. Query elements are numbered starting from zero. A value of -1 may be
--** to query for statistics regarding the entire query. ^If idx is out of range
-+** for. Query elements are numbered starting from zero. A value of -1 may
-+** retrieve statistics for the entire query. ^If idx is out of range
- ** - less than -1 or greater than or equal to the total number of query
- ** elements used to implement the statement - a non-zero value is returned and
- ** the variable that pOut points to is unchanged.
-@@ -10802,7 +10873,7 @@
- ** METHOD: sqlite3
- **
- ** ^If a write-transaction is open on [database connection] D when the
--** [sqlite3_db_cacheflush(D)] interface invoked, any dirty
-+** [sqlite3_db_cacheflush(D)] interface is invoked, any dirty
- ** pages in the pager-cache that are not currently in use are written out
- ** to disk. A dirty page may be in use if a database cursor created by an
- ** active SQL statement is reading from it, or if it is page 1 of a database
-@@ -10916,8 +10987,8 @@
- ** triggers; and so forth.
- **
- ** When the [sqlite3_blob_write()] API is used to update a blob column,
--** the pre-update hook is invoked with SQLITE_DELETE. This is because the
--** in this case the new values are not available. In this case, when a
-+** the pre-update hook is invoked with SQLITE_DELETE, because
-+** the new values are not yet available. In this case, when a
- ** callback made with op==SQLITE_DELETE is actually a write using the
- ** sqlite3_blob_write() API, the [sqlite3_preupdate_blobwrite()] returns
- ** the index of the column being written. In other cases, where the
-@@ -11170,7 +11241,7 @@
- ** For an ordinary on-disk database file, the serialization is just a
- ** copy of the disk file.  For an in-memory database or a "TEMP" database,
- ** the serialization is the same sequence of bytes which would be written
--** to disk if that database where backed up to disk.
-+** to disk if that database were backed up to disk.
- **
- ** The usual case is that sqlite3_serialize() copies the serialization of
- ** the database into memory obtained from [sqlite3_malloc64()] and returns
-@@ -11179,7 +11250,7 @@
- ** contains the SQLITE_SERIALIZE_NOCOPY bit, then no memory allocations
- ** are made, and the sqlite3_serialize() function will return a pointer
- ** to the contiguous memory representation of the database that SQLite
--** is currently using for that database, or NULL if the no such contiguous
-+** is currently using for that database, or NULL if no such contiguous
- ** memory representation of the database exists.  A contiguous memory
- ** representation of the database will usually only exist if there has
- ** been a prior call to [sqlite3_deserialize(D,S,...)] with the same
-@@ -11250,7 +11321,7 @@
- ** database is currently in a read transaction or is involved in a backup
- ** operation.
- **
--** It is not possible to deserialized into the TEMP database.  If the
-+** It is not possible to deserialize into the TEMP database.  If the
- ** S argument to sqlite3_deserialize(D,S,P,N,M,F) is "temp" then the
- ** function returns SQLITE_ERROR.
- **
-@@ -11272,7 +11343,7 @@
-   sqlite3 *db,            /* The database connection */
-   const char *zSchema,    /* Which DB to reopen with the deserialization */
-   unsigned char *pData,   /* The serialized database content */
--  sqlite3_int64 szDb,     /* Number bytes in the deserialization */
-+  sqlite3_int64 szDb,     /* Number of bytes in the deserialization */
-   sqlite3_int64 szBuf,    /* Total size of buffer pData[] */
-   unsigned mFlags         /* Zero or more SQLITE_DESERIALIZE_* flags */
- );
-@@ -11280,7 +11351,7 @@
- /*
- ** CAPI3REF: Flags for sqlite3_deserialize()
- **
--** The following are allowed values for 6th argument (the F argument) to
-+** The following are allowed values for the 6th argument (the F argument) to
- ** the [sqlite3_deserialize(D,S,P,N,M,F)] interface.
- **
- ** The SQLITE_DESERIALIZE_FREEONCLOSE means that the database serialization
-@@ -11805,9 +11876,10 @@
- ** is inserted while a session object is enabled, then later deleted while
- ** the same session object is disabled, no INSERT record will appear in the
- ** changeset, even though the delete took place while the session was disabled.
--** Or, if one field of a row is updated while a session is disabled, and
--** another field of the same row is updated while the session is enabled, the
--** resulting changeset will contain an UPDATE change that updates both fields.
-+** Or, if one field of a row is updated while a session is enabled, and
-+** then another field of the same row is updated while the session is disabled,
-+** the resulting changeset will contain an UPDATE change that updates both
-+** fields.
- */
- SQLITE_API int sqlite3session_changeset(
-   sqlite3_session *pSession,      /* Session object */
-@@ -11879,8 +11951,9 @@
- ** database zFrom the contents of the two compatible tables would be
- ** identical.
- **
--** It an error if database zFrom does not exist or does not contain the
--** required compatible table.
-+** Unless the call to this function is a no-op as described above, it is an
-+** error if database zFrom does not exist or does not contain the required
-+** compatible table.
- **
- ** If the operation is successful, SQLITE_OK is returned. Otherwise, an SQLite
- ** error code. In this case, if argument pzErrMsg is not NULL, *pzErrMsg
-@@ -12015,7 +12088,7 @@
- ** The following flags may passed via the 4th parameter to
- ** [sqlite3changeset_start_v2] and [sqlite3changeset_start_v2_strm]:
- **
--** <dt>SQLITE_CHANGESETAPPLY_INVERT <dd>
-+** <dt>SQLITE_CHANGESETSTART_INVERT <dd>
- **   Invert the changeset while iterating through it. This is equivalent to
- **   inverting a changeset using sqlite3changeset_invert() before applying it.
- **   It is an error to specify this flag with a patchset.
-@@ -12330,19 +12403,6 @@
-   void **ppOut                    /* OUT: Buffer containing output changeset */
- );
- 
--
--/*
--** CAPI3REF: Upgrade the Schema of a Changeset/Patchset
--*/
--SQLITE_API int sqlite3changeset_upgrade(
--  sqlite3 *db,
--  const char *zDb,
--  int nIn, const void *pIn,       /* Input changeset */
--  int *pnOut, void **ppOut        /* OUT: Inverse of input */
--);
--
--
--
- /*
- ** CAPI3REF: Changegroup Handle
- **
-@@ -14090,14 +14150,22 @@
- **    * Terms in the GROUP BY or ORDER BY clauses of a SELECT statement.
- **    * Terms in the VALUES clause of an INSERT statement
- **
--** The hard upper limit here is 32676.  Most database people will
-+** The hard upper limit here is 32767.  Most database people will
- ** tell you that in a well-normalized database, you usually should
- ** not have more than a dozen or so columns in any table.  And if
- ** that is the case, there is no point in having more than a few
- ** dozen values in any of the other situations described above.
-+**
-+** An index can only have SQLITE_MAX_COLUMN columns from the user
-+** point of view, but the underlying b-tree that implements the index
-+** might have up to twice as many columns in a WITHOUT ROWID table,
-+** since must also store the primary key at the end.  Hence the
-+** column count for Index is u16 instead of i16.
- */
--#ifndef SQLITE_MAX_COLUMN
-+#if !defined(SQLITE_MAX_COLUMN)
- # define SQLITE_MAX_COLUMN 2000
-+#elif SQLITE_MAX_COLUMN>32767
-+# error SQLITE_MAX_COLUMN may not exceed 32767
- #endif
- 
- /*
-@@ -14749,6 +14817,7 @@
-   HashElem *next, *prev;       /* Next and previous elements in the table */
-   void *data;                  /* Data associated with this element */
-   const char *pKey;            /* Key associated with this element */
-+  unsigned int h;              /* hash for pKey */
- };
- 
- /*
-@@ -15109,7 +15178,17 @@
- ** ourselves.
- */
- #ifndef offsetof
--#define offsetof(STRUCTURE,FIELD) ((int)((char*)&((STRUCTURE*)0)->FIELD))
-+#define offsetof(STRUCTURE,FIELD) ((size_t)((char*)&((STRUCTURE*)0)->FIELD))
-+#endif
-+
-+/*
-+** Work around C99 "flex-array" syntax for pre-C99 compilers, so as
-+** to avoid complaints from -fsanitize=strict-bounds.
-+*/
-+#if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L)
-+# define FLEXARRAY
-+#else
-+# define FLEXARRAY 1
- #endif
- 
- /*
-@@ -15187,6 +15266,11 @@
- typedef UINT8_TYPE u8;             /* 1-byte unsigned integer */
- typedef INT8_TYPE i8;              /* 1-byte signed integer */
- 
-+/* A bitfield type for use inside of structures.  Always follow with :N where
-+** N is the number of bits.
-+*/
-+typedef unsigned bft;  /* Bit Field Type */
-+
- /*
- ** SQLITE_MAX_U32 is a u64 constant that is the maximum u64 value
- ** that can be stored in a u32 without loss of data.  The value
-@@ -15356,6 +15440,14 @@
- #define SMALLEST_INT64 (((i64)-1) - LARGEST_INT64)
- 
- /*
-+** Macro SMXV(n) return the maximum value that can be held in variable n,
-+** assuming n is a signed integer type.  UMXV(n) is similar for unsigned
-+** integer types.
-+*/
-+#define SMXV(n) ((((i64)1)<<(sizeof(n)*8-1))-1)
-+#define UMXV(n) ((((i64)1)<<(sizeof(n)*8))-1)
-+
-+/*
- ** Round up a number to the next larger multiple of 8.  This is used
- ** to force 8-byte alignment on 64-bit architectures.
- **
-@@ -17331,8 +17423,8 @@
- SQLITE_PRIVATE int sqlite3VdbeBytecodeVtabInit(sqlite3*);
- #endif
- 
--/* Use SQLITE_ENABLE_COMMENTS to enable generation of extra comments on
--** each VDBE opcode.
-+/* Use SQLITE_ENABLE_EXPLAIN_COMMENTS to enable generation of extra
-+** comments on each VDBE opcode.
- **
- ** Use the SQLITE_ENABLE_MODULE_COMMENTS macro to see some extra no-op
- ** comments in VDBE programs that show key decision points in the code
-@@ -18055,6 +18147,10 @@
-   Savepoint *pSavepoint;        /* List of active savepoints */
-   int nAnalysisLimit;           /* Number of index rows to ANALYZE */
-   int busyTimeout;              /* Busy handler timeout, in msec */
-+#ifdef SQLITE_ENABLE_SETLK_TIMEOUT
-+  int setlkTimeout;             /* Blocking lock timeout, in msec. -1 -> inf. */
-+  int setlkFlags;               /* Flags passed to setlk_timeout() */
-+#endif
-   int nSavepoint;               /* Number of non-transaction savepoints */
-   int nStatement;               /* Number of nested statement-transactions  */
-   i64 nDeferredCons;            /* Net deferred constraints this transaction. */
-@@ -18609,6 +18705,7 @@
- #define SQLITE_AFF_INTEGER  0x44  /* 'D' */
- #define SQLITE_AFF_REAL     0x45  /* 'E' */
- #define SQLITE_AFF_FLEXNUM  0x46  /* 'F' */
-+#define SQLITE_AFF_DEFER    0x58  /* 'X'  - defer computation until later */
- 
- #define sqlite3IsNumericAffinity(X)  ((X)>=SQLITE_AFF_NUMERIC)
- 
-@@ -18733,6 +18830,7 @@
-   } u;
-   Trigger *pTrigger;   /* List of triggers on this object */
-   Schema *pSchema;     /* Schema that contains this table */
-+  u8 aHx[16];          /* Column aHt[K%sizeof(aHt)] might have hash K */
- };
- 
- /*
-@@ -18866,9 +18964,13 @@
-   struct sColMap {      /* Mapping of columns in pFrom to columns in zTo */
-     int iFrom;            /* Index of column in pFrom */
-     char *zCol;           /* Name of column in zTo.  If NULL use PRIMARY KEY */
--  } aCol[1];            /* One entry for each of nCol columns */
-+  } aCol[FLEXARRAY];      /* One entry for each of nCol columns */
- };
- 
-+/* The size (in bytes) of an FKey object holding N columns.  The answer
-+** does NOT include space to hold the zTo name. */
-+#define SZ_FKEY(N)  (offsetof(FKey,aCol)+(N)*sizeof(struct sColMap))
-+
- /*
- ** SQLite supports many different ways to resolve a constraint
- ** error.  ROLLBACK processing means that a constraint violation
-@@ -18930,9 +19032,12 @@
-   u16 nAllField;      /* Total columns, including key plus others */
-   sqlite3 *db;        /* The database connection */
-   u8 *aSortFlags;     /* Sort order for each column. */
--  CollSeq *aColl[1];  /* Collating sequence for each term of the key */
-+  CollSeq *aColl[FLEXARRAY]; /* Collating sequence for each term of the key */
- };
- 
-+/* The size (in bytes) of a KeyInfo object with up to N fields */
-+#define SZ_KEYINFO(N)  (offsetof(KeyInfo,aColl) + (N)*sizeof(CollSeq*))
-+
- /*
- ** Allowed bit values for entries in the KeyInfo.aSortFlags[] array.
- */
-@@ -19052,7 +19157,7 @@
-   Pgno tnum;               /* DB Page containing root of this index */
-   LogEst szIdxRow;         /* Estimated average row size in bytes */
-   u16 nKeyCol;             /* Number of columns forming the key */
--  u16 nColumn;             /* Number of columns stored in the index */
-+  u16 nColumn;             /* Nr columns in btree. Can be 2*Table.nCol */
-   u8 onError;              /* OE_Abort, OE_Ignore, OE_Replace, or OE_None */
-   unsigned idxType:2;      /* 0:Normal 1:UNIQUE, 2:PRIMARY KEY, 3:IPK */
-   unsigned bUnordered:1;   /* Use this index for == or IN queries only */
-@@ -19061,7 +19166,6 @@
-   unsigned isCovering:1;   /* True if this is a covering index */
-   unsigned noSkipScan:1;   /* Do not try to use skip-scan if true */
-   unsigned hasStat1:1;     /* aiRowLogEst values come from sqlite_stat1 */
--  unsigned bLowQual:1;     /* sqlite_stat1 says this is a low-quality index */
-   unsigned bNoQuery:1;     /* Do not use this index to optimize queries */
-   unsigned bAscKeyBug:1;   /* True if the bba7b69f9849b5bf bug applies */
-   unsigned bHasVCol:1;     /* Index references one or more VIRTUAL columns */
-@@ -19151,7 +19255,7 @@
-                           ** from source tables rather than from accumulators */
-   u8 useSortingIdx;       /* In direct mode, reference the sorting index rather
-                           ** than the source table */
--  u16 nSortingColumn;     /* Number of columns in the sorting index */
-+  u32 nSortingColumn;     /* Number of columns in the sorting index */
-   int sortingIdx;         /* Cursor number of the sorting index */
-   int sortingIdxPTab;     /* Cursor number of pseudo-table */
-   int iFirstReg;          /* First register in range for aCol[] and aFunc[] */
-@@ -19160,8 +19264,8 @@
-     Table *pTab;             /* Source table */
-     Expr *pCExpr;            /* The original expression */
-     int iTable;              /* Cursor number of the source table */
--    i16 iColumn;             /* Column number within the source table */
--    i16 iSorterColumn;       /* Column number in the sorting index */
-+    int iColumn;             /* Column number within the source table */
-+    int iSorterColumn;       /* Column number in the sorting index */
-   } *aCol;
-   int nColumn;            /* Number of used entries in aCol[] */
-   int nAccumulator;       /* Number of columns that show through to the output.
-@@ -19390,10 +19494,10 @@
- /* Macros can be used to test, set, or clear bits in the
- ** Expr.flags field.
- */
--#define ExprHasProperty(E,P)     (((E)->flags&(P))!=0)
--#define ExprHasAllProperty(E,P)  (((E)->flags&(P))==(P))
--#define ExprSetProperty(E,P)     (E)->flags|=(P)
--#define ExprClearProperty(E,P)   (E)->flags&=~(P)
-+#define ExprHasProperty(E,P)     (((E)->flags&(u32)(P))!=0)
-+#define ExprHasAllProperty(E,P)  (((E)->flags&(u32)(P))==(u32)(P))
-+#define ExprSetProperty(E,P)     (E)->flags|=(u32)(P)
-+#define ExprClearProperty(E,P)   (E)->flags&=~(u32)(P)
- #define ExprAlwaysTrue(E)   (((E)->flags&(EP_OuterON|EP_IsTrue))==EP_IsTrue)
- #define ExprAlwaysFalse(E)  (((E)->flags&(EP_OuterON|EP_IsFalse))==EP_IsFalse)
- #define ExprIsFullSize(E)   (((E)->flags&(EP_Reduced|EP_TokenOnly))==0)
-@@ -19505,9 +19609,14 @@
-       int iConstExprReg;   /* Register in which Expr value is cached. Used only
-                            ** by Parse.pConstExpr */
-     } u;
--  } a[1];                  /* One slot for each expression in the list */
-+  } a[FLEXARRAY];          /* One slot for each expression in the list */
- };
- 
-+/* The size (in bytes) of an ExprList object that is big enough to hold
-+** as many as N expressions. */
-+#define SZ_EXPRLIST(N)  \
-+             (offsetof(ExprList,a) + (N)*sizeof(struct ExprList_item))
-+
- /*
- ** Allowed values for Expr.a.eEName
- */
-@@ -19535,9 +19644,12 @@
-   int nId;         /* Number of identifiers on the list */
-   struct IdList_item {
-     char *zName;      /* Name of the identifier */
--  } a[1];
-+  } a[FLEXARRAY];
- };
- 
-+/* The size (in bytes) of an IdList object that can hold up to N IDs. */
-+#define SZ_IDLIST(N)  (offsetof(IdList,a)+(N)*sizeof(struct IdList_item))
-+
- /*
- ** Allowed values for IdList.eType, which determines which value of the a.u4
- ** is valid.
-@@ -19657,11 +19769,19 @@
- **
- */
- struct SrcList {
--  int nSrc;        /* Number of tables or subqueries in the FROM clause */
--  u32 nAlloc;      /* Number of entries allocated in a[] below */
--  SrcItem a[1];    /* One entry for each identifier on the list */
-+  int nSrc;             /* Number of tables or subqueries in the FROM clause */
-+  u32 nAlloc;           /* Number of entries allocated in a[] below */
-+  SrcItem a[FLEXARRAY]; /* One entry for each identifier on the list */
- };
- 
-+/* Size (in bytes) of a SrcList object that can hold as many as N
-+** SrcItem objects. */
-+#define SZ_SRCLIST(N) (offsetof(SrcList,a)+(N)*sizeof(SrcItem))
-+
-+/* Size (in bytes( of a SrcList object that holds 1 SrcItem.  This is a
-+** special case of SZ_SRCITEM(1) that comes up often. */
-+#define SZ_SRCLIST_1  (offsetof(SrcList,a)+sizeof(SrcItem))
-+
- /*
- ** Permitted values of the SrcList.a.jointype field
- */
-@@ -20130,25 +20250,32 @@
-   char *zErrMsg;       /* An error message */
-   Vdbe *pVdbe;         /* An engine for executing database bytecode */
-   int rc;              /* Return code from execution */
--  u8 colNamesSet;      /* TRUE after OP_ColumnName has been issued to pVdbe */
--  u8 checkSchema;      /* Causes schema cookie check after an error */
-+  LogEst nQueryLoop;   /* Est number of iterations of a query (10*log2(N)) */
-   u8 nested;           /* Number of nested calls to the parser/code generator */
-   u8 nTempReg;         /* Number of temporary registers in aTempReg[] */
-   u8 isMultiWrite;     /* True if statement may modify/insert multiple rows */
-   u8 mayAbort;         /* True if statement may throw an ABORT exception */
-   u8 hasCompound;      /* Need to invoke convertCompoundSelectToSubquery() */
--  u8 okConstFactor;    /* OK to factor out constants */
-   u8 disableLookaside; /* Number of times lookaside has been disabled */
-   u8 prepFlags;        /* SQLITE_PREPARE_* flags */
-   u8 withinRJSubrtn;   /* Nesting level for RIGHT JOIN body subroutines */
--  u8 bHasWith;         /* True if statement contains WITH */
-   u8 mSubrtnSig;       /* mini Bloom filter on available SubrtnSig.selId */
-+  u8 eTriggerOp;       /* TK_UPDATE, TK_INSERT or TK_DELETE */
-+  u8 bReturning;       /* Coding a RETURNING trigger */
-+  u8 eOrconf;          /* Default ON CONFLICT policy for trigger steps */
-+  u8 disableTriggers;  /* True to disable triggers */
- #if defined(SQLITE_DEBUG) || defined(SQLITE_COVERAGE_TEST)
-   u8 earlyCleanup;     /* OOM inside sqlite3ParserAddCleanup() */
- #endif
- #ifdef SQLITE_DEBUG
-   u8 ifNotExists;      /* Might be true if IF NOT EXISTS.  Assert()s only */
-+  u8 isCreate;         /* CREATE TABLE, INDEX, or VIEW (but not TRIGGER)
-+                       ** and ALTER TABLE ADD COLUMN. */
- #endif
-+  bft colNamesSet :1;   /* TRUE after OP_ColumnName has been issued to pVdbe */
-+  bft bHasWith :1;      /* True if statement contains WITH */
-+  bft okConstFactor :1; /* OK to factor out constants */
-+  bft checkSchema :1;   /* Causes schema cookie check after an error */
-   int nRangeReg;       /* Size of the temporary register block */
-   int iRangeReg;       /* First register in temporary register block */
-   int nErr;            /* Number of errors seen */
-@@ -20163,12 +20290,9 @@
-   ExprList *pConstExpr;/* Constant expressions */
-   IndexedExpr *pIdxEpr;/* List of expressions used by active indexes */
-   IndexedExpr *pIdxPartExpr; /* Exprs constrained by index WHERE clauses */
--  Token constraintName;/* Name of the constraint currently being parsed */
-   yDbMask writeMask;   /* Start a write transaction on these databases */
-   yDbMask cookieMask;  /* Bitmask of schema verified databases */
--  int regRowid;        /* Register holding rowid of CREATE TABLE entry */
--  int regRoot;         /* Register holding root page number for new objects */
--  int nMaxArg;         /* Max args passed to user function by sub-program */
-+  int nMaxArg;         /* Max args to xUpdate and xFilter vtab methods */
-   int nSelect;         /* Number of SELECT stmts. Counter for Select.selId */
- #ifndef SQLITE_OMIT_PROGRESS_CALLBACK
-   u32 nProgressSteps;  /* xProgress steps taken during sqlite3_prepare() */
-@@ -20182,17 +20306,6 @@
-   Table *pTriggerTab;  /* Table triggers are being coded for */
-   TriggerPrg *pTriggerPrg;  /* Linked list of coded triggers */
-   ParseCleanup *pCleanup;   /* List of cleanup operations to run after parse */
--  union {
--    int addrCrTab;         /* Address of OP_CreateBtree on CREATE TABLE */
--    Returning *pReturning; /* The RETURNING clause */
--  } u1;
--  u32 oldmask;         /* Mask of old.* columns referenced */
--  u32 newmask;         /* Mask of new.* columns referenced */
--  LogEst nQueryLoop;   /* Est number of iterations of a query (10*log2(N)) */
--  u8 eTriggerOp;       /* TK_UPDATE, TK_INSERT or TK_DELETE */
--  u8 bReturning;       /* Coding a RETURNING trigger */
--  u8 eOrconf;          /* Default ON CONFLICT policy for trigger steps */
--  u8 disableTriggers;  /* True to disable triggers */
- 
-   /**************************************************************************
-   ** Fields above must be initialized to zero.  The fields that follow,
-@@ -20204,6 +20317,19 @@
-   int aTempReg[8];        /* Holding area for temporary registers */
-   Parse *pOuterParse;     /* Outer Parse object when nested */
-   Token sNameToken;       /* Token with unqualified schema object name */
-+  u32 oldmask;            /* Mask of old.* columns referenced */
-+  u32 newmask;            /* Mask of new.* columns referenced */
-+  union {
-+    struct {  /* These fields available when isCreate is true */
-+      int addrCrTab;        /* Address of OP_CreateBtree on CREATE TABLE */
-+      int regRowid;         /* Register holding rowid of CREATE TABLE entry */
-+      int regRoot;          /* Register holding root page for new objects */
-+      Token constraintName; /* Name of the constraint currently being parsed */
-+    } cr;
-+    struct {  /* These fields available to all other statements */
-+      Returning *pReturning; /* The RETURNING clause */
-+    } d;
-+  } u1;
- 
-   /************************************************************************
-   ** Above is constant between recursions.  Below is reset before and after
-@@ -20719,9 +20845,13 @@
-   int nCte;               /* Number of CTEs in the WITH clause */
-   int bView;              /* Belongs to the outermost Select of a view */
-   With *pOuter;           /* Containing WITH clause, or NULL */
--  Cte a[1];               /* For each CTE in the WITH clause.... */
-+  Cte a[FLEXARRAY];       /* For each CTE in the WITH clause.... */
- };
- 
-+/* The size (in bytes) of a With object that can hold as many
-+** as N different CTEs. */
-+#define SZ_WITH(N)  (offsetof(With,a) + (N)*sizeof(Cte))
-+
- /*
- ** The Cte object is not guaranteed to persist for the entire duration
- ** of code generation.  (The query flattener or other parser tree
-@@ -20750,9 +20880,13 @@
-   DbClientData *pNext;        /* Next in a linked list */
-   void *pData;                /* The data */
-   void (*xDestructor)(void*); /* Destructor.  Might be NULL */
--  char zName[1];              /* Name of this client data. MUST BE LAST */
-+  char zName[FLEXARRAY];      /* Name of this client data. MUST BE LAST */
- };
- 
-+/* The size (in bytes) of a DbClientData object that can has a name
-+** that is N bytes long, including the zero-terminator. */
-+#define SZ_DBCLIENTDATA(N) (offsetof(DbClientData,zName)+(N))
-+
- #ifdef SQLITE_DEBUG
- /*
- ** An instance of the TreeView object is used for printing the content of
-@@ -21195,7 +21329,7 @@
- SQLITE_PRIVATE Table *sqlite3ResultSetOfSelect(Parse*,Select*,char);
- SQLITE_PRIVATE void sqlite3OpenSchemaTable(Parse *, int);
- SQLITE_PRIVATE Index *sqlite3PrimaryKeyIndex(Table*);
--SQLITE_PRIVATE i16 sqlite3TableColumnToIndex(Index*, i16);
-+SQLITE_PRIVATE int sqlite3TableColumnToIndex(Index*, int);
- #ifdef SQLITE_OMIT_GENERATED_COLUMNS
- # define sqlite3TableColumnToStorage(T,X) (X)  /* No-op pass-through */
- # define sqlite3StorageColumnToTable(T,X) (X)  /* No-op pass-through */
-@@ -21293,7 +21427,7 @@
- SQLITE_PRIVATE void sqlite3IdListDelete(sqlite3*, IdList*);
- SQLITE_PRIVATE void sqlite3ClearOnOrUsing(sqlite3*, OnOrUsing*);
- SQLITE_PRIVATE void sqlite3SrcListDelete(sqlite3*, SrcList*);
--SQLITE_PRIVATE Index *sqlite3AllocateIndexObject(sqlite3*,i16,int,char**);
-+SQLITE_PRIVATE Index *sqlite3AllocateIndexObject(sqlite3*,int,int,char**);
- SQLITE_PRIVATE void sqlite3CreateIndex(Parse*,Token*,Token*,SrcList*,ExprList*,int,Token*,
-                           Expr*, int, int, u8);
- SQLITE_PRIVATE void sqlite3DropIndex(Parse*, SrcList*, int);
-@@ -21429,7 +21563,8 @@
- SQLITE_PRIVATE FuncDef *sqlite3FunctionSearch(int,const char*);
- SQLITE_PRIVATE void sqlite3InsertBuiltinFuncs(FuncDef*,int);
- SQLITE_PRIVATE FuncDef *sqlite3FindFunction(sqlite3*,const char*,int,u8,u8);
--SQLITE_PRIVATE void sqlite3QuoteValue(StrAccum*,sqlite3_value*);
-+SQLITE_PRIVATE void sqlite3QuoteValue(StrAccum*,sqlite3_value*,int);
-+SQLITE_PRIVATE int sqlite3AppendOneUtf8Character(char*, u32);
- SQLITE_PRIVATE void sqlite3RegisterBuiltinFunctions(void);
- SQLITE_PRIVATE void sqlite3RegisterDateTimeFunctions(void);
- SQLITE_PRIVATE void sqlite3RegisterJsonFunctions(void);
-@@ -22294,6 +22429,9 @@
- #ifdef SQLITE_BUG_COMPATIBLE_20160819
-   "BUG_COMPATIBLE_20160819",
- #endif
-+#ifdef SQLITE_BUG_COMPATIBLE_20250510
-+  "BUG_COMPATIBLE_20250510",
-+#endif
- #ifdef SQLITE_CASE_SENSITIVE_LIKE
-   "CASE_SENSITIVE_LIKE",
- #endif
-@@ -22530,6 +22668,9 @@
- #ifdef SQLITE_ENABLE_SESSION
-   "ENABLE_SESSION",
- #endif
-+#ifdef SQLITE_ENABLE_SETLK_TIMEOUT
-+  "ENABLE_SETLK_TIMEOUT",
-+#endif
- #ifdef SQLITE_ENABLE_SNAPSHOT
-   "ENABLE_SNAPSHOT",
- #endif
-@@ -22584,6 +22725,9 @@
- #ifdef SQLITE_EXTRA_INIT
-   "EXTRA_INIT=" CTIMEOPT_VAL(SQLITE_EXTRA_INIT),
- #endif
-+#ifdef SQLITE_EXTRA_INIT_MUTEXED
-+  "EXTRA_INIT_MUTEXED=" CTIMEOPT_VAL(SQLITE_EXTRA_INIT_MUTEXED),
-+#endif
- #ifdef SQLITE_EXTRA_SHUTDOWN
-   "EXTRA_SHUTDOWN=" CTIMEOPT_VAL(SQLITE_EXTRA_SHUTDOWN),
- #endif
-@@ -23568,12 +23712,19 @@
- #endif
-   VdbeTxtBlbCache *pCache; /* Cache of large TEXT or BLOB values */
- 
--  /* 2*nField extra array elements allocated for aType[], beyond the one
--  ** static element declared in the structure.  nField total array slots for
--  ** aType[] and nField+1 array slots for aOffset[] */
--  u32 aType[1];           /* Type values record decode.  MUST BE LAST */
-+  /* Space is allocated for aType to hold at least 2*nField+1 entries:
-+  ** nField slots for aType[] and nField+1 array slots for aOffset[] */
-+  u32 aType[FLEXARRAY];    /* Type values record decode.  MUST BE LAST */
- };
- 
-+/*
-+** The size (in bytes) of a VdbeCursor object that has an nField value of N
-+** or less.  The value of SZ_VDBECURSOR(n) is guaranteed to be a multiple
-+** of 8.
-+*/
-+#define SZ_VDBECURSOR(N) \
-+    (ROUND8(offsetof(VdbeCursor,aType)) + ((N)+1)*sizeof(u64))
-+
- /* Return true if P is a null-only cursor
- */
- #define IsNullCursor(P) \
-@@ -23830,13 +23981,16 @@
-   u8 enc;                 /* Encoding to use for results */
-   u8 skipFlag;            /* Skip accumulator loading if true */
-   u16 argc;               /* Number of arguments */
--  sqlite3_value *argv[1]; /* Argument set */
-+  sqlite3_value *argv[FLEXARRAY]; /* Argument set */
- };
- 
--/* A bitfield type for use inside of structures.  Always follow with :N where
--** N is the number of bits.
-+/*
-+** The size (in bytes) of an sqlite3_context object that holds N
-+** argv[] arguments.
- */
--typedef unsigned bft;  /* Bit Field Type */
-+#define SZ_CONTEXT(N)  \
-+   (offsetof(sqlite3_context,argv)+(N)*sizeof(sqlite3_value*))
-+
- 
- /* The ScanStatus object holds a single value for the
- ** sqlite3_stmt_scanstatus() interface.
-@@ -23897,7 +24051,7 @@
-   i64 nStmtDefCons;       /* Number of def. constraints when stmt started */
-   i64 nStmtDefImmCons;    /* Number of def. imm constraints when stmt started */
-   Mem *aMem;              /* The memory locations */
--  Mem **apArg;            /* Arguments to currently executing user function */
-+  Mem **apArg;            /* Arguments xUpdate and xFilter vtab methods */
-   VdbeCursor **apCsr;     /* One element of this array for each open cursor */
-   Mem *aVar;              /* Values for the OP_Variable opcode. */
- 
-@@ -23917,6 +24071,7 @@
- #ifdef SQLITE_DEBUG
-   int rcApp;              /* errcode set by sqlite3_result_error_code() */
-   u32 nWrite;             /* Number of write operations that have occurred */
-+  int napArg;             /* Size of the apArg[] array */
- #endif
-   u16 nResColumn;         /* Number of columns in one row of the result set */
-   u16 nResAlloc;          /* Column slots allocated to aColName[] */
-@@ -23969,7 +24124,7 @@
-   VdbeCursor *pCsr;               /* Cursor to read old values from */
-   int op;                         /* One of SQLITE_INSERT, UPDATE, DELETE */
-   u8 *aRecord;                    /* old.* database record */
--  KeyInfo keyinfo;
-+  KeyInfo *pKeyinfo;              /* Key information */
-   UnpackedRecord *pUnpacked;      /* Unpacked version of aRecord[] */
-   UnpackedRecord *pNewUnpacked;   /* Unpacked version of new.* record */
-   int iNewReg;                    /* Register for new.* values */
-@@ -23981,6 +24136,7 @@
-   Table *pTab;                    /* Schema object being updated */
-   Index *pPk;                     /* PK index if pTab is WITHOUT ROWID */
-   sqlite3_value **apDflt;         /* Array of default values, if required */
-+  u8 keyinfoSpace[SZ_KEYINFO(0)]; /* Space to hold pKeyinfo[0] content */
- };
- 
- /*
-@@ -24347,8 +24503,9 @@
-   nInit += countLookasideSlots(db->lookaside.pSmallInit);
-   nFree += countLookasideSlots(db->lookaside.pSmallFree);
- #endif /* SQLITE_OMIT_TWOSIZE_LOOKASIDE */
--  if( pHighwater ) *pHighwater = db->lookaside.nSlot - nInit;
--  return db->lookaside.nSlot - (nInit+nFree);
-+  assert( db->lookaside.nSlot >= nInit+nFree );
-+  if( pHighwater ) *pHighwater = (int)(db->lookaside.nSlot - nInit);
-+  return (int)(db->lookaside.nSlot - (nInit+nFree));
- }
- 
- /*
-@@ -24401,7 +24558,7 @@
-       assert( (op-SQLITE_DBSTATUS_LOOKASIDE_HIT)>=0 );
-       assert( (op-SQLITE_DBSTATUS_LOOKASIDE_HIT)<3 );
-       *pCurrent = 0;
--      *pHighwater = db->lookaside.anStat[op - SQLITE_DBSTATUS_LOOKASIDE_HIT];
-+      *pHighwater = (int)db->lookaside.anStat[op-SQLITE_DBSTATUS_LOOKASIDE_HIT];
-       if( resetFlag ){
-         db->lookaside.anStat[op - SQLITE_DBSTATUS_LOOKASIDE_HIT] = 0;
-       }
-@@ -25913,7 +26070,7 @@
- ** In other words, return the day of the week according
- ** to this code:
- **
--**   0=Sunday, 1=Monday, 2=Tues, ..., 6=Saturday
-+**   0=Sunday, 1=Monday, 2=Tuesday, ..., 6=Saturday
- */
- static int daysAfterSunday(DateTime *pDate){
-   assert( pDate->validJD );
-@@ -30122,6 +30279,8 @@
- 
- #ifdef __CYGWIN__
- # include <sys/cygwin.h>
-+# include <sys/stat.h> /* amalgamator: dontcache */
-+# include <unistd.h> /* amalgamator: dontcache */
- # include <errno.h> /* amalgamator: dontcache */
- #endif
- 
-@@ -31516,17 +31675,17 @@
- #define etPERCENT     7 /* Percent symbol. %% */
- #define etCHARX       8 /* Characters. %c */
- /* The rest are extensions, not normally found in printf() */
--#define etSQLESCAPE   9 /* Strings with '\'' doubled.  %q */
--#define etSQLESCAPE2 10 /* Strings with '\'' doubled and enclosed in '',
--                          NULL pointers replaced by SQL NULL.  %Q */
--#define etTOKEN      11 /* a pointer to a Token structure */
--#define etSRCITEM    12 /* a pointer to a SrcItem */
--#define etPOINTER    13 /* The %p conversion */
--#define etSQLESCAPE3 14 /* %w -> Strings with '\"' doubled */
--#define etORDINAL    15 /* %r -> 1st, 2nd, 3rd, 4th, etc.  English only */
--#define etDECIMAL    16 /* %d or %u, but not %x, %o */
-+#define etESCAPE_q    9  /* Strings with '\'' doubled.  %q */
-+#define etESCAPE_Q    10 /* Strings with '\'' doubled and enclosed in '',
-+                            NULL pointers replaced by SQL NULL.  %Q */
-+#define etTOKEN       11 /* a pointer to a Token structure */
-+#define etSRCITEM     12 /* a pointer to a SrcItem */
-+#define etPOINTER     13 /* The %p conversion */
-+#define etESCAPE_w    14 /* %w -> Strings with '\"' doubled */
-+#define etORDINAL     15 /* %r -> 1st, 2nd, 3rd, 4th, etc.  English only */
-+#define etDECIMAL     16 /* %d or %u, but not %x, %o */
- 
--#define etINVALID    17 /* Any unrecognized conversion type */
-+#define etINVALID     17 /* Any unrecognized conversion type */
- 
- 
- /*
-@@ -31565,9 +31724,9 @@
-   {  's',  0, 4, etSTRING,     0,  0 },
-   {  'g',  0, 1, etGENERIC,    30, 0 },
-   {  'z',  0, 4, etDYNSTRING,  0,  0 },
--  {  'q',  0, 4, etSQLESCAPE,  0,  0 },
--  {  'Q',  0, 4, etSQLESCAPE2, 0,  0 },
--  {  'w',  0, 4, etSQLESCAPE3, 0,  0 },
-+  {  'q',  0, 4, etESCAPE_q,   0,  0 },
-+  {  'Q',  0, 4, etESCAPE_Q,   0,  0 },
-+  {  'w',  0, 4, etESCAPE_w,   0,  0 },
-   {  'c',  0, 0, etCHARX,      0,  0 },
-   {  'o',  8, 0, etRADIX,      0,  2 },
-   {  'u', 10, 0, etDECIMAL,    0,  0 },
-@@ -32164,25 +32323,7 @@
-           }
-         }else{
-           unsigned int ch = va_arg(ap,unsigned int);
--          if( ch<0x00080 ){
--            buf[0] = ch & 0xff;
--            length = 1;
--          }else if( ch<0x00800 ){
--            buf[0] = 0xc0 + (u8)((ch>>6)&0x1f);
--            buf[1] = 0x80 + (u8)(ch & 0x3f);
--            length = 2;
--          }else if( ch<0x10000 ){
--            buf[0] = 0xe0 + (u8)((ch>>12)&0x0f);
--            buf[1] = 0x80 + (u8)((ch>>6) & 0x3f);
--            buf[2] = 0x80 + (u8)(ch & 0x3f);
--            length = 3;
--          }else{
--            buf[0] = 0xf0 + (u8)((ch>>18) & 0x07);
--            buf[1] = 0x80 + (u8)((ch>>12) & 0x3f);
--            buf[2] = 0x80 + (u8)((ch>>6) & 0x3f);
--            buf[3] = 0x80 + (u8)(ch & 0x3f);
--            length = 4;
--          }
-+          length = sqlite3AppendOneUtf8Character(buf, ch);
-         }
-         if( precision>1 ){
-           i64 nPrior = 1;
-@@ -32262,22 +32403,31 @@
-           while( ii>=0 ) if( (bufpt[ii--] & 0xc0)==0x80 ) width++;
-         }
-         break;
--      case etSQLESCAPE:           /* %q: Escape ' characters */
--      case etSQLESCAPE2:          /* %Q: Escape ' and enclose in '...' */
--      case etSQLESCAPE3: {        /* %w: Escape " characters */
-+      case etESCAPE_q:          /* %q: Escape ' characters */
-+      case etESCAPE_Q:          /* %Q: Escape ' and enclose in '...' */
-+      case etESCAPE_w: {        /* %w: Escape " characters */
-         i64 i, j, k, n;
--        int needQuote, isnull;
-+        int needQuote = 0;
-         char ch;
--        char q = ((xtype==etSQLESCAPE3)?'"':'\'');   /* Quote character */
-         char *escarg;
-+        char q;
- 
-         if( bArgList ){
-           escarg = getTextArg(pArgList);
-         }else{
-           escarg = va_arg(ap,char*);
-         }
--        isnull = escarg==0;
--        if( isnull ) escarg = (xtype==etSQLESCAPE2 ? "NULL" : "(NULL)");
-+        if( escarg==0 ){
-+          escarg = (xtype==etESCAPE_Q ? "NULL" : "(NULL)");
-+        }else if( xtype==etESCAPE_Q ){
-+          needQuote = 1;
-+        }
-+        if( xtype==etESCAPE_w ){
-+          q = '"';
-+          flag_alternateform = 0;
-+        }else{
-+          q = '\'';
-+        }
-         /* For %q, %Q, and %w, the precision is the number of bytes (or
-         ** characters if the ! flags is present) to use from the input.
-         ** Because of the extra quoting characters inserted, the number
-@@ -32290,7 +32440,30 @@
-             while( (escarg[i+1]&0xc0)==0x80 ){ i++; }
-           }
-         }
--        needQuote = !isnull && xtype==etSQLESCAPE2;
-+        if( flag_alternateform ){
-+          /* For %#q, do unistr()-style backslash escapes for
-+          ** all control characters, and for backslash itself.
-+          ** For %#Q, do the same but only if there is at least
-+          ** one control character. */
-+          u32 nBack = 0;
-+          u32 nCtrl = 0;
-+          for(k=0; k<i; k++){
-+            if( escarg[k]=='\\' ){
-+              nBack++;
-+            }else if( ((u8*)escarg)[k]<=0x1f ){
-+              nCtrl++;
-+            }
-+          }
-+          if( nCtrl || xtype==etESCAPE_q ){
-+            n += nBack + 5*nCtrl;
-+            if( xtype==etESCAPE_Q ){
-+              n += 10;
-+              needQuote = 2;
-+            }
-+          }else{
-+            flag_alternateform = 0;
-+          }
-+        }
-         n += i + 3;
-         if( n>etBUFSIZE ){
-           bufpt = zExtra = printfTempBuf(pAccum, n);
-@@ -32299,13 +32472,41 @@
-           bufpt = buf;
-         }
-         j = 0;
--        if( needQuote ) bufpt[j++] = q;
-+        if( needQuote ){
-+          if( needQuote==2 ){
-+            memcpy(&bufpt[j], "unistr('", 8);
-+            j += 8;
-+          }else{
-+            bufpt[j++] = '\'';
-+          }
-+        }
-         k = i;
--        for(i=0; i<k; i++){
--          bufpt[j++] = ch = escarg[i];
--          if( ch==q ) bufpt[j++] = ch;
-+        if( flag_alternateform ){
-+          for(i=0; i<k; i++){
-+            bufpt[j++] = ch = escarg[i];
-+            if( ch==q ){
-+              bufpt[j++] = ch;
-+            }else if( ch=='\\' ){
-+              bufpt[j++] = '\\';
-+            }else if( ((unsigned char)ch)<=0x1f ){
-+              bufpt[j-1] = '\\';
-+              bufpt[j++] = 'u';
-+              bufpt[j++] = '0';
-+              bufpt[j++] = '0';
-+              bufpt[j++] = ch>=0x10 ? '1' : '0';
-+              bufpt[j++] = "0123456789abcdef"[ch&0xf];
-+            }
-+          }
-+        }else{
-+          for(i=0; i<k; i++){
-+            bufpt[j++] = ch = escarg[i];
-+            if( ch==q ) bufpt[j++] = ch;
-+          }
-+        }
-+        if( needQuote ){
-+          bufpt[j++] = '\'';
-+          if( needQuote==2 ) bufpt[j++] = ')';
-         }
--        if( needQuote ) bufpt[j++] = q;
-         bufpt[j] = 0;
-         length = j;
-         goto adjust_width_for_utf8;
-@@ -32548,7 +32749,7 @@
- static SQLITE_NOINLINE char *strAccumFinishRealloc(StrAccum *p){
-   char *zText;
-   assert( p->mxAlloc>0 && !isMalloced(p) );
--  zText = sqlite3DbMallocRaw(p->db, p->nChar+1 );
-+  zText = sqlite3DbMallocRaw(p->db, 1+(u64)p->nChar );
-   if( zText ){
-     memcpy(zText, p->zText, p->nChar+1);
-     p->printfFlags |= SQLITE_PRINTF_MALLOCED;
-@@ -32793,6 +32994,15 @@
-   return zBuf;
- }
- 
-+/* Maximum size of an sqlite3_log() message. */
-+#if defined(SQLITE_MAX_LOG_MESSAGE)
-+  /* Leave the definition as supplied */
-+#elif SQLITE_PRINT_BUF_SIZE*10>10000
-+# define SQLITE_MAX_LOG_MESSAGE 10000
-+#else
-+# define SQLITE_MAX_LOG_MESSAGE (SQLITE_PRINT_BUF_SIZE*10)
-+#endif
-+
- /*
- ** This is the routine that actually formats the sqlite3_log() message.
- ** We house it in a separate routine from sqlite3_log() to avoid using
-@@ -32809,7 +33019,7 @@
- */
- static void renderLogMsg(int iErrCode, const char *zFormat, va_list ap){
-   StrAccum acc;                          /* String accumulator */
--  char zMsg[SQLITE_PRINT_BUF_SIZE*3];    /* Complete log message */
-+  char zMsg[SQLITE_MAX_LOG_MESSAGE];     /* Complete log message */
- 
-   sqlite3StrAccumInit(&acc, 0, zMsg, sizeof(zMsg), 0);
-   sqlite3_str_vappendf(&acc, zFormat, ap);
-@@ -34805,6 +35015,35 @@
- }
- 
- /*
-+** Write a single UTF8 character whose value is v into the
-+** buffer starting at zOut.  zOut must be sized to hold at
-+** least four bytes.  Return the number of bytes needed
-+** to encode the new character.
-+*/
-+SQLITE_PRIVATE int sqlite3AppendOneUtf8Character(char *zOut, u32 v){
-+  if( v<0x00080 ){
-+    zOut[0] = (u8)(v & 0xff);
-+    return 1;
-+  }
-+  if( v<0x00800 ){
-+    zOut[0] = 0xc0 + (u8)((v>>6) & 0x1f);
-+    zOut[1] = 0x80 + (u8)(v & 0x3f);
-+    return 2;
-+  }
-+  if( v<0x10000 ){
-+    zOut[0] = 0xe0 + (u8)((v>>12) & 0x0f);
-+    zOut[1] = 0x80 + (u8)((v>>6) & 0x3f);
-+    zOut[2] = 0x80 + (u8)(v & 0x3f);
-+    return 3;
-+  }
-+  zOut[0] = 0xf0 + (u8)((v>>18) & 0x07);
-+  zOut[1] = 0x80 + (u8)((v>>12) & 0x3f);
-+  zOut[2] = 0x80 + (u8)((v>>6) & 0x3f);
-+  zOut[3] = 0x80 + (u8)(v & 0x3f);
-+  return 4;
-+}
-+
-+/*
- ** Translate a single UTF-8 character.  Return the unicode value.
- **
- ** During translation, assume that the byte that zTerm points
-@@ -35225,7 +35464,7 @@
-   int n = 0;
- 
-   if( SQLITE_UTF16NATIVE==SQLITE_UTF16LE ) z++;
--  while( n<nChar && ALWAYS(z<=zEnd) ){
-+  while( n<nChar && z<=zEnd ){
-     c = z[0];
-     z += 2;
-     if( c>=0xd8 && c<0xdc && z<=zEnd && z[0]>=0xdc && z[0]<0xe0 ) z += 2;
-@@ -36400,7 +36639,11 @@
-   }
-   p->z = &p->zBuf[i+1];
-   assert( i+p->n < sizeof(p->zBuf) );
--  while( ALWAYS(p->n>0) && p->z[p->n-1]=='0' ){ p->n--; }
-+  assert( p->n>0 );
-+  while( p->z[p->n-1]=='0' ){
-+    p->n--;
-+    assert( p->n>0 );
-+  }
- }
- 
- /*
-@@ -36905,7 +37148,7 @@
- }
- 
- /*
--** Compute the absolute value of a 32-bit signed integer, of possible.  Or
-+** Compute the absolute value of a 32-bit signed integer, if possible.  Or
- ** if the integer has a value of -2147483648, return +2147483647
- */
- SQLITE_PRIVATE int sqlite3AbsInt32(int x){
-@@ -37186,12 +37429,19 @@
- */
- static unsigned int strHash(const char *z){
-   unsigned int h = 0;
--  unsigned char c;
--  while( (c = (unsigned char)*z++)!=0 ){     /*OPTIMIZATION-IF-TRUE*/
-+  while( z[0] ){     /*OPTIMIZATION-IF-TRUE*/
-     /* Knuth multiplicative hashing.  (Sorting & Searching, p. 510).
-     ** 0x9e3779b1 is 2654435761 which is the closest prime number to
--    ** (2**32)*golden_ratio, where golden_ratio = (sqrt(5) - 1)/2. */
--    h += sqlite3UpperToLower[c];
-+    ** (2**32)*golden_ratio, where golden_ratio = (sqrt(5) - 1)/2.
-+    **
-+    ** Only bits 0xdf for ASCII and bits 0xbf for EBCDIC each octet are
-+    ** hashed since the omitted bits determine the upper/lower case difference.
-+    */
-+#ifdef SQLITE_EBCDIC
-+    h += 0xbf & (unsigned char)*(z++);
-+#else
-+    h += 0xdf & (unsigned char)*(z++);
-+#endif
-     h *= 0x9e3779b1;
-   }
-   return h;
-@@ -37264,9 +37514,8 @@
-   pH->htsize = new_size = sqlite3MallocSize(new_ht)/sizeof(struct _ht);
-   memset(new_ht, 0, new_size*sizeof(struct _ht));
-   for(elem=pH->first, pH->first=0; elem; elem = next_elem){
--    unsigned int h = strHash(elem->pKey) % new_size;
-     next_elem = elem->next;
--    insertElement(pH, &new_ht[h], elem);
-+    insertElement(pH, &new_ht[elem->h % new_size], elem);
-   }
-   return 1;
- }
-@@ -37284,23 +37533,22 @@
-   HashElem *elem;                /* Used to loop thru the element list */
-   unsigned int count;            /* Number of elements left to test */
-   unsigned int h;                /* The computed hash */
--  static HashElem nullElement = { 0, 0, 0, 0 };
-+  static HashElem nullElement = { 0, 0, 0, 0, 0 };
- 
-+  h = strHash(pKey);
-   if( pH->ht ){   /*OPTIMIZATION-IF-TRUE*/
-     struct _ht *pEntry;
--    h = strHash(pKey) % pH->htsize;
--    pEntry = &pH->ht[h];
-+    pEntry = &pH->ht[h % pH->htsize];
-     elem = pEntry->chain;
-     count = pEntry->count;
-   }else{
--    h = 0;
-     elem = pH->first;
-     count = pH->count;
-   }
-   if( pHash ) *pHash = h;
-   while( count ){
-     assert( elem!=0 );
--    if( sqlite3StrICmp(elem->pKey,pKey)==0 ){
-+    if( h==elem->h && sqlite3StrICmp(elem->pKey,pKey)==0 ){
-       return elem;
-     }
-     elem = elem->next;
-@@ -37312,10 +37560,9 @@
- /* Remove a single entry from the hash table given a pointer to that
- ** element and a hash on the element's key.
- */
--static void removeElementGivenHash(
-+static void removeElement(
-   Hash *pH,         /* The pH containing "elem" */
--  HashElem* elem,   /* The element to be removed from the pH */
--  unsigned int h    /* Hash value for the element */
-+  HashElem *elem    /* The element to be removed from the pH */
- ){
-   struct _ht *pEntry;
-   if( elem->prev ){
-@@ -37327,7 +37574,7 @@
-     elem->next->prev = elem->prev;
-   }
-   if( pH->ht ){
--    pEntry = &pH->ht[h];
-+    pEntry = &pH->ht[elem->h % pH->htsize];
-     if( pEntry->chain==elem ){
-       pEntry->chain = elem->next;
-     }
-@@ -37378,7 +37625,7 @@
-   if( elem->data ){
-     void *old_data = elem->data;
-     if( data==0 ){
--      removeElementGivenHash(pH,elem,h);
-+      removeElement(pH,elem);
-     }else{
-       elem->data = data;
-       elem->pKey = pKey;
-@@ -37389,15 +37636,13 @@
-   new_elem = (HashElem*)sqlite3Malloc( sizeof(HashElem) );
-   if( new_elem==0 ) return data;
-   new_elem->pKey = pKey;
-+  new_elem->h = h;
-   new_elem->data = data;
-   pH->count++;
--  if( pH->count>=10 && pH->count > 2*pH->htsize ){
--    if( rehash(pH, pH->count*2) ){
--      assert( pH->htsize>0 );
--      h = strHash(pKey) % pH->htsize;
--    }
-+  if( pH->count>=5 && pH->count > 2*pH->htsize ){
-+    rehash(pH, pH->count*3);
-   }
--  insertElement(pH, pH->ht ? &pH->ht[h] : 0, new_elem);
-+  insertElement(pH, pH->ht ? &pH->ht[new_elem->h % pH->htsize] : 0, new_elem);
-   return 0;
- }
- 
-@@ -38880,6 +39125,7 @@
- #endif
- #ifdef SQLITE_ENABLE_SETLK_TIMEOUT
-   unsigned iBusyTimeout;              /* Wait this many millisec on locks */
-+  int bBlockOnConnect;                /* True to block for SHARED locks */
- #endif
- #if OS_VXWORKS
-   struct vxworksFileId *pId;          /* Unique file ID */
-@@ -40273,6 +40519,13 @@
-       rc = 0;
-     }
-   }else{
-+#ifdef SQLITE_ENABLE_SETLK_TIMEOUT
-+    if( pFile->bBlockOnConnect && pLock->l_type==F_RDLCK
-+     && pLock->l_start==SHARED_FIRST && pLock->l_len==SHARED_SIZE
-+    ){
-+      rc = osFcntl(pFile->h, F_SETLKW, pLock);
-+    }else
-+#endif
-     rc = osSetPosixAdvisoryLock(pFile->h, pLock, pFile);
-   }
-   return rc;
-@@ -42634,8 +42887,9 @@
- #ifdef SQLITE_ENABLE_SETLK_TIMEOUT
-     case SQLITE_FCNTL_LOCK_TIMEOUT: {
-       int iOld = pFile->iBusyTimeout;
-+      int iNew = *(int*)pArg;
- #if SQLITE_ENABLE_SETLK_TIMEOUT==1
--      pFile->iBusyTimeout = *(int*)pArg;
-+      pFile->iBusyTimeout = iNew<0 ? 0x7FFFFFFF : (unsigned)iNew;
- #elif SQLITE_ENABLE_SETLK_TIMEOUT==2
-       pFile->iBusyTimeout = !!(*(int*)pArg);
- #else
-@@ -42644,7 +42898,12 @@
-       *(int*)pArg = iOld;
-       return SQLITE_OK;
-     }
--#endif
-+    case SQLITE_FCNTL_BLOCK_ON_CONNECT: {
-+      int iNew = *(int*)pArg;
-+      pFile->bBlockOnConnect = iNew;
-+      return SQLITE_OK;
-+    }
-+#endif /* SQLITE_ENABLE_SETLK_TIMEOUT */
- #if SQLITE_MAX_MMAP_SIZE>0
-     case SQLITE_FCNTL_MMAP_SIZE: {
-       i64 newLimit = *(i64*)pArg;
-@@ -43617,21 +43876,20 @@
-   /* Check that, if this to be a blocking lock, no locks that occur later
-   ** in the following list than the lock being obtained are already held:
-   **
--  **   1. Checkpointer lock (ofst==1).
--  **   2. Write lock (ofst==0).
--  **   3. Read locks (ofst>=3 && ofst<SQLITE_SHM_NLOCK).
-+  **   1. Recovery lock (ofst==2).
-+  **   2. Checkpointer lock (ofst==1).
-+  **   3. Write lock (ofst==0).
-+  **   4. Read locks (ofst>=3 && ofst<SQLITE_SHM_NLOCK).
-   **
-   ** In other words, if this is a blocking lock, none of the locks that
-   ** occur later in the above list than the lock being obtained may be
-   ** held.
--  **
--  ** It is not permitted to block on the RECOVER lock.
-   */
--#ifdef SQLITE_ENABLE_SETLK_TIMEOUT
-+#if defined(SQLITE_ENABLE_SETLK_TIMEOUT) && defined(SQLITE_DEBUG)
-   {
-     u16 lockMask = (p->exclMask|p->sharedMask);
-     assert( (flags & SQLITE_SHM_UNLOCK) || pDbFd->iBusyTimeout==0 || (
--          (ofst!=2)                                   /* not RECOVER */
-+          (ofst!=2 || lockMask==0)
-        && (ofst!=1 || lockMask==0 || lockMask==2)
-        && (ofst!=0 || lockMask<3)
-        && (ofst<3  || lockMask<(1<<ofst))
-@@ -45436,7 +45694,7 @@
- 
-   /* Almost all modern unix systems support nanosleep().  But if you are
-   ** compiling for one of the rare exceptions, you can use
--  ** -DHAVE_NANOSLEEP=0 (perhaps in conjuction with -DHAVE_USLEEP if
-+  ** -DHAVE_NANOSLEEP=0 (perhaps in conjunction with -DHAVE_USLEEP if
-   ** usleep() is available) in order to bypass the use of nanosleep() */
-   nanosleep(&sp, NULL);
- 
-@@ -47157,8 +47415,18 @@
-   sqlite3_int64 mmapSize;       /* Size of mapped region */
-   sqlite3_int64 mmapSizeMax;    /* Configured FCNTL_MMAP_SIZE value */
- #endif
-+#ifdef SQLITE_ENABLE_SETLK_TIMEOUT
-+  DWORD iBusyTimeout;        /* Wait this many millisec on locks */
-+  int bBlockOnConnect;
-+#endif
- };
- 
-+#ifdef SQLITE_ENABLE_SETLK_TIMEOUT
-+# define winFileBusyTimeout(pDbFd) pDbFd->iBusyTimeout
-+#else
-+# define winFileBusyTimeout(pDbFd) 0
-+#endif
-+
- /*
- ** The winVfsAppData structure is used for the pAppData member for all of the
- ** Win32 VFS variants.
-@@ -47477,7 +47745,7 @@
-   { "FileTimeToLocalFileTime", (SYSCALL)0,                       0 },
- #endif
- 
--#define osFileTimeToLocalFileTime ((BOOL(WINAPI*)(CONST FILETIME*, \
-+#define osFileTimeToLocalFileTime ((BOOL(WINAPI*)(const FILETIME*, \
-         LPFILETIME))aSyscall[11].pCurrent)
- 
- #if SQLITE_OS_WINCE
-@@ -47486,7 +47754,7 @@
-   { "FileTimeToSystemTime",    (SYSCALL)0,                       0 },
- #endif
- 
--#define osFileTimeToSystemTime ((BOOL(WINAPI*)(CONST FILETIME*, \
-+#define osFileTimeToSystemTime ((BOOL(WINAPI*)(const FILETIME*, \
-         LPSYSTEMTIME))aSyscall[12].pCurrent)
- 
-   { "FlushFileBuffers",        (SYSCALL)FlushFileBuffers,        0 },
-@@ -47592,6 +47860,12 @@
- #define osGetFullPathNameW ((DWORD(WINAPI*)(LPCWSTR,DWORD,LPWSTR, \
-         LPWSTR*))aSyscall[25].pCurrent)
- 
-+/*
-+** For GetLastError(), MSDN says:
-+**
-+** Minimum supported client: Windows XP [desktop apps | UWP apps]
-+** Minimum supported server: Windows Server 2003 [desktop apps | UWP apps]
-+*/
-   { "GetLastError",            (SYSCALL)GetLastError,            0 },
- 
- #define osGetLastError ((DWORD(WINAPI*)(VOID))aSyscall[26].pCurrent)
-@@ -47760,7 +48034,7 @@
-   { "LockFile",                (SYSCALL)0,                       0 },
- #endif
- 
--#ifndef osLockFile
-+#if !defined(osLockFile) && defined(SQLITE_WIN32_HAS_ANSI)
- #define osLockFile ((BOOL(WINAPI*)(HANDLE,DWORD,DWORD,DWORD, \
-         DWORD))aSyscall[47].pCurrent)
- #endif
-@@ -47824,7 +48098,7 @@
- 
-   { "SystemTimeToFileTime",    (SYSCALL)SystemTimeToFileTime,    0 },
- 
--#define osSystemTimeToFileTime ((BOOL(WINAPI*)(CONST SYSTEMTIME*, \
-+#define osSystemTimeToFileTime ((BOOL(WINAPI*)(const SYSTEMTIME*, \
-         LPFILETIME))aSyscall[56].pCurrent)
- 
- #if !SQLITE_OS_WINCE && !SQLITE_OS_WINRT
-@@ -47833,7 +48107,7 @@
-   { "UnlockFile",              (SYSCALL)0,                       0 },
- #endif
- 
--#ifndef osUnlockFile
-+#if !defined(osUnlockFile) && defined(SQLITE_WIN32_HAS_ANSI)
- #define osUnlockFile ((BOOL(WINAPI*)(HANDLE,DWORD,DWORD,DWORD, \
-         DWORD))aSyscall[57].pCurrent)
- #endif
-@@ -47874,11 +48148,13 @@
- #define osCreateEventExW ((HANDLE(WINAPI*)(LPSECURITY_ATTRIBUTES,LPCWSTR, \
-         DWORD,DWORD))aSyscall[62].pCurrent)
- 
--#if !SQLITE_OS_WINRT
-+/*
-+** For WaitForSingleObject(), MSDN says:
-+**
-+** Minimum supported client: Windows XP [desktop apps | UWP apps]
-+** Minimum supported server: Windows Server 2003 [desktop apps | UWP apps]
-+*/
-   { "WaitForSingleObject",     (SYSCALL)WaitForSingleObject,     0 },
--#else
--  { "WaitForSingleObject",     (SYSCALL)0,                       0 },
--#endif
- 
- #define osWaitForSingleObject ((DWORD(WINAPI*)(HANDLE, \
-         DWORD))aSyscall[63].pCurrent)
-@@ -48025,6 +48301,97 @@
- #define osFlushViewOfFile \
-         ((BOOL(WINAPI*)(LPCVOID,SIZE_T))aSyscall[79].pCurrent)
- 
-+/*
-+** If SQLITE_ENABLE_SETLK_TIMEOUT is defined, we require CreateEvent()
-+** to implement blocking locks with timeouts. MSDN says:
-+**
-+** Minimum supported client: Windows XP [desktop apps | UWP apps]
-+** Minimum supported server: Windows Server 2003 [desktop apps | UWP apps]
-+*/
-+#ifdef SQLITE_ENABLE_SETLK_TIMEOUT
-+  { "CreateEvent",              (SYSCALL)CreateEvent,            0 },
-+#else
-+  { "CreateEvent",              (SYSCALL)0,                      0 },
-+#endif
-+
-+#define osCreateEvent ( \
-+    (HANDLE(WINAPI*) (LPSECURITY_ATTRIBUTES,BOOL,BOOL,LPCSTR)) \
-+    aSyscall[80].pCurrent \
-+)
-+
-+/*
-+** If SQLITE_ENABLE_SETLK_TIMEOUT is defined, we require CancelIo()
-+** for the case where a timeout expires and a lock request must be
-+** cancelled.
-+**
-+** Minimum supported client: Windows XP [desktop apps | UWP apps]
-+** Minimum supported server: Windows Server 2003 [desktop apps | UWP apps]
-+*/
-+#ifdef SQLITE_ENABLE_SETLK_TIMEOUT
-+  { "CancelIo",                 (SYSCALL)CancelIo,               0 },
-+#else
-+  { "CancelIo",                 (SYSCALL)0,                      0 },
-+#endif
-+
-+#define osCancelIo ((BOOL(WINAPI*)(HANDLE))aSyscall[81].pCurrent)
-+
-+#if defined(SQLITE_WIN32_HAS_WIDE) && defined(_WIN32)
-+  { "GetModuleHandleW",         (SYSCALL)GetModuleHandleW,       0 },
-+#else
-+  { "GetModuleHandleW",         (SYSCALL)0,                      0 },
-+#endif
-+
-+#define osGetModuleHandleW ((HMODULE(WINAPI*)(LPCWSTR))aSyscall[82].pCurrent)
-+
-+#ifndef _WIN32
-+  { "getenv",                   (SYSCALL)getenv,                 0 },
-+#else
-+  { "getenv",                   (SYSCALL)0,                      0 },
-+#endif
-+
-+#define osGetenv ((const char *(*)(const char *))aSyscall[83].pCurrent)
-+
-+#ifndef _WIN32
-+  { "getcwd",                   (SYSCALL)getcwd,                 0 },
-+#else
-+  { "getcwd",                   (SYSCALL)0,                      0 },
-+#endif
-+
-+#define osGetcwd ((char*(*)(char*,size_t))aSyscall[84].pCurrent)
-+
-+#ifndef _WIN32
-+  { "readlink",                 (SYSCALL)readlink,               0 },
-+#else
-+  { "readlink",                 (SYSCALL)0,                      0 },
-+#endif
-+
-+#define osReadlink ((ssize_t(*)(const char*,char*,size_t))aSyscall[85].pCurrent)
-+
-+#ifndef _WIN32
-+  { "lstat",                    (SYSCALL)lstat,                  0 },
-+#else
-+  { "lstat",                    (SYSCALL)0,                      0 },
-+#endif
-+
-+#define osLstat ((int(*)(const char*,struct stat*))aSyscall[86].pCurrent)
-+
-+#ifndef _WIN32
-+  { "__errno",                  (SYSCALL)__errno,                0 },
-+#else
-+  { "__errno",                  (SYSCALL)0,                      0 },
-+#endif
-+
-+#define osErrno (*((int*(*)(void))aSyscall[87].pCurrent)())
-+
-+#ifndef _WIN32
-+  { "cygwin_conv_path",         (SYSCALL)cygwin_conv_path,       0 },
-+#else
-+  { "cygwin_conv_path",         (SYSCALL)0,                      0 },
-+#endif
-+
-+#define osCygwin_conv_path ((size_t(*)(unsigned int, \
-+    const void *, void *, size_t))aSyscall[88].pCurrent)
-+
- }; /* End of the overrideable system calls */
- 
- /*
-@@ -48198,6 +48565,7 @@
- }
- #endif /* SQLITE_WIN32_MALLOC */
- 
-+#ifdef _WIN32
- /*
- ** This function outputs the specified (ANSI) string to the Win32 debugger
- ** (if available).
-@@ -48240,6 +48608,7 @@
-   }
- #endif
- }
-+#endif /* _WIN32 */
- 
- /*
- ** The following routine suspends the current thread for at least ms
-@@ -48323,7 +48692,9 @@
-   }
-   return osInterlockedCompareExchange(&sqlite3_os_type, 2, 2)==2;
- #elif SQLITE_TEST
--  return osInterlockedCompareExchange(&sqlite3_os_type, 2, 2)==2;
-+  return osInterlockedCompareExchange(&sqlite3_os_type, 2, 2)==2
-+      || osInterlockedCompareExchange(&sqlite3_os_type, 0, 0)==0
-+  ;
- #else
-   /*
-   ** NOTE: All sub-platforms where the GetVersionEx[AW] functions are
-@@ -48538,6 +48909,7 @@
- }
- #endif /* SQLITE_WIN32_MALLOC */
- 
-+#ifdef _WIN32
- /*
- ** Convert a UTF-8 string to Microsoft Unicode.
- **
-@@ -48563,6 +48935,7 @@
-   }
-   return zWideText;
- }
-+#endif /* _WIN32 */
- 
- /*
- ** Convert a Microsoft Unicode string to UTF-8.
-@@ -48597,28 +48970,29 @@
- ** Space to hold the returned string is obtained from sqlite3_malloc().
- */
- static LPWSTR winMbcsToUnicode(const char *zText, int useAnsi){
--  int nByte;
-+  int nWideChar;
-   LPWSTR zMbcsText;
-   int codepage = useAnsi ? CP_ACP : CP_OEMCP;
- 
--  nByte = osMultiByteToWideChar(codepage, 0, zText, -1, NULL,
--                                0)*sizeof(WCHAR);
--  if( nByte==0 ){
-+  nWideChar = osMultiByteToWideChar(codepage, 0, zText, -1, NULL,
-+                                0);
-+  if( nWideChar==0 ){
-     return 0;
-   }
--  zMbcsText = sqlite3MallocZero( nByte*sizeof(WCHAR) );
-+  zMbcsText = sqlite3MallocZero( nWideChar*sizeof(WCHAR) );
-   if( zMbcsText==0 ){
-     return 0;
-   }
--  nByte = osMultiByteToWideChar(codepage, 0, zText, -1, zMbcsText,
--                                nByte);
--  if( nByte==0 ){
-+  nWideChar = osMultiByteToWideChar(codepage, 0, zText, -1, zMbcsText,
-+                                nWideChar);
-+  if( nWideChar==0 ){
-     sqlite3_free(zMbcsText);
-     zMbcsText = 0;
-   }
-   return zMbcsText;
- }
- 
-+#ifdef _WIN32
- /*
- ** Convert a Microsoft Unicode string to a multi-byte character string,
- ** using the ANSI or OEM code page.
-@@ -48646,6 +49020,7 @@
-   }
-   return zText;
- }
-+#endif /* _WIN32 */
- 
- /*
- ** Convert a multi-byte character string to UTF-8.
-@@ -48665,6 +49040,7 @@
-   return zTextUtf8;
- }
- 
-+#ifdef _WIN32
- /*
- ** Convert a UTF-8 string to a multi-byte character string.
- **
-@@ -48714,6 +49090,7 @@
- #endif
-   return winUnicodeToUtf8(zWideText);
- }
-+#endif /* _WIN32 */
- 
- /*
- ** This is a public wrapper for the winMbcsToUtf8() function.
-@@ -48731,6 +49108,7 @@
-   return winMbcsToUtf8(zText, osAreFileApisANSI());
- }
- 
-+#ifdef _WIN32
- /*
- ** This is a public wrapper for the winMbcsToUtf8() function.
- */
-@@ -48855,6 +49233,7 @@
- ){
-   return sqlite3_win32_set_directory16(type, zValue);
- }
-+#endif /* _WIN32 */
- 
- /*
- ** The return value of winGetLastErrorMsg
-@@ -49403,14 +49782,99 @@
-     ovlp.Offset = offsetLow;
-     ovlp.OffsetHigh = offsetHigh;
-     return osLockFileEx(*phFile, flags, 0, numBytesLow, numBytesHigh, &ovlp);
-+#ifdef SQLITE_WIN32_HAS_ANSI
-   }else{
-     return osLockFile(*phFile, offsetLow, offsetHigh, numBytesLow,
-                       numBytesHigh);
-+#endif
-   }
- #endif
- }
- 
- /*
-+** Lock a region of nByte bytes starting at offset offset of file hFile.
-+** Take an EXCLUSIVE lock if parameter bExclusive is true, or a SHARED lock
-+** otherwise. If nMs is greater than zero and the lock cannot be obtained
-+** immediately, block for that many ms before giving up.
-+**
-+** This function returns SQLITE_OK if the lock is obtained successfully. If
-+** some other process holds the lock, SQLITE_BUSY is returned if nMs==0, or
-+** SQLITE_BUSY_TIMEOUT otherwise. Or, if an error occurs, SQLITE_IOERR.
-+*/
-+static int winHandleLockTimeout(
-+  HANDLE hFile,
-+  DWORD offset,
-+  DWORD nByte,
-+  int bExcl,
-+  DWORD nMs
-+){
-+  DWORD flags = LOCKFILE_FAIL_IMMEDIATELY | (bExcl?LOCKFILE_EXCLUSIVE_LOCK:0);
-+  int rc = SQLITE_OK;
-+  BOOL ret;
-+
-+  if( !osIsNT() ){
-+    ret = winLockFile(&hFile, flags, offset, 0, nByte, 0);
-+  }else{
-+    OVERLAPPED ovlp;
-+    memset(&ovlp, 0, sizeof(OVERLAPPED));
-+    ovlp.Offset = offset;
-+
-+#ifdef SQLITE_ENABLE_SETLK_TIMEOUT
-+    if( nMs!=0 ){
-+      flags &= ~LOCKFILE_FAIL_IMMEDIATELY;
-+    }
-+    ovlp.hEvent = osCreateEvent(NULL, TRUE, FALSE, NULL);
-+    if( ovlp.hEvent==NULL ){
-+      return SQLITE_IOERR_LOCK;
-+    }
-+#endif
-+
-+    ret = osLockFileEx(hFile, flags, 0, nByte, 0, &ovlp);
-+
-+#ifdef SQLITE_ENABLE_SETLK_TIMEOUT
-+    /* If SQLITE_ENABLE_SETLK_TIMEOUT is defined, then the file-handle was
-+    ** opened with FILE_FLAG_OVERHEAD specified. In this case, the call to
-+    ** LockFileEx() may fail because the request is still pending. This can
-+    ** happen even if LOCKFILE_FAIL_IMMEDIATELY was specified.
-+    **
-+    ** If nMs is 0, then LOCKFILE_FAIL_IMMEDIATELY was set in the flags
-+    ** passed to LockFileEx(). In this case, if the operation is pending,
-+    ** block indefinitely until it is finished.
-+    **
-+    ** Otherwise, wait for up to nMs ms for the operation to finish. nMs
-+    ** may be set to INFINITE.
-+    */
-+    if( !ret && GetLastError()==ERROR_IO_PENDING ){
-+      DWORD nDelay = (nMs==0 ? INFINITE : nMs);
-+      DWORD res = osWaitForSingleObject(ovlp.hEvent, nDelay);
-+      if( res==WAIT_OBJECT_0 ){
-+        ret = TRUE;
-+      }else if( res==WAIT_TIMEOUT ){
-+#if SQLITE_ENABLE_SETLK_TIMEOUT==1
-+        rc = SQLITE_BUSY_TIMEOUT;
-+#else
-+        rc = SQLITE_BUSY;
-+#endif
-+      }else{
-+        /* Some other error has occurred */
-+        rc = SQLITE_IOERR_LOCK;
-+      }
-+
-+      /* If it is still pending, cancel the LockFileEx() call. */
-+      osCancelIo(hFile);
-+    }
-+
-+    osCloseHandle(ovlp.hEvent);
-+#endif
-+  }
-+
-+  if( rc==SQLITE_OK && !ret ){
-+    rc = SQLITE_BUSY;
-+  }
-+  return rc;
-+}
-+
-+/*
- ** Unlock a file region.
-  */
- static BOOL winUnlockFile(
-@@ -49434,13 +49898,23 @@
-     ovlp.Offset = offsetLow;
-     ovlp.OffsetHigh = offsetHigh;
-     return osUnlockFileEx(*phFile, 0, numBytesLow, numBytesHigh, &ovlp);
-+#ifdef SQLITE_WIN32_HAS_ANSI
-   }else{
-     return osUnlockFile(*phFile, offsetLow, offsetHigh, numBytesLow,
-                         numBytesHigh);
-+#endif
-   }
- #endif
- }
- 
-+/*
-+** Remove an nByte lock starting at offset iOff from HANDLE h.
-+*/
-+static int winHandleUnlock(HANDLE h, int iOff, int nByte){
-+  BOOL ret = winUnlockFile(&h, iOff, 0, nByte, 0);
-+  return (ret ? SQLITE_OK : SQLITE_IOERR_UNLOCK);
-+}
-+
- /*****************************************************************************
- ** The next group of routines implement the I/O methods specified
- ** by the sqlite3_io_methods object.
-@@ -49454,66 +49928,70 @@
- #endif
- 
- /*
--** Move the current position of the file handle passed as the first
--** argument to offset iOffset within the file. If successful, return 0.
--** Otherwise, set pFile->lastErrno and return non-zero.
-+** Seek the file handle h to offset nByte of the file.
-+**
-+** If successful, return SQLITE_OK. Or, if an error occurs, return an SQLite
-+** error code.
- */
--static int winSeekFile(winFile *pFile, sqlite3_int64 iOffset){
-+static int winHandleSeek(HANDLE h, sqlite3_int64 iOffset){
-+  int rc = SQLITE_OK;             /* Return value */
-+
- #if !SQLITE_OS_WINRT
-   LONG upperBits;                 /* Most sig. 32 bits of new offset */
-   LONG lowerBits;                 /* Least sig. 32 bits of new offset */
-   DWORD dwRet;                    /* Value returned by SetFilePointer() */
--  DWORD lastErrno;                /* Value returned by GetLastError() */
--
--  OSTRACE(("SEEK file=%p, offset=%lld\n", pFile->h, iOffset));
- 
-   upperBits = (LONG)((iOffset>>32) & 0x7fffffff);
-   lowerBits = (LONG)(iOffset & 0xffffffff);
- 
-+  dwRet = osSetFilePointer(h, lowerBits, &upperBits, FILE_BEGIN);
-+
-   /* API oddity: If successful, SetFilePointer() returns a dword
-   ** containing the lower 32-bits of the new file-offset. Or, if it fails,
-   ** it returns INVALID_SET_FILE_POINTER. However according to MSDN,
-   ** INVALID_SET_FILE_POINTER may also be a valid new offset. So to determine
-   ** whether an error has actually occurred, it is also necessary to call
--  ** GetLastError().
--  */
--  dwRet = osSetFilePointer(pFile->h, lowerBits, &upperBits, FILE_BEGIN);
--
--  if( (dwRet==INVALID_SET_FILE_POINTER
--      && ((lastErrno = osGetLastError())!=NO_ERROR)) ){
--    pFile->lastErrno = lastErrno;
--    winLogError(SQLITE_IOERR_SEEK, pFile->lastErrno,
--                "winSeekFile", pFile->zPath);
--    OSTRACE(("SEEK file=%p, rc=SQLITE_IOERR_SEEK\n", pFile->h));
--    return 1;
-+  ** GetLastError().  */
-+  if( dwRet==INVALID_SET_FILE_POINTER ){
-+    DWORD lastErrno = osGetLastError();
-+    if( lastErrno!=NO_ERROR ){
-+      rc = SQLITE_IOERR_SEEK;
-+    }
-   }
--
--  OSTRACE(("SEEK file=%p, rc=SQLITE_OK\n", pFile->h));
--  return 0;
- #else
--  /*
--  ** Same as above, except that this implementation works for WinRT.
--  */
--
-+  /* This implementation works for WinRT. */
-   LARGE_INTEGER x;                /* The new offset */
-   BOOL bRet;                      /* Value returned by SetFilePointerEx() */
- 
-   x.QuadPart = iOffset;
--  bRet = osSetFilePointerEx(pFile->h, x, 0, FILE_BEGIN);
-+  bRet = osSetFilePointerEx(h, x, 0, FILE_BEGIN);
- 
-   if(!bRet){
--    pFile->lastErrno = osGetLastError();
--    winLogError(SQLITE_IOERR_SEEK, pFile->lastErrno,
--                "winSeekFile", pFile->zPath);
--    OSTRACE(("SEEK file=%p, rc=SQLITE_IOERR_SEEK\n", pFile->h));
--    return 1;
-+    rc = SQLITE_IOERR_SEEK;
-   }
--
--  OSTRACE(("SEEK file=%p, rc=SQLITE_OK\n", pFile->h));
--  return 0;
- #endif
-+
-+  OSTRACE(("SEEK file=%p, offset=%lld rc=%s\n", h, iOffset, sqlite3ErrName(rc)));
-+  return rc;
- }
- 
-+/*
-+** Move the current position of the file handle passed as the first
-+** argument to offset iOffset within the file. If successful, return 0.
-+** Otherwise, set pFile->lastErrno and return non-zero.
-+*/
-+static int winSeekFile(winFile *pFile, sqlite3_int64 iOffset){
-+  int rc;
-+
-+  rc = winHandleSeek(pFile->h, iOffset);
-+  if( rc!=SQLITE_OK ){
-+    pFile->lastErrno = osGetLastError();
-+    winLogError(rc, pFile->lastErrno, "winSeekFile", pFile->zPath);
-+  }
-+  return rc;
-+}
-+
-+
- #if SQLITE_MAX_MMAP_SIZE>0
- /* Forward references to VFS helper methods used for memory mapped files */
- static int winMapfile(winFile*, sqlite3_int64);
-@@ -49774,6 +50252,60 @@
- }
- 
- /*
-+** Truncate the file opened by handle h to nByte bytes in size.
-+*/
-+static int winHandleTruncate(HANDLE h, sqlite3_int64 nByte){
-+  int rc = SQLITE_OK;             /* Return code */
-+  rc = winHandleSeek(h, nByte);
-+  if( rc==SQLITE_OK ){
-+    if( 0==osSetEndOfFile(h) ){
-+      rc = SQLITE_IOERR_TRUNCATE;
-+    }
-+  }
-+  return rc;
-+}
-+
-+/*
-+** Determine the size in bytes of the file opened by the handle passed as
-+** the first argument.
-+*/
-+static int winHandleSize(HANDLE h, sqlite3_int64 *pnByte){
-+  int rc = SQLITE_OK;
-+
-+#if SQLITE_OS_WINRT
-+  FILE_STANDARD_INFO info;
-+  BOOL b;
-+  b = osGetFileInformationByHandleEx(h, FileStandardInfo, &info, sizeof(info));
-+  if( b ){
-+    *pnByte = info.EndOfFile.QuadPart;
-+  }else{
-+    rc = SQLITE_IOERR_FSTAT;
-+  }
-+#else
-+  DWORD upperBits = 0;
-+  DWORD lowerBits = 0;
-+
-+  assert( pnByte );
-+  lowerBits = osGetFileSize(h, &upperBits);
-+  *pnByte = (((sqlite3_int64)upperBits)<<32) + lowerBits;
-+  if( lowerBits==INVALID_FILE_SIZE && osGetLastError()!=NO_ERROR ){
-+    rc = SQLITE_IOERR_FSTAT;
-+  }
-+#endif
-+
-+  return rc;
-+}
-+
-+/*
-+** Close the handle passed as the only argument.
-+*/
-+static void winHandleClose(HANDLE h){
-+  if( h!=INVALID_HANDLE_VALUE ){
-+    osCloseHandle(h);
-+  }
-+}
-+
-+/*
- ** Truncate an open file to a specified size
- */
- static int winTruncate(sqlite3_file *id, sqlite3_int64 nByte){
-@@ -50028,8 +50560,9 @@
- ** Different API routines are called depending on whether or not this
- ** is Win9x or WinNT.
- */
--static int winGetReadLock(winFile *pFile){
-+static int winGetReadLock(winFile *pFile, int bBlock){
-   int res;
-+  DWORD mask = ~(bBlock ? LOCKFILE_FAIL_IMMEDIATELY : 0);
-   OSTRACE(("READ-LOCK file=%p, lock=%d\n", pFile->h, pFile->locktype));
-   if( osIsNT() ){
- #if SQLITE_OS_WINCE
-@@ -50039,7 +50572,7 @@
-     */
-     res = winceLockFile(&pFile->h, SHARED_FIRST, 0, 1, 0);
- #else
--    res = winLockFile(&pFile->h, SQLITE_LOCKFILEEX_FLAGS, SHARED_FIRST, 0,
-+    res = winLockFile(&pFile->h, SQLITE_LOCKFILEEX_FLAGS&mask, SHARED_FIRST, 0,
-                       SHARED_SIZE, 0);
- #endif
-   }
-@@ -50048,7 +50581,7 @@
-     int lk;
-     sqlite3_randomness(sizeof(lk), &lk);
-     pFile->sharedLockByte = (short)((lk & 0x7fffffff)%(SHARED_SIZE - 1));
--    res = winLockFile(&pFile->h, SQLITE_LOCKFILE_FLAGS,
-+    res = winLockFile(&pFile->h, SQLITE_LOCKFILE_FLAGS&mask,
-                       SHARED_FIRST+pFile->sharedLockByte, 0, 1, 0);
-   }
- #endif
-@@ -50143,46 +50676,62 @@
-   assert( locktype!=PENDING_LOCK );
-   assert( locktype!=RESERVED_LOCK || pFile->locktype==SHARED_LOCK );
- 
--  /* Lock the PENDING_LOCK byte if we need to acquire a PENDING lock or
-+  /* Lock the PENDING_LOCK byte if we need to acquire an EXCLUSIVE lock or
-   ** a SHARED lock.  If we are acquiring a SHARED lock, the acquisition of
-   ** the PENDING_LOCK byte is temporary.
-   */
-   newLocktype = pFile->locktype;
--  if( pFile->locktype==NO_LOCK
--   || (locktype==EXCLUSIVE_LOCK && pFile->locktype<=RESERVED_LOCK)
-+  if( locktype==SHARED_LOCK
-+   || (locktype==EXCLUSIVE_LOCK && pFile->locktype==RESERVED_LOCK)
-   ){
-     int cnt = 3;
--    while( cnt-->0 && (res = winLockFile(&pFile->h, SQLITE_LOCKFILE_FLAGS,
--                                         PENDING_BYTE, 0, 1, 0))==0 ){
-+
-+    /* Flags for the LockFileEx() call. This should be an exclusive lock if
-+    ** this call is to obtain EXCLUSIVE, or a shared lock if this call is to
-+    ** obtain SHARED.  */
-+    int flags = LOCKFILE_FAIL_IMMEDIATELY;
-+    if( locktype==EXCLUSIVE_LOCK ){
-+      flags |= LOCKFILE_EXCLUSIVE_LOCK;
-+    }
-+    while( cnt>0 ){
-       /* Try 3 times to get the pending lock.  This is needed to work
-       ** around problems caused by indexing and/or anti-virus software on
-       ** Windows systems.
-+      **
-       ** If you are using this code as a model for alternative VFSes, do not
--      ** copy this retry logic.  It is a hack intended for Windows only.
--      */
-+      ** copy this retry logic.  It is a hack intended for Windows only.  */
-+      res = winLockFile(&pFile->h, flags, PENDING_BYTE, 0, 1, 0);
-+      if( res ) break;
-+
-       lastErrno = osGetLastError();
-       OSTRACE(("LOCK-PENDING-FAIL file=%p, count=%d, result=%d\n",
--               pFile->h, cnt, res));
-+            pFile->h, cnt, res
-+      ));
-+
-       if( lastErrno==ERROR_INVALID_HANDLE ){
-         pFile->lastErrno = lastErrno;
-         rc = SQLITE_IOERR_LOCK;
-         OSTRACE(("LOCK-FAIL file=%p, count=%d, rc=%s\n",
--                 pFile->h, cnt, sqlite3ErrName(rc)));
-+              pFile->h, cnt, sqlite3ErrName(rc)
-+        ));
-         return rc;
-       }
--      if( cnt ) sqlite3_win32_sleep(1);
-+
-+      cnt--;
-+      if( cnt>0 ) sqlite3_win32_sleep(1);
-     }
-     gotPendingLock = res;
--    if( !res ){
--      lastErrno = osGetLastError();
--    }
-   }
- 
-   /* Acquire a shared lock
-   */
-   if( locktype==SHARED_LOCK && res ){
-     assert( pFile->locktype==NO_LOCK );
--    res = winGetReadLock(pFile);
-+#ifdef SQLITE_ENABLE_SETLK_TIMEOUT
-+    res = winGetReadLock(pFile, pFile->bBlockOnConnect);
-+#else
-+    res = winGetReadLock(pFile, 0);
-+#endif
-     if( res ){
-       newLocktype = SHARED_LOCK;
-     }else{
-@@ -50220,7 +50769,7 @@
-       newLocktype = EXCLUSIVE_LOCK;
-     }else{
-       lastErrno = osGetLastError();
--      winGetReadLock(pFile);
-+      winGetReadLock(pFile, 0);
-     }
-   }
- 
-@@ -50300,7 +50849,7 @@
-   type = pFile->locktype;
-   if( type>=EXCLUSIVE_LOCK ){
-     winUnlockFile(&pFile->h, SHARED_FIRST, 0, SHARED_SIZE, 0);
--    if( locktype==SHARED_LOCK && !winGetReadLock(pFile) ){
-+    if( locktype==SHARED_LOCK && !winGetReadLock(pFile, 0) ){
-       /* This should never happen.  We should always be able to
-       ** reacquire the read lock */
-       rc = winLogError(SQLITE_IOERR_UNLOCK, osGetLastError(),
-@@ -50510,6 +51059,28 @@
-       return rc;
-     }
- #endif
-+
-+#ifdef SQLITE_ENABLE_SETLK_TIMEOUT
-+    case SQLITE_FCNTL_LOCK_TIMEOUT: {
-+      int iOld = pFile->iBusyTimeout;
-+      int iNew = *(int*)pArg;
-+#if SQLITE_ENABLE_SETLK_TIMEOUT==1
-+      pFile->iBusyTimeout = (iNew < 0) ? INFINITE : (DWORD)iNew;
-+#elif SQLITE_ENABLE_SETLK_TIMEOUT==2
-+      pFile->iBusyTimeout = (DWORD)(!!iNew);
-+#else
-+# error "SQLITE_ENABLE_SETLK_TIMEOUT must be set to 1 or 2"
-+#endif
-+      *(int*)pArg = iOld;
-+      return SQLITE_OK;
-+    }
-+    case SQLITE_FCNTL_BLOCK_ON_CONNECT: {
-+      int iNew = *(int*)pArg;
-+      pFile->bBlockOnConnect = iNew;
-+      return SQLITE_OK;
-+    }
-+#endif /* SQLITE_ENABLE_SETLK_TIMEOUT */
-+
-   }
-   OSTRACE(("FCNTL file=%p, rc=SQLITE_NOTFOUND\n", pFile->h));
-   return SQLITE_NOTFOUND;
-@@ -50590,23 +51161,27 @@
- **
- ** The following fields are read-only after the object is created:
- **
--**      fid
- **      zFilename
- **
- ** Either winShmNode.mutex must be held or winShmNode.nRef==0 and
- ** winShmMutexHeld() is true when reading or writing any other field
- ** in this structure.
- **
-+** File-handle hSharedShm is used to (a) take the DMS lock, (b) truncate
-+** the *-shm file if the DMS-locking protocol demands it, and (c) map
-+** regions of the *-shm file into memory using MapViewOfFile() or
-+** similar. Other locks are taken by individual clients using the
-+** winShm.hShm handles.
- */
- struct winShmNode {
-   sqlite3_mutex *mutex;      /* Mutex to access this object */
-   char *zFilename;           /* Name of the file */
--  winFile hFile;             /* File handle from winOpen */
-+  HANDLE hSharedShm;         /* File handle open on zFilename */
- 
-+  int isUnlocked;            /* DMS lock has not yet been obtained */
-+  int isReadonly;            /* True if read-only */
-   int szRegion;              /* Size of shared-memory regions */
-   int nRegion;               /* Size of array apRegion */
--  u8 isReadonly;             /* True if read-only */
--  u8 isUnlocked;             /* True if no DMS lock held */
- 
-   struct ShmRegion {
-     HANDLE hMap;             /* File handle from CreateFileMapping */
-@@ -50615,7 +51190,6 @@
-   DWORD lastErrno;           /* The Windows errno from the last I/O error */
- 
-   int nRef;                  /* Number of winShm objects pointing to this */
--  winShm *pFirst;            /* All winShm objects pointing to this */
-   winShmNode *pNext;         /* Next in list of all winShmNode objects */
- #if defined(SQLITE_DEBUG) || defined(SQLITE_HAVE_OS_TRACE)
-   u8 nextShmId;              /* Next available winShm.id value */
-@@ -50631,23 +51205,15 @@
- 
- /*
- ** Structure used internally by this VFS to record the state of an
--** open shared memory connection.
--**
--** The following fields are initialized when this object is created and
--** are read-only thereafter:
--**
--**    winShm.pShmNode
--**    winShm.id
--**
--** All other fields are read/write.  The winShm.pShmNode->mutex must be held
--** while accessing any read/write fields.
-+** open shared memory connection. There is one such structure for each
-+** winFile open on a wal mode database.
- */
- struct winShm {
-   winShmNode *pShmNode;      /* The underlying winShmNode object */
--  winShm *pNext;             /* Next winShm with the same winShmNode */
--  u8 hasMutex;               /* True if holding the winShmNode mutex */
-   u16 sharedMask;            /* Mask of shared locks held */
-   u16 exclMask;              /* Mask of exclusive locks held */
-+  HANDLE hShm;               /* File-handle on *-shm file. For locking. */
-+  int bReadonly;             /* True if hShm is opened read-only */
- #if defined(SQLITE_DEBUG) || defined(SQLITE_HAVE_OS_TRACE)
-   u8 id;                     /* Id of this connection with its winShmNode */
- #endif
-@@ -50659,50 +51225,6 @@
- #define WIN_SHM_BASE   ((22+SQLITE_SHM_NLOCK)*4)        /* first lock byte */
- #define WIN_SHM_DMS    (WIN_SHM_BASE+SQLITE_SHM_NLOCK)  /* deadman switch */
- 
--/*
--** Apply advisory locks for all n bytes beginning at ofst.
--*/
--#define WINSHM_UNLCK  1
--#define WINSHM_RDLCK  2
--#define WINSHM_WRLCK  3
--static int winShmSystemLock(
--  winShmNode *pFile,    /* Apply locks to this open shared-memory segment */
--  int lockType,         /* WINSHM_UNLCK, WINSHM_RDLCK, or WINSHM_WRLCK */
--  int ofst,             /* Offset to first byte to be locked/unlocked */
--  int nByte             /* Number of bytes to lock or unlock */
--){
--  int rc = 0;           /* Result code form Lock/UnlockFileEx() */
--
--  /* Access to the winShmNode object is serialized by the caller */
--  assert( pFile->nRef==0 || sqlite3_mutex_held(pFile->mutex) );
--
--  OSTRACE(("SHM-LOCK file=%p, lock=%d, offset=%d, size=%d\n",
--           pFile->hFile.h, lockType, ofst, nByte));
--
--  /* Release/Acquire the system-level lock */
--  if( lockType==WINSHM_UNLCK ){
--    rc = winUnlockFile(&pFile->hFile.h, ofst, 0, nByte, 0);
--  }else{
--    /* Initialize the locking parameters */
--    DWORD dwFlags = LOCKFILE_FAIL_IMMEDIATELY;
--    if( lockType == WINSHM_WRLCK ) dwFlags |= LOCKFILE_EXCLUSIVE_LOCK;
--    rc = winLockFile(&pFile->hFile.h, dwFlags, ofst, 0, nByte, 0);
--  }
--
--  if( rc!= 0 ){
--    rc = SQLITE_OK;
--  }else{
--    pFile->lastErrno =  osGetLastError();
--    rc = SQLITE_BUSY;
--  }
--
--  OSTRACE(("SHM-LOCK file=%p, func=%s, errno=%lu, rc=%s\n",
--           pFile->hFile.h, (lockType == WINSHM_UNLCK) ? "winUnlockFile" :
--           "winLockFile", pFile->lastErrno, sqlite3ErrName(rc)));
--
--  return rc;
--}
--
- /* Forward references to VFS methods */
- static int winOpen(sqlite3_vfs*,const char*,sqlite3_file*,int,int*);
- static int winDelete(sqlite3_vfs *,const char*,int);
-@@ -50734,11 +51256,7 @@
-                  osGetCurrentProcessId(), i, bRc ? "ok" : "failed"));
-         UNUSED_VARIABLE_VALUE(bRc);
-       }
--      if( p->hFile.h!=NULL && p->hFile.h!=INVALID_HANDLE_VALUE ){
--        SimulateIOErrorBenign(1);
--        winClose((sqlite3_file *)&p->hFile);
--        SimulateIOErrorBenign(0);
--      }
-+      winHandleClose(p->hSharedShm);
-       if( deleteFlag ){
-         SimulateIOErrorBenign(1);
-         sqlite3BeginBenignMalloc();
-@@ -50756,42 +51274,239 @@
- }
- 
- /*
--** The DMS lock has not yet been taken on shm file pShmNode. Attempt to
--** take it now. Return SQLITE_OK if successful, or an SQLite error
--** code otherwise.
--**
--** If the DMS cannot be locked because this is a readonly_shm=1
--** connection and no other process already holds a lock, return
--** SQLITE_READONLY_CANTINIT and set pShmNode->isUnlocked=1.
-+** The DMS lock has not yet been taken on the shm file associated with
-+** pShmNode. Take the lock. Truncate the *-shm file if required.
-+** Return SQLITE_OK if successful, or an SQLite error code otherwise.
- */
--static int winLockSharedMemory(winShmNode *pShmNode){
--  int rc = winShmSystemLock(pShmNode, WINSHM_WRLCK, WIN_SHM_DMS, 1);
-+static int winLockSharedMemory(winShmNode *pShmNode, DWORD nMs){
-+  HANDLE h = pShmNode->hSharedShm;
-+  int rc = SQLITE_OK;
- 
-+  assert( sqlite3_mutex_held(pShmNode->mutex) );
-+  rc = winHandleLockTimeout(h, WIN_SHM_DMS, 1, 1, 0);
-   if( rc==SQLITE_OK ){
-+    /* We have an EXCLUSIVE lock on the DMS byte. This means that this
-+    ** is the first process to open the file. Truncate it to zero bytes
-+    ** in this case.  */
-     if( pShmNode->isReadonly ){
--      pShmNode->isUnlocked = 1;
--      winShmSystemLock(pShmNode, WINSHM_UNLCK, WIN_SHM_DMS, 1);
--      return SQLITE_READONLY_CANTINIT;
--    }else if( winTruncate((sqlite3_file*)&pShmNode->hFile, 0) ){
--      winShmSystemLock(pShmNode, WINSHM_UNLCK, WIN_SHM_DMS, 1);
--      return winLogError(SQLITE_IOERR_SHMOPEN, osGetLastError(),
--                         "winLockSharedMemory", pShmNode->zFilename);
-+      rc = SQLITE_READONLY_CANTINIT;
-+    }else{
-+      rc = winHandleTruncate(h, 0);
-     }
-+
-+    /* Release the EXCLUSIVE lock acquired above. */
-+    winUnlockFile(&h, WIN_SHM_DMS, 0, 1, 0);
-+  }else if( (rc & 0xFF)==SQLITE_BUSY ){
-+    rc = SQLITE_OK;
-   }
- 
-   if( rc==SQLITE_OK ){
--    winShmSystemLock(pShmNode, WINSHM_UNLCK, WIN_SHM_DMS, 1);
-+    /* Take a SHARED lock on the DMS byte. */
-+    rc = winHandleLockTimeout(h, WIN_SHM_DMS, 1, 0, nMs);
-+    if( rc==SQLITE_OK ){
-+      pShmNode->isUnlocked = 0;
-+    }
-   }
- 
--  return winShmSystemLock(pShmNode, WINSHM_RDLCK, WIN_SHM_DMS, 1);
-+  return rc;
- }
- 
-+
- /*
--** Open the shared-memory area associated with database file pDbFd.
-+** Convert a UTF-8 filename into whatever form the underlying
-+** operating system wants filenames in.  Space to hold the result
-+** is obtained from malloc and must be freed by the calling
-+** function
- **
--** When opening a new shared-memory file, if no other instances of that
--** file are currently open, in this process or in other processes, then
--** the file must be truncated to zero length or have its header cleared.
-+** On Cygwin, 3 possible input forms are accepted:
-+** - If the filename starts with "<drive>:/" or "<drive>:\",
-+**   it is converted to UTF-16 as-is.
-+** - If the filename contains '/', it is assumed to be a
-+**   Cygwin absolute path, it is converted to a win32
-+**   absolute path in UTF-16.
-+** - Otherwise it must be a filename only, the win32 filename
-+**   is returned in UTF-16.
-+** Note: If the function cygwin_conv_path() fails, only
-+**   UTF-8 -> UTF-16 conversion will be done. This can only
-+**   happen when the file path >32k, in which case winUtf8ToUnicode()
-+**   will fail too.
-+*/
-+static void *winConvertFromUtf8Filename(const char *zFilename){
-+  void *zConverted = 0;
-+  if( osIsNT() ){
-+#ifdef __CYGWIN__
-+    int nChar;
-+    LPWSTR zWideFilename;
-+
-+    if( osCygwin_conv_path && !(winIsDriveLetterAndColon(zFilename)
-+        && winIsDirSep(zFilename[2])) ){
-+      i64 nByte;
-+      int convertflag = CCP_POSIX_TO_WIN_W;
-+      if( !strchr(zFilename, '/') ) convertflag |= CCP_RELATIVE;
-+      nByte = (i64)osCygwin_conv_path(convertflag,
-+          zFilename, 0, 0);
-+      if( nByte>0 ){
-+        zConverted = sqlite3MallocZero(12+(u64)nByte);
-+        if ( zConverted==0 ){
-+          return zConverted;
-+        }
-+        zWideFilename = zConverted;
-+        /* Filenames should be prefixed, except when converted
-+         * full path already starts with "\\?\". */
-+        if( osCygwin_conv_path(convertflag, zFilename,
-+                             zWideFilename+4, nByte)==0 ){
-+          if( (convertflag&CCP_RELATIVE) ){
-+            memmove(zWideFilename, zWideFilename+4, nByte);
-+          }else if( memcmp(zWideFilename+4, L"\\\\", 4) ){
-+            memcpy(zWideFilename, L"\\\\?\\", 8);
-+          }else if( zWideFilename[6]!='?' ){
-+            memmove(zWideFilename+6, zWideFilename+4, nByte);
-+            memcpy(zWideFilename, L"\\\\?\\UNC", 14);
-+          }else{
-+            memmove(zWideFilename, zWideFilename+4, nByte);
-+          }
-+          return zConverted;
-+        }
-+        sqlite3_free(zConverted);
-+      }
-+    }
-+    nChar = osMultiByteToWideChar(CP_UTF8, 0, zFilename, -1, NULL, 0);
-+    if( nChar==0 ){
-+      return 0;
-+    }
-+    zWideFilename = sqlite3MallocZero( nChar*sizeof(WCHAR)+12 );
-+    if( zWideFilename==0 ){
-+      return 0;
-+    }
-+    nChar = osMultiByteToWideChar(CP_UTF8, 0, zFilename, -1,
-+                                  zWideFilename, nChar);
-+    if( nChar==0 ){
-+      sqlite3_free(zWideFilename);
-+      zWideFilename = 0;
-+    }else if( nChar>MAX_PATH
-+        && winIsDriveLetterAndColon(zFilename)
-+        && winIsDirSep(zFilename[2]) ){
-+      memmove(zWideFilename+4, zWideFilename, nChar*sizeof(WCHAR));
-+      zWideFilename[2] = '\\';
-+      memcpy(zWideFilename, L"\\\\?\\", 8);
-+    }else if( nChar>MAX_PATH
-+        && winIsDirSep(zFilename[0]) && winIsDirSep(zFilename[1])
-+        && zFilename[2] != '?' ){
-+      memmove(zWideFilename+6, zWideFilename, nChar*sizeof(WCHAR));
-+      memcpy(zWideFilename, L"\\\\?\\UNC", 14);
-+    }
-+    zConverted = zWideFilename;
-+#else
-+    zConverted = winUtf8ToUnicode(zFilename);
-+#endif /* __CYGWIN__ */
-+  }
-+#if defined(SQLITE_WIN32_HAS_ANSI) && defined(_WIN32)
-+  else{
-+    zConverted = winUtf8ToMbcs(zFilename, osAreFileApisANSI());
-+  }
-+#endif
-+  /* caller will handle out of memory */
-+  return zConverted;
-+}
-+
-+/*
-+** This function is used to open a handle on a *-shm file.
-+**
-+** If SQLITE_ENABLE_SETLK_TIMEOUT is defined at build time, then the file
-+** is opened with FILE_FLAG_OVERLAPPED specified. If not, it is not.
-+*/
-+static int winHandleOpen(
-+  const char *zUtf8,              /* File to open */
-+  int *pbReadonly,                /* IN/OUT: True for readonly handle */
-+  HANDLE *ph                      /* OUT: New HANDLE for file */
-+){
-+  int rc = SQLITE_OK;
-+  void *zConverted = 0;
-+  int bReadonly = *pbReadonly;
-+  HANDLE h = INVALID_HANDLE_VALUE;
-+
-+#ifdef SQLITE_ENABLE_SETLK_TIMEOUT
-+  const DWORD flag_overlapped = FILE_FLAG_OVERLAPPED;
-+#else
-+  const DWORD flag_overlapped = 0;
-+#endif
-+
-+  /* Convert the filename to the system encoding. */
-+  zConverted = winConvertFromUtf8Filename(zUtf8);
-+  if( zConverted==0 ){
-+    OSTRACE(("OPEN name=%s, rc=SQLITE_IOERR_NOMEM", zUtf8));
-+    rc = SQLITE_IOERR_NOMEM_BKPT;
-+    goto winopenfile_out;
-+  }
-+
-+  /* Ensure the file we are trying to open is not actually a directory. */
-+  if( winIsDir(zConverted) ){
-+    OSTRACE(("OPEN name=%s, rc=SQLITE_CANTOPEN_ISDIR", zUtf8));
-+    rc = SQLITE_CANTOPEN_ISDIR;
-+    goto winopenfile_out;
-+  }
-+
-+  /* TODO: platforms.
-+  ** TODO: retry-on-ioerr.
-+  */
-+  if( osIsNT() ){
-+#if SQLITE_OS_WINRT
-+    CREATEFILE2_EXTENDED_PARAMETERS extendedParameters;
-+    memset(&extendedParameters, 0, sizeof(extendedParameters));
-+    extendedParameters.dwSize = sizeof(extendedParameters);
-+    extendedParameters.dwFileAttributes = FILE_ATTRIBUTE_NORMAL;
-+    extendedParameters.dwFileFlags = flag_overlapped;
-+    extendedParameters.dwSecurityQosFlags = SECURITY_ANONYMOUS;
-+    h = osCreateFile2((LPCWSTR)zConverted,
-+        (GENERIC_READ | (bReadonly ? 0 : GENERIC_WRITE)),/* dwDesiredAccess */
-+        FILE_SHARE_READ | FILE_SHARE_WRITE,      /* dwShareMode */
-+        OPEN_ALWAYS,                             /* dwCreationDisposition */
-+        &extendedParameters
-+    );
-+#else
-+    h = osCreateFileW((LPCWSTR)zConverted,         /* lpFileName */
-+        (GENERIC_READ | (bReadonly ? 0 : GENERIC_WRITE)),  /* dwDesiredAccess */
-+        FILE_SHARE_READ | FILE_SHARE_WRITE,        /* dwShareMode */
-+        NULL,                                      /* lpSecurityAttributes */
-+        OPEN_ALWAYS,                               /* dwCreationDisposition */
-+        FILE_ATTRIBUTE_NORMAL|flag_overlapped,
-+        NULL
-+    );
-+#endif
-+  }else{
-+    /* Due to pre-processor directives earlier in this file,
-+    ** SQLITE_WIN32_HAS_ANSI is always defined if osIsNT() is false. */
-+#ifdef SQLITE_WIN32_HAS_ANSI
-+    h = osCreateFileA((LPCSTR)zConverted,
-+        (GENERIC_READ | (bReadonly ? 0 : GENERIC_WRITE)),  /* dwDesiredAccess */
-+        FILE_SHARE_READ | FILE_SHARE_WRITE,        /* dwShareMode */
-+        NULL,                                      /* lpSecurityAttributes */
-+        OPEN_ALWAYS,                               /* dwCreationDisposition */
-+        FILE_ATTRIBUTE_NORMAL|flag_overlapped,
-+        NULL
-+    );
-+#endif
-+  }
-+
-+  if( h==INVALID_HANDLE_VALUE ){
-+    if( bReadonly==0 ){
-+      bReadonly = 1;
-+      rc = winHandleOpen(zUtf8, &bReadonly, &h);
-+    }else{
-+      rc = SQLITE_CANTOPEN_BKPT;
-+    }
-+  }
-+
-+ winopenfile_out:
-+  sqlite3_free(zConverted);
-+  *pbReadonly = bReadonly;
-+  *ph = h;
-+  return rc;
-+}
-+
-+
-+/*
-+** Open the shared-memory area associated with database file pDbFd.
- */
- static int winOpenSharedMemory(winFile *pDbFd){
-   struct winShm *p;                  /* The connection to be opened */
-@@ -50803,98 +51518,83 @@
-   assert( pDbFd->pShm==0 );    /* Not previously opened */
- 
-   /* Allocate space for the new sqlite3_shm object.  Also speculatively
--  ** allocate space for a new winShmNode and filename.
--  */
-+  ** allocate space for a new winShmNode and filename.  */
-   p = sqlite3MallocZero( sizeof(*p) );
-   if( p==0 ) return SQLITE_IOERR_NOMEM_BKPT;
-   nName = sqlite3Strlen30(pDbFd->zPath);
--  pNew = sqlite3MallocZero( sizeof(*pShmNode) + nName + 17 );
-+  pNew = sqlite3MallocZero( sizeof(*pShmNode) + (i64)nName + 17 );
-   if( pNew==0 ){
-     sqlite3_free(p);
-     return SQLITE_IOERR_NOMEM_BKPT;
-   }
-   pNew->zFilename = (char*)&pNew[1];
-+  pNew->hSharedShm = INVALID_HANDLE_VALUE;
-+  pNew->isUnlocked = 1;
-   sqlite3_snprintf(nName+15, pNew->zFilename, "%s-shm", pDbFd->zPath);
-   sqlite3FileSuffix3(pDbFd->zPath, pNew->zFilename);
- 
-+  /* Open a file-handle on the *-shm file for this connection. This file-handle
-+  ** is only used for locking. The mapping of the *-shm file is created using
-+  ** the shared file handle in winShmNode.hSharedShm.  */
-+  p->bReadonly = sqlite3_uri_boolean(pDbFd->zPath, "readonly_shm", 0);
-+  rc = winHandleOpen(pNew->zFilename, &p->bReadonly, &p->hShm);
-+
-   /* Look to see if there is an existing winShmNode that can be used.
--  ** If no matching winShmNode currently exists, create a new one.
--  */
-+  ** If no matching winShmNode currently exists, then create a new one.  */
-   winShmEnterMutex();
-   for(pShmNode = winShmNodeList; pShmNode; pShmNode=pShmNode->pNext){
-     /* TBD need to come up with better match here.  Perhaps
--    ** use FILE_ID_BOTH_DIR_INFO Structure.
--    */
-+    ** use FILE_ID_BOTH_DIR_INFO Structure.  */
-     if( sqlite3StrICmp(pShmNode->zFilename, pNew->zFilename)==0 ) break;
-   }
--  if( pShmNode ){
--    sqlite3_free(pNew);
--  }else{
--    int inFlags = SQLITE_OPEN_WAL;
--    int outFlags = 0;
--
-+  if( pShmNode==0 ){
-     pShmNode = pNew;
--    pNew = 0;
--    ((winFile*)(&pShmNode->hFile))->h = INVALID_HANDLE_VALUE;
--    pShmNode->pNext = winShmNodeList;
--    winShmNodeList = pShmNode;
- 
-+    /* Allocate a mutex for this winShmNode object, if one is required. */
-     if( sqlite3GlobalConfig.bCoreMutex ){
-       pShmNode->mutex = sqlite3_mutex_alloc(SQLITE_MUTEX_FAST);
--      if( pShmNode->mutex==0 ){
--        rc = SQLITE_IOERR_NOMEM_BKPT;
--        goto shm_open_err;
--      }
-+      if( pShmNode->mutex==0 ) rc = SQLITE_IOERR_NOMEM_BKPT;
-     }
- 
--    if( 0==sqlite3_uri_boolean(pDbFd->zPath, "readonly_shm", 0) ){
--      inFlags |= SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE;
--    }else{
--      inFlags |= SQLITE_OPEN_READONLY;
--    }
--    rc = winOpen(pDbFd->pVfs, pShmNode->zFilename,
--                 (sqlite3_file*)&pShmNode->hFile,
--                 inFlags, &outFlags);
--    if( rc!=SQLITE_OK ){
--      rc = winLogError(rc, osGetLastError(), "winOpenShm",
--                       pShmNode->zFilename);
--      goto shm_open_err;
-+    /* Open a file-handle to use for mappings, and for the DMS lock. */
-+    if( rc==SQLITE_OK ){
-+      HANDLE h = INVALID_HANDLE_VALUE;
-+      pShmNode->isReadonly = p->bReadonly;
-+      rc = winHandleOpen(pNew->zFilename, &pShmNode->isReadonly, &h);
-+      pShmNode->hSharedShm = h;
-     }
--    if( outFlags==SQLITE_OPEN_READONLY ) pShmNode->isReadonly = 1;
- 
--    rc = winLockSharedMemory(pShmNode);
--    if( rc!=SQLITE_OK && rc!=SQLITE_READONLY_CANTINIT ) goto shm_open_err;
-+    /* If successful, link the new winShmNode into the global list. If an
-+    ** error occurred, free the object. */
-+    if( rc==SQLITE_OK ){
-+      pShmNode->pNext = winShmNodeList;
-+      winShmNodeList = pShmNode;
-+      pNew = 0;
-+    }else{
-+      sqlite3_mutex_free(pShmNode->mutex);
-+      if( pShmNode->hSharedShm!=INVALID_HANDLE_VALUE ){
-+        osCloseHandle(pShmNode->hSharedShm);
-+      }
-+    }
-   }
- 
--  /* Make the new connection a child of the winShmNode */
--  p->pShmNode = pShmNode;
-+  /* If no error has occurred, link the winShm object to the winShmNode and
-+  ** the winShm to pDbFd.  */
-+  if( rc==SQLITE_OK ){
-+    p->pShmNode = pShmNode;
-+    pShmNode->nRef++;
- #if defined(SQLITE_DEBUG) || defined(SQLITE_HAVE_OS_TRACE)
--  p->id = pShmNode->nextShmId++;
-+    p->id = pShmNode->nextShmId++;
- #endif
--  pShmNode->nRef++;
--  pDbFd->pShm = p;
--  winShmLeaveMutex();
--
--  /* The reference count on pShmNode has already been incremented under
--  ** the cover of the winShmEnterMutex() mutex and the pointer from the
--  ** new (struct winShm) object to the pShmNode has been set. All that is
--  ** left to do is to link the new object into the linked list starting
--  ** at pShmNode->pFirst. This must be done while holding the pShmNode->mutex
--  ** mutex.
--  */
--  sqlite3_mutex_enter(pShmNode->mutex);
--  p->pNext = pShmNode->pFirst;
--  pShmNode->pFirst = p;
--  sqlite3_mutex_leave(pShmNode->mutex);
--  return rc;
-+    pDbFd->pShm = p;
-+  }else if( p ){
-+    winHandleClose(p->hShm);
-+    sqlite3_free(p);
-+  }
- 
--  /* Jump here on any error */
--shm_open_err:
--  winShmSystemLock(pShmNode, WINSHM_UNLCK, WIN_SHM_DMS, 1);
--  winShmPurge(pDbFd->pVfs, 0);      /* This call frees pShmNode if required */
--  sqlite3_free(p);
--  sqlite3_free(pNew);
-+  assert( rc!=SQLITE_OK || pShmNode->isUnlocked==0 || pShmNode->nRegion==0 );
-   winShmLeaveMutex();
-+  sqlite3_free(pNew);
-   return rc;
- }
- 
-@@ -50909,27 +51609,19 @@
-   winFile *pDbFd;       /* Database holding shared-memory */
-   winShm *p;            /* The connection to be closed */
-   winShmNode *pShmNode; /* The underlying shared-memory file */
--  winShm **pp;          /* For looping over sibling connections */
- 
-   pDbFd = (winFile*)fd;
-   p = pDbFd->pShm;
-   if( p==0 ) return SQLITE_OK;
--  pShmNode = p->pShmNode;
--
--  /* Remove connection p from the set of connections associated
--  ** with pShmNode */
--  sqlite3_mutex_enter(pShmNode->mutex);
--  for(pp=&pShmNode->pFirst; (*pp)!=p; pp = &(*pp)->pNext){}
--  *pp = p->pNext;
-+  if( p->hShm!=INVALID_HANDLE_VALUE ){
-+    osCloseHandle(p->hShm);
-+  }
- 
--  /* Free the connection p */
--  sqlite3_free(p);
--  pDbFd->pShm = 0;
--  sqlite3_mutex_leave(pShmNode->mutex);
-+  pShmNode = p->pShmNode;
-+  winShmEnterMutex();
- 
-   /* If pShmNode->nRef has reached 0, then close the underlying
--  ** shared-memory file, too */
--  winShmEnterMutex();
-+  ** shared-memory file, too. */
-   assert( pShmNode->nRef>0 );
-   pShmNode->nRef--;
-   if( pShmNode->nRef==0 ){
-@@ -50937,6 +51629,9 @@
-   }
-   winShmLeaveMutex();
- 
-+  /* Free the connection p */
-+  sqlite3_free(p);
-+  pDbFd->pShm = 0;
-   return SQLITE_OK;
- }
- 
-@@ -50951,10 +51646,9 @@
- ){
-   winFile *pDbFd = (winFile*)fd;        /* Connection holding shared memory */
-   winShm *p = pDbFd->pShm;              /* The shared memory being locked */
--  winShm *pX;                           /* For looping over all siblings */
-   winShmNode *pShmNode;
-   int rc = SQLITE_OK;                   /* Result code */
--  u16 mask;                             /* Mask of locks to take or release */
-+  u16 mask = (u16)((1U<<(ofst+n)) - (1U<<ofst)); /* Mask of locks to [un]take */
- 
-   if( p==0 ) return SQLITE_IOERR_SHMLOCK;
-   pShmNode = p->pShmNode;
-@@ -50968,85 +51662,81 @@
-        || flags==(SQLITE_SHM_UNLOCK | SQLITE_SHM_EXCLUSIVE) );
-   assert( n==1 || (flags & SQLITE_SHM_EXCLUSIVE)!=0 );
- 
--  mask = (u16)((1U<<(ofst+n)) - (1U<<ofst));
--  assert( n>1 || mask==(1<<ofst) );
--  sqlite3_mutex_enter(pShmNode->mutex);
--  if( flags & SQLITE_SHM_UNLOCK ){
--    u16 allMask = 0; /* Mask of locks held by siblings */
--
--    /* See if any siblings hold this same lock */
--    for(pX=pShmNode->pFirst; pX; pX=pX->pNext){
--      if( pX==p ) continue;
--      assert( (pX->exclMask & (p->exclMask|p->sharedMask))==0 );
--      allMask |= pX->sharedMask;
--    }
-+  /* Check that, if this to be a blocking lock, no locks that occur later
-+  ** in the following list than the lock being obtained are already held:
-+  **
-+  **   1. Recovery lock (ofst==2).
-+  **   2. Checkpointer lock (ofst==1).
-+  **   3. Write lock (ofst==0).
-+  **   4. Read locks (ofst>=3 && ofst<SQLITE_SHM_NLOCK).
-+  **
-+  ** In other words, if this is a blocking lock, none of the locks that
-+  ** occur later in the above list than the lock being obtained may be
-+  ** held.
-+  */
-+#if defined(SQLITE_ENABLE_SETLK_TIMEOUT) && defined(SQLITE_DEBUG)
-+  {
-+    u16 lockMask = (p->exclMask|p->sharedMask);
-+    assert( (flags & SQLITE_SHM_UNLOCK) || pDbFd->iBusyTimeout==0 || (
-+          (ofst!=2 || lockMask==0)
-+       && (ofst!=1 || lockMask==0 || lockMask==2)
-+       && (ofst!=0 || lockMask<3)
-+       && (ofst<3  || lockMask<(1<<ofst))
-+    ));
-+  }
-+#endif
- 
--    /* Unlock the system-level locks */
--    if( (mask & allMask)==0 ){
--      rc = winShmSystemLock(pShmNode, WINSHM_UNLCK, ofst+WIN_SHM_BASE, n);
--    }else{
--      rc = SQLITE_OK;
--    }
-+  /* Check if there is any work to do. There are three cases:
-+  **
-+  **    a) An unlock operation where there are locks to unlock,
-+  **    b) An shared lock where the requested lock is not already held
-+  **    c) An exclusive lock where the requested lock is not already held
-+  **
-+  ** The SQLite core never requests an exclusive lock that it already holds.
-+  ** This is assert()ed immediately below.  */
-+  assert( flags!=(SQLITE_SHM_EXCLUSIVE|SQLITE_SHM_LOCK)
-+       || 0==(p->exclMask & mask)
-+  );
-+  if( ((flags & SQLITE_SHM_UNLOCK) && ((p->exclMask|p->sharedMask) & mask))
-+   || (flags==(SQLITE_SHM_SHARED|SQLITE_SHM_LOCK) && 0==(p->sharedMask & mask))
-+   || (flags==(SQLITE_SHM_EXCLUSIVE|SQLITE_SHM_LOCK))
-+  ){
- 
--    /* Undo the local locks */
--    if( rc==SQLITE_OK ){
--      p->exclMask &= ~mask;
--      p->sharedMask &= ~mask;
--    }
--  }else if( flags & SQLITE_SHM_SHARED ){
--    u16 allShared = 0;  /* Union of locks held by connections other than "p" */
-+    if( flags & SQLITE_SHM_UNLOCK ){
-+      /* Case (a) - unlock.  */
- 
--    /* Find out which shared locks are already held by sibling connections.
--    ** If any sibling already holds an exclusive lock, go ahead and return
--    ** SQLITE_BUSY.
--    */
--    for(pX=pShmNode->pFirst; pX; pX=pX->pNext){
--      if( (pX->exclMask & mask)!=0 ){
--        rc = SQLITE_BUSY;
--        break;
--      }
--      allShared |= pX->sharedMask;
--    }
-+      assert( (p->exclMask & p->sharedMask)==0 );
-+      assert( !(flags & SQLITE_SHM_EXCLUSIVE) || (p->exclMask & mask)==mask );
-+      assert( !(flags & SQLITE_SHM_SHARED) || (p->sharedMask & mask)==mask );
- 
--    /* Get shared locks at the system level, if necessary */
--    if( rc==SQLITE_OK ){
--      if( (allShared & mask)==0 ){
--        rc = winShmSystemLock(pShmNode, WINSHM_RDLCK, ofst+WIN_SHM_BASE, n);
--      }else{
--        rc = SQLITE_OK;
--      }
--    }
-+      rc = winHandleUnlock(p->hShm, ofst+WIN_SHM_BASE, n);
- 
--    /* Get the local shared locks */
--    if( rc==SQLITE_OK ){
--      p->sharedMask |= mask;
--    }
--  }else{
--    /* Make sure no sibling connections hold locks that will block this
--    ** lock.  If any do, return SQLITE_BUSY right away.
--    */
--    for(pX=pShmNode->pFirst; pX; pX=pX->pNext){
--      if( (pX->exclMask & mask)!=0 || (pX->sharedMask & mask)!=0 ){
--        rc = SQLITE_BUSY;
--        break;
-+      /* If successful, also clear the bits in sharedMask/exclMask */
-+      if( rc==SQLITE_OK ){
-+        p->exclMask = (p->exclMask & ~mask);
-+        p->sharedMask = (p->sharedMask & ~mask);
-       }
--    }
--
--    /* Get the exclusive locks at the system level.  Then if successful
--    ** also mark the local connection as being locked.
--    */
--    if( rc==SQLITE_OK ){
--      rc = winShmSystemLock(pShmNode, WINSHM_WRLCK, ofst+WIN_SHM_BASE, n);
-+    }else{
-+      int bExcl = ((flags & SQLITE_SHM_EXCLUSIVE) ? 1 : 0);
-+      DWORD nMs = winFileBusyTimeout(pDbFd);
-+      rc = winHandleLockTimeout(p->hShm, ofst+WIN_SHM_BASE, n, bExcl, nMs);
-       if( rc==SQLITE_OK ){
--        assert( (p->sharedMask & mask)==0 );
--        p->exclMask |= mask;
-+        if( bExcl ){
-+          p->exclMask = (p->exclMask | mask);
-+        }else{
-+          p->sharedMask = (p->sharedMask | mask);
-+        }
-       }
-     }
-   }
--  sqlite3_mutex_leave(pShmNode->mutex);
--  OSTRACE(("SHM-LOCK pid=%lu, id=%d, sharedMask=%03x, exclMask=%03x, rc=%s\n",
--           osGetCurrentProcessId(), p->id, p->sharedMask, p->exclMask,
--           sqlite3ErrName(rc)));
-+
-+  OSTRACE((
-+      "SHM-LOCK(%d,%d,%d) pid=%lu, id=%d, sharedMask=%03x, exclMask=%03x,"
-+      " rc=%s\n",
-+      ofst, n, flags,
-+      osGetCurrentProcessId(), p->id, p->sharedMask, p->exclMask,
-+      sqlite3ErrName(rc))
-+  );
-   return rc;
- }
- 
-@@ -51108,13 +51798,15 @@
- 
-   sqlite3_mutex_enter(pShmNode->mutex);
-   if( pShmNode->isUnlocked ){
--    rc = winLockSharedMemory(pShmNode);
-+    /* Take the DMS lock. */
-+    assert( pShmNode->nRegion==0 );
-+    rc = winLockSharedMemory(pShmNode, winFileBusyTimeout(pDbFd));
-     if( rc!=SQLITE_OK ) goto shmpage_out;
--    pShmNode->isUnlocked = 0;
-   }
--  assert( szRegion==pShmNode->szRegion || pShmNode->nRegion==0 );
- 
-+  assert( szRegion==pShmNode->szRegion || pShmNode->nRegion==0 );
-   if( pShmNode->nRegion<=iRegion ){
-+    HANDLE hShared = pShmNode->hSharedShm;
-     struct ShmRegion *apNew;           /* New aRegion[] array */
-     int nByte = (iRegion+1)*szRegion;  /* Minimum required file size */
-     sqlite3_int64 sz;                  /* Current size of wal-index file */
-@@ -51125,10 +51817,9 @@
-     ** Check to see if it has been allocated (i.e. if the wal-index file is
-     ** large enough to contain the requested region).
-     */
--    rc = winFileSize((sqlite3_file *)&pShmNode->hFile, &sz);
-+    rc = winHandleSize(hShared, &sz);
-     if( rc!=SQLITE_OK ){
--      rc = winLogError(SQLITE_IOERR_SHMSIZE, osGetLastError(),
--                       "winShmMap1", pDbFd->zPath);
-+      rc = winLogError(rc, osGetLastError(), "winShmMap1", pDbFd->zPath);
-       goto shmpage_out;
-     }
- 
-@@ -51137,19 +51828,17 @@
-       ** zero, exit early. *pp will be set to NULL and SQLITE_OK returned.
-       **
-       ** Alternatively, if isWrite is non-zero, use ftruncate() to allocate
--      ** the requested memory region.
--      */
-+      ** the requested memory region.  */
-       if( !isWrite ) goto shmpage_out;
--      rc = winTruncate((sqlite3_file *)&pShmNode->hFile, nByte);
-+      rc = winHandleTruncate(hShared, nByte);
-       if( rc!=SQLITE_OK ){
--        rc = winLogError(SQLITE_IOERR_SHMSIZE, osGetLastError(),
--                         "winShmMap2", pDbFd->zPath);
-+        rc = winLogError(rc, osGetLastError(), "winShmMap2", pDbFd->zPath);
-         goto shmpage_out;
-       }
-     }
- 
-     /* Map the requested memory region into this processes address space. */
--    apNew = (struct ShmRegion *)sqlite3_realloc64(
-+    apNew = (struct ShmRegion*)sqlite3_realloc64(
-         pShmNode->aRegion, (iRegion+1)*sizeof(apNew[0])
-     );
-     if( !apNew ){
-@@ -51168,18 +51857,13 @@
-       void *pMap = 0;             /* Mapped memory region */
- 
- #if SQLITE_OS_WINRT
--      hMap = osCreateFileMappingFromApp(pShmNode->hFile.h,
--          NULL, protect, nByte, NULL
--      );
-+      hMap = osCreateFileMappingFromApp(hShared, NULL, protect, nByte, NULL);
- #elif defined(SQLITE_WIN32_HAS_WIDE)
--      hMap = osCreateFileMappingW(pShmNode->hFile.h,
--          NULL, protect, 0, nByte, NULL
--      );
-+      hMap = osCreateFileMappingW(hShared, NULL, protect, 0, nByte, NULL);
- #elif defined(SQLITE_WIN32_HAS_ANSI) && SQLITE_WIN32_CREATEFILEMAPPINGA
--      hMap = osCreateFileMappingA(pShmNode->hFile.h,
--          NULL, protect, 0, nByte, NULL
--      );
-+      hMap = osCreateFileMappingA(hShared, NULL, protect, 0, nByte, NULL);
- #endif
-+
-       OSTRACE(("SHM-MAP-CREATE pid=%lu, region=%d, size=%d, rc=%s\n",
-                osGetCurrentProcessId(), pShmNode->nRegion, nByte,
-                hMap ? "ok" : "failed"));
-@@ -51222,7 +51906,9 @@
-   }else{
-     *pp = 0;
-   }
--  if( pShmNode->isReadonly && rc==SQLITE_OK ) rc = SQLITE_READONLY;
-+  if( pShmNode->isReadonly && rc==SQLITE_OK ){
-+    rc = SQLITE_READONLY;
-+  }
-   sqlite3_mutex_leave(pShmNode->mutex);
-   return rc;
- }
-@@ -51542,47 +52228,6 @@
- ** sqlite3_vfs object.
- */
- 
--#if defined(__CYGWIN__)
--/*
--** Convert a filename from whatever the underlying operating system
--** supports for filenames into UTF-8.  Space to hold the result is
--** obtained from malloc and must be freed by the calling function.
--*/
--static char *winConvertToUtf8Filename(const void *zFilename){
--  char *zConverted = 0;
--  if( osIsNT() ){
--    zConverted = winUnicodeToUtf8(zFilename);
--  }
--#ifdef SQLITE_WIN32_HAS_ANSI
--  else{
--    zConverted = winMbcsToUtf8(zFilename, osAreFileApisANSI());
--  }
--#endif
--  /* caller will handle out of memory */
--  return zConverted;
--}
--#endif
--
--/*
--** Convert a UTF-8 filename into whatever form the underlying
--** operating system wants filenames in.  Space to hold the result
--** is obtained from malloc and must be freed by the calling
--** function.
--*/
--static void *winConvertFromUtf8Filename(const char *zFilename){
--  void *zConverted = 0;
--  if( osIsNT() ){
--    zConverted = winUtf8ToUnicode(zFilename);
--  }
--#ifdef SQLITE_WIN32_HAS_ANSI
--  else{
--    zConverted = winUtf8ToMbcs(zFilename, osAreFileApisANSI());
--  }
--#endif
--  /* caller will handle out of memory */
--  return zConverted;
--}
--
- /*
- ** This function returns non-zero if the specified UTF-8 string buffer
- ** ends with a directory separator character or one was successfully
-@@ -51595,7 +52240,14 @@
-       if( winIsDirSep(zBuf[nLen-1]) ){
-         return 1;
-       }else if( nLen+1<nBuf ){
--        zBuf[nLen] = winGetDirSep();
-+        if( !osGetenv ){
-+          zBuf[nLen] = winGetDirSep();
-+        }else if( winIsDriveLetterAndColon(zBuf) && winIsDirSep(zBuf[2]) ){
-+          zBuf[nLen] = '\\';
-+          zBuf[2]='\\';
-+        }else{
-+          zBuf[nLen] = '/';
-+        }
-         zBuf[nLen+1] = '\0';
-         return 1;
-       }
-@@ -51622,14 +52274,14 @@
- ** The pointer returned in pzBuf must be freed via sqlite3_free().
- */
- static int winGetTempname(sqlite3_vfs *pVfs, char **pzBuf){
--  static char zChars[] =
-+  static const char zChars[] =
-     "abcdefghijklmnopqrstuvwxyz"
-     "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
-     "0123456789";
-   size_t i, j;
-   DWORD pid;
-   int nPre = sqlite3Strlen30(SQLITE_TEMP_FILE_PREFIX);
--  int nMax, nBuf, nDir, nLen;
-+  i64 nMax, nBuf, nDir, nLen;
-   char *zBuf;
- 
-   /* It's odd to simulate an io-error here, but really this is just
-@@ -51641,7 +52293,8 @@
-   /* Allocate a temporary buffer to store the fully qualified file
-   ** name for the temporary file.  If this fails, we cannot continue.
-   */
--  nMax = pVfs->mxPathname; nBuf = nMax + 2;
-+  nMax = pVfs->mxPathname;
-+  nBuf = 2 + (i64)nMax;
-   zBuf = sqlite3MallocZero( nBuf );
-   if( !zBuf ){
-     OSTRACE(("TEMP-FILENAME rc=SQLITE_IOERR_NOMEM\n"));
-@@ -51672,7 +52325,7 @@
-   }
- 
- #if defined(__CYGWIN__)
--  else{
-+  else if( osGetenv!=NULL ){
-     static const char *azDirs[] = {
-        0, /* getenv("SQLITE_TMPDIR") */
-        0, /* getenv("TMPDIR") */
-@@ -51688,11 +52341,11 @@
-     unsigned int i;
-     const char *zDir = 0;
- 
--    if( !azDirs[0] ) azDirs[0] = getenv("SQLITE_TMPDIR");
--    if( !azDirs[1] ) azDirs[1] = getenv("TMPDIR");
--    if( !azDirs[2] ) azDirs[2] = getenv("TMP");
--    if( !azDirs[3] ) azDirs[3] = getenv("TEMP");
--    if( !azDirs[4] ) azDirs[4] = getenv("USERPROFILE");
-+    if( !azDirs[0] ) azDirs[0] = osGetenv("SQLITE_TMPDIR");
-+    if( !azDirs[1] ) azDirs[1] = osGetenv("TMPDIR");
-+    if( !azDirs[2] ) azDirs[2] = osGetenv("TMP");
-+    if( !azDirs[3] ) azDirs[3] = osGetenv("TEMP");
-+    if( !azDirs[4] ) azDirs[4] = osGetenv("USERPROFILE");
-     for(i=0; i<sizeof(azDirs)/sizeof(azDirs[0]); zDir=azDirs[i++]){
-       void *zConverted;
-       if( zDir==0 ) continue;
-@@ -51701,7 +52354,7 @@
-       ** it must be converted to a native Win32 path via the Cygwin API
-       ** prior to using it.
-       */
--      if( winIsDriveLetterAndColon(zDir) ){
-+      {
-         zConverted = winConvertFromUtf8Filename(zDir);
-         if( !zConverted ){
-           sqlite3_free(zBuf);
-@@ -51714,44 +52367,12 @@
-           break;
-         }
-         sqlite3_free(zConverted);
--      }else{
--        zConverted = sqlite3MallocZero( nMax+1 );
--        if( !zConverted ){
--          sqlite3_free(zBuf);
--          OSTRACE(("TEMP-FILENAME rc=SQLITE_IOERR_NOMEM\n"));
--          return SQLITE_IOERR_NOMEM_BKPT;
--        }
--        if( cygwin_conv_path(
--                osIsNT() ? CCP_POSIX_TO_WIN_W : CCP_POSIX_TO_WIN_A, zDir,
--                zConverted, nMax+1)<0 ){
--          sqlite3_free(zConverted);
--          sqlite3_free(zBuf);
--          OSTRACE(("TEMP-FILENAME rc=SQLITE_IOERR_CONVPATH\n"));
--          return winLogError(SQLITE_IOERR_CONVPATH, (DWORD)errno,
--                             "winGetTempname2", zDir);
--        }
--        if( winIsDir(zConverted) ){
--          /* At this point, we know the candidate directory exists and should
--          ** be used.  However, we may need to convert the string containing
--          ** its name into UTF-8 (i.e. if it is UTF-16 right now).
--          */
--          char *zUtf8 = winConvertToUtf8Filename(zConverted);
--          if( !zUtf8 ){
--            sqlite3_free(zConverted);
--            sqlite3_free(zBuf);
--            OSTRACE(("TEMP-FILENAME rc=SQLITE_IOERR_NOMEM\n"));
--            return SQLITE_IOERR_NOMEM_BKPT;
--          }
--          sqlite3_snprintf(nMax, zBuf, "%s", zUtf8);
--          sqlite3_free(zUtf8);
--          sqlite3_free(zConverted);
--          break;
--        }
--        sqlite3_free(zConverted);
-       }
-     }
-   }
--#elif !SQLITE_OS_WINRT && !defined(__CYGWIN__)
-+#endif
-+
-+#if !SQLITE_OS_WINRT && defined(_WIN32)
-   else if( osIsNT() ){
-     char *zMulti;
-     LPWSTR zWidePath = sqlite3MallocZero( nMax*sizeof(WCHAR) );
-@@ -51875,7 +52496,7 @@
-       return 0; /* Invalid name? */
-     }
-     attr = sAttrData.dwFileAttributes;
--#if SQLITE_OS_WINCE==0
-+#if SQLITE_OS_WINCE==0 && defined(SQLITE_WIN32_HAS_ANSI)
-   }else{
-     attr = osGetFileAttributesA((char*)zConverted);
- #endif
-@@ -51892,6 +52513,12 @@
- );
- 
- /*
-+** The Windows version of xAccess() accepts an extra bit in the flags
-+** parameter that prevents an anti-virus retry loop.
-+*/
-+#define NORETRY 0x4000
-+
-+/*
- ** Open a file.
- */
- static int winOpen(
-@@ -51915,6 +52542,7 @@
-   void *zConverted;              /* Filename in OS encoding */
-   const char *zUtf8Name = zName; /* Filename in UTF-8 encoding */
-   int cnt = 0;
-+  int isRO = 0;              /* file is known to be accessible readonly */
- 
-   /* If argument zPath is a NULL pointer, this function is required to open
-   ** a temporary file. Use this buffer to store the file name in.
-@@ -52079,9 +52707,9 @@
-                         &extendedParameters);
-       if( h!=INVALID_HANDLE_VALUE ) break;
-       if( isReadWrite ){
--        int rc2, isRO = 0;
-+        int rc2;
-         sqlite3BeginBenignMalloc();
--        rc2 = winAccess(pVfs, zUtf8Name, SQLITE_ACCESS_READ, &isRO);
-+        rc2 = winAccess(pVfs, zUtf8Name, SQLITE_ACCESS_READ|NORETRY, &isRO);
-         sqlite3EndBenignMalloc();
-         if( rc2==SQLITE_OK && isRO ) break;
-       }
-@@ -52096,9 +52724,9 @@
-                         NULL);
-       if( h!=INVALID_HANDLE_VALUE ) break;
-       if( isReadWrite ){
--        int rc2, isRO = 0;
-+        int rc2;
-         sqlite3BeginBenignMalloc();
--        rc2 = winAccess(pVfs, zUtf8Name, SQLITE_ACCESS_READ, &isRO);
-+        rc2 = winAccess(pVfs, zUtf8Name, SQLITE_ACCESS_READ|NORETRY, &isRO);
-         sqlite3EndBenignMalloc();
-         if( rc2==SQLITE_OK && isRO ) break;
-       }
-@@ -52116,9 +52744,9 @@
-                         NULL);
-       if( h!=INVALID_HANDLE_VALUE ) break;
-       if( isReadWrite ){
--        int rc2, isRO = 0;
-+        int rc2;
-         sqlite3BeginBenignMalloc();
--        rc2 = winAccess(pVfs, zUtf8Name, SQLITE_ACCESS_READ, &isRO);
-+        rc2 = winAccess(pVfs, zUtf8Name, SQLITE_ACCESS_READ|NORETRY, &isRO);
-         sqlite3EndBenignMalloc();
-         if( rc2==SQLITE_OK && isRO ) break;
-       }
-@@ -52133,7 +52761,7 @@
-   if( h==INVALID_HANDLE_VALUE ){
-     sqlite3_free(zConverted);
-     sqlite3_free(zTmpname);
--    if( isReadWrite && !isExclusive ){
-+    if( isReadWrite && isRO && !isExclusive ){
-       return winOpen(pVfs, zName, id,
-          ((flags|SQLITE_OPEN_READONLY) &
-                      ~(SQLITE_OPEN_CREATE|SQLITE_OPEN_READWRITE)),
-@@ -52335,8 +52963,14 @@
-   int rc = 0;
-   DWORD lastErrno = 0;
-   void *zConverted;
-+  int noRetry = 0;           /* Do not use winRetryIoerr() */
-   UNUSED_PARAMETER(pVfs);
- 
-+  if( (flags & NORETRY)!=0 ){
-+    noRetry = 1;
-+    flags &= ~NORETRY;
-+  }
-+
-   SimulateIOError( return SQLITE_IOERR_ACCESS; );
-   OSTRACE(("ACCESS name=%s, flags=%x, pResOut=%p\n",
-            zFilename, flags, pResOut));
-@@ -52359,7 +52993,10 @@
-     memset(&sAttrData, 0, sizeof(sAttrData));
-     while( !(rc = osGetFileAttributesExW((LPCWSTR)zConverted,
-                              GetFileExInfoStandard,
--                             &sAttrData)) && winRetryIoerr(&cnt, &lastErrno) ){}
-+                             &sAttrData))
-+       && !noRetry
-+       && winRetryIoerr(&cnt, &lastErrno)
-+    ){ /* Loop until true */}
-     if( rc ){
-       /* For an SQLITE_ACCESS_EXISTS query, treat a zero-length file
-       ** as if it does not exist.
-@@ -52427,6 +53064,7 @@
-   return ( sqlite3Isalpha(zPathname[0]) && zPathname[1]==':' );
- }
- 
-+#ifdef _WIN32
- /*
- ** Returns non-zero if the specified path name should be used verbatim.  If
- ** non-zero is returned from this function, the calling function must simply
-@@ -52463,6 +53101,70 @@
-   */
-   return FALSE;
- }
-+#endif /* _WIN32 */
-+
-+#ifdef __CYGWIN__
-+/*
-+** Simplify a filename into its canonical form
-+** by making the following changes:
-+**
-+**  * convert any '/' to '\' (win32) or reverse (Cygwin)
-+**  * removing any trailing and duplicate / (except for UNC paths)
-+**  * convert /./ into just /
-+**
-+** Changes are made in-place.  Return the new name length.
-+**
-+** The original filename is in z[0..]. If the path is shortened,
-+** no-longer used bytes will be written by '\0'.
-+*/
-+static void winSimplifyName(char *z){
-+  int i, j;
-+  for(i=j=0; z[i]; ++i){
-+    if( winIsDirSep(z[i]) ){
-+#if !defined(SQLITE_TEST)
-+      /* Some test-cases assume that "./foo" and "foo" are different */
-+      if( z[i+1]=='.' && winIsDirSep(z[i+2]) ){
-+        ++i;
-+        continue;
-+      }
-+#endif
-+      if( !z[i+1] || (winIsDirSep(z[i+1]) && (i!=0)) ){
-+        continue;
-+      }
-+      z[j++] = osGetenv?'/':'\\';
-+    }else{
-+      z[j++] = z[i];
-+    }
-+  }
-+  while(j<i) z[j++] = '\0';
-+}
-+
-+#define SQLITE_MAX_SYMLINKS 100
-+
-+static int mkFullPathname(
-+  const char *zPath,              /* Input path */
-+  char *zOut,                     /* Output buffer */
-+  int nOut                        /* Allocated size of buffer zOut */
-+){
-+  int nPath = sqlite3Strlen30(zPath);
-+  int iOff = 0;
-+  if( zPath[0]!='/' ){
-+    if( osGetcwd(zOut, nOut-2)==0 ){
-+      return winLogError(SQLITE_CANTOPEN_BKPT, (DWORD)osErrno, "getcwd", zPath);
-+    }
-+    iOff = sqlite3Strlen30(zOut);
-+    zOut[iOff++] = '/';
-+  }
-+  if( (iOff+nPath+1)>nOut ){
-+    /* SQLite assumes that xFullPathname() nul-terminates the output buffer
-+    ** even if it returns an error.  */
-+    zOut[iOff] = '\0';
-+    return SQLITE_CANTOPEN_BKPT;
-+  }
-+  sqlite3_snprintf(nOut-iOff, &zOut[iOff], "%s", zPath);
-+  return SQLITE_OK;
-+}
-+#endif /* __CYGWIN__ */
- 
- /*
- ** Turn a relative pathname into a full pathname.  Write the full
-@@ -52475,8 +53177,8 @@
-   int nFull,                    /* Size of output buffer in bytes */
-   char *zFull                   /* Output buffer */
- ){
--#if !SQLITE_OS_WINCE && !SQLITE_OS_WINRT && !defined(__CYGWIN__)
--  DWORD nByte;
-+#if !SQLITE_OS_WINCE && !SQLITE_OS_WINRT
-+  int nByte;
-   void *zConverted;
-   char *zOut;
- #endif
-@@ -52489,64 +53191,82 @@
-     zRelative++;
-   }
- 
--#if defined(__CYGWIN__)
-   SimulateIOError( return SQLITE_ERROR );
--  UNUSED_PARAMETER(nFull);
--  assert( nFull>=pVfs->mxPathname );
--  if ( sqlite3_data_directory && !winIsVerbatimPathname(zRelative) ){
--    /*
--    ** NOTE: We are dealing with a relative path name and the data
--    **       directory has been set.  Therefore, use it as the basis
--    **       for converting the relative path name to an absolute
--    **       one by prepending the data directory and a slash.
--    */
--    char *zOut = sqlite3MallocZero( pVfs->mxPathname+1 );
--    if( !zOut ){
--      return SQLITE_IOERR_NOMEM_BKPT;
--    }
--    if( cygwin_conv_path(
--            (osIsNT() ? CCP_POSIX_TO_WIN_W : CCP_POSIX_TO_WIN_A) |
--            CCP_RELATIVE, zRelative, zOut, pVfs->mxPathname+1)<0 ){
--      sqlite3_free(zOut);
--      return winLogError(SQLITE_CANTOPEN_CONVPATH, (DWORD)errno,
--                         "winFullPathname1", zRelative);
--    }else{
--      char *zUtf8 = winConvertToUtf8Filename(zOut);
--      if( !zUtf8 ){
--        sqlite3_free(zOut);
--        return SQLITE_IOERR_NOMEM_BKPT;
--      }
--      sqlite3_snprintf(MIN(nFull, pVfs->mxPathname), zFull, "%s%c%s",
--                       sqlite3_data_directory, winGetDirSep(), zUtf8);
--      sqlite3_free(zUtf8);
--      sqlite3_free(zOut);
--    }
--  }else{
--    char *zOut = sqlite3MallocZero( pVfs->mxPathname+1 );
--    if( !zOut ){
--      return SQLITE_IOERR_NOMEM_BKPT;
--    }
--    if( cygwin_conv_path(
--            (osIsNT() ? CCP_POSIX_TO_WIN_W : CCP_POSIX_TO_WIN_A),
--            zRelative, zOut, pVfs->mxPathname+1)<0 ){
--      sqlite3_free(zOut);
--      return winLogError(SQLITE_CANTOPEN_CONVPATH, (DWORD)errno,
--                         "winFullPathname2", zRelative);
--    }else{
--      char *zUtf8 = winConvertToUtf8Filename(zOut);
--      if( !zUtf8 ){
--        sqlite3_free(zOut);
--        return SQLITE_IOERR_NOMEM_BKPT;
--      }
--      sqlite3_snprintf(MIN(nFull, pVfs->mxPathname), zFull, "%s", zUtf8);
--      sqlite3_free(zUtf8);
--      sqlite3_free(zOut);
-+
-+#ifdef __CYGWIN__
-+  if( osGetcwd ){
-+    zFull[nFull-1] = '\0';
-+    if( !winIsDriveLetterAndColon(zRelative) || !winIsDirSep(zRelative[2]) ){
-+      int rc = SQLITE_OK;
-+      int nLink = 1;                /* Number of symbolic links followed so far */
-+      const char *zIn = zRelative;      /* Input path for each iteration of loop */
-+      char *zDel = 0;
-+      struct stat buf;
-+
-+      UNUSED_PARAMETER(pVfs);
-+
-+      do {
-+        /* Call lstat() on path zIn. Set bLink to true if the path is a symbolic
-+        ** link, or false otherwise.  */
-+        int bLink = 0;
-+        if( osLstat && osReadlink ) {
-+          if( osLstat(zIn, &buf)!=0 ){
-+            int myErrno = osErrno;
-+            if( myErrno!=ENOENT ){
-+              rc = winLogError(SQLITE_CANTOPEN_BKPT, (DWORD)myErrno, "lstat", zIn);
-+            }
-+          }else{
-+            bLink = ((buf.st_mode & 0170000) == 0120000);
-+          }
-+
-+          if( bLink ){
-+            if( zDel==0 ){
-+              zDel = sqlite3MallocZero(nFull);
-+              if( zDel==0 ) rc = SQLITE_NOMEM;
-+            }else if( ++nLink>SQLITE_MAX_SYMLINKS ){
-+              rc = SQLITE_CANTOPEN_BKPT;
-+            }
-+
-+            if( rc==SQLITE_OK ){
-+              nByte = osReadlink(zIn, zDel, nFull-1);
-+              if( nByte ==(DWORD)-1 ){
-+                rc = winLogError(SQLITE_CANTOPEN_BKPT, (DWORD)osErrno, "readlink", zIn);
-+              }else{
-+                if( zDel[0]!='/' ){
-+                  int n;
-+                  for(n = sqlite3Strlen30(zIn); n>0 && zIn[n-1]!='/'; n--);
-+                  if( nByte+n+1>nFull ){
-+                    rc = SQLITE_CANTOPEN_BKPT;
-+                  }else{
-+                    memmove(&zDel[n], zDel, nByte+1);
-+                    memcpy(zDel, zIn, n);
-+                    nByte += n;
-+                  }
-+                }
-+                zDel[nByte] = '\0';
-+              }
-+            }
-+
-+            zIn = zDel;
-+          }
-+        }
-+
-+        assert( rc!=SQLITE_OK || zIn!=zFull || zIn[0]=='/' );
-+        if( rc==SQLITE_OK && zIn!=zFull ){
-+          rc = mkFullPathname(zIn, zFull, nFull);
-+        }
-+        if( bLink==0 ) break;
-+        zIn = zFull;
-+      }while( rc==SQLITE_OK );
-+
-+      sqlite3_free(zDel);
-+      winSimplifyName(zFull);
-+      return rc;
-     }
-   }
--  return SQLITE_OK;
--#endif
-+#endif /* __CYGWIN__ */
- 
--#if (SQLITE_OS_WINCE || SQLITE_OS_WINRT) && !defined(__CYGWIN__)
-+#if (SQLITE_OS_WINCE || SQLITE_OS_WINRT) && defined(_WIN32)
-   SimulateIOError( return SQLITE_ERROR );
-   /* WinCE has no concept of a relative pathname, or so I am told. */
-   /* WinRT has no way to convert a relative path to an absolute one. */
-@@ -52565,7 +53285,8 @@
-   return SQLITE_OK;
- #endif
- 
--#if !SQLITE_OS_WINCE && !SQLITE_OS_WINRT && !defined(__CYGWIN__)
-+#if !SQLITE_OS_WINCE && !SQLITE_OS_WINRT
-+#if defined(_WIN32)
-   /* It's odd to simulate an io-error here, but really this is just
-   ** using the io-error infrastructure to test that SQLite handles this
-   ** function failing. This function could fail if, for example, the
-@@ -52583,6 +53304,7 @@
-                      sqlite3_data_directory, winGetDirSep(), zRelative);
-     return SQLITE_OK;
-   }
-+#endif
-   zConverted = winConvertFromUtf8Filename(zRelative);
-   if( zConverted==0 ){
-     return SQLITE_IOERR_NOMEM_BKPT;
-@@ -52621,13 +53343,12 @@
-       return winLogError(SQLITE_CANTOPEN_FULLPATH, osGetLastError(),
-                          "winFullPathname3", zRelative);
-     }
--    nByte += 3;
--    zTemp = sqlite3MallocZero( nByte*sizeof(zTemp[0]) );
-+    zTemp = sqlite3MallocZero( nByte*sizeof(zTemp[0]) + 3*sizeof(zTemp[0]) );
-     if( zTemp==0 ){
-       sqlite3_free(zConverted);
-       return SQLITE_IOERR_NOMEM_BKPT;
-     }
--    nByte = osGetFullPathNameA((char*)zConverted, nByte, zTemp, 0);
-+    nByte = osGetFullPathNameA((char*)zConverted, nByte+3, zTemp, 0);
-     if( nByte==0 ){
-       sqlite3_free(zConverted);
-       sqlite3_free(zTemp);
-@@ -52640,7 +53361,26 @@
-   }
- #endif
-   if( zOut ){
-+#ifdef __CYGWIN__
-+    if( memcmp(zOut, "\\\\?\\", 4) ){
-+      sqlite3_snprintf(MIN(nFull, pVfs->mxPathname), zFull, "%s", zOut);
-+    }else if( memcmp(zOut+4, "UNC\\", 4) ){
-+      sqlite3_snprintf(MIN(nFull, pVfs->mxPathname), zFull, "%s", zOut+4);
-+    }else{
-+      char *p = zOut+6;
-+      *p = '\\';
-+      if( osGetcwd ){
-+        /* On Cygwin, UNC paths use forward slashes */
-+        while( *p ){
-+          if( *p=='\\' ) *p = '/';
-+          ++p;
-+        }
-+      }
-+      sqlite3_snprintf(MIN(nFull, pVfs->mxPathname), zFull, "%s", zOut+6);
-+    }
-+#else
-     sqlite3_snprintf(MIN(nFull, pVfs->mxPathname), zFull, "%s", zOut);
-+#endif /* __CYGWIN__ */
-     sqlite3_free(zOut);
-     return SQLITE_OK;
-   }else{
-@@ -52670,25 +53410,8 @@
- */
- static void *winDlOpen(sqlite3_vfs *pVfs, const char *zFilename){
-   HANDLE h;
--#if defined(__CYGWIN__)
--  int nFull = pVfs->mxPathname+1;
--  char *zFull = sqlite3MallocZero( nFull );
--  void *zConverted = 0;
--  if( zFull==0 ){
--    OSTRACE(("DLOPEN name=%s, handle=%p\n", zFilename, (void*)0));
--    return 0;
--  }
--  if( winFullPathname(pVfs, zFilename, nFull, zFull)!=SQLITE_OK ){
--    sqlite3_free(zFull);
--    OSTRACE(("DLOPEN name=%s, handle=%p\n", zFilename, (void*)0));
--    return 0;
--  }
--  zConverted = winConvertFromUtf8Filename(zFull);
--  sqlite3_free(zFull);
--#else
-   void *zConverted = winConvertFromUtf8Filename(zFilename);
-   UNUSED_PARAMETER(pVfs);
--#endif
-   if( zConverted==0 ){
-     OSTRACE(("DLOPEN name=%s, handle=%p\n", zFilename, (void*)0));
-     return 0;
-@@ -53037,7 +53760,7 @@
- 
-   /* Double-check that the aSyscall[] array has been constructed
-   ** correctly.  See ticket [bb3a86e890c8e96ab] */
--  assert( ArraySize(aSyscall)==80 );
-+  assert( ArraySize(aSyscall)==89 );
- 
-   /* get memory map allocation granularity */
-   memset(&winSysInfo, 0, sizeof(SYSTEM_INFO));
-@@ -53656,13 +54379,13 @@
-     }
-     if( p==0 ){
-       MemStore **apNew;
--      p = sqlite3Malloc( sizeof(*p) + szName + 3 );
-+      p = sqlite3Malloc( sizeof(*p) + (i64)szName + 3 );
-       if( p==0 ){
-         sqlite3_mutex_leave(pVfsMutex);
-         return SQLITE_NOMEM;
-       }
-       apNew = sqlite3Realloc(memdb_g.apMemStore,
--                             sizeof(apNew[0])*(memdb_g.nMemStore+1) );
-+                             sizeof(apNew[0])*(1+(i64)memdb_g.nMemStore) );
-       if( apNew==0 ){
-         sqlite3_free(p);
-         sqlite3_mutex_leave(pVfsMutex);
-@@ -54095,7 +54818,7 @@
- ** no fewer collisions than the no-op *1. */
- #define BITVEC_HASH(X)   (((X)*1)%BITVEC_NINT)
- 
--#define BITVEC_NPTR      (BITVEC_USIZE/sizeof(Bitvec *))
-+#define BITVEC_NPTR      ((u32)(BITVEC_USIZE/sizeof(Bitvec *)))
- 
- 
- /*
-@@ -54244,7 +54967,9 @@
-     }else{
-       memcpy(aiValues, p->u.aHash, sizeof(p->u.aHash));
-       memset(p->u.apSub, 0, sizeof(p->u.apSub));
--      p->iDivisor = (p->iSize + BITVEC_NPTR - 1)/BITVEC_NPTR;
-+      p->iDivisor = p->iSize/BITVEC_NPTR;
-+      if( (p->iSize%BITVEC_NPTR)!=0 ) p->iDivisor++;
-+      if( p->iDivisor<BITVEC_NBIT ) p->iDivisor = BITVEC_NBIT;
-       rc = sqlite3BitvecSet(p, i);
-       for(j=0; j<BITVEC_NINT; j++){
-         if( aiValues[j] ) rc |= sqlite3BitvecSet(p, aiValues[j]);
-@@ -54278,7 +55003,7 @@
-     }
-   }
-   if( p->iSize<=BITVEC_NBIT ){
--    p->u.aBitmap[i/BITVEC_SZELEM] &= ~(1 << (i&(BITVEC_SZELEM-1)));
-+    p->u.aBitmap[i/BITVEC_SZELEM] &= ~(BITVEC_TELEM)(1<<(i&(BITVEC_SZELEM-1)));
-   }else{
-     unsigned int j;
-     u32 *aiValues = pBuf;
-@@ -54329,7 +55054,7 @@
- ** individual bits within V.
- */
- #define SETBIT(V,I)      V[I>>3] |= (1<<(I&7))
--#define CLEARBIT(V,I)    V[I>>3] &= ~(1<<(I&7))
-+#define CLEARBIT(V,I)    V[I>>3] &= ~(BITVEC_TELEM)(1<<(I&7))
- #define TESTBIT(V,I)     (V[I>>3]&(1<<(I&7)))!=0
- 
- /*
-@@ -54372,7 +55097,7 @@
-   /* Allocate the Bitvec to be tested and a linear array of
-   ** bits to act as the reference */
-   pBitvec = sqlite3BitvecCreate( sz );
--  pV = sqlite3MallocZero( (sz+7)/8 + 1 );
-+  pV = sqlite3MallocZero( (7+(i64)sz)/8 + 1 );
-   pTmpSpace = sqlite3_malloc64(BITVEC_SZ);
-   if( pBitvec==0 || pV==0 || pTmpSpace==0  ) goto bitvec_end;
- 
-@@ -55613,10 +56338,6 @@
-   sqlite3_mutex *mutex;          /* Mutex for accessing the following: */
-   PgFreeslot *pFree;             /* Free page blocks */
-   int nFreeSlot;                 /* Number of unused pcache slots */
--  /* The following value requires a mutex to change.  We skip the mutex on
--  ** reading because (1) most platforms read a 32-bit integer atomically and
--  ** (2) even if an incorrect value is read, no great harm is done since this
--  ** is really just an optimization. */
-   int bUnderPressure;            /* True if low on PAGECACHE memory */
- } pcache1_g;
- 
-@@ -55664,7 +56385,7 @@
-     pcache1.nReserve = n>90 ? 10 : (n/10 + 1);
-     pcache1.pStart = pBuf;
-     pcache1.pFree = 0;
--    pcache1.bUnderPressure = 0;
-+    AtomicStore(&pcache1.bUnderPressure,0);
-     while( n-- ){
-       p = (PgFreeslot*)pBuf;
-       p->pNext = pcache1.pFree;
-@@ -55732,7 +56453,7 @@
-     if( p ){
-       pcache1.pFree = pcache1.pFree->pNext;
-       pcache1.nFreeSlot--;
--      pcache1.bUnderPressure = pcache1.nFreeSlot<pcache1.nReserve;
-+      AtomicStore(&pcache1.bUnderPressure,pcache1.nFreeSlot<pcache1.nReserve);
-       assert( pcache1.nFreeSlot>=0 );
-       sqlite3StatusHighwater(SQLITE_STATUS_PAGECACHE_SIZE, nByte);
-       sqlite3StatusUp(SQLITE_STATUS_PAGECACHE_USED, 1);
-@@ -55771,7 +56492,7 @@
-     pSlot->pNext = pcache1.pFree;
-     pcache1.pFree = pSlot;
-     pcache1.nFreeSlot++;
--    pcache1.bUnderPressure = pcache1.nFreeSlot<pcache1.nReserve;
-+    AtomicStore(&pcache1.bUnderPressure,pcache1.nFreeSlot<pcache1.nReserve);
-     assert( pcache1.nFreeSlot<=pcache1.nSlot );
-     sqlite3_mutex_leave(pcache1.mutex);
-   }else{
-@@ -55902,7 +56623,7 @@
- */
- static int pcache1UnderMemoryPressure(PCache1 *pCache){
-   if( pcache1.nSlot && (pCache->szPage+pCache->szExtra)<=pcache1.szSlot ){
--    return pcache1.bUnderPressure;
-+    return AtomicLoad(&pcache1.bUnderPressure);
-   }else{
-     return sqlite3HeapNearlyFull();
-   }
-@@ -55919,12 +56640,12 @@
- */
- static void pcache1ResizeHash(PCache1 *p){
-   PgHdr1 **apNew;
--  unsigned int nNew;
--  unsigned int i;
-+  u64 nNew;
-+  u32 i;
- 
-   assert( sqlite3_mutex_held(p->pGroup->mutex) );
- 
--  nNew = p->nHash*2;
-+  nNew = 2*(u64)p->nHash;
-   if( nNew<256 ){
-     nNew = 256;
-   }
-@@ -56147,7 +56868,7 @@
- static sqlite3_pcache *pcache1Create(int szPage, int szExtra, int bPurgeable){
-   PCache1 *pCache;      /* The newly created page cache */
-   PGroup *pGroup;       /* The group the new page cache will belong to */
--  int sz;               /* Bytes of memory required to allocate the new cache */
-+  i64 sz;               /* Bytes of memory required to allocate the new cache */
- 
-   assert( (szPage & (szPage-1))==0 && szPage>=512 && szPage<=65536 );
-   assert( szExtra < 300 );
-@@ -58035,6 +58756,9 @@
-   Wal *pWal;                  /* Write-ahead log used by "journal_mode=wal" */
-   char *zWal;                 /* File name for write-ahead log */
- #endif
-+#ifdef SQLITE_ENABLE_SETLK_TIMEOUT
-+  sqlite3 *dbWal;
-+#endif
- };
- 
- /*
-@@ -58626,7 +59350,7 @@
- ** If an error occurs while reading from the journal file, an SQLite
- ** error code is returned.
- */
--static int readSuperJournal(sqlite3_file *pJrnl, char *zSuper, u32 nSuper){
-+static int readSuperJournal(sqlite3_file *pJrnl, char *zSuper, u64 nSuper){
-   int rc;                    /* Return code */
-   u32 len;                   /* Length in bytes of super-journal name */
-   i64 szJ;                   /* Total size in bytes of journal file pJrnl */
-@@ -59181,6 +59905,15 @@
- 
-   if( pagerUseWal(pPager) ){
-     assert( !isOpen(pPager->jfd) );
-+    if( pPager->eState==PAGER_ERROR ){
-+      /* If an IO error occurs in wal.c while attempting to wrap the wal file,
-+      ** then the Wal object may be holding a write-lock but no read-lock.
-+      ** This call ensures that the write-lock is dropped as well. We cannot
-+      ** have sqlite3WalEndReadTransaction() drop the write-lock, as it once
-+      ** did, because this would break "BEGIN EXCLUSIVE" handling for
-+      ** SQLITE_ENABLE_SETLK_TIMEOUT builds.  */
-+      sqlite3WalEndWriteTransaction(pPager->pWal);
-+    }
-     sqlite3WalEndReadTransaction(pPager->pWal);
-     pPager->eState = PAGER_OPEN;
-   }else if( !pPager->exclusiveMode ){
-@@ -59862,12 +60595,12 @@
-   char *zJournal;           /* Pointer to one journal within MJ file */
-   char *zSuperPtr;          /* Space to hold super-journal filename */
-   char *zFree = 0;          /* Free this buffer */
--  int nSuperPtr;            /* Amount of space allocated to zSuperPtr[] */
-+  i64 nSuperPtr;            /* Amount of space allocated to zSuperPtr[] */
- 
-   /* Allocate space for both the pJournal and pSuper file descriptors.
-   ** If successful, open the super-journal file for reading.
-   */
--  pSuper = (sqlite3_file *)sqlite3MallocZero(pVfs->szOsFile * 2);
-+  pSuper = (sqlite3_file *)sqlite3MallocZero(2 * (i64)pVfs->szOsFile);
-   if( !pSuper ){
-     rc = SQLITE_NOMEM_BKPT;
-     pJournal = 0;
-@@ -59885,11 +60618,14 @@
-   */
-   rc = sqlite3OsFileSize(pSuper, &nSuperJournal);
-   if( rc!=SQLITE_OK ) goto delsuper_out;
--  nSuperPtr = pVfs->mxPathname+1;
-+  nSuperPtr = 1 + (i64)pVfs->mxPathname;
-+  assert( nSuperJournal>=0 && nSuperPtr>0 );
-   zFree = sqlite3Malloc(4 + nSuperJournal + nSuperPtr + 2);
-   if( !zFree ){
-     rc = SQLITE_NOMEM_BKPT;
-     goto delsuper_out;
-+  }else{
-+    assert( nSuperJournal<=0x7fffffff );
-   }
-   zFree[0] = zFree[1] = zFree[2] = zFree[3] = 0;
-   zSuperJournal = &zFree[4];
-@@ -60150,7 +60886,7 @@
-   ** for pageSize.
-   */
-   zSuper = pPager->pTmpSpace;
--  rc = readSuperJournal(pPager->jfd, zSuper, pPager->pVfs->mxPathname+1);
-+  rc = readSuperJournal(pPager->jfd, zSuper, 1+(i64)pPager->pVfs->mxPathname);
-   if( rc==SQLITE_OK && zSuper[0] ){
-     rc = sqlite3OsAccess(pVfs, zSuper, SQLITE_ACCESS_EXISTS, &res);
-   }
-@@ -60289,7 +61025,7 @@
-     ** which case it requires 4 0x00 bytes in memory immediately before
-     ** the filename. */
-     zSuper = &pPager->pTmpSpace[4];
--    rc = readSuperJournal(pPager->jfd, zSuper, pPager->pVfs->mxPathname+1);
-+    rc = readSuperJournal(pPager->jfd, zSuper, 1+(i64)pPager->pVfs->mxPathname);
-     testcase( rc!=SQLITE_OK );
-   }
-   if( rc==SQLITE_OK
-@@ -62060,6 +62796,7 @@
-   const char *zUri = 0;    /* URI args to copy */
-   int nUriByte = 1;        /* Number of bytes of URI args at *zUri */
- 
-+
-   /* Figure out how much space is required for each journal file-handle
-   ** (there are two of them, the main journal and the sub-journal).  */
-   journalFileSize = ROUND8(sqlite3JournalSize(pVfs));
-@@ -62085,8 +62822,8 @@
-   */
-   if( zFilename && zFilename[0] ){
-     const char *z;
--    nPathname = pVfs->mxPathname+1;
--    zPathname = sqlite3DbMallocRaw(0, nPathname*2);
-+    nPathname = pVfs->mxPathname + 1;
-+    zPathname = sqlite3DbMallocRaw(0, 2*(i64)nPathname);
-     if( zPathname==0 ){
-       return SQLITE_NOMEM_BKPT;
-     }
-@@ -62173,14 +62910,14 @@
-     ROUND8(sizeof(*pPager)) +            /* Pager structure */
-     ROUND8(pcacheSize) +                 /* PCache object */
-     ROUND8(pVfs->szOsFile) +             /* The main db file */
--    journalFileSize * 2 +                /* The two journal files */
-+    (u64)journalFileSize * 2 +           /* The two journal files */
-     SQLITE_PTRSIZE +                     /* Space to hold a pointer */
-     4 +                                  /* Database prefix */
--    nPathname + 1 +                      /* database filename */
--    nUriByte +                           /* query parameters */
--    nPathname + 8 + 1 +                  /* Journal filename */
-+    (u64)nPathname + 1 +                 /* database filename */
-+    (u64)nUriByte +                      /* query parameters */
-+    (u64)nPathname + 8 + 1 +             /* Journal filename */
- #ifndef SQLITE_OMIT_WAL
--    nPathname + 4 + 1 +                  /* WAL filename */
-+    (u64)nPathname + 4 + 1 +             /* WAL filename */
- #endif
-     3                                    /* Terminator */
-   );
-@@ -64903,6 +65640,11 @@
-         pPager->fd, pPager->zWal, pPager->exclusiveMode,
-         pPager->journalSizeLimit, &pPager->pWal
-     );
-+#ifdef SQLITE_ENABLE_SETLK_TIMEOUT
-+    if( rc==SQLITE_OK ){
-+      sqlite3WalDb(pPager->pWal, pPager->dbWal);
-+    }
-+#endif
-   }
-   pagerFixMaplimit(pPager);
- 
-@@ -65022,6 +65764,7 @@
- ** blocking locks are required.
- */
- SQLITE_PRIVATE void sqlite3PagerWalDb(Pager *pPager, sqlite3 *db){
-+  pPager->dbWal = db;
-   if( pagerUseWal(pPager) ){
-     sqlite3WalDb(pPager->pWal, db);
-   }
-@@ -65635,6 +66378,11 @@
- /*
- ** An open write-ahead log file is represented by an instance of the
- ** following object.
-+**
-+** writeLock:
-+**   This is usually set to 1 whenever the WRITER lock is held. However,
-+**   if it is set to 2, then the WRITER lock is held but must be released
-+**   by walHandleException() if a SEH exception is thrown.
- */
- struct Wal {
-   sqlite3_vfs *pVfs;         /* The VFS used to create pDbFd */
-@@ -65725,9 +66473,13 @@
-     u32 *aPgno;                   /* Array of page numbers. */
-     int nEntry;                   /* Nr. of entries in aPgno[] and aIndex[] */
-     int iZero;                    /* Frame number associated with aPgno[0] */
--  } aSegment[1];                  /* One for every 32KB page in the wal-index */
-+  } aSegment[FLEXARRAY];          /* One for every 32KB page in the wal-index */
- };
- 
-+/* Size (in bytes) of a WalIterator object suitable for N or fewer segments */
-+#define SZ_WALITERATOR(N)  \
-+     (offsetof(WalIterator,aSegment)*(N)*sizeof(struct WalSegment))
-+
- /*
- ** Define the parameters of the hash tables in the wal-index file. There
- ** is a hash-table following every HASHTABLE_NPAGE page numbers in the
-@@ -65886,7 +66638,7 @@
- 
-   /* Enlarge the pWal->apWiData[] array if required */
-   if( pWal->nWiData<=iPage ){
--    sqlite3_int64 nByte = sizeof(u32*)*(iPage+1);
-+    sqlite3_int64 nByte = sizeof(u32*)*(1+(i64)iPage);
-     volatile u32 **apNew;
-     apNew = (volatile u32 **)sqlite3Realloc((void *)pWal->apWiData, nByte);
-     if( !apNew ){
-@@ -65995,10 +66747,8 @@
-     s1 = s2 = 0;
-   }
- 
--  assert( nByte>=8 );
--  assert( (nByte&0x00000007)==0 );
--  assert( nByte<=65536 );
--  assert( nByte%4==0 );
-+  /* nByte is a multiple of 8 between 8 and 65536 */
-+  assert( nByte>=8 && (nByte&7)==0 && nByte<=65536 );
- 
-   if( !nativeCksum ){
-     do {
-@@ -67088,8 +67838,7 @@
- 
-   /* Allocate space for the WalIterator object. */
-   nSegment = walFramePage(iLast) + 1;
--  nByte = sizeof(WalIterator)
--        + (nSegment-1)*sizeof(struct WalSegment)
-+  nByte = SZ_WALITERATOR(nSegment)
-         + iLast*sizeof(ht_slot);
-   p = (WalIterator *)sqlite3_malloc64(nByte
-       + sizeof(ht_slot) * (iLast>HASHTABLE_NPAGE?HASHTABLE_NPAGE:iLast)
-@@ -67160,7 +67909,7 @@
- static int walEnableBlocking(Wal *pWal){
-   int res = 0;
-   if( pWal->db ){
--    int tmout = pWal->db->busyTimeout;
-+    int tmout = pWal->db->setlkTimeout;
-     if( tmout ){
-       res = walEnableBlockingMs(pWal, tmout);
-     }
-@@ -67546,7 +68295,9 @@
-     static const int S = 1;
-     static const int E = (1<<SQLITE_SHM_NLOCK);
-     int ii;
--    u32 mUnlock = pWal->lockMask & ~(
-+    u32 mUnlock;
-+    if( pWal->writeLock==2 ) pWal->writeLock = 0;
-+    mUnlock = pWal->lockMask & ~(
-         (pWal->readLock<0 ? 0 : (S << WAL_READ_LOCK(pWal->readLock)))
-         | (pWal->writeLock ? (E << WAL_WRITE_LOCK) : 0)
-         | (pWal->ckptLock ? (E << WAL_CKPT_LOCK) : 0)
-@@ -67818,7 +68569,12 @@
-       if( bWriteLock
-        || SQLITE_OK==(rc = walLockExclusive(pWal, WAL_WRITE_LOCK, 1))
-       ){
--        pWal->writeLock = 1;
-+        /* If the write-lock was just obtained, set writeLock to 2 instead of
-+        ** the usual 1. This causes walIndexPage() to behave as if the
-+        ** write-lock were held (so that it allocates new pages as required),
-+        ** and walHandleException() to unlock the write-lock if a SEH exception
-+        ** is thrown.  */
-+        if( !bWriteLock ) pWal->writeLock = 2;
-         if( SQLITE_OK==(rc = walIndexPage(pWal, 0, &page0)) ){
-           badHdr = walIndexTryHdr(pWal, pChanged);
-           if( badHdr ){
-@@ -68182,7 +68938,6 @@
-       rc = walIndexReadHdr(pWal, pChanged);
-     }
- #ifdef SQLITE_ENABLE_SETLK_TIMEOUT
--    walDisableBlocking(pWal);
-     if( rc==SQLITE_BUSY_TIMEOUT ){
-       rc = SQLITE_BUSY;
-       *pCnt |= WAL_RETRY_BLOCKED_MASK;
-@@ -68197,6 +68952,7 @@
-       ** WAL_RETRY this routine will be called again and will probably be
-       ** right on the second iteration.
-       */
-+      (void)walEnableBlocking(pWal);
-       if( pWal->apWiData[0]==0 ){
-         /* This branch is taken when the xShmMap() method returns SQLITE_BUSY.
-         ** We assume this is a transient condition, so return WAL_RETRY. The
-@@ -68213,6 +68969,7 @@
-         rc = SQLITE_BUSY_RECOVERY;
-       }
-     }
-+    walDisableBlocking(pWal);
-     if( rc!=SQLITE_OK ){
-       return rc;
-     }
-@@ -68603,8 +69360,11 @@
- ** read-lock.
- */
- SQLITE_PRIVATE void sqlite3WalEndReadTransaction(Wal *pWal){
--  sqlite3WalEndWriteTransaction(pWal);
-+#ifndef SQLITE_ENABLE_SETLK_TIMEOUT
-+  assert( pWal->writeLock==0 || pWal->readLock<0 );
-+#endif
-   if( pWal->readLock>=0 ){
-+    sqlite3WalEndWriteTransaction(pWal);
-     walUnlockShared(pWal, WAL_READ_LOCK(pWal->readLock));
-     pWal->readLock = -1;
-   }
-@@ -68797,7 +69557,7 @@
-   ** read-transaction was even opened, making this call a no-op.
-   ** Return early. */
-   if( pWal->writeLock ){
--    assert( !memcmp(&pWal->hdr,(void *)walIndexHdr(pWal),sizeof(WalIndexHdr)) );
-+    assert( !memcmp(&pWal->hdr,(void*)pWal->apWiData[0],sizeof(WalIndexHdr)) );
-     return SQLITE_OK;
-   }
- #endif
-@@ -68897,6 +69657,7 @@
-       if( iMax!=pWal->hdr.mxFrame ) walCleanupHash(pWal);
-     }
-     SEH_EXCEPT( rc = SQLITE_IOERR_IN_PAGE; )
-+    pWal->iReCksum = 0;
-   }
-   return rc;
- }
-@@ -68944,6 +69705,9 @@
-       walCleanupHash(pWal);
-     }
-     SEH_EXCEPT( rc = SQLITE_IOERR_IN_PAGE; )
-+    if( pWal->iReCksum>pWal->hdr.mxFrame ){
-+      pWal->iReCksum = 0;
-+    }
-   }
- 
-   return rc;
-@@ -70247,6 +71011,12 @@
- #define BTCURSOR_MAX_DEPTH 20
- 
- /*
-+** Maximum amount of storage local to a database page, regardless of
-+** page size.
-+*/
-+#define BT_MAX_LOCAL  65501  /* 65536 - 35 */
-+
-+/*
- ** A cursor is a pointer to a particular entry within a particular
- ** b-tree within a database file.
- **
-@@ -70654,7 +71424,7 @@
- */
- static void SQLITE_NOINLINE btreeEnterAll(sqlite3 *db){
-   int i;
--  int skipOk = 1;
-+  u8 skipOk = 1;
-   Btree *p;
-   assert( sqlite3_mutex_held(db->mutex) );
-   for(i=0; i<db->nDb; i++){
-@@ -71510,7 +72280,7 @@
-     ** below. */
-     void *pKey;
-     pCur->nKey = sqlite3BtreePayloadSize(pCur);
--    pKey = sqlite3Malloc( pCur->nKey + 9 + 8 );
-+    pKey = sqlite3Malloc( ((i64)pCur->nKey) + 9 + 8 );
-     if( pKey ){
-       rc = sqlite3BtreePayload(pCur, 0, (int)pCur->nKey, pKey);
-       if( rc==SQLITE_OK ){
-@@ -71800,7 +72570,7 @@
- */
- SQLITE_PRIVATE void sqlite3BtreeCursorHintFlags(BtCursor *pCur, unsigned x){
-   assert( x==BTREE_SEEK_EQ || x==BTREE_BULKLOAD || x==0 );
--  pCur->hints = x;
-+  pCur->hints = (u8)x;
- }
- 
- 
-@@ -71994,14 +72764,15 @@
- static int btreePayloadToLocal(MemPage *pPage, i64 nPayload){
-   int maxLocal;  /* Maximum amount of payload held locally */
-   maxLocal = pPage->maxLocal;
-+  assert( nPayload>=0 );
-   if( nPayload<=maxLocal ){
--    return nPayload;
-+    return (int)nPayload;
-   }else{
-     int minLocal;  /* Minimum amount of payload held locally */
-     int surplus;   /* Overflow payload available for local storage */
-     minLocal = pPage->minLocal;
--    surplus = minLocal + (nPayload - minLocal)%(pPage->pBt->usableSize-4);
--    return ( surplus <= maxLocal ) ? surplus : minLocal;
-+    surplus = (int)(minLocal +(nPayload - minLocal)%(pPage->pBt->usableSize-4));
-+    return (surplus <= maxLocal) ? surplus : minLocal;
-   }
- }
- 
-@@ -72111,11 +72882,13 @@
-   pInfo->pPayload = pIter;
-   testcase( nPayload==pPage->maxLocal );
-   testcase( nPayload==(u32)pPage->maxLocal+1 );
-+  assert( nPayload>=0 );
-+  assert( pPage->maxLocal <= BT_MAX_LOCAL );
-   if( nPayload<=pPage->maxLocal ){
-     /* This is the (easy) common case where the entire payload fits
-     ** on the local page.  No overflow is required.
-     */
--    pInfo->nSize = nPayload + (u16)(pIter - pCell);
-+    pInfo->nSize = (u16)nPayload + (u16)(pIter - pCell);
-     if( pInfo->nSize<4 ) pInfo->nSize = 4;
-     pInfo->nLocal = (u16)nPayload;
-   }else{
-@@ -72148,11 +72921,13 @@
-   pInfo->pPayload = pIter;
-   testcase( nPayload==pPage->maxLocal );
-   testcase( nPayload==(u32)pPage->maxLocal+1 );
-+  assert( nPayload>=0 );
-+  assert( pPage->maxLocal <= BT_MAX_LOCAL );
-   if( nPayload<=pPage->maxLocal ){
-     /* This is the (easy) common case where the entire payload fits
-     ** on the local page.  No overflow is required.
-     */
--    pInfo->nSize = nPayload + (u16)(pIter - pCell);
-+    pInfo->nSize = (u16)nPayload + (u16)(pIter - pCell);
-     if( pInfo->nSize<4 ) pInfo->nSize = 4;
-     pInfo->nLocal = (u16)nPayload;
-   }else{
-@@ -72691,14 +73466,14 @@
- ** at the end of the page.  So do additional corruption checks inside this
- ** routine and return SQLITE_CORRUPT if any problems are found.
- */
--static int freeSpace(MemPage *pPage, u16 iStart, u16 iSize){
--  u16 iPtr;                             /* Address of ptr to next freeblock */
--  u16 iFreeBlk;                         /* Address of the next freeblock */
-+static int freeSpace(MemPage *pPage, int iStart, int iSize){
-+  int iPtr;                             /* Address of ptr to next freeblock */
-+  int iFreeBlk;                         /* Address of the next freeblock */
-   u8 hdr;                               /* Page header size.  0 or 100 */
--  u8 nFrag = 0;                         /* Reduction in fragmentation */
--  u16 iOrigSize = iSize;                /* Original value of iSize */
--  u16 x;                                /* Offset to cell content area */
--  u32 iEnd = iStart + iSize;            /* First byte past the iStart buffer */
-+  int nFrag = 0;                        /* Reduction in fragmentation */
-+  int iOrigSize = iSize;                /* Original value of iSize */
-+  int x;                                /* Offset to cell content area */
-+  int iEnd = iStart + iSize;            /* First byte past the iStart buffer */
-   unsigned char *data = pPage->aData;   /* Page content */
-   u8 *pTmp;                             /* Temporary ptr into data[] */
- 
-@@ -72725,7 +73500,7 @@
-       }
-       iPtr = iFreeBlk;
-     }
--    if( iFreeBlk>pPage->pBt->usableSize-4 ){ /* TH3: corrupt081.100 */
-+    if( iFreeBlk>(int)pPage->pBt->usableSize-4 ){ /* TH3: corrupt081.100 */
-       return SQLITE_CORRUPT_PAGE(pPage);
-     }
-     assert( iFreeBlk>iPtr || iFreeBlk==0 || CORRUPT_DB );
-@@ -72740,7 +73515,7 @@
-       nFrag = iFreeBlk - iEnd;
-       if( iEnd>iFreeBlk ) return SQLITE_CORRUPT_PAGE(pPage);
-       iEnd = iFreeBlk + get2byte(&data[iFreeBlk+2]);
--      if( iEnd > pPage->pBt->usableSize ){
-+      if( iEnd > (int)pPage->pBt->usableSize ){
-         return SQLITE_CORRUPT_PAGE(pPage);
-       }
-       iSize = iEnd - iStart;
-@@ -72761,7 +73536,7 @@
-       }
-     }
-     if( nFrag>data[hdr+7] ) return SQLITE_CORRUPT_PAGE(pPage);
--    data[hdr+7] -= nFrag;
-+    data[hdr+7] -= (u8)nFrag;
-   }
-   pTmp = &data[hdr+5];
-   x = get2byte(pTmp);
-@@ -72782,7 +73557,8 @@
-     /* Insert the new freeblock into the freelist */
-     put2byte(&data[iPtr], iStart);
-     put2byte(&data[iStart], iFreeBlk);
--    put2byte(&data[iStart+2], iSize);
-+    assert( iSize>=0 && iSize<=0xffff );
-+    put2byte(&data[iStart+2], (u16)iSize);
-   }
-   pPage->nFree += iOrigSize;
-   return SQLITE_OK;
-@@ -73008,7 +73784,7 @@
-   assert( pBt->pageSize>=512 && pBt->pageSize<=65536 );
-   pPage->maskPage = (u16)(pBt->pageSize - 1);
-   pPage->nOverflow = 0;
--  pPage->cellOffset = pPage->hdrOffset + 8 + pPage->childPtrSize;
-+  pPage->cellOffset = (u16)(pPage->hdrOffset + 8 + pPage->childPtrSize);
-   pPage->aCellIdx = data + pPage->childPtrSize + 8;
-   pPage->aDataEnd = pPage->aData + pBt->pageSize;
-   pPage->aDataOfst = pPage->aData + pPage->childPtrSize;
-@@ -73042,8 +73818,8 @@
- static void zeroPage(MemPage *pPage, int flags){
-   unsigned char *data = pPage->aData;
-   BtShared *pBt = pPage->pBt;
--  u8 hdr = pPage->hdrOffset;
--  u16 first;
-+  int hdr = pPage->hdrOffset;
-+  int first;
- 
-   assert( sqlite3PagerPagenumber(pPage->pDbPage)==pPage->pgno || CORRUPT_DB );
-   assert( sqlite3PagerGetExtra(pPage->pDbPage) == (void*)pPage );
-@@ -73060,7 +73836,7 @@
-   put2byte(&data[hdr+5], pBt->usableSize);
-   pPage->nFree = (u16)(pBt->usableSize - first);
-   decodeFlags(pPage, flags);
--  pPage->cellOffset = first;
-+  pPage->cellOffset = (u16)first;
-   pPage->aDataEnd = &data[pBt->pageSize];
-   pPage->aCellIdx = &data[first];
-   pPage->aDataOfst = &data[pPage->childPtrSize];
-@@ -73846,7 +74622,7 @@
-   BtShared *pBt = p->pBt;
-   assert( nReserve>=0 && nReserve<=255 );
-   sqlite3BtreeEnter(p);
--  pBt->nReserveWanted = nReserve;
-+  pBt->nReserveWanted = (u8)nReserve;
-   x = pBt->pageSize - pBt->usableSize;
-   if( nReserve<x ) nReserve = x;
-   if( pBt->btsFlags & BTS_PAGESIZE_FIXED ){
-@@ -73952,7 +74728,7 @@
-   assert( BTS_FAST_SECURE==(BTS_OVERWRITE|BTS_SECURE_DELETE) );
-   if( newFlag>=0 ){
-     p->pBt->btsFlags &= ~BTS_FAST_SECURE;
--    p->pBt->btsFlags |= BTS_SECURE_DELETE*newFlag;
-+    p->pBt->btsFlags |= (u16)(BTS_SECURE_DELETE*newFlag);
-   }
-   b = (p->pBt->btsFlags & BTS_FAST_SECURE)/BTS_SECURE_DELETE;
-   sqlite3BtreeLeave(p);
-@@ -74472,6 +75248,13 @@
-       (void)sqlite3PagerWalWriteLock(pPager, 0);
-       unlockBtreeIfUnused(pBt);
-     }
-+#if defined(SQLITE_ENABLE_SETLK_TIMEOUT)
-+    if( rc==SQLITE_BUSY_TIMEOUT ){
-+      /* If a blocking lock timed out, break out of the loop here so that
-+      ** the busy-handler is not invoked.  */
-+      break;
-+    }
-+#endif
-   }while( (rc&0xFF)==SQLITE_BUSY && pBt->inTransaction==TRANS_NONE &&
-           btreeInvokeBusyHandler(pBt) );
-   sqlite3PagerWalDb(pPager, 0);
-@@ -76881,7 +77664,7 @@
-           rc = SQLITE_CORRUPT_PAGE(pPage);
-           goto moveto_index_finish;
-         }
--        pCellKey = sqlite3Malloc( nCell+nOverrun );
-+        pCellKey = sqlite3Malloc( (u64)nCell+(u64)nOverrun );
-         if( pCellKey==0 ){
-           rc = SQLITE_NOMEM_BKPT;
-           goto moveto_index_finish;
-@@ -78400,7 +79183,8 @@
-   }
- 
-   /* The pPg->nFree field is now set incorrectly. The caller will fix it. */
--  pPg->nCell = nCell;
-+  assert( nCell < 10922 );
-+  pPg->nCell = (u16)nCell;
-   pPg->nOverflow = 0;
- 
-   put2byte(&aData[hdr+1], 0);
-@@ -78647,9 +79431,13 @@
-   if( pageInsertArray(
-         pPg, pBegin, &pData, pCellptr,
-         iNew+nCell, nNew-nCell, pCArray
--  ) ) goto editpage_fail;
-+      )
-+  ){
-+    goto editpage_fail;
-+  }
- 
--  pPg->nCell = nNew;
-+  assert( nNew < 10922 );
-+  pPg->nCell = (u16)nNew;
-   pPg->nOverflow = 0;
- 
-   put2byte(&aData[hdr+3], pPg->nCell);
-@@ -78958,7 +79746,7 @@
-   int pageFlags;               /* Value of pPage->aData[0] */
-   int iSpace1 = 0;             /* First unused byte of aSpace1[] */
-   int iOvflSpace = 0;          /* First unused byte of aOvflSpace[] */
--  int szScratch;               /* Size of scratch memory requested */
-+  u64 szScratch;               /* Size of scratch memory requested */
-   MemPage *apOld[NB];          /* pPage and up to two siblings */
-   MemPage *apNew[NB+2];        /* pPage and up to NB siblings after balancing */
-   u8 *pRight;                  /* Location in parent of right-sibling pointer */
-@@ -80243,7 +81031,7 @@
-       if( pCur->info.nKey==pX->nKey ){
-         BtreePayload x2;
-         x2.pData = pX->pKey;
--        x2.nData = pX->nKey;
-+        x2.nData = (int)pX->nKey;  assert( pX->nKey<=0x7fffffff );
-         x2.nZero = 0;
-         return btreeOverwriteCell(pCur, &x2);
-       }
-@@ -80424,7 +81212,7 @@
- 
-   getCellInfo(pSrc);
-   if( pSrc->info.nPayload<0x80 ){
--    *(aOut++) = pSrc->info.nPayload;
-+    *(aOut++) = (u8)pSrc->info.nPayload;
-   }else{
-     aOut += sqlite3PutVarint(aOut, pSrc->info.nPayload);
-   }
-@@ -80437,7 +81225,7 @@
-   nRem = pSrc->info.nPayload;
-   if( nIn==nRem && nIn<pDest->pPage->maxLocal ){
-     memcpy(aOut, aIn, nIn);
--    pBt->nPreformatSize = nIn + (aOut - pBt->pTmpSpace);
-+    pBt->nPreformatSize = nIn + (int)(aOut - pBt->pTmpSpace);
-     return SQLITE_OK;
-   }else{
-     int rc = SQLITE_OK;
-@@ -80449,7 +81237,7 @@
-     u32 nOut;                     /* Size of output buffer aOut[] */
- 
-     nOut = btreePayloadToLocal(pDest->pPage, pSrc->info.nPayload);
--    pBt->nPreformatSize = nOut + (aOut - pBt->pTmpSpace);
-+    pBt->nPreformatSize = (int)nOut + (int)(aOut - pBt->pTmpSpace);
-     if( nOut<pSrc->info.nPayload ){
-       pPgnoOut = &aOut[nOut];
-       pBt->nPreformatSize += 4;
-@@ -82070,6 +82858,7 @@
- */
- SQLITE_PRIVATE void *sqlite3BtreeSchema(Btree *p, int nBytes, void(*xFree)(void *)){
-   BtShared *pBt = p->pBt;
-+  assert( nBytes==0 || nBytes==sizeof(Schema) );
-   sqlite3BtreeEnter(p);
-   if( !pBt->pSchema && nBytes ){
-     pBt->pSchema = sqlite3DbMallocZero(0, nBytes);
-@@ -83186,7 +83975,7 @@
- ** corresponding string value, then it is important that the string be
- ** derived from the numeric value, not the other way around, to ensure
- ** that the index and table are consistent.  See ticket
--** https://www.sqlite.org/src/info/343634942dd54ab (2018-01-31) for
-+** https://sqlite.org/src/info/343634942dd54ab (2018-01-31) for
- ** an example.
- **
- ** This routine looks at pMem to verify that if it has both a numeric
-@@ -83372,7 +84161,7 @@
-     return;
-   }
-   if( pMem->enc!=SQLITE_UTF8 ) return;
--  if( NEVER(pMem->z==0) ) return;
-+  assert( pMem->z!=0 );
-   if( pMem->flags & MEM_Dyn ){
-     if( pMem->xDel==sqlite3_free
-      && sqlite3_msize(pMem->z) >= (u64)(pMem->n+1)
-@@ -84485,7 +85274,7 @@
- 
-     if( pRec==0 ){
-       Index *pIdx = p->pIdx;      /* Index being probed */
--      int nByte;                  /* Bytes of space to allocate */
-+      i64 nByte;                  /* Bytes of space to allocate */
-       int i;                      /* Counter variable */
-       int nCol = pIdx->nColumn;   /* Number of index columns including rowid */
- 
-@@ -84551,7 +85340,7 @@
- ){
-   sqlite3_context ctx;            /* Context object for function invocation */
-   sqlite3_value **apVal = 0;      /* Function arguments */
--  int nVal = 0;                   /* Size of apVal[] array */
-+  int nVal = 0;                   /* Number of function arguments */
-   FuncDef *pFunc = 0;             /* Function definition */
-   sqlite3_value *pVal = 0;        /* New value */
-   int rc = SQLITE_OK;             /* Return code */
-@@ -85549,12 +86338,10 @@
-   int eCallCtx          /* Calling context */
- ){
-   Vdbe *v = pParse->pVdbe;
--  int nByte;
-   int addr;
-   sqlite3_context *pCtx;
-   assert( v );
--  nByte = sizeof(*pCtx) + (nArg-1)*sizeof(sqlite3_value*);
--  pCtx = sqlite3DbMallocRawNN(pParse->db, nByte);
-+  pCtx = sqlite3DbMallocRawNN(pParse->db, SZ_CONTEXT(nArg));
-   if( pCtx==0 ){
-     assert( pParse->db->mallocFailed );
-     freeEphemeralFunction(pParse->db, (FuncDef*)pFunc);
-@@ -85830,7 +86617,7 @@
-     }
- 
-     if( pRet->p4type==P4_SUBPROGRAM ){
--      int nByte = (p->nSub+1)*sizeof(SubProgram*);
-+      i64 nByte = (1+(u64)p->nSub)*sizeof(SubProgram*);
-       int j;
-       for(j=0; j<p->nSub; j++){
-         if( p->apSub[j]==pRet->p4.pProgram ) break;
-@@ -85960,8 +86747,8 @@
- ** (1) For each jump instruction with a negative P2 value (a label)
- **     resolve the P2 value to an actual address.
- **
--** (2) Compute the maximum number of arguments used by any SQL function
--**     and store that value in *pMaxFuncArgs.
-+** (2) Compute the maximum number of arguments used by the xUpdate/xFilter
-+**     methods of any virtual table and store that value in *pMaxVtabArgs.
- **
- ** (3) Update the Vdbe.readOnly and Vdbe.bIsReader flags to accurately
- **     indicate what the prepared statement actually does.
-@@ -85974,8 +86761,8 @@
- ** script numbers the opcodes correctly.  Changes to this routine must be
- ** coordinated with changes to mkopcodeh.tcl.
- */
--static void resolveP2Values(Vdbe *p, int *pMaxFuncArgs){
--  int nMaxArgs = *pMaxFuncArgs;
-+static void resolveP2Values(Vdbe *p, int *pMaxVtabArgs){
-+  int nMaxVtabArgs = *pMaxVtabArgs;
-   Op *pOp;
-   Parse *pParse = p->pParse;
-   int *aLabel = pParse->aLabel;
-@@ -86020,15 +86807,19 @@
-         }
- #ifndef SQLITE_OMIT_VIRTUALTABLE
-         case OP_VUpdate: {
--          if( pOp->p2>nMaxArgs ) nMaxArgs = pOp->p2;
-+          if( pOp->p2>nMaxVtabArgs ) nMaxVtabArgs = pOp->p2;
-           break;
-         }
-         case OP_VFilter: {
-           int n;
-+          /* The instruction immediately prior to VFilter will be an
-+          ** OP_Integer that sets the "argc" value for the VFilter.  See
-+          ** the code where OP_VFilter is generated at tag-20250207a. */
-           assert( (pOp - p->aOp) >= 3 );
-           assert( pOp[-1].opcode==OP_Integer );
-+          assert( pOp[-1].p2==pOp->p3+1 );
-           n = pOp[-1].p1;
--          if( n>nMaxArgs ) nMaxArgs = n;
-+          if( n>nMaxVtabArgs ) nMaxVtabArgs = n;
-           /* Fall through into the default case */
-           /* no break */ deliberate_fall_through
-         }
-@@ -86069,7 +86860,7 @@
-     pParse->aLabel = 0;
-   }
-   pParse->nLabel = 0;
--  *pMaxFuncArgs = nMaxArgs;
-+  *pMaxVtabArgs = nMaxVtabArgs;
-   assert( p->bIsReader!=0 || DbMaskAllZero(p->btreeMask) );
- }
- 
-@@ -86298,7 +87089,7 @@
-   const char *zName               /* Name of table or index being scanned */
- ){
-   if( IS_STMT_SCANSTATUS(p->db) ){
--    sqlite3_int64 nByte = (p->nScan+1) * sizeof(ScanStatus);
-+    i64 nByte = (1+(i64)p->nScan) * sizeof(ScanStatus);
-     ScanStatus *aNew;
-     aNew = (ScanStatus*)sqlite3DbRealloc(p->db, p->aScan, nByte);
-     if( aNew ){
-@@ -86408,6 +87199,9 @@
- */
- SQLITE_PRIVATE void sqlite3VdbeTypeofColumn(Vdbe *p, int iDest){
-   VdbeOp *pOp = sqlite3VdbeGetLastOp(p);
-+#ifdef SQLITE_DEBUG
-+  while( pOp->opcode==OP_ReleaseReg ) pOp--;
-+#endif
-   if( pOp->p3==iDest && pOp->opcode==OP_Column ){
-     pOp->p5 |= OPFLAG_TYPEOFARG;
-   }
-@@ -87747,7 +88541,7 @@
-   int nVar;                      /* Number of parameters */
-   int nMem;                      /* Number of VM memory registers */
-   int nCursor;                   /* Number of cursors required */
--  int nArg;                      /* Number of arguments in subprograms */
-+  int nArg;                      /* Max number args to xFilter or xUpdate */
-   int n;                         /* Loop counter */
-   struct ReusableSpace x;        /* Reusable bulk memory */
- 
-@@ -87819,6 +88613,9 @@
-       p->apCsr = allocSpace(&x, p->apCsr, nCursor*sizeof(VdbeCursor*));
-     }
-   }
-+#ifdef SQLITE_DEBUG
-+  p->napArg = nArg;
-+#endif
- 
-   if( db->mallocFailed ){
-     p->nVar = 0;
-@@ -89316,6 +90113,7 @@
- ){
-   UnpackedRecord *p;              /* Unpacked record to return */
-   int nByte;                      /* Number of bytes required for *p */
-+  assert( sizeof(UnpackedRecord) + sizeof(Mem)*65536 < 0x7fffffff );
-   nByte = ROUND8P(sizeof(UnpackedRecord)) + sizeof(Mem)*(pKeyInfo->nKeyField+1);
-   p = (UnpackedRecord *)sqlite3DbMallocRaw(pKeyInfo->db, nByte);
-   if( !p ) return 0;
-@@ -90622,10 +91420,11 @@
-   preupdate.pCsr = pCsr;
-   preupdate.op = op;
-   preupdate.iNewReg = iReg;
--  preupdate.keyinfo.db = db;
--  preupdate.keyinfo.enc = ENC(db);
--  preupdate.keyinfo.nKeyField = pTab->nCol;
--  preupdate.keyinfo.aSortFlags = (u8*)&fakeSortOrder;
-+  preupdate.pKeyinfo = (KeyInfo*)&preupdate.keyinfoSpace;
-+  preupdate.pKeyinfo->db = db;
-+  preupdate.pKeyinfo->enc = ENC(db);
-+  preupdate.pKeyinfo->nKeyField = pTab->nCol;
-+  preupdate.pKeyinfo->aSortFlags = (u8*)&fakeSortOrder;
-   preupdate.iKey1 = iKey1;
-   preupdate.iKey2 = iKey2;
-   preupdate.pTab = pTab;
-@@ -90635,8 +91434,8 @@
-   db->xPreUpdateCallback(db->pPreUpdateArg, db, op, zDb, zTbl, iKey1, iKey2);
-   db->pPreUpdate = 0;
-   sqlite3DbFree(db, preupdate.aRecord);
--  vdbeFreeUnpacked(db, preupdate.keyinfo.nKeyField+1, preupdate.pUnpacked);
--  vdbeFreeUnpacked(db, preupdate.keyinfo.nKeyField+1, preupdate.pNewUnpacked);
-+  vdbeFreeUnpacked(db, preupdate.pKeyinfo->nKeyField+1,preupdate.pUnpacked);
-+  vdbeFreeUnpacked(db, preupdate.pKeyinfo->nKeyField+1,preupdate.pNewUnpacked);
-   sqlite3VdbeMemRelease(&preupdate.oldipk);
-   if( preupdate.aNew ){
-     int i;
-@@ -92467,7 +93266,7 @@
-   assert( xDel!=SQLITE_DYNAMIC );
-   if( enc!=SQLITE_UTF8 ){
-     if( enc==SQLITE_UTF16 ) enc = SQLITE_UTF16NATIVE;
--    nData &= ~(u16)1;
-+    nData &= ~(u64)1;
-   }
-   return bindText(pStmt, i, zData, nData, xDel, enc);
- }
-@@ -92875,7 +93674,7 @@
-       if( !aRec ) goto preupdate_old_out;
-       rc = sqlite3BtreePayload(p->pCsr->uc.pCursor, 0, nRec, aRec);
-       if( rc==SQLITE_OK ){
--        p->pUnpacked = vdbeUnpackRecord(&p->keyinfo, nRec, aRec);
-+        p->pUnpacked = vdbeUnpackRecord(p->pKeyinfo, nRec, aRec);
-         if( !p->pUnpacked ) rc = SQLITE_NOMEM;
-       }
-       if( rc!=SQLITE_OK ){
-@@ -92892,7 +93691,9 @@
-       Column *pCol = &p->pTab->aCol[iIdx];
-       if( pCol->iDflt>0 ){
-         if( p->apDflt==0 ){
--          int nByte = sizeof(sqlite3_value*)*p->pTab->nCol;
-+          int nByte;
-+          assert( sizeof(sqlite3_value*)*UMXV(p->pTab->nCol) < 0x7fffffff );
-+          nByte = sizeof(sqlite3_value*)*p->pTab->nCol;
-           p->apDflt = (sqlite3_value**)sqlite3DbMallocZero(db, nByte);
-           if( p->apDflt==0 ) goto preupdate_old_out;
-         }
-@@ -92938,7 +93739,7 @@
- #else
-   p = db->pPreUpdate;
- #endif
--  return (p ? p->keyinfo.nKeyField : 0);
-+  return (p ? p->pKeyinfo->nKeyField : 0);
- }
- #endif /* SQLITE_ENABLE_PREUPDATE_HOOK */
- 
-@@ -93021,7 +93822,7 @@
-       Mem *pData = &p->v->aMem[p->iNewReg];
-       rc = ExpandBlob(pData);
-       if( rc!=SQLITE_OK ) goto preupdate_new_out;
--      pUnpack = vdbeUnpackRecord(&p->keyinfo, pData->n, pData->z);
-+      pUnpack = vdbeUnpackRecord(p->pKeyinfo, pData->n, pData->z);
-       if( !pUnpack ){
-         rc = SQLITE_NOMEM;
-         goto preupdate_new_out;
-@@ -93042,7 +93843,8 @@
-     */
-     assert( p->op==SQLITE_UPDATE );
-     if( !p->aNew ){
--      p->aNew = (Mem *)sqlite3DbMallocZero(db, sizeof(Mem) * p->pCsr->nField);
-+      assert( sizeof(Mem)*UMXV(p->pCsr->nField) < 0x7fffffff );
-+      p->aNew = (Mem *)sqlite3DbMallocZero(db, sizeof(Mem)*p->pCsr->nField);
-       if( !p->aNew ){
-         rc = SQLITE_NOMEM;
-         goto preupdate_new_out;
-@@ -93812,11 +94614,11 @@
-   */
-   Mem *pMem = iCur>0 ? &p->aMem[p->nMem-iCur] : p->aMem;
- 
--  int nByte;
-+  i64 nByte;
-   VdbeCursor *pCx = 0;
--  nByte =
--      ROUND8P(sizeof(VdbeCursor)) + 2*sizeof(u32)*nField +
--      (eCurType==CURTYPE_BTREE?sqlite3BtreeCursorSize():0);
-+  nByte = SZ_VDBECURSOR(nField);
-+  assert( ROUND8(nByte)==nByte );
-+  if( eCurType==CURTYPE_BTREE ) nByte += sqlite3BtreeCursorSize();
- 
-   assert( iCur>=0 && iCur<p->nCursor );
-   if( p->apCsr[iCur] ){ /*OPTIMIZATION-IF-FALSE*/
-@@ -93840,7 +94642,7 @@
-       pMem->szMalloc = 0;
-       return 0;
-     }
--    pMem->szMalloc = nByte;
-+    pMem->szMalloc = (int)nByte;
-   }
- 
-   p->apCsr[iCur] = pCx = (VdbeCursor*)pMem->zMalloc;
-@@ -93849,8 +94651,8 @@
-   pCx->nField = nField;
-   pCx->aOffset = &pCx->aType[nField];
-   if( eCurType==CURTYPE_BTREE ){
--    pCx->uc.pCursor = (BtCursor*)
--        &pMem->z[ROUND8P(sizeof(VdbeCursor))+2*sizeof(u32)*nField];
-+    assert( ROUND8(SZ_VDBECURSOR(nField))==SZ_VDBECURSOR(nField) );
-+    pCx->uc.pCursor = (BtCursor*)&pMem->z[SZ_VDBECURSOR(nField)];
-     sqlite3BtreeCursorZero(pCx->uc.pCursor);
-   }
-   return pCx;
-@@ -94854,7 +95656,7 @@
-       sqlite3VdbeError(p, "%s", pOp->p4.z);
-     }
-     pcx = (int)(pOp - aOp);
--    sqlite3_log(pOp->p1, "abort at %d in [%s]: %s", pcx, p->zSql, p->zErrMsg);
-+    sqlite3_log(pOp->p1, "abort at %d: %s; [%s]", pcx, p->zErrMsg, p->zSql);
-   }
-   rc = sqlite3VdbeHalt(p);
-   assert( rc==SQLITE_BUSY || rc==SQLITE_OK || rc==SQLITE_ERROR );
-@@ -96180,7 +96982,7 @@
-   break;
- }
- 
--/* Opcode: Once P1 P2 * * *
-+/* Opcode: Once P1 P2 P3 * *
- **
- ** Fall through to the next instruction the first time this opcode is
- ** encountered on each invocation of the byte-code program.  Jump to P2
-@@ -96196,6 +96998,12 @@
- ** whether or not the jump should be taken.  The bitmask is necessary
- ** because the self-altering code trick does not work for recursive
- ** triggers.
-+**
-+** The P3 operand is not used directly by this opcode.  However P3 is
-+** used by the code generator as follows:  If this opcode is the start
-+** of a subroutine and that subroutine uses a Bloom filter, then P3 will
-+** be the register that holds that Bloom filter.  See tag-202407032019
-+** in the source code for implementation details.
- */
- case OP_Once: {             /* jump */
-   u32 iAddr;                /* Address of this instruction */
-@@ -97241,6 +98049,7 @@
-       zHdr += sqlite3PutVarint(zHdr, serial_type);
-       if( pRec->n ){
-         assert( pRec->z!=0 );
-+        assert( pRec->z!=(const char*)sqlite3CtypeMap );
-         memcpy(zPayload, pRec->z, pRec->n);
-         zPayload += pRec->n;
-       }
-@@ -99592,7 +100401,7 @@
-   /* The OP_RowData opcodes always follow OP_NotExists or
-   ** OP_SeekRowid or OP_Rewind/Op_Next with no intervening instructions
-   ** that might invalidate the cursor.
--  ** If this where not the case, on of the following assert()s
-+  ** If this were not the case, one of the following assert()s
-   ** would fail.  Should this ever change (because of changes in the code
-   ** generator) then the fix would be to insert a call to
-   ** sqlite3VdbeCursorMoveto().
-@@ -100861,7 +101670,7 @@
- */
- case OP_Program: {        /* jump0 */
-   int nMem;               /* Number of memory registers for sub-program */
--  int nByte;              /* Bytes of runtime space required for sub-program */
-+  i64 nByte;              /* Bytes of runtime space required for sub-program */
-   Mem *pRt;               /* Register to allocate runtime space */
-   Mem *pMem;              /* Used to iterate through memory cells */
-   Mem *pEnd;              /* Last memory cell in new array */
-@@ -100912,7 +101721,7 @@
-     nByte = ROUND8(sizeof(VdbeFrame))
-               + nMem * sizeof(Mem)
-               + pProgram->nCsr * sizeof(VdbeCursor*)
--              + (pProgram->nOp + 7)/8;
-+              + (7 + (i64)pProgram->nOp)/8;
-     pFrame = sqlite3DbMallocZero(db, nByte);
-     if( !pFrame ){
-       goto no_mem;
-@@ -100920,7 +101729,7 @@
-     sqlite3VdbeMemRelease(pRt);
-     pRt->flags = MEM_Blob|MEM_Dyn;
-     pRt->z = (char*)pFrame;
--    pRt->n = nByte;
-+    pRt->n = (int)nByte;
-     pRt->xDel = sqlite3VdbeFrameMemDel;
- 
-     pFrame->v = p;
-@@ -101019,12 +101828,14 @@
- ** statement counter is incremented (immediate foreign key constraints).
- */
- case OP_FkCounter: {
--  if( db->flags & SQLITE_DeferFKs ){
--    db->nDeferredImmCons += pOp->p2;
--  }else if( pOp->p1 ){
-+  if( pOp->p1 ){
-     db->nDeferredCons += pOp->p2;
-   }else{
--    p->nFkConstraint += pOp->p2;
-+    if( db->flags & SQLITE_DeferFKs ){
-+      db->nDeferredImmCons += pOp->p2;
-+    }else{
-+      p->nFkConstraint += pOp->p2;
-+    }
-   }
-   break;
- }
-@@ -101239,7 +102050,7 @@
-   **
-   ** Note: We could avoid this by using a regular memory cell from aMem[] for
-   ** the accumulator, instead of allocating one here. */
--  nAlloc = ROUND8P( sizeof(pCtx[0]) + (n-1)*sizeof(sqlite3_value*) );
-+  nAlloc = ROUND8P( SZ_CONTEXT(n) );
-   pCtx = sqlite3DbMallocRawNN(db, nAlloc + sizeof(Mem));
-   if( pCtx==0 ) goto no_mem;
-   pCtx->pOut = (Mem*)((u8*)pCtx + nAlloc);
-@@ -101899,6 +102710,7 @@
- 
-   /* Invoke the xFilter method */
-   apArg = p->apArg;
-+  assert( nArg<=p->napArg );
-   for(i = 0; i<nArg; i++){
-     apArg[i] = &pArgc[i+1];
-   }
-@@ -102109,6 +102921,7 @@
-     u8 vtabOnConflict = db->vtabOnConflict;
-     apArg = p->apArg;
-     pX = &aMem[pOp->p3];
-+    assert( nArg<=p->napArg );
-     for(i=0; i<nArg; i++){
-       assert( memIsValid(pX) );
-       memAboutToChange(p, pX);
-@@ -102685,8 +103498,8 @@
-   p->rc = rc;
-   sqlite3SystemError(db, rc);
-   testcase( sqlite3GlobalConfig.xLog!=0 );
--  sqlite3_log(rc, "statement aborts at %d: [%s] %s",
--                   (int)(pOp - aOp), p->zSql, p->zErrMsg);
-+  sqlite3_log(rc, "statement aborts at %d: %s; [%s]",
-+                   (int)(pOp - aOp), p->zErrMsg, p->zSql);
-   if( p->eVdbeState==VDBE_RUN_STATE ) sqlite3VdbeHalt(p);
-   if( rc==SQLITE_IOERR_NOMEM ) sqlite3OomFault(db);
-   if( rc==SQLITE_CORRUPT && db->autoCommit==0 ){
-@@ -102895,6 +103708,7 @@
-   char *zErr = 0;
-   Table *pTab;
-   Incrblob *pBlob = 0;
-+  int iDb;
-   Parse sParse;
- 
- #ifdef SQLITE_ENABLE_API_ARMOR
-@@ -102940,7 +103754,10 @@
-       sqlite3ErrorMsg(&sParse, "cannot open view: %s", zTable);
-     }
- #endif
--    if( !pTab ){
-+    if( pTab==0
-+     || ((iDb = sqlite3SchemaToIndex(db, pTab->pSchema))==1 &&
-+         sqlite3OpenTempDatabase(&sParse))
-+    ){
-       if( sParse.zErrMsg ){
-         sqlite3DbFree(db, zErr);
-         zErr = sParse.zErrMsg;
-@@ -102951,15 +103768,11 @@
-       goto blob_open_out;
-     }
-     pBlob->pTab = pTab;
--    pBlob->zDb = db->aDb[sqlite3SchemaToIndex(db, pTab->pSchema)].zDbSName;
-+    pBlob->zDb = db->aDb[iDb].zDbSName;
- 
-     /* Now search pTab for the exact column. */
--    for(iCol=0; iCol<pTab->nCol; iCol++) {
--      if( sqlite3StrICmp(pTab->aCol[iCol].zCnName, zColumn)==0 ){
--        break;
--      }
--    }
--    if( iCol==pTab->nCol ){
-+    iCol = sqlite3ColumnIndex(pTab, zColumn);
-+    if( iCol<0 ){
-       sqlite3DbFree(db, zErr);
-       zErr = sqlite3MPrintf(db, "no such column: \"%s\"", zColumn);
-       rc = SQLITE_ERROR;
-@@ -103039,7 +103852,6 @@
-         {OP_Halt,           0, 0, 0},  /* 5  */
-       };
-       Vdbe *v = (Vdbe *)pBlob->pStmt;
--      int iDb = sqlite3SchemaToIndex(db, pTab->pSchema);
-       VdbeOp *aOp;
- 
-       sqlite3VdbeAddOp4Int(v, OP_Transaction, iDb, wrFlag,
-@@ -103617,9 +104429,12 @@
-   u8 iPrev;                       /* Previous thread used to flush PMA */
-   u8 nTask;                       /* Size of aTask[] array */
-   u8 typeMask;
--  SortSubtask aTask[1];           /* One or more subtasks */
-+  SortSubtask aTask[FLEXARRAY];   /* One or more subtasks */
- };
- 
-+/* Size (in bytes) of a VdbeSorter object that works with N or fewer subtasks */
-+#define SZ_VDBESORTER(N)  (offsetof(VdbeSorter,aTask)+(N)*sizeof(SortSubtask))
-+
- #define SORTER_TYPE_INTEGER 0x01
- #define SORTER_TYPE_TEXT    0x02
- 
-@@ -104221,7 +105036,7 @@
-   VdbeSorter *pSorter;            /* The new sorter */
-   KeyInfo *pKeyInfo;              /* Copy of pCsr->pKeyInfo with db==0 */
-   int szKeyInfo;                  /* Size of pCsr->pKeyInfo in bytes */
--  int sz;                         /* Size of pSorter in bytes */
-+  i64 sz;                         /* Size of pSorter in bytes */
-   int rc = SQLITE_OK;
- #if SQLITE_MAX_WORKER_THREADS==0
- # define nWorker 0
-@@ -104249,8 +105064,10 @@
-   assert( pCsr->pKeyInfo );
-   assert( !pCsr->isEphemeral );
-   assert( pCsr->eCurType==CURTYPE_SORTER );
--  szKeyInfo = sizeof(KeyInfo) + (pCsr->pKeyInfo->nKeyField-1)*sizeof(CollSeq*);
--  sz = sizeof(VdbeSorter) + nWorker * sizeof(SortSubtask);
-+  assert( sizeof(KeyInfo) + UMXV(pCsr->pKeyInfo->nKeyField)*sizeof(CollSeq*)
-+               < 0x7fffffff );
-+  szKeyInfo = SZ_KEYINFO(pCsr->pKeyInfo->nKeyField);
-+  sz = SZ_VDBESORTER(nWorker+1);
- 
-   pSorter = (VdbeSorter*)sqlite3DbMallocZero(db, sz + szKeyInfo);
-   pCsr->uc.pSorter = pSorter;
-@@ -104462,7 +105279,7 @@
- */
- static MergeEngine *vdbeMergeEngineNew(int nReader){
-   int N = 2;                      /* Smallest power of two >= nReader */
--  int nByte;                      /* Total bytes of space to allocate */
-+  i64 nByte;                      /* Total bytes of space to allocate */
-   MergeEngine *pNew;              /* Pointer to allocated object to return */
- 
-   assert( nReader<=SORTER_MAX_MERGE_COUNT );
-@@ -104714,6 +105531,10 @@
-     p->u.pNext = 0;
-     for(i=0; aSlot[i]; i++){
-       p = vdbeSorterMerge(pTask, p, aSlot[i]);
-+      /* ,--Each aSlot[] holds twice as much as the previous. So we cannot use
-+      ** |  up all 64 aSlots[] with only a 64-bit address space.
-+      ** v                                                                */
-+      assert( i<ArraySize(aSlot) );
-       aSlot[i] = 0;
-     }
-     aSlot[i] = p;
-@@ -107505,7 +108326,6 @@
-   Schema *pSchema = 0;              /* Schema of the expression */
-   int eNewExprOp = TK_COLUMN;       /* New value for pExpr->op on success */
-   Table *pTab = 0;                  /* Table holding the row */
--  Column *pCol;                     /* A column of pTab */
-   ExprList *pFJMatch = 0;           /* Matches for FULL JOIN .. USING */
-   const char *zCol = pRight->u.zToken;
- 
-@@ -107556,7 +108376,6 @@
- 
-     if( pSrcList ){
-       for(i=0, pItem=pSrcList->a; i<pSrcList->nSrc; i++, pItem++){
--        u8 hCol;
-         pTab = pItem->pSTab;
-         assert( pTab!=0 && pTab->zName!=0 );
-         assert( pTab->nCol>0 || pParse->nErr );
-@@ -107644,43 +108463,38 @@
-             sqlite3RenameTokenRemap(pParse, 0, (void*)&pExpr->y.pTab);
-           }
-         }
--        hCol = sqlite3StrIHash(zCol);
--        for(j=0, pCol=pTab->aCol; j<pTab->nCol; j++, pCol++){
--          if( pCol->hName==hCol
--           && sqlite3StrICmp(pCol->zCnName, zCol)==0
--          ){
--            if( cnt>0 ){
--              if( pItem->fg.isUsing==0
--               || sqlite3IdListIndex(pItem->u3.pUsing, zCol)<0
--              ){
--                /* Two or more tables have the same column name which is
--                ** not joined by USING.  This is an error.  Signal as much
--                ** by clearing pFJMatch and letting cnt go above 1. */
--                sqlite3ExprListDelete(db, pFJMatch);
--                pFJMatch = 0;
--              }else
--              if( (pItem->fg.jointype & JT_RIGHT)==0 ){
--                /* An INNER or LEFT JOIN.  Use the left-most table */
--                continue;
--              }else
--              if( (pItem->fg.jointype & JT_LEFT)==0 ){
--                /* A RIGHT JOIN.  Use the right-most table */
--                cnt = 0;
--                sqlite3ExprListDelete(db, pFJMatch);
--                pFJMatch = 0;
--              }else{
--                /* For a FULL JOIN, we must construct a coalesce() func */
--                extendFJMatch(pParse, &pFJMatch, pMatch, pExpr->iColumn);
--              }
--            }
--            cnt++;
--            pMatch = pItem;
--            /* Substitute the rowid (column -1) for the INTEGER PRIMARY KEY */
--            pExpr->iColumn = j==pTab->iPKey ? -1 : (i16)j;
--            if( pItem->fg.isNestedFrom ){
--              sqlite3SrcItemColumnUsed(pItem, j);
-+        j = sqlite3ColumnIndex(pTab, zCol);
-+        if( j>=0 ){
-+          if( cnt>0 ){
-+            if( pItem->fg.isUsing==0
-+             || sqlite3IdListIndex(pItem->u3.pUsing, zCol)<0
-+            ){
-+              /* Two or more tables have the same column name which is
-+              ** not joined by USING.  This is an error.  Signal as much
-+              ** by clearing pFJMatch and letting cnt go above 1. */
-+              sqlite3ExprListDelete(db, pFJMatch);
-+              pFJMatch = 0;
-+            }else
-+            if( (pItem->fg.jointype & JT_RIGHT)==0 ){
-+              /* An INNER or LEFT JOIN.  Use the left-most table */
-+              continue;
-+            }else
-+            if( (pItem->fg.jointype & JT_LEFT)==0 ){
-+              /* A RIGHT JOIN.  Use the right-most table */
-+              cnt = 0;
-+              sqlite3ExprListDelete(db, pFJMatch);
-+              pFJMatch = 0;
-+            }else{
-+              /* For a FULL JOIN, we must construct a coalesce() func */
-+              extendFJMatch(pParse, &pFJMatch, pMatch, pExpr->iColumn);
-             }
--            break;
-+          }
-+          cnt++;
-+          pMatch = pItem;
-+          /* Substitute the rowid (column -1) for the INTEGER PRIMARY KEY */
-+          pExpr->iColumn = j==pTab->iPKey ? -1 : (i16)j;
-+          if( pItem->fg.isNestedFrom ){
-+            sqlite3SrcItemColumnUsed(pItem, j);
-           }
-         }
-         if( 0==cnt && VisibleRowid(pTab) ){
-@@ -107770,23 +108584,18 @@
- 
-       if( pTab ){
-         int iCol;
--        u8 hCol = sqlite3StrIHash(zCol);
-         pSchema = pTab->pSchema;
-         cntTab++;
--        for(iCol=0, pCol=pTab->aCol; iCol<pTab->nCol; iCol++, pCol++){
--          if( pCol->hName==hCol
--           && sqlite3StrICmp(pCol->zCnName, zCol)==0
--          ){
--            if( iCol==pTab->iPKey ){
--              iCol = -1;
--            }
--            break;
-+        iCol = sqlite3ColumnIndex(pTab, zCol);
-+        if( iCol>=0 ){
-+          if( pTab->iPKey==iCol ) iCol = -1;
-+        }else{
-+          if( sqlite3IsRowid(zCol) && VisibleRowid(pTab) ){
-+            iCol = -1;
-+          }else{
-+            iCol = pTab->nCol;
-           }
-         }
--        if( iCol>=pTab->nCol && sqlite3IsRowid(zCol) && VisibleRowid(pTab) ){
--          /* IMP: R-51414-32910 */
--          iCol = -1;
--        }
-         if( iCol<pTab->nCol ){
-           cnt++;
-           pMatch = 0;
-@@ -108425,13 +109234,12 @@
-           ** sqlite_version() that might change over time cannot be used
-           ** in an index or generated column.  Curiously, they can be used
-           ** in a CHECK constraint.  SQLServer, MySQL, and PostgreSQL all
--          ** all this. */
-+          ** allow this. */
-           sqlite3ResolveNotValid(pParse, pNC, "non-deterministic functions",
-                                  NC_IdxExpr|NC_PartIdx|NC_GenCol, 0, pExpr);
-         }else{
-           assert( (NC_SelfRef & 0xff)==NC_SelfRef ); /* Must fit in 8 bits */
-           pExpr->op2 = pNC->ncFlags & NC_SelfRef;
--          if( pNC->ncFlags & NC_FromDDL ) ExprSetProperty(pExpr, EP_FromDDL);
-         }
-         if( (pDef->funcFlags & SQLITE_FUNC_INTERNAL)!=0
-          && pParse->nested==0
-@@ -108447,6 +109255,7 @@
-         if( (pDef->funcFlags & (SQLITE_FUNC_DIRECT|SQLITE_FUNC_UNSAFE))!=0
-          && !IN_RENAME_OBJECT
-         ){
-+          if( pNC->ncFlags & NC_FromDDL ) ExprSetProperty(pExpr, EP_FromDDL);
-           sqlite3ExprFunctionUsable(pParse, pExpr, pDef);
-         }
-       }
-@@ -109500,20 +110309,22 @@
-   Expr *pExpr,     /* Expression to resolve.  May be NULL. */
-   ExprList *pList  /* Expression list to resolve.  May be NULL. */
- ){
--  SrcList sSrc;                   /* Fake SrcList for pParse->pNewTable */
-+  SrcList *pSrc;                  /* Fake SrcList for pParse->pNewTable */
-   NameContext sNC;                /* Name context for pParse->pNewTable */
-   int rc;
-+  u8 srcSpace[SZ_SRCLIST_1];     /* Memory space for the fake SrcList */
- 
-   assert( type==0 || pTab!=0 );
-   assert( type==NC_IsCheck || type==NC_PartIdx || type==NC_IdxExpr
-           || type==NC_GenCol || pTab==0 );
-   memset(&sNC, 0, sizeof(sNC));
--  memset(&sSrc, 0, sizeof(sSrc));
-+  pSrc = (SrcList*)srcSpace;
-+  memset(pSrc, 0, SZ_SRCLIST_1);
-   if( pTab ){
--    sSrc.nSrc = 1;
--    sSrc.a[0].zName = pTab->zName;
--    sSrc.a[0].pSTab = pTab;
--    sSrc.a[0].iCursor = -1;
-+    pSrc->nSrc = 1;
-+    pSrc->a[0].zName = pTab->zName;
-+    pSrc->a[0].pSTab = pTab;
-+    pSrc->a[0].iCursor = -1;
-     if( pTab->pSchema!=pParse->db->aDb[1].pSchema ){
-       /* Cause EP_FromDDL to be set on TK_FUNCTION nodes of non-TEMP
-       ** schema elements */
-@@ -109521,7 +110332,7 @@
-     }
-   }
-   sNC.pParse = pParse;
--  sNC.pSrcList = &sSrc;
-+  sNC.pSrcList = pSrc;
-   sNC.ncFlags = type | NC_IsDDL;
-   if( (rc = sqlite3ResolveExprNames(&sNC, pExpr))!=SQLITE_OK ) return rc;
-   if( pList ) rc = sqlite3ResolveExprListNames(&sNC, pList);
-@@ -109605,7 +110416,9 @@
-           pExpr->pLeft->x.pSelect->pEList->a[pExpr->iColumn].pExpr
-       );
-     }
--    if( op==TK_VECTOR ){
-+    if( op==TK_VECTOR
-+     || (op==TK_FUNCTION && pExpr->affExpr==SQLITE_AFF_DEFER)
-+    ){
-       assert( ExprUseXList(pExpr) );
-       return sqlite3ExprAffinity(pExpr->x.pList->a[0].pExpr);
-     }
-@@ -109798,7 +110611,9 @@
-       p = p->pLeft;
-       continue;
-     }
--    if( op==TK_VECTOR ){
-+    if( op==TK_VECTOR
-+     || (op==TK_FUNCTION && p->affExpr==SQLITE_AFF_DEFER)
-+    ){
-       assert( ExprUseXList(p) );
-       p = p->x.pList->a[0].pExpr;
-       continue;
-@@ -110672,7 +111487,7 @@
-     return pLeft;
-   }else{
-     u32 f = pLeft->flags | pRight->flags;
--    if( (f&(EP_OuterON|EP_InnerON|EP_IsFalse))==EP_IsFalse
-+    if( (f&(EP_OuterON|EP_InnerON|EP_IsFalse|EP_HasFunc))==EP_IsFalse
-      && !IN_RENAME_OBJECT
-     ){
-       sqlite3ExprDeferredDelete(pParse, pLeft);
-@@ -111270,7 +112085,7 @@
- SQLITE_PRIVATE With *sqlite3WithDup(sqlite3 *db, With *p){
-   With *pRet = 0;
-   if( p ){
--    sqlite3_int64 nByte = sizeof(*p) + sizeof(p->a[0]) * (p->nCte-1);
-+    sqlite3_int64 nByte = SZ_WITH(p->nCte);
-     pRet = sqlite3DbMallocZero(db, nByte);
-     if( pRet ){
-       int i;
-@@ -111381,7 +112196,6 @@
-     }
-     pItem->zEName = sqlite3DbStrDup(db, pOldItem->zEName);
-     pItem->fg = pOldItem->fg;
--    pItem->fg.done = 0;
-     pItem->u = pOldItem->u;
-   }
-   return pNew;
-@@ -111398,11 +112212,9 @@
- SQLITE_PRIVATE SrcList *sqlite3SrcListDup(sqlite3 *db, const SrcList *p, int flags){
-   SrcList *pNew;
-   int i;
--  int nByte;
-   assert( db!=0 );
-   if( p==0 ) return 0;
--  nByte = sizeof(*p) + (p->nSrc>0 ? sizeof(p->a[0]) * (p->nSrc-1) : 0);
--  pNew = sqlite3DbMallocRawNN(db, nByte );
-+  pNew = sqlite3DbMallocRawNN(db, SZ_SRCLIST(p->nSrc) );
-   if( pNew==0 ) return 0;
-   pNew->nSrc = pNew->nAlloc = p->nSrc;
-   for(i=0; i<p->nSrc; i++){
-@@ -111464,7 +112276,7 @@
-   int i;
-   assert( db!=0 );
-   if( p==0 ) return 0;
--  pNew = sqlite3DbMallocRawNN(db, sizeof(*pNew)+(p->nId-1)*sizeof(p->a[0]) );
-+  pNew = sqlite3DbMallocRawNN(db, SZ_IDLIST(p->nId));
-   if( pNew==0 ) return 0;
-   pNew->nId = p->nId;
-   for(i=0; i<p->nId; i++){
-@@ -111496,7 +112308,7 @@
-     pNew->pLimit = sqlite3ExprDup(db, p->pLimit, flags);
-     pNew->iLimit = 0;
-     pNew->iOffset = 0;
--    pNew->selFlags = p->selFlags & ~SF_UsesEphemeral;
-+    pNew->selFlags = p->selFlags & ~(u32)SF_UsesEphemeral;
-     pNew->addrOpenEphm[0] = -1;
-     pNew->addrOpenEphm[1] = -1;
-     pNew->nSelectRow = p->nSelectRow;
-@@ -111548,7 +112360,7 @@
-   struct ExprList_item *pItem;
-   ExprList *pList;
- 
--  pList = sqlite3DbMallocRawNN(db, sizeof(ExprList)+sizeof(pList->a[0])*4 );
-+  pList = sqlite3DbMallocRawNN(db, SZ_EXPRLIST(4));
-   if( pList==0 ){
-     sqlite3ExprDelete(db, pExpr);
-     return 0;
-@@ -111568,8 +112380,7 @@
-   struct ExprList_item *pItem;
-   ExprList *pNew;
-   pList->nAlloc *= 2;
--  pNew = sqlite3DbRealloc(db, pList,
--       sizeof(*pList)+(pList->nAlloc-1)*sizeof(pList->a[0]));
-+  pNew = sqlite3DbRealloc(db, pList, SZ_EXPRLIST(pList->nAlloc));
-   if( pNew==0 ){
-     sqlite3ExprListDelete(db, pList);
-     sqlite3ExprDelete(db, pExpr);
-@@ -112498,13 +113309,7 @@
-   int ii;
-   assert( VisibleRowid(pTab) );
-   for(ii=0; ii<ArraySize(azOpt); ii++){
--    int iCol;
--    for(iCol=0; iCol<pTab->nCol; iCol++){
--      if( sqlite3_stricmp(azOpt[ii], pTab->aCol[iCol].zCnName)==0 ) break;
--    }
--    if( iCol==pTab->nCol ){
--      return azOpt[ii];
--    }
-+    if( sqlite3ColumnIndex(pTab, azOpt[ii])<0 ) return azOpt[ii];
-   }
-   return 0;
- }
-@@ -112908,7 +113713,7 @@
-   char *zRet;
- 
-   assert( pExpr->op==TK_IN );
--  zRet = sqlite3DbMallocRaw(pParse->db, nVal+1);
-+  zRet = sqlite3DbMallocRaw(pParse->db, 1+(i64)nVal);
-   if( zRet ){
-     int i;
-     for(i=0; i<nVal; i++){
-@@ -113168,11 +113973,12 @@
-       sqlite3SelectDelete(pParse->db, pCopy);
-       sqlite3DbFree(pParse->db, dest.zAffSdst);
-       if( addrBloom ){
-+        /* Remember that location of the Bloom filter in the P3 operand
-+        ** of the OP_Once that began this subroutine. tag-202407032019 */
-         sqlite3VdbeGetOp(v, addrOnce)->p3 = dest.iSDParm2;
-         if( dest.iSDParm2==0 ){
--          sqlite3VdbeChangeToNoop(v, addrBloom);
--        }else{
--          sqlite3VdbeGetOp(v, addrOnce)->p3 = dest.iSDParm2;
-+          /* If the Bloom filter won't actually be used, keep it small */
-+          sqlite3VdbeGetOp(v, addrBloom)->p1 = 10;
-         }
-       }
-       if( rc ){
-@@ -113619,7 +114425,7 @@
-       if( ExprHasProperty(pExpr, EP_Subrtn) ){
-         const VdbeOp *pOp = sqlite3VdbeGetOp(v, pExpr->y.sub.iAddr);
-         assert( pOp->opcode==OP_Once || pParse->nErr );
--        if( pOp->opcode==OP_Once && pOp->p3>0 ){
-+        if( pOp->opcode==OP_Once && pOp->p3>0 ){  /* tag-202407032019 */
-           assert( OptimizationEnabled(pParse->db, SQLITE_BloomFilter) );
-           sqlite3VdbeAddOp4Int(v, OP_Filter, pOp->p3, destIfFalse,
-                                rLhs, nVector); VdbeCoverage(v);
-@@ -114211,7 +115017,7 @@
- 
- 
- /*
--** Expresion pExpr is guaranteed to be a TK_COLUMN or equivalent. This
-+** Expression pExpr is guaranteed to be a TK_COLUMN or equivalent. This
- ** function checks the Parse.pIdxPartExpr list to see if this column
- ** can be replaced with a constant value. If so, it generates code to
- ** put the constant value in a register (ideally, but not necessarily,
-@@ -115468,11 +116274,11 @@
-       assert( TK_ISNULL==OP_IsNull );   testcase( op==TK_ISNULL );
-       assert( TK_NOTNULL==OP_NotNull ); testcase( op==TK_NOTNULL );
-       r1 = sqlite3ExprCodeTemp(pParse, pExpr->pLeft, &regFree1);
--      sqlite3VdbeTypeofColumn(v, r1);
-+      assert( regFree1==0 || regFree1==r1 );
-+      if( regFree1 ) sqlite3VdbeTypeofColumn(v, r1);
-       sqlite3VdbeAddOp2(v, op, r1, dest);
-       VdbeCoverageIf(v, op==TK_ISNULL);
-       VdbeCoverageIf(v, op==TK_NOTNULL);
--      testcase( regFree1==0 );
-       break;
-     }
-     case TK_BETWEEN: {
-@@ -115643,11 +116449,11 @@
-     case TK_ISNULL:
-     case TK_NOTNULL: {
-       r1 = sqlite3ExprCodeTemp(pParse, pExpr->pLeft, &regFree1);
--      sqlite3VdbeTypeofColumn(v, r1);
-+      assert( regFree1==0 || regFree1==r1 );
-+      if( regFree1 ) sqlite3VdbeTypeofColumn(v, r1);
-       sqlite3VdbeAddOp2(v, op, r1, dest);
-       testcase( op==TK_ISNULL );   VdbeCoverageIf(v, op==TK_ISNULL);
-       testcase( op==TK_NOTNULL );  VdbeCoverageIf(v, op==TK_NOTNULL);
--      testcase( regFree1==0 );
-       break;
-     }
-     case TK_BETWEEN: {
-@@ -116547,7 +117353,9 @@
- ){
-   struct AggInfo_col *pCol;
-   int k;
-+  int mxTerm = pParse->db->aLimit[SQLITE_LIMIT_COLUMN];
- 
-+  assert( mxTerm <= SMXV(i16) );
-   assert( pAggInfo->iFirstReg==0 );
-   pCol = pAggInfo->aCol;
-   for(k=0; k<pAggInfo->nColumn; k++, pCol++){
-@@ -116565,6 +117373,10 @@
-     assert( pParse->db->mallocFailed );
-     return;
-   }
-+  if( k>mxTerm ){
-+    sqlite3ErrorMsg(pParse, "more than %d aggregate terms", mxTerm);
-+    k = mxTerm;
-+  }
-   pCol = &pAggInfo->aCol[k];
-   assert( ExprUseYTab(pExpr) );
-   pCol->pTab = pExpr->y.pTab;
-@@ -116598,6 +117410,7 @@
-   if( pExpr->op==TK_COLUMN ){
-     pExpr->op = TK_AGG_COLUMN;
-   }
-+  assert( k <= SMXV(pExpr->iAgg) );
-   pExpr->iAgg = (i16)k;
- }
- 
-@@ -116682,13 +117495,19 @@
-         ** function that is already in the pAggInfo structure
-         */
-         struct AggInfo_func *pItem = pAggInfo->aFunc;
-+        int mxTerm = pParse->db->aLimit[SQLITE_LIMIT_COLUMN];
-+        assert( mxTerm <= SMXV(i16) );
-         for(i=0; i<pAggInfo->nFunc; i++, pItem++){
-           if( NEVER(pItem->pFExpr==pExpr) ) break;
-           if( sqlite3ExprCompare(0, pItem->pFExpr, pExpr, -1)==0 ){
-             break;
-           }
-         }
--        if( i>=pAggInfo->nFunc ){
-+        if( i>mxTerm ){
-+          sqlite3ErrorMsg(pParse, "more than %d aggregate terms", mxTerm);
-+          i = mxTerm;
-+          assert( i<pAggInfo->nFunc );
-+        }else if( i>=pAggInfo->nFunc ){
-           /* pExpr is original.  Make a new entry in pAggInfo->aFunc[]
-           */
-           u8 enc = ENC(pParse->db);
-@@ -116742,6 +117561,7 @@
-         */
-         assert( !ExprHasProperty(pExpr, EP_TokenOnly|EP_Reduced) );
-         ExprSetVVAProperty(pExpr, EP_NoReduce);
-+        assert( i <= SMXV(pExpr->iAgg) );
-         pExpr->iAgg = (i16)i;
-         pExpr->pAggInfo = pAggInfo;
-         return WRC_Prune;
-@@ -117452,13 +118272,13 @@
-   assert( pNew->nCol>0 );
-   nAlloc = (((pNew->nCol-1)/8)*8)+8;
-   assert( nAlloc>=pNew->nCol && nAlloc%8==0 && nAlloc-pNew->nCol<8 );
--  pNew->aCol = (Column*)sqlite3DbMallocZero(db, sizeof(Column)*nAlloc);
-+  pNew->aCol = (Column*)sqlite3DbMallocZero(db, sizeof(Column)*(u32)nAlloc);
-   pNew->zName = sqlite3MPrintf(db, "sqlite_altertab_%s", pTab->zName);
-   if( !pNew->aCol || !pNew->zName ){
-     assert( db->mallocFailed );
-     goto exit_begin_add_column;
-   }
--  memcpy(pNew->aCol, pTab->aCol, sizeof(Column)*pNew->nCol);
-+  memcpy(pNew->aCol, pTab->aCol, sizeof(Column)*(size_t)pNew->nCol);
-   for(i=0; i<pNew->nCol; i++){
-     Column *pCol = &pNew->aCol[i];
-     pCol->zCnName = sqlite3DbStrDup(db, pCol->zCnName);
-@@ -117553,10 +118373,8 @@
-   ** altered.  Set iCol to be the index of the column being renamed */
-   zOld = sqlite3NameFromToken(db, pOld);
-   if( !zOld ) goto exit_rename_column;
--  for(iCol=0; iCol<pTab->nCol; iCol++){
--    if( 0==sqlite3StrICmp(pTab->aCol[iCol].zCnName, zOld) ) break;
--  }
--  if( iCol==pTab->nCol ){
-+  iCol = sqlite3ColumnIndex(pTab, zOld);
-+  if( iCol<0 ){
-     sqlite3ErrorMsg(pParse, "no such column: \"%T\"", pOld);
-     goto exit_rename_column;
-   }
-@@ -118059,6 +118877,7 @@
-   int bTemp                       /* True if SQL is from temp schema */
- ){
-   int rc;
-+  u64 flags;
- 
-   sqlite3ParseObjectInit(p, db);
-   if( zSql==0 ){
-@@ -118067,11 +118886,21 @@
-   if( sqlite3StrNICmp(zSql,"CREATE ",7)!=0 ){
-     return SQLITE_CORRUPT_BKPT;
-   }
--  db->init.iDb = bTemp ? 1 : sqlite3FindDbName(db, zDb);
-+  if( bTemp ){
-+    db->init.iDb = 1;
-+  }else{
-+    int iDb = sqlite3FindDbName(db, zDb);
-+    assert( iDb>=0 && iDb<=0xff );
-+    db->init.iDb = (u8)iDb;
-+  }
-   p->eParseMode = PARSE_MODE_RENAME;
-   p->db = db;
-   p->nQueryLoop = 1;
-+  flags = db->flags;
-+  testcase( (db->flags & SQLITE_Comments)==0 && strstr(zSql," /* ")!=0 );
-+  db->flags |= SQLITE_Comments;
-   rc = sqlite3RunParser(p, zSql);
-+  db->flags = flags;
-   if( db->mallocFailed ) rc = SQLITE_NOMEM;
-   if( rc==SQLITE_OK
-    && NEVER(p->pNewTable==0 && p->pNewIndex==0 && p->pNewTrigger==0)
-@@ -118134,10 +118963,11 @@
-       nQuot = sqlite3Strlen30(zQuot)-1;
-     }
- 
--    assert( nQuot>=nNew );
--    zOut = sqlite3DbMallocZero(db, nSql + pRename->nList*nQuot + 1);
-+    assert( nQuot>=nNew && nSql>=0 && nNew>=0 );
-+    zOut = sqlite3DbMallocZero(db, (u64)nSql + pRename->nList*(u64)nQuot + 1);
-   }else{
--    zOut = (char*)sqlite3DbMallocZero(db, (nSql*2+1) * 3);
-+    assert( nSql>0 );
-+    zOut = (char*)sqlite3DbMallocZero(db, (2*(u64)nSql + 1) * 3);
-     if( zOut ){
-       zBuf1 = &zOut[nSql*2+1];
-       zBuf2 = &zOut[nSql*4+2];
-@@ -118149,16 +118979,17 @@
-   ** with the new column name, or with single-quoted versions of themselves.
-   ** All that remains is to construct and return the edited SQL string. */
-   if( zOut ){
--    int nOut = nSql;
--    memcpy(zOut, zSql, nSql);
-+    i64 nOut = nSql;
-+    assert( nSql>0 );
-+    memcpy(zOut, zSql, (size_t)nSql);
-     while( pRename->pList ){
-       int iOff;                   /* Offset of token to replace in zOut */
--      u32 nReplace;
-+      i64 nReplace;
-       const char *zReplace;
-       RenameToken *pBest = renameColumnTokenNext(pRename);
- 
-       if( zNew ){
--        if( bQuote==0 && sqlite3IsIdChar(*pBest->t.z) ){
-+        if( bQuote==0 && sqlite3IsIdChar(*(u8*)pBest->t.z) ){
-           nReplace = nNew;
-           zReplace = zNew;
-         }else{
-@@ -118176,14 +119007,15 @@
-         memcpy(zBuf1, pBest->t.z, pBest->t.n);
-         zBuf1[pBest->t.n] = 0;
-         sqlite3Dequote(zBuf1);
--        sqlite3_snprintf(nSql*2, zBuf2, "%Q%s", zBuf1,
-+        assert( nSql < 0x15555554 /* otherwise malloc would have failed */ );
-+        sqlite3_snprintf((int)(nSql*2), zBuf2, "%Q%s", zBuf1,
-             pBest->t.z[pBest->t.n]=='\'' ? " " : ""
-         );
-         zReplace = zBuf2;
-         nReplace = sqlite3Strlen30(zReplace);
-       }
- 
--      iOff = pBest->t.z - zSql;
-+      iOff = (int)(pBest->t.z - zSql);
-       if( pBest->t.n!=nReplace ){
-         memmove(&zOut[iOff + nReplace], &zOut[iOff + pBest->t.n],
-             nOut - (iOff + pBest->t.n)
-@@ -118209,11 +119041,12 @@
- ** Set all pEList->a[].fg.eEName fields in the expression-list to val.
- */
- static void renameSetENames(ExprList *pEList, int val){
-+  assert( val==ENAME_NAME || val==ENAME_TAB || val==ENAME_SPAN );
-   if( pEList ){
-     int i;
-     for(i=0; i<pEList->nExpr; i++){
-       assert( val==ENAME_NAME || pEList->a[i].fg.eEName==ENAME_NAME );
--      pEList->a[i].fg.eEName = val;
-+      pEList->a[i].fg.eEName = val&0x3;
-     }
-   }
- }
-@@ -118470,7 +119303,7 @@
-   if( sParse.pNewTable ){
-     if( IsView(sParse.pNewTable) ){
-       Select *pSelect = sParse.pNewTable->u.view.pSelect;
--      pSelect->selFlags &= ~SF_View;
-+      pSelect->selFlags &= ~(u32)SF_View;
-       sParse.rc = SQLITE_OK;
-       sqlite3SelectPrep(&sParse, pSelect, 0);
-       rc = (db->mallocFailed ? SQLITE_NOMEM : sParse.rc);
-@@ -118688,7 +119521,7 @@
-             sNC.pParse = &sParse;
- 
-             assert( pSelect->selFlags & SF_View );
--            pSelect->selFlags &= ~SF_View;
-+            pSelect->selFlags &= ~(u32)SF_View;
-             sqlite3SelectPrep(&sParse, pTab->u.view.pSelect, &sNC);
-             if( sParse.nErr ){
-               rc = sParse.rc;
-@@ -118861,7 +119694,7 @@
-       if( sParse.pNewTable ){
-         if( IsView(sParse.pNewTable) ){
-           Select *pSelect = sParse.pNewTable->u.view.pSelect;
--          pSelect->selFlags &= ~SF_View;
-+          pSelect->selFlags &= ~(u32)SF_View;
-           sParse.rc = SQLITE_OK;
-           sqlite3SelectPrep(&sParse, pSelect, 0);
-           rc = (db->mallocFailed ? SQLITE_NOMEM : sParse.rc);
-@@ -118960,10 +119793,10 @@
-   if( zDb && zInput ){
-     int rc;
-     Parse sParse;
--    int flags = db->flags;
-+    u64 flags = db->flags;
-     if( bNoDQS ) db->flags &= ~(SQLITE_DqsDML|SQLITE_DqsDDL);
-     rc = renameParseSql(&sParse, zDb, db, zInput, bTemp);
--    db->flags |= (flags & (SQLITE_DqsDML|SQLITE_DqsDDL));
-+    db->flags = flags;
-     if( rc==SQLITE_OK ){
-       if( isLegacy==0 && sParse.pNewTable && IsView(sParse.pNewTable) ){
-         NameContext sNC;
-@@ -119455,7 +120288,8 @@
-         sqlite3NestedParse(pParse,
-             "CREATE TABLE %Q.%s(%s)", pDb->zDbSName, zTab, aTable[i].zCols
-         );
--        aRoot[i] = (u32)pParse->regRoot;
-+        assert( pParse->isCreate || pParse->nErr );
-+        aRoot[i] = (u32)pParse->u1.cr.regRoot;
-         aCreateTbl[i] = OPFLAG_P2ISREG;
-       }
-     }else{
-@@ -119646,7 +120480,7 @@
-   int nCol;                       /* Number of columns in index being sampled */
-   int nKeyCol;                    /* Number of key columns */
-   int nColUp;                     /* nCol rounded up for alignment */
--  int n;                          /* Bytes of space to allocate */
-+  i64 n;                          /* Bytes of space to allocate */
-   sqlite3 *db = sqlite3_context_db_handle(context);   /* Database connection */
- #ifdef SQLITE_ENABLE_STAT4
-   /* Maximum number of samples.  0 if STAT4 data is not collected */
-@@ -119682,7 +120516,7 @@
-   p->db = db;
-   p->nEst = sqlite3_value_int64(argv[2]);
-   p->nRow = 0;
--  p->nLimit = sqlite3_value_int64(argv[3]);
-+  p->nLimit = sqlite3_value_int(argv[3]);
-   p->nCol = nCol;
-   p->nKeyCol = nKeyCol;
-   p->nSkipAhead = 0;
-@@ -120815,16 +121649,6 @@
-       while( z[0]!=0 && z[0]!=' ' ) z++;
-       while( z[0]==' ' ) z++;
-     }
--
--    /* Set the bLowQual flag if the peak number of rows obtained
--    ** from a full equality match is so large that a full table scan
--    ** seems likely to be faster than using the index.
--    */
--    if( aLog[0] > 66              /* Index has more than 100 rows */
--     && aLog[0] <= aLog[nOut-1]   /* And only a single value seen */
--    ){
--      pIndex->bLowQual = 1;
--    }
-   }
- }
- 
-@@ -121420,7 +122244,7 @@
-       if( aNew==0 ) return;
-       memcpy(aNew, db->aDb, sizeof(db->aDb[0])*2);
-     }else{
--      aNew = sqlite3DbRealloc(db, db->aDb, sizeof(db->aDb[0])*(db->nDb+1) );
-+      aNew = sqlite3DbRealloc(db, db->aDb, sizeof(db->aDb[0])*(1+(i64)db->nDb));
-       if( aNew==0 ) return;
-     }
-     db->aDb = aNew;
-@@ -121491,6 +122315,13 @@
-     sqlite3BtreeEnterAll(db);
-     db->init.iDb = 0;
-     db->mDbFlags &= ~(DBFLAG_SchemaKnownOk);
-+#ifdef SQLITE_ENABLE_SETLK_TIMEOUT
-+    if( db->setlkFlags & SQLITE_SETLK_BLOCK_ON_CONNECT ){
-+      int val = 1;
-+      sqlite3_file *fd = sqlite3PagerFile(sqlite3BtreePager(pNew->pBt));
-+      sqlite3OsFileControlHint(fd, SQLITE_FCNTL_BLOCK_ON_CONNECT, &val);
-+    }
-+#endif
-     if( !REOPEN_AS_MEMDB(db) ){
-       rc = sqlite3Init(db, &zErrDyn);
-     }
-@@ -122213,6 +123044,7 @@
-     }
-   }
- 
-+  assert( pToplevel->nTableLock < 0x7fff0000 );
-   nBytes = sizeof(TableLock) * (pToplevel->nTableLock+1);
-   pToplevel->aTableLock =
-       sqlite3DbReallocOrFree(pToplevel->db, pToplevel->aTableLock, nBytes);
-@@ -122313,10 +123145,12 @@
-        || sqlite3VdbeAssertMayAbort(v, pParse->mayAbort));
-   if( v ){
-     if( pParse->bReturning ){
--      Returning *pReturning = pParse->u1.pReturning;
-+      Returning *pReturning;
-       int addrRewind;
-       int reg;
- 
-+      assert( !pParse->isCreate );
-+      pReturning = pParse->u1.d.pReturning;
-       if( pReturning->nRetCol ){
-         sqlite3VdbeAddOp0(v, OP_FkCheck);
-         addrRewind =
-@@ -122392,7 +123226,9 @@
-     }
- 
-     if( pParse->bReturning ){
--      Returning *pRet = pParse->u1.pReturning;
-+      Returning *pRet;
-+      assert( !pParse->isCreate );
-+      pRet = pParse->u1.d.pReturning;
-       if( pRet->nRetCol ){
-         sqlite3VdbeAddOp2(v, OP_OpenEphemeral, pRet->iRetCur, pRet->nRetCol);
-       }
-@@ -123207,10 +124043,16 @@
- ** find the (first) offset of that column in index pIdx.  Or return -1
- ** if column iCol is not used in index pIdx.
- */
--SQLITE_PRIVATE i16 sqlite3TableColumnToIndex(Index *pIdx, i16 iCol){
-+SQLITE_PRIVATE int sqlite3TableColumnToIndex(Index *pIdx, int iCol){
-   int i;
-+  i16 iCol16;
-+  assert( iCol>=(-1) && iCol<=SQLITE_MAX_COLUMN );
-+  assert( pIdx->nColumn<=SQLITE_MAX_COLUMN+1 );
-+  iCol16 = iCol;
-   for(i=0; i<pIdx->nColumn; i++){
--    if( iCol==pIdx->aiColumn[i] ) return i;
-+    if( iCol16==pIdx->aiColumn[i] ){
-+      return i;
-+    }
-   }
-   return -1;
- }
-@@ -123464,8 +124306,9 @@
-     /* If the file format and encoding in the database have not been set,
-     ** set them now.
-     */
--    reg1 = pParse->regRowid = ++pParse->nMem;
--    reg2 = pParse->regRoot = ++pParse->nMem;
-+    assert( pParse->isCreate );
-+    reg1 = pParse->u1.cr.regRowid = ++pParse->nMem;
-+    reg2 = pParse->u1.cr.regRoot = ++pParse->nMem;
-     reg3 = ++pParse->nMem;
-     sqlite3VdbeAddOp3(v, OP_ReadCookie, iDb, reg3, BTREE_FILE_FORMAT);
-     sqlite3VdbeUsesBtree(v, iDb);
-@@ -123480,8 +124323,8 @@
-     ** The record created does not contain anything yet.  It will be replaced
-     ** by the real entry in code generated at sqlite3EndTable().
-     **
--    ** The rowid for the new entry is left in register pParse->regRowid.
--    ** The root page number of the new table is left in reg pParse->regRoot.
-+    ** The rowid for the new entry is left in register pParse->u1.cr.regRowid.
-+    ** The root page of the new table is left in reg pParse->u1.cr.regRoot.
-     ** The rowid and root page number values are needed by the code that
-     ** sqlite3EndTable will generate.
-     */
-@@ -123492,7 +124335,7 @@
- #endif
-     {
-       assert( !pParse->bReturning );
--      pParse->u1.addrCrTab =
-+      pParse->u1.cr.addrCrTab =
-          sqlite3VdbeAddOp3(v, OP_CreateBtree, iDb, reg2, BTREE_INTKEY);
-     }
-     sqlite3OpenSchemaTable(pParse, iDb);
-@@ -123570,7 +124413,8 @@
-     sqlite3ExprListDelete(db, pList);
-     return;
-   }
--  pParse->u1.pReturning = pRet;
-+  assert( !pParse->isCreate );
-+  pParse->u1.d.pReturning = pRet;
-   pRet->pParse = pParse;
-   pRet->pReturnEL = pList;
-   sqlite3ParserAddCleanup(pParse, sqlite3DeleteReturning, pRet);
-@@ -123612,7 +124456,6 @@
-   char *zType;
-   Column *pCol;
-   sqlite3 *db = pParse->db;
--  u8 hName;
-   Column *aNew;
-   u8 eType = COLTYPE_CUSTOM;
-   u8 szEst = 1;
-@@ -123666,13 +124509,10 @@
-   memcpy(z, sName.z, sName.n);
-   z[sName.n] = 0;
-   sqlite3Dequote(z);
--  hName = sqlite3StrIHash(z);
--  for(i=0; i<p->nCol; i++){
--    if( p->aCol[i].hName==hName && sqlite3StrICmp(z, p->aCol[i].zCnName)==0 ){
--      sqlite3ErrorMsg(pParse, "duplicate column name: %s", z);
--      sqlite3DbFree(db, z);
--      return;
--    }
-+  if( p->nCol && sqlite3ColumnIndex(p, z)>=0 ){
-+    sqlite3ErrorMsg(pParse, "duplicate column name: %s", z);
-+    sqlite3DbFree(db, z);
-+    return;
-   }
-   aNew = sqlite3DbRealloc(db,p->aCol,((i64)p->nCol+1)*sizeof(p->aCol[0]));
-   if( aNew==0 ){
-@@ -123683,7 +124523,7 @@
-   pCol = &p->aCol[p->nCol];
-   memset(pCol, 0, sizeof(p->aCol[0]));
-   pCol->zCnName = z;
--  pCol->hName = hName;
-+  pCol->hName = sqlite3StrIHash(z);
-   sqlite3ColumnPropertiesFromName(p, pCol);
- 
-   if( sType.n==0 ){
-@@ -123707,9 +124547,14 @@
-     pCol->affinity = sqlite3AffinityType(zType, pCol);
-     pCol->colFlags |= COLFLAG_HASTYPE;
-   }
-+  if( p->nCol<=0xff ){
-+    u8 h = pCol->hName % sizeof(p->aHx);
-+    p->aHx[h] = p->nCol;
-+  }
-   p->nCol++;
-   p->nNVCol++;
--  pParse->constraintName.n = 0;
-+  assert( pParse->isCreate );
-+  pParse->u1.cr.constraintName.n = 0;
- }
- 
- /*
-@@ -123973,15 +124818,11 @@
-       assert( pCExpr!=0 );
-       sqlite3StringToId(pCExpr);
-       if( pCExpr->op==TK_ID ){
--        const char *zCName;
-         assert( !ExprHasProperty(pCExpr, EP_IntValue) );
--        zCName = pCExpr->u.zToken;
--        for(iCol=0; iCol<pTab->nCol; iCol++){
--          if( sqlite3StrICmp(zCName, pTab->aCol[iCol].zCnName)==0 ){
--            pCol = &pTab->aCol[iCol];
--            makeColumnPartOfPrimaryKey(pParse, pCol);
--            break;
--          }
-+        iCol = sqlite3ColumnIndex(pTab, pCExpr->u.zToken);
-+        if( iCol>=0 ){
-+          pCol = &pTab->aCol[iCol];
-+          makeColumnPartOfPrimaryKey(pParse, pCol);
-         }
-       }
-     }
-@@ -124033,8 +124874,10 @@
-    && !sqlite3BtreeIsReadonly(db->aDb[db->init.iDb].pBt)
-   ){
-     pTab->pCheck = sqlite3ExprListAppend(pParse, pTab->pCheck, pCheckExpr);
--    if( pParse->constraintName.n ){
--      sqlite3ExprListSetName(pParse, pTab->pCheck, &pParse->constraintName, 1);
-+    assert( pParse->isCreate );
-+    if( pParse->u1.cr.constraintName.n ){
-+      sqlite3ExprListSetName(pParse, pTab->pCheck,
-+                             &pParse->u1.cr.constraintName, 1);
-     }else{
-       Token t;
-       for(zStart++; sqlite3Isspace(zStart[0]); zStart++){}
-@@ -124229,7 +125072,8 @@
- ** from sqliteMalloc() and must be freed by the calling function.
- */
- static char *createTableStmt(sqlite3 *db, Table *p){
--  int i, k, n;
-+  int i, k, len;
-+  i64 n;
-   char *zStmt;
-   char *zSep, *zSep2, *zEnd;
-   Column *pCol;
-@@ -124253,8 +125097,9 @@
-     sqlite3OomFault(db);
-     return 0;
-   }
--  sqlite3_snprintf(n, zStmt, "CREATE TABLE ");
--  k = sqlite3Strlen30(zStmt);
-+  assert( n>14 && n<=0x7fffffff );
-+  memcpy(zStmt, "CREATE TABLE ", 13);
-+  k = 13;
-   identPut(zStmt, &k, p->zName);
-   zStmt[k++] = '(';
-   for(pCol=p->aCol, i=0; i<p->nCol; i++, pCol++){
-@@ -124266,13 +125111,15 @@
-         /* SQLITE_AFF_REAL    */ " REAL",
-         /* SQLITE_AFF_FLEXNUM */ " NUM",
-     };
--    int len;
-     const char *zType;
- 
--    sqlite3_snprintf(n-k, &zStmt[k], zSep);
--    k += sqlite3Strlen30(&zStmt[k]);
-+    len = sqlite3Strlen30(zSep);
-+    assert( k+len<n );
-+    memcpy(&zStmt[k], zSep, len);
-+    k += len;
-     zSep = zSep2;
-     identPut(zStmt, &k, pCol->zCnName);
-+    assert( k<n );
-     assert( pCol->affinity-SQLITE_AFF_BLOB >= 0 );
-     assert( pCol->affinity-SQLITE_AFF_BLOB < ArraySize(azType) );
-     testcase( pCol->affinity==SQLITE_AFF_BLOB );
-@@ -124287,11 +125134,14 @@
-     assert( pCol->affinity==SQLITE_AFF_BLOB
-             || pCol->affinity==SQLITE_AFF_FLEXNUM
-             || pCol->affinity==sqlite3AffinityType(zType, 0) );
-+    assert( k+len<n );
-     memcpy(&zStmt[k], zType, len);
-     k += len;
-     assert( k<=n );
-   }
--  sqlite3_snprintf(n-k, &zStmt[k], "%s", zEnd);
-+  len = sqlite3Strlen30(zEnd);
-+  assert( k+len<n );
-+  memcpy(&zStmt[k], zEnd, len+1);
-   return zStmt;
- }
- 
-@@ -124299,12 +125149,17 @@
- ** Resize an Index object to hold N columns total.  Return SQLITE_OK
- ** on success and SQLITE_NOMEM on an OOM error.
- */
--static int resizeIndexObject(sqlite3 *db, Index *pIdx, int N){
-+static int resizeIndexObject(Parse *pParse, Index *pIdx, int N){
-   char *zExtra;
--  int nByte;
-+  u64 nByte;
-+  sqlite3 *db;
-   if( pIdx->nColumn>=N ) return SQLITE_OK;
-+  db = pParse->db;
-+  assert( N>0 );
-+  assert( N <= SQLITE_MAX_COLUMN*2 /* tag-20250221-1 */ );
-+  testcase( N==2*pParse->db->aLimit[SQLITE_LIMIT_COLUMN] );
-   assert( pIdx->isResized==0 );
--  nByte = (sizeof(char*) + sizeof(LogEst) + sizeof(i16) + 1)*N;
-+  nByte = (sizeof(char*) + sizeof(LogEst) + sizeof(i16) + 1)*(u64)N;
-   zExtra = sqlite3DbMallocZero(db, nByte);
-   if( zExtra==0 ) return SQLITE_NOMEM_BKPT;
-   memcpy(zExtra, pIdx->azColl, sizeof(char*)*pIdx->nColumn);
-@@ -124318,7 +125173,7 @@
-   zExtra += sizeof(i16)*N;
-   memcpy(zExtra, pIdx->aSortOrder, pIdx->nColumn);
-   pIdx->aSortOrder = (u8*)zExtra;
--  pIdx->nColumn = N;
-+  pIdx->nColumn = (u16)N;  /* See tag-20250221-1 above for proof of safety */
-   pIdx->isResized = 1;
-   return SQLITE_OK;
- }
-@@ -124484,9 +125339,9 @@
-   ** into BTREE_BLOBKEY.
-   */
-   assert( !pParse->bReturning );
--  if( pParse->u1.addrCrTab ){
-+  if( pParse->u1.cr.addrCrTab ){
-     assert( v );
--    sqlite3VdbeChangeP3(v, pParse->u1.addrCrTab, BTREE_BLOBKEY);
-+    sqlite3VdbeChangeP3(v, pParse->u1.cr.addrCrTab, BTREE_BLOBKEY);
-   }
- 
-   /* Locate the PRIMARY KEY index.  Or, if this table was originally
-@@ -124572,14 +125427,14 @@
-       pIdx->nColumn = pIdx->nKeyCol;
-       continue;
-     }
--    if( resizeIndexObject(db, pIdx, pIdx->nKeyCol+n) ) return;
-+    if( resizeIndexObject(pParse, pIdx, pIdx->nKeyCol+n) ) return;
-     for(i=0, j=pIdx->nKeyCol; i<nPk; i++){
-       if( !isDupColumn(pIdx, pIdx->nKeyCol, pPk, i) ){
-         testcase( hasColumn(pIdx->aiColumn, pIdx->nKeyCol, pPk->aiColumn[i]) );
-         pIdx->aiColumn[j] = pPk->aiColumn[i];
-         pIdx->azColl[j] = pPk->azColl[i];
-         if( pPk->aSortOrder[i] ){
--          /* See ticket https://www.sqlite.org/src/info/bba7b69f9849b5bf */
-+          /* See ticket https://sqlite.org/src/info/bba7b69f9849b5bf */
-           pIdx->bAscKeyBug = 1;
-         }
-         j++;
-@@ -124596,7 +125451,7 @@
-     if( !hasColumn(pPk->aiColumn, nPk, i)
-      && (pTab->aCol[i].colFlags & COLFLAG_VIRTUAL)==0 ) nExtra++;
-   }
--  if( resizeIndexObject(db, pPk, nPk+nExtra) ) return;
-+  if( resizeIndexObject(pParse, pPk, nPk+nExtra) ) return;
-   for(i=0, j=nPk; i<pTab->nCol; i++){
-     if( !hasColumn(pPk->aiColumn, j, i)
-      && (pTab->aCol[i].colFlags & COLFLAG_VIRTUAL)==0
-@@ -124926,7 +125781,7 @@
- 
-     /* If this is a CREATE TABLE xx AS SELECT ..., execute the SELECT
-     ** statement to populate the new table. The root-page number for the
--    ** new table is in register pParse->regRoot.
-+    ** new table is in register pParse->u1.cr.regRoot.
-     **
-     ** Once the SELECT has been coded by sqlite3Select(), it is in a
-     ** suitable state to query for the column names and types to be used
-@@ -124957,7 +125812,8 @@
-       regRec = ++pParse->nMem;
-       regRowid = ++pParse->nMem;
-       sqlite3MayAbort(pParse);
--      sqlite3VdbeAddOp3(v, OP_OpenWrite, iCsr, pParse->regRoot, iDb);
-+      assert( pParse->isCreate );
-+      sqlite3VdbeAddOp3(v, OP_OpenWrite, iCsr, pParse->u1.cr.regRoot, iDb);
-       sqlite3VdbeChangeP5(v, OPFLAG_P2ISREG);
-       addrTop = sqlite3VdbeCurrentAddr(v) + 1;
-       sqlite3VdbeAddOp3(v, OP_InitCoroutine, regYield, 0, addrTop);
-@@ -125002,6 +125858,7 @@
-     ** schema table.  We just need to update that slot with all
-     ** the information we've collected.
-     */
-+    assert( pParse->isCreate );
-     sqlite3NestedParse(pParse,
-       "UPDATE %Q." LEGACY_SCHEMA_TABLE
-       " SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q"
-@@ -125010,9 +125867,9 @@
-       zType,
-       p->zName,
-       p->zName,
--      pParse->regRoot,
-+      pParse->u1.cr.regRoot,
-       zStmt,
--      pParse->regRowid
-+      pParse->u1.cr.regRowid
-     );
-     sqlite3DbFree(db, zStmt);
-     sqlite3ChangeCookie(pParse, iDb);
-@@ -125752,7 +126609,7 @@
-   }else{
-     nCol = pFromCol->nExpr;
-   }
--  nByte = sizeof(*pFKey) + (nCol-1)*sizeof(pFKey->aCol[0]) + pTo->n + 1;
-+  nByte = SZ_FKEY(nCol) + pTo->n + 1;
-   if( pToCol ){
-     for(i=0; i<pToCol->nExpr; i++){
-       nByte += sqlite3Strlen30(pToCol->a[i].zEName) + 1;
-@@ -125954,7 +126811,7 @@
-     ** not work for UNIQUE constraint indexes on WITHOUT ROWID tables
-     ** with DESC primary keys, since those indexes have there keys in
-     ** a different order from the main table.
--    ** See ticket: https://www.sqlite.org/src/info/bba7b69f9849b5bf
-+    ** See ticket: https://sqlite.org/src/info/bba7b69f9849b5bf
-     */
-     sqlite3VdbeAddOp1(v, OP_SeekEnd, iIdx);
-   }
-@@ -125978,13 +126835,14 @@
- */
- SQLITE_PRIVATE Index *sqlite3AllocateIndexObject(
-   sqlite3 *db,         /* Database connection */
--  i16 nCol,            /* Total number of columns in the index */
-+  int nCol,            /* Total number of columns in the index */
-   int nExtra,          /* Number of bytes of extra space to alloc */
-   char **ppExtra       /* Pointer to the "extra" space */
- ){
-   Index *p;            /* Allocated index object */
--  int nByte;           /* Bytes of space for Index object + arrays */
-+  i64 nByte;           /* Bytes of space for Index object + arrays */
- 
-+  assert( nCol <= 2*db->aLimit[SQLITE_LIMIT_COLUMN] );
-   nByte = ROUND8(sizeof(Index)) +              /* Index structure  */
-           ROUND8(sizeof(char*)*nCol) +         /* Index.azColl     */
-           ROUND8(sizeof(LogEst)*(nCol+1) +     /* Index.aiRowLogEst   */
-@@ -125997,8 +126855,9 @@
-     p->aiRowLogEst = (LogEst*)pExtra; pExtra += sizeof(LogEst)*(nCol+1);
-     p->aiColumn = (i16*)pExtra;       pExtra += sizeof(i16)*nCol;
-     p->aSortOrder = (u8*)pExtra;
--    p->nColumn = nCol;
--    p->nKeyCol = nCol - 1;
-+    assert( nCol>0 );
-+    p->nColumn = (u16)nCol;
-+    p->nKeyCol = (u16)(nCol - 1);
-     *ppExtra = ((char*)p) + nByte;
-   }
-   return p;
-@@ -126809,12 +127668,11 @@
-   sqlite3 *db = pParse->db;
-   int i;
-   if( pList==0 ){
--    pList = sqlite3DbMallocZero(db, sizeof(IdList) );
-+    pList = sqlite3DbMallocZero(db, SZ_IDLIST(1));
-     if( pList==0 ) return 0;
-   }else{
-     IdList *pNew;
--    pNew = sqlite3DbRealloc(db, pList,
--                 sizeof(IdList) + pList->nId*sizeof(pList->a));
-+    pNew = sqlite3DbRealloc(db, pList, SZ_IDLIST(pList->nId+1));
-     if( pNew==0 ){
-       sqlite3IdListDelete(db, pList);
-       return 0;
-@@ -126913,8 +127771,7 @@
-       return 0;
-     }
-     if( nAlloc>SQLITE_MAX_SRCLIST ) nAlloc = SQLITE_MAX_SRCLIST;
--    pNew = sqlite3DbRealloc(db, pSrc,
--               sizeof(*pSrc) + (nAlloc-1)*sizeof(pSrc->a[0]) );
-+    pNew = sqlite3DbRealloc(db, pSrc, SZ_SRCLIST(nAlloc));
-     if( pNew==0 ){
-       assert( db->mallocFailed );
-       return 0;
-@@ -126989,7 +127846,7 @@
-   assert( pParse->db!=0 );
-   db = pParse->db;
-   if( pList==0 ){
--    pList = sqlite3DbMallocRawNN(pParse->db, sizeof(SrcList) );
-+    pList = sqlite3DbMallocRawNN(pParse->db, SZ_SRCLIST(1));
-     if( pList==0 ) return 0;
-     pList->nAlloc = 1;
-     pList->nSrc = 1;
-@@ -127875,10 +128732,9 @@
-   }
- 
-   if( pWith ){
--    sqlite3_int64 nByte = sizeof(*pWith) + (sizeof(pWith->a[1]) * pWith->nCte);
--    pNew = sqlite3DbRealloc(db, pWith, nByte);
-+    pNew = sqlite3DbRealloc(db, pWith, SZ_WITH(pWith->nCte+1));
-   }else{
--    pNew = sqlite3DbMallocZero(db, sizeof(*pWith));
-+    pNew = sqlite3DbMallocZero(db, SZ_WITH(1));
-   }
-   assert( (pNew!=0 && zName!=0) || db->mallocFailed );
- 
-@@ -129852,11 +130708,6 @@
-   i64 p1, p2;
- 
-   assert( argc==3 || argc==2 );
--  if( sqlite3_value_type(argv[1])==SQLITE_NULL
--   || (argc==3 && sqlite3_value_type(argv[2])==SQLITE_NULL)
--  ){
--    return;
--  }
-   p0type = sqlite3_value_type(argv[0]);
-   p1 = sqlite3_value_int64(argv[1]);
-   if( p0type==SQLITE_BLOB ){
-@@ -129874,19 +130725,23 @@
-       }
-     }
-   }
--#ifdef SQLITE_SUBSTR_COMPATIBILITY
--  /* If SUBSTR_COMPATIBILITY is defined then substr(X,0,N) work the same as
--  ** as substr(X,1,N) - it returns the first N characters of X.  This
--  ** is essentially a back-out of the bug-fix in check-in [5fc125d362df4b8]
--  ** from 2009-02-02 for compatibility of applications that exploited the
--  ** old buggy behavior. */
--  if( p1==0 ) p1 = 1; /* <rdar://problem/6778339> */
--#endif
-   if( argc==3 ){
-     p2 = sqlite3_value_int64(argv[2]);
-+    if( p2==0 && sqlite3_value_type(argv[2])==SQLITE_NULL ) return;
-   }else{
-     p2 = sqlite3_context_db_handle(context)->aLimit[SQLITE_LIMIT_LENGTH];
-   }
-+  if( p1==0 ){
-+#ifdef SQLITE_SUBSTR_COMPATIBILITY
-+    /* If SUBSTR_COMPATIBILITY is defined then substr(X,0,N) work the same as
-+    ** as substr(X,1,N) - it returns the first N characters of X.  This
-+    ** is essentially a back-out of the bug-fix in check-in [5fc125d362df4b8]
-+    ** from 2009-02-02 for compatibility of applications that exploited the
-+    ** old buggy behavior. */
-+    p1 = 1; /* <rdar://problem/6778339> */
-+#endif
-+    if( sqlite3_value_type(argv[1])==SQLITE_NULL ) return;
-+  }
-   if( p1<0 ){
-     p1 += len;
-     if( p1<0 ){
-@@ -130587,7 +131442,7 @@
- ** Append to pStr text that is the SQL literal representation of the
- ** value contained in pValue.
- */
--SQLITE_PRIVATE void sqlite3QuoteValue(StrAccum *pStr, sqlite3_value *pValue){
-+SQLITE_PRIVATE void sqlite3QuoteValue(StrAccum *pStr, sqlite3_value *pValue, int bEscape){
-   /* As currently implemented, the string must be initially empty.
-   ** we might relax this requirement in the future, but that will
-   ** require enhancements to the implementation. */
-@@ -130635,7 +131490,7 @@
-     }
-     case SQLITE_TEXT: {
-       const unsigned char *zArg = sqlite3_value_text(pValue);
--      sqlite3_str_appendf(pStr, "%Q", zArg);
-+      sqlite3_str_appendf(pStr, bEscape ? "%#Q" : "%Q", zArg);
-       break;
-     }
-     default: {
-@@ -130647,6 +131502,105 @@
- }
- 
- /*
-+** Return true if z[] begins with N hexadecimal digits, and write
-+** a decoding of those digits into *pVal.  Or return false if any
-+** one of the first N characters in z[] is not a hexadecimal digit.
-+*/
-+static int isNHex(const char *z, int N, u32 *pVal){
-+  int i;
-+  int v = 0;
-+  for(i=0; i<N; i++){
-+    if( !sqlite3Isxdigit(z[i]) ) return 0;
-+    v = (v<<4) + sqlite3HexToInt(z[i]);
-+  }
-+  *pVal = v;
-+  return 1;
-+}
-+
-+/*
-+** Implementation of the UNISTR() function.
-+**
-+** This is intended to be a work-alike of the UNISTR() function in
-+** PostgreSQL.  Quoting from the PG documentation (PostgreSQL 17 -
-+** scraped on 2025-02-22):
-+**
-+**    Evaluate escaped Unicode characters in the argument. Unicode
-+**    characters can be specified as \XXXX (4 hexadecimal digits),
-+**    \+XXXXXX (6 hexadecimal digits), \uXXXX (4 hexadecimal digits),
-+**    or \UXXXXXXXX (8 hexadecimal digits). To specify a backslash,
-+**    write two backslashes. All other characters are taken literally.
-+*/
-+static void unistrFunc(
-+  sqlite3_context *context,
-+  int argc,
-+  sqlite3_value **argv
-+){
-+  char *zOut;
-+  const char *zIn;
-+  int nIn;
-+  int i, j, n;
-+  u32 v;
-+
-+  assert( argc==1 );
-+  UNUSED_PARAMETER( argc );
-+  zIn = (const char*)sqlite3_value_text(argv[0]);
-+  if( zIn==0 ) return;
-+  nIn = sqlite3_value_bytes(argv[0]);
-+  zOut = sqlite3_malloc64(nIn+1);
-+  if( zOut==0 ){
-+    sqlite3_result_error_nomem(context);
-+    return;
-+  }
-+  i = j = 0;
-+  while( i<nIn ){
-+    char *z = strchr(&zIn[i],'\\');
-+    if( z==0 ){
-+      n = nIn - i;
-+      memmove(&zOut[j], &zIn[i], n);
-+      j += n;
-+      break;
-+    }
-+    n = z - &zIn[i];
-+    if( n>0 ){
-+      memmove(&zOut[j], &zIn[i], n);
-+      j += n;
-+      i += n;
-+    }
-+    if( zIn[i+1]=='\\' ){
-+      i += 2;
-+      zOut[j++] = '\\';
-+    }else if( sqlite3Isxdigit(zIn[i+1]) ){
-+      if( !isNHex(&zIn[i+1], 4, &v) ) goto unistr_error;
-+      i += 5;
-+      j += sqlite3AppendOneUtf8Character(&zOut[j], v);
-+    }else if( zIn[i+1]=='+' ){
-+      if( !isNHex(&zIn[i+2], 6, &v) ) goto unistr_error;
-+      i += 8;
-+      j += sqlite3AppendOneUtf8Character(&zOut[j], v);
-+    }else if( zIn[i+1]=='u' ){
-+      if( !isNHex(&zIn[i+2], 4, &v) ) goto unistr_error;
-+      i += 6;
-+      j += sqlite3AppendOneUtf8Character(&zOut[j], v);
-+    }else if( zIn[i+1]=='U' ){
-+      if( !isNHex(&zIn[i+2], 8, &v) ) goto unistr_error;
-+      i += 10;
-+      j += sqlite3AppendOneUtf8Character(&zOut[j], v);
-+    }else{
-+      goto unistr_error;
-+    }
-+  }
-+  zOut[j] = 0;
-+  sqlite3_result_text64(context, zOut, j, sqlite3_free, SQLITE_UTF8);
-+  return;
-+
-+unistr_error:
-+  sqlite3_free(zOut);
-+  sqlite3_result_error(context, "invalid Unicode escape", -1);
-+  return;
-+}
-+
-+
-+/*
- ** Implementation of the QUOTE() function.
- **
- ** The quote(X) function returns the text of an SQL literal which is the
-@@ -130655,6 +131609,10 @@
- ** as needed. BLOBs are encoded as hexadecimal literals. Strings with
- ** embedded NUL characters cannot be represented as string literals in SQL
- ** and hence the returned string literal is truncated prior to the first NUL.
-+**
-+** If sqlite3_user_data() is non-zero, then the UNISTR_QUOTE() function is
-+** implemented instead.  The difference is that UNISTR_QUOTE() uses the
-+** UNISTR() function to escape control characters.
- */
- static void quoteFunc(sqlite3_context *context, int argc, sqlite3_value **argv){
-   sqlite3_str str;
-@@ -130662,7 +131620,7 @@
-   assert( argc==1 );
-   UNUSED_PARAMETER(argc);
-   sqlite3StrAccumInit(&str, db, 0, 0, db->aLimit[SQLITE_LIMIT_LENGTH]);
--  sqlite3QuoteValue(&str,argv[0]);
-+  sqlite3QuoteValue(&str,argv[0],SQLITE_PTR_TO_INT(sqlite3_user_data(context)));
-   sqlite3_result_text(context, sqlite3StrAccumFinish(&str), str.nChar,
-                       SQLITE_DYNAMIC);
-   if( str.accError!=SQLITE_OK ){
-@@ -130917,7 +131875,7 @@
-   assert( zRep==sqlite3_value_text(argv[2]) );
-   nOut = nStr + 1;
-   assert( nOut<SQLITE_MAX_LENGTH );
--  zOut = contextMalloc(context, (i64)nOut);
-+  zOut = contextMalloc(context, nOut);
-   if( zOut==0 ){
-     return;
-   }
-@@ -131061,7 +132019,7 @@
-   int nSep,
-   const char *zSep
- ){
--  i64 j, k, n = 0;
-+  i64 j, n = 0;
-   int i;
-   char *z;
-   for(i=0; i<argc; i++){
-@@ -131075,8 +132033,8 @@
-   }
-   j = 0;
-   for(i=0; i<argc; i++){
--    k = sqlite3_value_bytes(argv[i]);
--    if( k>0 ){
-+    if( sqlite3_value_type(argv[i])!=SQLITE_NULL ){
-+      int k = sqlite3_value_bytes(argv[i]);
-       const char *v = (const char*)sqlite3_value_text(argv[i]);
-       if( v!=0 ){
-         if( j>0 && nSep>0 ){
-@@ -131313,7 +132271,7 @@
- ** that it returns NULL if it sums over no inputs.  TOTAL returns
- ** 0.0 in that case.  In addition, TOTAL always returns a float where
- ** SUM might return an integer if it never encounters a floating point
--** value.  TOTAL never fails, but SUM might through an exception if
-+** value.  TOTAL never fails, but SUM might throw an exception if
- ** it overflows an integer.
- */
- static void sumStep(sqlite3_context *context, int argc, sqlite3_value **argv){
-@@ -132233,7 +133191,9 @@
-     DFUNCTION(sqlite_version,    0, 0, 0, versionFunc      ),
-     DFUNCTION(sqlite_source_id,  0, 0, 0, sourceidFunc     ),
-     FUNCTION(sqlite_log,         2, 0, 0, errlogFunc       ),
-+    FUNCTION(unistr,             1, 0, 0, unistrFunc       ),
-     FUNCTION(quote,              1, 0, 0, quoteFunc        ),
-+    FUNCTION(unistr_quote,       1, 1, 0, quoteFunc        ),
-     VFUNCTION(last_insert_rowid, 0, 0, 0, last_insert_rowid),
-     VFUNCTION(changes,           0, 0, 0, changes          ),
-     VFUNCTION(total_changes,     0, 0, 0, total_changes    ),
-@@ -134520,7 +135480,7 @@
-       f = (f & pLeft->selFlags);
-     }
-     pSelect = sqlite3SelectNew(pParse, pRow, 0, 0, 0, 0, 0, f, 0);
--    pLeft->selFlags &= ~SF_MultiValue;
-+    pLeft->selFlags &= ~(u32)SF_MultiValue;
-     if( pSelect ){
-       pSelect->op = TK_ALL;
-       pSelect->pPrior = pLeft;
-@@ -134902,28 +135862,22 @@
-     aTabColMap = sqlite3DbMallocZero(db, pTab->nCol*sizeof(int));
-     if( aTabColMap==0 ) goto insert_cleanup;
-     for(i=0; i<pColumn->nId; i++){
--      const char *zCName = pColumn->a[i].zName;
--      u8 hName = sqlite3StrIHash(zCName);
--      for(j=0; j<pTab->nCol; j++){
--        if( pTab->aCol[j].hName!=hName ) continue;
--        if( sqlite3StrICmp(zCName, pTab->aCol[j].zCnName)==0 ){
--          if( aTabColMap[j]==0 ) aTabColMap[j] = i+1;
--          if( i!=j ) bIdListInOrder = 0;
--          if( j==pTab->iPKey ){
--            ipkColumn = i;  assert( !withoutRowid );
--          }
-+      j = sqlite3ColumnIndex(pTab, pColumn->a[i].zName);
-+      if( j>=0 ){
-+        if( aTabColMap[j]==0 ) aTabColMap[j] = i+1;
-+        if( i!=j ) bIdListInOrder = 0;
-+        if( j==pTab->iPKey ){
-+          ipkColumn = i;  assert( !withoutRowid );
-+        }
- #ifndef SQLITE_OMIT_GENERATED_COLUMNS
--          if( pTab->aCol[j].colFlags & (COLFLAG_STORED|COLFLAG_VIRTUAL) ){
--            sqlite3ErrorMsg(pParse,
--               "cannot INSERT into generated column \"%s\"",
--               pTab->aCol[j].zCnName);
--            goto insert_cleanup;
--          }
--#endif
--          break;
-+        if( pTab->aCol[j].colFlags & (COLFLAG_STORED|COLFLAG_VIRTUAL) ){
-+          sqlite3ErrorMsg(pParse,
-+             "cannot INSERT into generated column \"%s\"",
-+             pTab->aCol[j].zCnName);
-+          goto insert_cleanup;
-         }
--      }
--      if( j>=pTab->nCol ){
-+#endif
-+      }else{
-         if( sqlite3IsRowid(pColumn->a[i].zName) && !withoutRowid ){
-           ipkColumn = i;
-           bIdListInOrder = 0;
-@@ -135221,7 +136175,7 @@
-         continue;
-       }else if( pColumn==0 ){
-         /* Hidden columns that are not explicitly named in the INSERT
--        ** get there default value */
-+        ** get their default value */
-         sqlite3ExprCodeFactorable(pParse,
-             sqlite3ColumnExpr(pTab, &pTab->aCol[i]),
-             iRegStore);
-@@ -135946,7 +136900,7 @@
-   ** could happen in any order, but they are grouped up front for
-   ** convenience.
-   **
--  ** 2018-08-14: Ticket https://www.sqlite.org/src/info/908f001483982c43
-+  ** 2018-08-14: Ticket https://sqlite.org/src/info/908f001483982c43
-   ** The order of constraints used to have OE_Update as (2) and OE_Abort
-   ** and so forth as (1). But apparently PostgreSQL checks the OE_Update
-   ** constraint before any others, so it had to be moved.
-@@ -137756,6 +138710,8 @@
-   /* Version 3.44.0 and later */
-   void *(*get_clientdata)(sqlite3*,const char*);
-   int (*set_clientdata)(sqlite3*, const char*, void*, void(*)(void*));
-+  /* Version 3.50.0 and later */
-+  int (*setlk_timeout)(sqlite3*,int,int);
- };
- 
- /*
-@@ -138089,6 +139045,8 @@
- /* Version 3.44.0 and later */
- #define sqlite3_get_clientdata         sqlite3_api->get_clientdata
- #define sqlite3_set_clientdata         sqlite3_api->set_clientdata
-+/* Version 3.50.0 and later */
-+#define sqlite3_setlk_timeout          sqlite3_api->setlk_timeout
- #endif /* !defined(SQLITE_CORE) && !defined(SQLITE_OMIT_LOAD_EXTENSION) */
- 
- #if !defined(SQLITE_CORE) && !defined(SQLITE_OMIT_LOAD_EXTENSION)
-@@ -138610,7 +139568,9 @@
-   sqlite3_stmt_explain,
-   /* Version 3.44.0 and later */
-   sqlite3_get_clientdata,
--  sqlite3_set_clientdata
-+  sqlite3_set_clientdata,
-+  /* Version 3.50.0 and later */
-+  sqlite3_setlk_timeout
- };
- 
- /* True if x is the directory separator character
-@@ -139132,48 +140092,48 @@
-   /*  13 */ "pk",
-   /*  14 */ "hidden",
-                            /* table_info reuses 8 */
--  /*  15 */ "schema",      /* Used by: table_list */
--  /*  16 */ "name",
-+  /*  15 */ "name",        /* Used by: function_list */
-+  /*  16 */ "builtin",
-   /*  17 */ "type",
--  /*  18 */ "ncol",
--  /*  19 */ "wr",
--  /*  20 */ "strict",
--  /*  21 */ "seqno",       /* Used by: index_xinfo */
--  /*  22 */ "cid",
--  /*  23 */ "name",
--  /*  24 */ "desc",
--  /*  25 */ "coll",
--  /*  26 */ "key",
--  /*  27 */ "name",        /* Used by: function_list */
--  /*  28 */ "builtin",
--  /*  29 */ "type",
--  /*  30 */ "enc",
--  /*  31 */ "narg",
--  /*  32 */ "flags",
--  /*  33 */ "tbl",         /* Used by: stats */
--  /*  34 */ "idx",
--  /*  35 */ "wdth",
--  /*  36 */ "hght",
--  /*  37 */ "flgs",
--  /*  38 */ "seq",         /* Used by: index_list */
--  /*  39 */ "name",
--  /*  40 */ "unique",
--  /*  41 */ "origin",
--  /*  42 */ "partial",
-+  /*  18 */ "enc",
-+  /*  19 */ "narg",
-+  /*  20 */ "flags",
-+  /*  21 */ "schema",      /* Used by: table_list */
-+  /*  22 */ "name",
-+  /*  23 */ "type",
-+  /*  24 */ "ncol",
-+  /*  25 */ "wr",
-+  /*  26 */ "strict",
-+  /*  27 */ "seqno",       /* Used by: index_xinfo */
-+  /*  28 */ "cid",
-+  /*  29 */ "name",
-+  /*  30 */ "desc",
-+  /*  31 */ "coll",
-+  /*  32 */ "key",
-+  /*  33 */ "seq",         /* Used by: index_list */
-+  /*  34 */ "name",
-+  /*  35 */ "unique",
-+  /*  36 */ "origin",
-+  /*  37 */ "partial",
-+  /*  38 */ "tbl",         /* Used by: stats */
-+  /*  39 */ "idx",
-+  /*  40 */ "wdth",
-+  /*  41 */ "hght",
-+  /*  42 */ "flgs",
-   /*  43 */ "table",       /* Used by: foreign_key_check */
-   /*  44 */ "rowid",
-   /*  45 */ "parent",
-   /*  46 */ "fkid",
--                           /* index_info reuses 21 */
--  /*  47 */ "seq",         /* Used by: database_list */
--  /*  48 */ "name",
--  /*  49 */ "file",
--  /*  50 */ "busy",        /* Used by: wal_checkpoint */
--  /*  51 */ "log",
--  /*  52 */ "checkpointed",
--                           /* collation_list reuses 38 */
-+  /*  47 */ "busy",        /* Used by: wal_checkpoint */
-+  /*  48 */ "log",
-+  /*  49 */ "checkpointed",
-+  /*  50 */ "seq",         /* Used by: database_list */
-+  /*  51 */ "name",
-+  /*  52 */ "file",
-+                           /* index_info reuses 27 */
-   /*  53 */ "database",    /* Used by: lock_status */
-   /*  54 */ "status",
-+                           /* collation_list reuses 33 */
-   /*  55 */ "cache_size",  /* Used by: default_cache_size */
-                            /* module_list pragma_list reuses 9 */
-   /*  56 */ "timeout",     /* Used by: busy_timeout */
-@@ -139266,7 +140226,7 @@
-  {/* zName:     */ "collation_list",
-   /* ePragTyp:  */ PragTyp_COLLATION_LIST,
-   /* ePragFlg:  */ PragFlg_Result0,
--  /* ColNames:  */ 38, 2,
-+  /* ColNames:  */ 33, 2,
-   /* iArg:      */ 0 },
- #endif
- #if !defined(SQLITE_OMIT_COMPILEOPTION_DIAGS)
-@@ -139301,7 +140261,7 @@
-  {/* zName:     */ "database_list",
-   /* ePragTyp:  */ PragTyp_DATABASE_LIST,
-   /* ePragFlg:  */ PragFlg_Result0,
--  /* ColNames:  */ 47, 3,
-+  /* ColNames:  */ 50, 3,
-   /* iArg:      */ 0 },
- #endif
- #if !defined(SQLITE_OMIT_PAGER_PRAGMAS) && !defined(SQLITE_OMIT_DEPRECATED)
-@@ -139381,7 +140341,7 @@
-  {/* zName:     */ "function_list",
-   /* ePragTyp:  */ PragTyp_FUNCTION_LIST,
-   /* ePragFlg:  */ PragFlg_Result0,
--  /* ColNames:  */ 27, 6,
-+  /* ColNames:  */ 15, 6,
-   /* iArg:      */ 0 },
- #endif
- #endif
-@@ -139410,17 +140370,17 @@
-  {/* zName:     */ "index_info",
-   /* ePragTyp:  */ PragTyp_INDEX_INFO,
-   /* ePragFlg:  */ PragFlg_NeedSchema|PragFlg_Result1|PragFlg_SchemaOpt,
--  /* ColNames:  */ 21, 3,
-+  /* ColNames:  */ 27, 3,
-   /* iArg:      */ 0 },
-  {/* zName:     */ "index_list",
-   /* ePragTyp:  */ PragTyp_INDEX_LIST,
-   /* ePragFlg:  */ PragFlg_NeedSchema|PragFlg_Result1|PragFlg_SchemaOpt,
--  /* ColNames:  */ 38, 5,
-+  /* ColNames:  */ 33, 5,
-   /* iArg:      */ 0 },
-  {/* zName:     */ "index_xinfo",
-   /* ePragTyp:  */ PragTyp_INDEX_INFO,
-   /* ePragFlg:  */ PragFlg_NeedSchema|PragFlg_Result1|PragFlg_SchemaOpt,
--  /* ColNames:  */ 21, 6,
-+  /* ColNames:  */ 27, 6,
-   /* iArg:      */ 1 },
- #endif
- #if !defined(SQLITE_OMIT_INTEGRITY_CHECK)
-@@ -139599,7 +140559,7 @@
-  {/* zName:     */ "stats",
-   /* ePragTyp:  */ PragTyp_STATS,
-   /* ePragFlg:  */ PragFlg_NeedSchema|PragFlg_Result0|PragFlg_SchemaReq,
--  /* ColNames:  */ 33, 5,
-+  /* ColNames:  */ 38, 5,
-   /* iArg:      */ 0 },
- #endif
- #if !defined(SQLITE_OMIT_PAGER_PRAGMAS)
-@@ -139618,7 +140578,7 @@
-  {/* zName:     */ "table_list",
-   /* ePragTyp:  */ PragTyp_TABLE_LIST,
-   /* ePragFlg:  */ PragFlg_NeedSchema|PragFlg_Result1,
--  /* ColNames:  */ 15, 6,
-+  /* ColNames:  */ 21, 6,
-   /* iArg:      */ 0 },
-  {/* zName:     */ "table_xinfo",
-   /* ePragTyp:  */ PragTyp_TABLE_INFO,
-@@ -139695,7 +140655,7 @@
-  {/* zName:     */ "wal_checkpoint",
-   /* ePragTyp:  */ PragTyp_WAL_CHECKPOINT,
-   /* ePragFlg:  */ PragFlg_NeedSchema,
--  /* ColNames:  */ 50, 3,
-+  /* ColNames:  */ 47, 3,
-   /* iArg:      */ 0 },
- #endif
- #if !defined(SQLITE_OMIT_FLAG_PRAGMAS)
-@@ -139717,7 +140677,7 @@
- ** the following macro or to the actual analysis_limit if it is non-zero,
- ** in order to prevent PRAGMA optimize from running for too long.
- **
--** The value of 2000 is chosen emperically so that the worst-case run-time
-+** The value of 2000 is chosen empirically so that the worst-case run-time
- ** for PRAGMA optimize does not exceed 100 milliseconds against a variety
- ** of test databases on a RaspberryPI-4 compiled using -Os and without
- ** -DSQLITE_DEBUG.  Of course, your mileage may vary.  For the purpose of
-@@ -140834,7 +141794,10 @@
-         }
-       }else{
-         db->flags &= ~mask;
--        if( mask==SQLITE_DeferFKs ) db->nDeferredImmCons = 0;
-+        if( mask==SQLITE_DeferFKs ){
-+          db->nDeferredImmCons = 0;
-+          db->nDeferredCons = 0;
-+        }
-         if( (mask & SQLITE_WriteSchema)!=0
-          && sqlite3_stricmp(zRight, "reset")==0
-         ){
-@@ -144003,7 +144966,7 @@
-   pNew->addrOpenEphm[0] = -1;
-   pNew->addrOpenEphm[1] = -1;
-   pNew->nSelectRow = 0;
--  if( pSrc==0 ) pSrc = sqlite3DbMallocZero(pParse->db, sizeof(*pSrc));
-+  if( pSrc==0 ) pSrc = sqlite3DbMallocZero(pParse->db, SZ_SRCLIST_1);
-   pNew->pSrc = pSrc;
-   pNew->pWhere = pWhere;
-   pNew->pGroupBy = pGroupBy;
-@@ -144168,10 +145131,33 @@
- */
- SQLITE_PRIVATE int sqlite3ColumnIndex(Table *pTab, const char *zCol){
-   int i;
--  u8 h = sqlite3StrIHash(zCol);
--  Column *pCol;
--  for(pCol=pTab->aCol, i=0; i<pTab->nCol; pCol++, i++){
--    if( pCol->hName==h && sqlite3StrICmp(pCol->zCnName, zCol)==0 ) return i;
-+  u8 h;
-+  const Column *aCol;
-+  int nCol;
-+
-+  h = sqlite3StrIHash(zCol);
-+  aCol = pTab->aCol;
-+  nCol = pTab->nCol;
-+
-+  /* See if the aHx gives us a lucky match */
-+  i = pTab->aHx[h % sizeof(pTab->aHx)];
-+  assert( i<nCol );
-+  if( aCol[i].hName==h
-+   && sqlite3StrICmp(aCol[i].zCnName, zCol)==0
-+  ){
-+    return i;
-+  }
-+
-+  /* No lucky match from the hash table.  Do a full search. */
-+  i = 0;
-+  while( 1 /*exit-by-break*/ ){
-+    if( aCol[i].hName==h
-+     && sqlite3StrICmp(aCol[i].zCnName, zCol)==0
-+    ){
-+      return i;
-+    }
-+    i++;
-+    if( i>=nCol ) break;
-   }
-   return -1;
- }
-@@ -144422,7 +145408,7 @@
-         }
-         pE1 = sqlite3CreateColumnExpr(db, pSrc, iLeft, iLeftCol);
-         sqlite3SrcItemColumnUsed(&pSrc->a[iLeft], iLeftCol);
--        if( (pSrc->a[0].fg.jointype & JT_LTORJ)!=0 ){
-+        if( (pSrc->a[0].fg.jointype & JT_LTORJ)!=0 && pParse->nErr==0 ){
-           /* This branch runs if the query contains one or more RIGHT or FULL
-           ** JOINs.  If only a single table on the left side of this join
-           ** contains the zName column, then this branch is a no-op.
-@@ -144438,6 +145424,8 @@
-           */
-           ExprList *pFuncArgs = 0;   /* Arguments to the coalesce() */
-           static const Token tkCoalesce = { "coalesce", 8 };
-+          assert( pE1!=0 );
-+          ExprSetProperty(pE1, EP_CanBeNull);
-           while( tableAndColumnIndex(pSrc, iLeft+1, i, zName, &iLeft, &iLeftCol,
-                                      pRight->fg.isSynthUsing)!=0 ){
-             if( pSrc->a[iLeft].fg.isUsing==0
-@@ -144454,7 +145442,13 @@
-           if( pFuncArgs ){
-             pFuncArgs = sqlite3ExprListAppend(pParse, pFuncArgs, pE1);
-             pE1 = sqlite3ExprFunction(pParse, pFuncArgs, &tkCoalesce, 0);
-+            if( pE1 ){
-+              pE1->affExpr = SQLITE_AFF_DEFER;
-+            }
-           }
-+        }else if( (pSrc->a[i+1].fg.jointype & JT_LEFT)!=0 && pParse->nErr==0 ){
-+          assert( pE1!=0 );
-+          ExprSetProperty(pE1, EP_CanBeNull);
-         }
-         pE2 = sqlite3CreateColumnExpr(db, pSrc, i+1, iRightCol);
-         sqlite3SrcItemColumnUsed(pRight, iRightCol);
-@@ -145363,8 +146357,8 @@
- ** X extra columns.
- */
- SQLITE_PRIVATE KeyInfo *sqlite3KeyInfoAlloc(sqlite3 *db, int N, int X){
--  int nExtra = (N+X)*(sizeof(CollSeq*)+1) - sizeof(CollSeq*);
--  KeyInfo *p = sqlite3DbMallocRawNN(db, sizeof(KeyInfo) + nExtra);
-+  int nExtra = (N+X)*(sizeof(CollSeq*)+1);
-+  KeyInfo *p = sqlite3DbMallocRawNN(db, SZ_KEYINFO(0) + nExtra);
-   if( p ){
-     p->aSortFlags = (u8*)&p->aColl[N+X];
-     p->nKeyField = (u16)N;
-@@ -145372,7 +146366,7 @@
-     p->enc = ENC(db);
-     p->db = db;
-     p->nRef = 1;
--    memset(&p[1], 0, nExtra);
-+    memset(p->aColl, 0, nExtra);
-   }else{
-     return (KeyInfo*)sqlite3OomFault(db);
-   }
-@@ -147073,6 +148067,7 @@
- multi_select_end:
-   pDest->iSdst = dest.iSdst;
-   pDest->nSdst = dest.nSdst;
-+  pDest->iSDParm2 = dest.iSDParm2;
-   if( pDelete ){
-     sqlite3ParserAddCleanup(pParse, sqlite3SelectDeleteGeneric, pDelete);
-   }
-@@ -148061,9 +149056,9 @@
- **             from 2015-02-09.)
- **
- **   (3)  If the subquery is the right operand of a LEFT JOIN then
--**        (3a) the subquery may not be a join and
--**        (3b) the FROM clause of the subquery may not contain a virtual
--**             table and
-+**        (3a) the subquery may not be a join
-+**        (**) Was (3b): "the FROM clause of the subquery may not contain
-+**             a virtual table"
- **        (**) Was: "The outer query may not have a GROUP BY." This case
- **             is now managed correctly
- **        (3d) the outer query may not be DISTINCT.
-@@ -148279,7 +149274,7 @@
-   */
-   if( (pSubitem->fg.jointype & (JT_OUTER|JT_LTORJ))!=0 ){
-     if( pSubSrc->nSrc>1                        /* (3a) */
--     || IsVirtual(pSubSrc->a[0].pSTab)         /* (3b) */
-+     /**** || IsVirtual(pSubSrc->a[0].pSTab)      (3b)-omitted */
-      || (p->selFlags & SF_Distinct)!=0         /* (3d) */
-      || (pSubitem->fg.jointype & JT_RIGHT)!=0  /* (26) */
-     ){
-@@ -148683,7 +149678,8 @@
-       return;  /* Already present.  Return without doing anything. */
-     }
-   }
--  if( sqlite3ExprAffinity(pColumn)==SQLITE_AFF_BLOB ){
-+  assert( SQLITE_AFF_NONE<SQLITE_AFF_BLOB );
-+  if( sqlite3ExprAffinity(pColumn)<=SQLITE_AFF_BLOB ){
-     pConst->bHasAffBlob = 1;
-   }
- 
-@@ -148758,7 +149754,8 @@
-     if( pColumn==pExpr ) continue;
-     if( pColumn->iTable!=pExpr->iTable ) continue;
-     if( pColumn->iColumn!=pExpr->iColumn ) continue;
--    if( bIgnoreAffBlob && sqlite3ExprAffinity(pColumn)==SQLITE_AFF_BLOB ){
-+    assert( SQLITE_AFF_NONE<SQLITE_AFF_BLOB );
-+    if( bIgnoreAffBlob && sqlite3ExprAffinity(pColumn)<=SQLITE_AFF_BLOB ){
-       break;
-     }
-     /* A match is found.  Add the EP_FixedCol property */
-@@ -149411,7 +150408,7 @@
- ** above that generates the code for a compound SELECT with an ORDER BY clause
- ** uses a merge algorithm that requires the same collating sequence on the
- ** result columns as on the ORDER BY clause.  See ticket
--** http://www.sqlite.org/src/info/6709574d2a
-+** http://sqlite.org/src/info/6709574d2a
- **
- ** This transformation is only needed for EXCEPT, INTERSECT, and UNION.
- ** The UNION ALL operator works fine with multiSelectOrderBy() even when
-@@ -149472,7 +150469,7 @@
- #ifndef SQLITE_OMIT_WINDOWFUNC
-   p->pWinDefn = 0;
- #endif
--  p->selFlags &= ~SF_Compound;
-+  p->selFlags &= ~(u32)SF_Compound;
-   assert( (p->selFlags & SF_Converted)==0 );
-   p->selFlags |= SF_Converted;
-   assert( pNew->pPrior!=0 );
-@@ -149888,7 +150885,7 @@
-   pEList = p->pEList;
-   if( pParse->pWith && (p->selFlags & SF_View) ){
-     if( p->pWith==0 ){
--      p->pWith = (With*)sqlite3DbMallocZero(db, sizeof(With));
-+      p->pWith = (With*)sqlite3DbMallocZero(db, SZ_WITH(1) );
-       if( p->pWith==0 ){
-         return WRC_Abort;
-       }
-@@ -151027,6 +152024,7 @@
- **   *  There is no WHERE or GROUP BY or HAVING clauses on the subqueries
- **   *  The outer query is a simple count(*) with no WHERE clause or other
- **      extraneous syntax.
-+**   *  None of the subqueries are DISTINCT (forumpost/a860f5fb2e 2025-03-10)
- **
- ** Return TRUE if the optimization is undertaken.
- */
-@@ -151059,7 +152057,11 @@
-     if( pSub->op!=TK_ALL && pSub->pPrior ) return 0;  /* Must be UNION ALL */
-     if( pSub->pWhere ) return 0;                      /* No WHERE clause */
-     if( pSub->pLimit ) return 0;                      /* No LIMIT clause */
--    if( pSub->selFlags & SF_Aggregate ) return 0;     /* Not an aggregate */
-+    if( pSub->selFlags & (SF_Aggregate|SF_Distinct) ){
-+       testcase( pSub->selFlags & SF_Aggregate );
-+       testcase( pSub->selFlags & SF_Distinct );
-+       return 0;     /* Not an aggregate nor DISTINCT */
-+    }
-     assert( pSub->pHaving==0 );  /* Due to the previous */
-     pSub = pSub->pPrior;                              /* Repeat over compound */
-   }while( pSub );
-@@ -151071,14 +152073,14 @@
-   pExpr = 0;
-   pSub = sqlite3SubqueryDetach(db, pFrom);
-   sqlite3SrcListDelete(db, p->pSrc);
--  p->pSrc = sqlite3DbMallocZero(pParse->db, sizeof(*p->pSrc));
-+  p->pSrc = sqlite3DbMallocZero(pParse->db, SZ_SRCLIST_1);
-   while( pSub ){
-     Expr *pTerm;
-     pPrior = pSub->pPrior;
-     pSub->pPrior = 0;
-     pSub->pNext = 0;
-     pSub->selFlags |= SF_Aggregate;
--    pSub->selFlags &= ~SF_Compound;
-+    pSub->selFlags &= ~(u32)SF_Compound;
-     pSub->nSelectRow = 0;
-     sqlite3ParserAddCleanup(pParse, sqlite3ExprListDeleteGeneric, pSub->pEList);
-     pTerm = pPrior ? sqlite3ExprDup(db, pCount, 0) : pCount;
-@@ -151093,7 +152095,7 @@
-     pSub = pPrior;
-   }
-   p->pEList->a[0].pExpr = pExpr;
--  p->selFlags &= ~SF_Aggregate;
-+  p->selFlags &= ~(u32)SF_Aggregate;
- 
- #if TREETRACE_ENABLED
-   if( sqlite3TreeTrace & 0x200 ){
-@@ -151300,7 +152302,7 @@
-       testcase( pParse->earlyCleanup );
-       p->pOrderBy = 0;
-     }
--    p->selFlags &= ~SF_Distinct;
-+    p->selFlags &= ~(u32)SF_Distinct;
-     p->selFlags |= SF_NoopOrderBy;
-   }
-   sqlite3SelectPrep(pParse, p, 0);
-@@ -151339,7 +152341,7 @@
-     ** and leaving this flag set can cause errors if a compound sub-query
-     ** in p->pSrc is flattened into this query and this function called
-     ** again as part of compound SELECT processing.  */
--    p->selFlags &= ~SF_UFSrcCheck;
-+    p->selFlags &= ~(u32)SF_UFSrcCheck;
-   }
- 
-   if( pDest->eDest==SRT_Output ){
-@@ -151828,7 +152830,7 @@
-    && p->pWin==0
- #endif
-   ){
--    p->selFlags &= ~SF_Distinct;
-+    p->selFlags &= ~(u32)SF_Distinct;
-     pGroupBy = p->pGroupBy = sqlite3ExprListDup(db, pEList, 0);
-     if( pGroupBy ){
-       for(i=0; i<pGroupBy->nExpr; i++){
-@@ -151937,6 +152939,12 @@
-     if( pWInfo==0 ) goto select_end;
-     if( sqlite3WhereOutputRowCount(pWInfo) < p->nSelectRow ){
-       p->nSelectRow = sqlite3WhereOutputRowCount(pWInfo);
-+      if( pDest->eDest<=SRT_DistQueue && pDest->eDest>=SRT_DistFifo ){
-+        /* TUNING: For a UNION CTE, because UNION is implies DISTINCT,
-+        ** reduce the estimated output row count by 8 (LogEst 30).
-+        ** Search for tag-20250414a to see other cases */
-+        p->nSelectRow -= 30;
-+      }
-     }
-     if( sDistinct.isTnct && sqlite3WhereIsDistinct(pWInfo) ){
-       sDistinct.eTnctType = sqlite3WhereIsDistinct(pWInfo);
-@@ -152310,6 +153318,10 @@
-         if( iOrderByCol ){
-           Expr *pX = p->pEList->a[iOrderByCol-1].pExpr;
-           Expr *pBase = sqlite3ExprSkipCollateAndLikely(pX);
-+          while( ALWAYS(pBase!=0) && pBase->op==TK_IF_NULL_ROW ){
-+            pX = pBase->pLeft;
-+            pBase = sqlite3ExprSkipCollateAndLikely(pX);
-+          }
-           if( ALWAYS(pBase!=0)
-            && pBase->op!=TK_AGG_COLUMN
-            && pBase->op!=TK_REGISTER
-@@ -152893,7 +153905,8 @@
-       assert( pParse->db->pVtabCtx==0 );
- #endif
-       assert( pParse->bReturning );
--      assert( &(pParse->u1.pReturning->retTrig) == pTrig );
-+      assert( !pParse->isCreate );
-+      assert( &(pParse->u1.d.pReturning->retTrig) == pTrig );
-       pTrig->table = pTab->zName;
-       pTrig->pTabSchema = pTab->pSchema;
-       pTrig->pNext = pList;
-@@ -153861,7 +154874,8 @@
-   ExprList *pNew;
-   Returning *pReturning;
-   Select sSelect;
--  SrcList sFrom;
-+  SrcList *pFrom;
-+  u8 fromSpace[SZ_SRCLIST_1];
- 
-   assert( v!=0 );
-   if( !pParse->bReturning ){
-@@ -153870,19 +154884,21 @@
-     return;
-   }
-   assert( db->pParse==pParse );
--  pReturning = pParse->u1.pReturning;
-+  assert( !pParse->isCreate );
-+  pReturning = pParse->u1.d.pReturning;
-   if( pTrigger != &(pReturning->retTrig) ){
-     /* This RETURNING trigger is for a different statement */
-     return;
-   }
-   memset(&sSelect, 0, sizeof(sSelect));
--  memset(&sFrom, 0, sizeof(sFrom));
-+  pFrom = (SrcList*)fromSpace;
-+  memset(pFrom, 0, SZ_SRCLIST_1);
-   sSelect.pEList = sqlite3ExprListDup(db, pReturning->pReturnEL, 0);
--  sSelect.pSrc = &sFrom;
--  sFrom.nSrc = 1;
--  sFrom.a[0].pSTab = pTab;
--  sFrom.a[0].zName = pTab->zName; /* tag-20240424-1 */
--  sFrom.a[0].iCursor = -1;
-+  sSelect.pSrc = pFrom;
-+  pFrom->nSrc = 1;
-+  pFrom->a[0].pSTab = pTab;
-+  pFrom->a[0].zName = pTab->zName; /* tag-20240424-1 */
-+  pFrom->a[0].iCursor = -1;
-   sqlite3SelectPrep(pParse, &sSelect, 0);
-   if( pParse->nErr==0 ){
-     assert( db->mallocFailed==0 );
-@@ -154100,6 +155116,8 @@
-   sSubParse.eTriggerOp = pTrigger->op;
-   sSubParse.nQueryLoop = pParse->nQueryLoop;
-   sSubParse.prepFlags = pParse->prepFlags;
-+  sSubParse.oldmask = 0;
-+  sSubParse.newmask = 0;
- 
-   v = sqlite3GetVdbe(&sSubParse);
-   if( v ){
-@@ -154854,38 +155872,32 @@
-   */
-   chngRowid = chngPk = 0;
-   for(i=0; i<pChanges->nExpr; i++){
--    u8 hCol = sqlite3StrIHash(pChanges->a[i].zEName);
-     /* If this is an UPDATE with a FROM clause, do not resolve expressions
-     ** here. The call to sqlite3Select() below will do that. */
-     if( nChangeFrom==0 && sqlite3ResolveExprNames(&sNC, pChanges->a[i].pExpr) ){
-       goto update_cleanup;
-     }
--    for(j=0; j<pTab->nCol; j++){
--      if( pTab->aCol[j].hName==hCol
--       && sqlite3StrICmp(pTab->aCol[j].zCnName, pChanges->a[i].zEName)==0
--      ){
--        if( j==pTab->iPKey ){
--          chngRowid = 1;
--          pRowidExpr = pChanges->a[i].pExpr;
--          iRowidExpr = i;
--        }else if( pPk && (pTab->aCol[j].colFlags & COLFLAG_PRIMKEY)!=0 ){
--          chngPk = 1;
--        }
-+    j = sqlite3ColumnIndex(pTab, pChanges->a[i].zEName);
-+    if( j>=0 ){
-+      if( j==pTab->iPKey ){
-+        chngRowid = 1;
-+        pRowidExpr = pChanges->a[i].pExpr;
-+        iRowidExpr = i;
-+      }else if( pPk && (pTab->aCol[j].colFlags & COLFLAG_PRIMKEY)!=0 ){
-+        chngPk = 1;
-+      }
- #ifndef SQLITE_OMIT_GENERATED_COLUMNS
--        else if( pTab->aCol[j].colFlags & COLFLAG_GENERATED ){
--          testcase( pTab->aCol[j].colFlags & COLFLAG_VIRTUAL );
--          testcase( pTab->aCol[j].colFlags & COLFLAG_STORED );
--          sqlite3ErrorMsg(pParse,
--             "cannot UPDATE generated column \"%s\"",
--             pTab->aCol[j].zCnName);
--          goto update_cleanup;
--        }
--#endif
--        aXRef[j] = i;
--        break;
-+      else if( pTab->aCol[j].colFlags & COLFLAG_GENERATED ){
-+        testcase( pTab->aCol[j].colFlags & COLFLAG_VIRTUAL );
-+        testcase( pTab->aCol[j].colFlags & COLFLAG_STORED );
-+        sqlite3ErrorMsg(pParse,
-+           "cannot UPDATE generated column \"%s\"",
-+           pTab->aCol[j].zCnName);
-+        goto update_cleanup;
-       }
--    }
--    if( j>=pTab->nCol ){
-+#endif
-+      aXRef[j] = i;
-+    }else{
-       if( pPk==0 && sqlite3IsRowid(pChanges->a[i].zEName) ){
-         j = -1;
-         chngRowid = 1;
-@@ -156208,7 +157220,7 @@
- #else
-     /* When SQLITE_BUG_COMPATIBLE_20160819 is defined, unrecognized arguments
-     ** to VACUUM are silently ignored.  This is a back-out of a bug fix that
--    ** occurred on 2016-08-19 (https://www.sqlite.org/src/info/083f9e6270).
-+    ** occurred on 2016-08-19 (https://sqlite.org/src/info/083f9e6270).
-     ** The buggy behavior is required for binary compatibility with some
-     ** legacy applications. */
-     iDb = sqlite3FindDb(pParse->db, pNm);
-@@ -156287,7 +157299,7 @@
-   saved_nChange = db->nChange;
-   saved_nTotalChange = db->nTotalChange;
-   saved_mTrace = db->mTrace;
--  db->flags |= SQLITE_WriteSchema | SQLITE_IgnoreChecks;
-+  db->flags |= SQLITE_WriteSchema | SQLITE_IgnoreChecks | SQLITE_Comments;
-   db->mDbFlags |= DBFLAG_PreferBuiltin | DBFLAG_Vacuum;
-   db->flags &= ~(u64)(SQLITE_ForeignKeys | SQLITE_ReverseOrder
-                    | SQLITE_Defensive | SQLITE_CountRows);
-@@ -156992,11 +158004,12 @@
-     ** schema table.  We just need to update that slot with all
-     ** the information we've collected.
-     **
--    ** The VM register number pParse->regRowid holds the rowid of an
-+    ** The VM register number pParse->u1.cr.regRowid holds the rowid of an
-     ** entry in the sqlite_schema table that was created for this vtab
-     ** by sqlite3StartTable().
-     */
-     iDb = sqlite3SchemaToIndex(db, pTab->pSchema);
-+    assert( pParse->isCreate );
-     sqlite3NestedParse(pParse,
-       "UPDATE %Q." LEGACY_SCHEMA_TABLE " "
-          "SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q "
-@@ -157005,7 +158018,7 @@
-       pTab->zName,
-       pTab->zName,
-       zStmt,
--      pParse->regRowid
-+      pParse->u1.cr.regRowid
-     );
-     v = sqlite3GetVdbe(pParse);
-     sqlite3ChangeCookie(pParse, iDb);
-@@ -158415,10 +159428,15 @@
-   Bitmask revMask;          /* Mask of ORDER BY terms that need reversing */
-   WhereClause sWC;          /* Decomposition of the WHERE clause */
-   WhereMaskSet sMaskSet;    /* Map cursor numbers to bitmasks */
--  WhereLevel a[1];          /* Information about each nest loop in WHERE */
-+  WhereLevel a[FLEXARRAY];  /* Information about each nest loop in WHERE */
- };
- 
- /*
-+** The size (in bytes) of a WhereInfo object that holds N WhereLevels.
-+*/
-+#define SZ_WHEREINFO(N) ROUND8(offsetof(WhereInfo,a)+(N)*sizeof(WhereLevel))
-+
-+/*
- ** Private interfaces - callable only by other where.c routines.
- **
- ** where.c:
-@@ -159097,7 +160115,7 @@
- /*
- ** pX is an expression of the form:  (vector) IN (SELECT ...)
- ** In other words, it is a vector IN operator with a SELECT clause on the
--** LHS.  But not all terms in the vector are indexable and the terms might
-+** RHS.  But not all terms in the vector are indexable and the terms might
- ** not be in the correct order for indexing.
- **
- ** This routine makes a copy of the input pX expression and then adjusts
-@@ -159153,7 +160171,9 @@
-           int iField;
-           assert( (pLoop->aLTerm[i]->eOperator & (WO_OR|WO_AND))==0 );
-           iField = pLoop->aLTerm[i]->u.x.iField - 1;
--          if( pOrigRhs->a[iField].pExpr==0 ) continue; /* Duplicate PK column */
-+          if( NEVER(pOrigRhs->a[iField].pExpr==0) ){
-+            continue; /* Duplicate PK column */
-+          }
-           pRhs = sqlite3ExprListAppend(pParse, pRhs, pOrigRhs->a[iField].pExpr);
-           pOrigRhs->a[iField].pExpr = 0;
-           if( pRhs ) pRhs->a[pRhs->nExpr-1].u.x.iOrderByCol = iField+1;
-@@ -159250,7 +160270,7 @@
-       return;
-     }
-   }
--  for(i=iEq;i<pLoop->nLTerm; i++){
-+  for(i=iEq; i<pLoop->nLTerm; i++){
-     assert( pLoop->aLTerm[i]!=0 );
-     if( pLoop->aLTerm[i]->pExpr==pX ) nEq++;
-   }
-@@ -159259,22 +160279,13 @@
-   if( !ExprUseXSelect(pX) || pX->x.pSelect->pEList->nExpr==1 ){
-     eType = sqlite3FindInIndex(pParse, pX, IN_INDEX_LOOP, 0, 0, &iTab);
-   }else{
--    Expr *pExpr = pTerm->pExpr;
--    if( pExpr->iTable==0 || !ExprHasProperty(pExpr, EP_Subrtn) ){
--      sqlite3 *db = pParse->db;
--      pX = removeUnindexableInClauseTerms(pParse, iEq, pLoop, pX);
--      if( !db->mallocFailed ){
--        aiMap = (int*)sqlite3DbMallocZero(pParse->db, sizeof(int)*nEq);
--        eType = sqlite3FindInIndex(pParse, pX, IN_INDEX_LOOP, 0, aiMap,&iTab);
--        pExpr->iTable = iTab;
--      }
--      sqlite3ExprDelete(db, pX);
--    }else{
--      int n = sqlite3ExprVectorSize(pX->pLeft);
--      aiMap = (int*)sqlite3DbMallocZero(pParse->db, sizeof(int)*MAX(nEq,n));
--      eType = sqlite3FindInIndex(pParse, pX, IN_INDEX_LOOP, 0, aiMap, &iTab);
-+    sqlite3 *db = pParse->db;
-+    Expr *pXMod = removeUnindexableInClauseTerms(pParse, iEq, pLoop, pX);
-+    if( !db->mallocFailed ){
-+      aiMap = (int*)sqlite3DbMallocZero(db, sizeof(int)*nEq);
-+      eType = sqlite3FindInIndex(pParse, pXMod, IN_INDEX_LOOP, 0, aiMap, &iTab);
-     }
--    pX = pExpr;
-+    sqlite3ExprDelete(db, pXMod);
-   }
- 
-   if( eType==IN_INDEX_INDEX_DESC ){
-@@ -159304,7 +160315,7 @@
-   if( pIn ){
-     int iMap = 0;               /* Index in aiMap[] */
-     pIn += i;
--    for(i=iEq;i<pLoop->nLTerm; i++){
-+    for(i=iEq; i<pLoop->nLTerm; i++){
-       if( pLoop->aLTerm[i]->pExpr==pX ){
-         int iOut = iTarget + i - iEq;
-         if( eType==IN_INDEX_ROWID ){
-@@ -160163,6 +161174,9 @@
-     }
-     sqlite3VdbeAddOp2(v, OP_Integer, pLoop->u.vtab.idxNum, iReg);
-     sqlite3VdbeAddOp2(v, OP_Integer, nConstraint, iReg+1);
-+    /* The instruction immediately prior to OP_VFilter must be an OP_Integer
-+    ** that sets the "argc" value for xVFilter.  This is necessary for
-+    ** resolveP2() to work correctly.  See tag-20250207a. */
-     sqlite3VdbeAddOp4(v, OP_VFilter, iCur, addrNotFound, iReg,
-                       pLoop->u.vtab.idxStr,
-                       pLoop->u.vtab.needFree ? P4_DYNAMIC : P4_STATIC);
-@@ -160753,12 +161767,13 @@
-     if( pLevel->iLeftJoin==0 ){
-       /* If a partial index is driving the loop, try to eliminate WHERE clause
-       ** terms from the query that must be true due to the WHERE clause of
--      ** the partial index.
-+      ** the partial index.  This optimization does not work on an outer join,
-+      ** as shown by:
-       **
--      ** 2019-11-02 ticket 623eff57e76d45f6: This optimization does not work
--      ** for a LEFT JOIN.
-+      ** 2019-11-02 ticket 623eff57e76d45f6      (LEFT JOIN)
-+      ** 2025-05-29 forum post 7dee41d32506c4ae  (RIGHT JOIN)
-       */
--      if( pIdx->pPartIdxWhere ){
-+      if( pIdx->pPartIdxWhere && pLevel->pRJ==0 ){
-         whereApplyPartialIndexConstraints(pIdx->pPartIdxWhere, iCur, pWC);
-       }
-     }else{
-@@ -160865,8 +161880,7 @@
-       int nNotReady;                 /* The number of notReady tables */
-       SrcItem *origSrc;              /* Original list of tables */
-       nNotReady = pWInfo->nLevel - iLevel - 1;
--      pOrTab = sqlite3DbMallocRawNN(db,
--                            sizeof(*pOrTab)+ nNotReady*sizeof(pOrTab->a[0]));
-+      pOrTab = sqlite3DbMallocRawNN(db, SZ_SRCLIST(nNotReady+1));
-       if( pOrTab==0 ) return notReady;
-       pOrTab->nAlloc = (u8)(nNotReady + 1);
-       pOrTab->nSrc = pOrTab->nAlloc;
-@@ -160917,7 +161931,7 @@
-     **
-     ** This optimization also only applies if the (x1 OR x2 OR ...) term
-     ** is not contained in the ON clause of a LEFT JOIN.
--    ** See ticket http://www.sqlite.org/src/info/f2369304e4
-+    ** See ticket http://sqlite.org/src/info/f2369304e4
-     **
-     ** 2022-02-04:  Do not push down slices of a row-value comparison.
-     ** In other words, "w" or "y" may not be a slice of a vector.  Otherwise,
-@@ -161409,7 +162423,8 @@
-   WhereInfo *pSubWInfo;
-   WhereLoop *pLoop = pLevel->pWLoop;
-   SrcItem *pTabItem = &pWInfo->pTabList->a[pLevel->iFrom];
--  SrcList sFrom;
-+  SrcList *pFrom;
-+  u8 fromSpace[SZ_SRCLIST_1];
-   Bitmask mAll = 0;
-   int k;
- 
-@@ -161453,13 +162468,14 @@
-                                  sqlite3ExprDup(pParse->db, pTerm->pExpr, 0));
-     }
-   }
--  sFrom.nSrc = 1;
--  sFrom.nAlloc = 1;
--  memcpy(&sFrom.a[0], pTabItem, sizeof(SrcItem));
--  sFrom.a[0].fg.jointype = 0;
-+  pFrom = (SrcList*)fromSpace;
-+  pFrom->nSrc = 1;
-+  pFrom->nAlloc = 1;
-+  memcpy(&pFrom->a[0], pTabItem, sizeof(SrcItem));
-+  pFrom->a[0].fg.jointype = 0;
-   assert( pParse->withinRJSubrtn < 100 );
-   pParse->withinRJSubrtn++;
--  pSubWInfo = sqlite3WhereBegin(pParse, &sFrom, pSubWhere, 0, 0, 0,
-+  pSubWInfo = sqlite3WhereBegin(pParse, pFrom, pSubWhere, 0, 0, 0,
-                                 WHERE_RIGHT_JOIN, 0);
-   if( pSubWInfo ){
-     int iCur = pLevel->iTabCur;
-@@ -162430,30 +163446,42 @@
- **   1.  The SQLITE_Transitive optimization must be enabled
- **   2.  Must be either an == or an IS operator
- **   3.  Not originating in the ON clause of an OUTER JOIN
--**   4.  The affinities of A and B must be compatible
--**   5a. Both operands use the same collating sequence OR
--**   5b. The overall collating sequence is BINARY
-+**   4.  The operator is not IS or else the query does not contain RIGHT JOIN
-+**   5.  The affinities of A and B must be compatible
-+**   6a. Both operands use the same collating sequence OR
-+**   6b. The overall collating sequence is BINARY
- ** If this routine returns TRUE, that means that the RHS can be substituted
- ** for the LHS anyplace else in the WHERE clause where the LHS column occurs.
- ** This is an optimization.  No harm comes from returning 0.  But if 1 is
- ** returned when it should not be, then incorrect answers might result.
- */
--static int termIsEquivalence(Parse *pParse, Expr *pExpr){
-+static int termIsEquivalence(Parse *pParse, Expr *pExpr, SrcList *pSrc){
-   char aff1, aff2;
-   CollSeq *pColl;
--  if( !OptimizationEnabled(pParse->db, SQLITE_Transitive) ) return 0;
--  if( pExpr->op!=TK_EQ && pExpr->op!=TK_IS ) return 0;
--  if( ExprHasProperty(pExpr, EP_OuterON) ) return 0;
-+  if( !OptimizationEnabled(pParse->db, SQLITE_Transitive) ) return 0;  /* (1) */
-+  if( pExpr->op!=TK_EQ && pExpr->op!=TK_IS ) return 0;                 /* (2) */
-+  if( ExprHasProperty(pExpr, EP_OuterON) ) return 0;                   /* (3) */
-+  assert( pSrc!=0 );
-+  if( pExpr->op==TK_IS
-+   && pSrc->nSrc
-+   && (pSrc->a[0].fg.jointype & JT_LTORJ)!=0
-+  ){
-+    return 0;                                                          /* (4) */
-+  }
-   aff1 = sqlite3ExprAffinity(pExpr->pLeft);
-   aff2 = sqlite3ExprAffinity(pExpr->pRight);
-   if( aff1!=aff2
-    && (!sqlite3IsNumericAffinity(aff1) || !sqlite3IsNumericAffinity(aff2))
-   ){
--    return 0;
-+    return 0;                                                          /* (5) */
-   }
-   pColl = sqlite3ExprCompareCollSeq(pParse, pExpr);
--  if( sqlite3IsBinary(pColl) ) return 1;
--  return sqlite3ExprCollSeqMatch(pParse, pExpr->pLeft, pExpr->pRight);
-+  if( !sqlite3IsBinary(pColl)
-+   && !sqlite3ExprCollSeqMatch(pParse, pExpr->pLeft, pExpr->pRight)
-+  ){
-+    return 0;                                                          /* (6) */
-+  }
-+  return 1;
- }
- 
- /*
-@@ -162718,8 +163746,8 @@
-         if( op==TK_IS ) pNew->wtFlags |= TERM_IS;
-         pTerm = &pWC->a[idxTerm];
-         pTerm->wtFlags |= TERM_COPIED;
--
--        if( termIsEquivalence(pParse, pDup) ){
-+        assert( pWInfo->pTabList!=0 );
-+        if( termIsEquivalence(pParse, pDup, pWInfo->pTabList) ){
-           pTerm->eOperator |= WO_EQUIV;
-           eExtraOp = WO_EQUIV;
-         }
-@@ -163447,11 +164475,16 @@
-   int eDistinct;           /* Value to return from sqlite3_vtab_distinct() */
-   u32 mIn;                 /* Mask of terms that are <col> IN (...) */
-   u32 mHandleIn;           /* Terms that vtab will handle as <col> IN (...) */
--  sqlite3_value *aRhs[1];  /* RHS values for constraints. MUST BE LAST
--                           ** because extra space is allocated to hold up
--                           ** to nTerm such values */
-+  sqlite3_value *aRhs[FLEXARRAY];  /* RHS values for constraints. MUST BE LAST
-+                                   ** Extra space is allocated to hold up
-+                                   ** to nTerm such values */
- };
- 
-+/* Size (in bytes) of a HiddenIndeInfo object sufficient to hold as
-+** many as N constraints */
-+#define SZ_HIDDENINDEXINFO(N) \
-+                  (offsetof(HiddenIndexInfo,aRhs) + (N)*sizeof(sqlite3_value*))
-+
- /* Forward declaration of methods */
- static int whereLoopResize(sqlite3*, WhereLoop*, int);
- 
-@@ -164516,6 +165549,8 @@
-   }
- 
-   /* Construct the Index object to describe this index */
-+  assert( nKeyCol <= pTable->nCol + MAX(0, pTable->nCol - BMS + 1) );
-+  /* ^-- This guarantees that the number of index columns will fit in the u16 */
-   pIdx = sqlite3AllocateIndexObject(pParse->db, nKeyCol+HasRowid(pTable),
-                                     0, &zNotUsed);
-   if( pIdx==0 ) goto end_auto_index_create;
-@@ -164927,8 +165962,8 @@
-   */
-   pIdxInfo = sqlite3DbMallocZero(pParse->db, sizeof(*pIdxInfo)
-                            + (sizeof(*pIdxCons) + sizeof(*pUsage))*nTerm
--                           + sizeof(*pIdxOrderBy)*nOrderBy + sizeof(*pHidden)
--                           + sizeof(sqlite3_value*)*nTerm );
-+                           + sizeof(*pIdxOrderBy)*nOrderBy
-+                           + SZ_HIDDENINDEXINFO(nTerm) );
-   if( pIdxInfo==0 ){
-     sqlite3ErrorMsg(pParse, "out of memory");
-     return 0;
-@@ -166564,11 +167599,8 @@
-     assert( pNew->u.btree.nBtm==0 );
-     opMask = WO_EQ|WO_IN|WO_GT|WO_GE|WO_LT|WO_LE|WO_ISNULL|WO_IS;
-   }
--  if( pProbe->bUnordered || pProbe->bLowQual ){
--    if( pProbe->bUnordered ) opMask &= ~(WO_GT|WO_GE|WO_LT|WO_LE);
--    if( pProbe->bLowQual && pSrc->fg.isIndexedBy==0 ){
--      opMask &= ~(WO_EQ|WO_IN|WO_IS);
--    }
-+  if( pProbe->bUnordered ){
-+    opMask &= ~(WO_GT|WO_GE|WO_LT|WO_LE);
-   }
- 
-   assert( pNew->u.btree.nEq<pProbe->nColumn );
-@@ -166641,6 +167673,7 @@
-       if( ExprUseXSelect(pExpr) ){
-         /* "x IN (SELECT ...)":  TUNING: the SELECT returns 25 rows */
-         int i;
-+        int bRedundant = 0;
-         nIn = 46;  assert( 46==sqlite3LogEst(25) );
- 
-         /* The expression may actually be of the form (x, y) IN (SELECT...).
-@@ -166649,7 +167682,20 @@
-         ** for each such term. The following loop checks that pTerm is the
-         ** first such term in use, and sets nIn back to 0 if it is not. */
-         for(i=0; i<pNew->nLTerm-1; i++){
--          if( pNew->aLTerm[i] && pNew->aLTerm[i]->pExpr==pExpr ) nIn = 0;
-+          if( pNew->aLTerm[i] && pNew->aLTerm[i]->pExpr==pExpr ){
-+            nIn = 0;
-+            if( pNew->aLTerm[i]->u.x.iField == pTerm->u.x.iField ){
-+              /* Detect when two or more columns of an index match the same
-+              ** column of a vector IN operater, and avoid adding the column
-+              ** to the WhereLoop more than once.  See tag-20250707-01
-+              ** in test/rowvalue.test */
-+              bRedundant = 1;
-+            }
-+          }
-+        }
-+        if( bRedundant ){
-+          pNew->nLTerm--;
-+          continue;
-         }
-       }else if( ALWAYS(pExpr->x.pList && pExpr->x.pList->nExpr) ){
-         /* "x IN (value, value, ...)" */
-@@ -166881,7 +167927,7 @@
-     if( (pNew->wsFlags & WHERE_TOP_LIMIT)==0
-      && pNew->u.btree.nEq<pProbe->nColumn
-      && (pNew->u.btree.nEq<pProbe->nKeyCol ||
--           pProbe->idxType!=SQLITE_IDXTYPE_PRIMARYKEY)
-+          pProbe->idxType!=SQLITE_IDXTYPE_PRIMARYKEY)
-     ){
-       if( pNew->u.btree.nEq>3 ){
-         sqlite3ProgressCheck(pParse);
-@@ -167010,6 +168056,7 @@
-     if( (!ExprHasProperty(pExpr, EP_OuterON) || pExpr->w.iJoin==iTab)
-      && ((jointype & JT_OUTER)==0 || ExprHasProperty(pExpr, EP_OuterON))
-      && sqlite3ExprImpliesExpr(pParse, pExpr, pWhere, iTab)
-+     && !sqlite3ExprImpliesExpr(pParse, pExpr, pWhere, -1)
-      && (pTerm->wtFlags & TERM_VNULL)==0
-     ){
-       return 1;
-@@ -167505,7 +168552,7 @@
-            && (HasRowid(pTab) || pWInfo->pSelect!=0 || sqlite3FaultSim(700))
-         ){
-           WHERETRACE(0x200,
--             ("-> %s a covering index according to bitmasks\n",
-+             ("-> %s is a covering index according to bitmasks\n",
-              pProbe->zName, m==0 ? "is" : "is not"));
-           pNew->wsFlags = WHERE_IDX_ONLY | WHERE_INDEXED;
-         }
-@@ -170122,10 +171169,7 @@
-   ** field (type Bitmask) it must be aligned on an 8-byte boundary on
-   ** some architectures. Hence the ROUND8() below.
-   */
--  nByteWInfo = ROUND8P(sizeof(WhereInfo));
--  if( nTabList>1 ){
--    nByteWInfo = ROUND8P(nByteWInfo + (nTabList-1)*sizeof(WhereLevel));
--  }
-+  nByteWInfo = SZ_WHEREINFO(nTabList);
-   pWInfo = sqlite3DbMallocRawNN(db, nByteWInfo + sizeof(WhereLoop));
-   if( db->mallocFailed ){
-     sqlite3DbFree(db, pWInfo);
-@@ -170342,7 +171386,8 @@
-     }
- 
-     /* TUNING:  Assume that a DISTINCT clause on a subquery reduces
--    ** the output size by a factor of 8 (LogEst -30).
-+    ** the output size by a factor of 8 (LogEst -30).  Search for
-+    ** tag-20250414a to see other cases.
-     */
-     if( (pWInfo->wctrlFlags & WHERE_WANT_DISTINCT)!=0 ){
-       WHERETRACE(0x0080,("nRowOut reduced from %d to %d due to DISTINCT\n",
-@@ -172077,7 +173122,7 @@
-     p->pWhere = 0;
-     p->pGroupBy = 0;
-     p->pHaving = 0;
--    p->selFlags &= ~SF_Aggregate;
-+    p->selFlags &= ~(u32)SF_Aggregate;
-     p->selFlags |= SF_WinRewrite;
- 
-     /* Create the ORDER BY clause for the sub-select. This is the concatenation
-@@ -174218,6 +175263,11 @@
- /* #include "sqliteInt.h" */
- 
- /*
-+** Verify that the pParse->isCreate field is set
-+*/
-+#define ASSERT_IS_CREATE   assert(pParse->isCreate)
-+
-+/*
- ** Disable all error recovery processing in the parser push-down
- ** automaton.
- */
-@@ -174280,6 +175330,10 @@
- static void disableLookaside(Parse *pParse){
-   sqlite3 *db = pParse->db;
-   pParse->disableLookaside++;
-+#ifdef SQLITE_DEBUG
-+  pParse->isCreate = 1;
-+#endif
-+  memset(&pParse->u1.cr, 0, sizeof(pParse->u1.cr));
-   DisableLookaside;
- }
- 
-@@ -177916,7 +178970,9 @@
- }
-         break;
-       case 14: /* createkw ::= CREATE */
--{disableLookaside(pParse);}
-+{
-+  disableLookaside(pParse);
-+}
-         break;
-       case 15: /* ifnotexists ::= */
-       case 18: /* temp ::= */ yytestcase(yyruleno==18);
-@@ -178008,7 +179064,7 @@
-         break;
-       case 32: /* ccons ::= CONSTRAINT nm */
-       case 67: /* tcons ::= CONSTRAINT nm */ yytestcase(yyruleno==67);
--{pParse->constraintName = yymsp[0].minor.yy0;}
-+{ASSERT_IS_CREATE; pParse->u1.cr.constraintName = yymsp[0].minor.yy0;}
-         break;
-       case 33: /* ccons ::= DEFAULT scantok term */
- {sqlite3AddDefaultValue(pParse,yymsp[0].minor.yy590,yymsp[-1].minor.yy0.z,&yymsp[-1].minor.yy0.z[yymsp[-1].minor.yy0.n]);}
-@@ -178118,7 +179174,7 @@
- {yymsp[-1].minor.yy502 = 0;}
-         break;
-       case 66: /* tconscomma ::= COMMA */
--{pParse->constraintName.n = 0;}
-+{ASSERT_IS_CREATE; pParse->u1.cr.constraintName.n = 0;}
-         break;
-       case 68: /* tcons ::= PRIMARY KEY LP sortlist autoinc RP onconf */
- {sqlite3AddPrimaryKey(pParse,yymsp[-3].minor.yy402,yymsp[0].minor.yy502,yymsp[-2].minor.yy502,0);}
-@@ -178205,8 +179261,8 @@
-   if( pRhs ){
-     pRhs->op = (u8)yymsp[-1].minor.yy502;
-     pRhs->pPrior = pLhs;
--    if( ALWAYS(pLhs) ) pLhs->selFlags &= ~SF_MultiValue;
--    pRhs->selFlags &= ~SF_MultiValue;
-+    if( ALWAYS(pLhs) ) pLhs->selFlags &= ~(u32)SF_MultiValue;
-+    pRhs->selFlags &= ~(u32)SF_MultiValue;
-     if( yymsp[-1].minor.yy502!=TK_ALL ) pParse->hasCompound = 1;
-   }else{
-     sqlite3SelectDelete(pParse->db, pLhs);
-@@ -178846,12 +179902,21 @@
-       **      expr1 IN ()
-       **      expr1 NOT IN ()
-       **
--      ** simplify to constants 0 (false) and 1 (true), respectively,
--      ** regardless of the value of expr1.
--      */
--      sqlite3ExprUnmapAndDelete(pParse, yymsp[-4].minor.yy590);
--      yymsp[-4].minor.yy590 = sqlite3Expr(pParse->db, TK_STRING, yymsp[-3].minor.yy502 ? "true" : "false");
--      if( yymsp[-4].minor.yy590 ) sqlite3ExprIdToTrueFalse(yymsp[-4].minor.yy590);
-+      ** simplify to constants 0 (false) and 1 (true), respectively.
-+      **
-+      ** Except, do not apply this optimization if expr1 contains a function
-+      ** because that function might be an aggregate (we don't know yet whether
-+      ** it is or not) and if it is an aggregate, that could change the meaning
-+      ** of the whole query.
-+      */
-+      Expr *pB = sqlite3Expr(pParse->db, TK_STRING, yymsp[-3].minor.yy502 ? "true" : "false");
-+      if( pB ) sqlite3ExprIdToTrueFalse(pB);
-+      if( !ExprHasProperty(yymsp[-4].minor.yy590, EP_HasFunc) ){
-+        sqlite3ExprUnmapAndDelete(pParse, yymsp[-4].minor.yy590);
-+        yymsp[-4].minor.yy590 = pB;
-+      }else{
-+        yymsp[-4].minor.yy590 = sqlite3PExpr(pParse, yymsp[-3].minor.yy502 ? TK_OR : TK_AND, pB, yymsp[-4].minor.yy590);
-+      }
-     }else{
-       Expr *pRHS = yymsp[-1].minor.yy402->a[0].pExpr;
-       if( yymsp[-1].minor.yy402->nExpr==1 && sqlite3ExprIsConstant(pParse,pRHS) && yymsp[-4].minor.yy590->op!=TK_VECTOR ){
-@@ -179011,6 +180076,10 @@
- {
-   sqlite3BeginTrigger(pParse, &yymsp[-7].minor.yy0, &yymsp[-6].minor.yy0, yymsp[-5].minor.yy502, yymsp[-4].minor.yy28.a, yymsp[-4].minor.yy28.b, yymsp[-2].minor.yy563, yymsp[0].minor.yy590, yymsp[-10].minor.yy502, yymsp[-8].minor.yy502);
-   yymsp[-10].minor.yy0 = (yymsp[-6].minor.yy0.n==0?yymsp[-7].minor.yy0:yymsp[-6].minor.yy0); /*A-overwrites-T*/
-+#ifdef SQLITE_DEBUG
-+  assert( pParse->isCreate ); /* Set by createkw reduce action */
-+  pParse->isCreate = 0;       /* But, should not be set for CREATE TRIGGER */
-+#endif
- }
-         break;
-       case 262: /* trigger_time ::= BEFORE|AFTER */
-@@ -180453,7 +181522,7 @@
-   int t;                          /* Token type to return */
-   do {
-     z += sqlite3GetToken(z, &t);
--  }while( t==TK_SPACE );
-+  }while( t==TK_SPACE || t==TK_COMMENT );
-   if( t==TK_ID
-    || t==TK_STRING
-    || t==TK_JOIN_KW
-@@ -180946,7 +182015,11 @@
-         assert( n==6 );
-         tokenType = analyzeFilterKeyword((const u8*)&zSql[6], lastTokenParsed);
- #endif /* SQLITE_OMIT_WINDOWFUNC */
--      }else if( tokenType==TK_COMMENT && (db->flags & SQLITE_Comments)!=0 ){
-+      }else if( tokenType==TK_COMMENT
-+             && (db->init.busy || (db->flags & SQLITE_Comments)!=0)
-+      ){
-+        /* Ignore SQL comments if either (1) we are reparsing the schema or
-+        ** (2) SQLITE_DBCONFIG_ENABLE_COMMENTS is turned on (the default). */
-         zSql += n;
-         continue;
-       }else if( tokenType!=TK_QNUMBER ){
-@@ -181841,6 +182914,14 @@
-     if( rc==SQLITE_OK ){
-       sqlite3PCacheBufferSetup( sqlite3GlobalConfig.pPage,
-           sqlite3GlobalConfig.szPage, sqlite3GlobalConfig.nPage);
-+#ifdef SQLITE_EXTRA_INIT_MUTEXED
-+      {
-+        int SQLITE_EXTRA_INIT_MUTEXED(const char*);
-+        rc = SQLITE_EXTRA_INIT_MUTEXED(0);
-+      }
-+#endif
-+    }
-+    if( rc==SQLITE_OK ){
-       sqlite3MemoryBarrier();
-       sqlite3GlobalConfig.isInit = 1;
- #ifdef SQLITE_EXTRA_INIT
-@@ -182297,17 +183378,22 @@
- ** If lookaside is already active, return SQLITE_BUSY.
- **
- ** The sz parameter is the number of bytes in each lookaside slot.
--** The cnt parameter is the number of slots.  If pStart is NULL the
--** space for the lookaside memory is obtained from sqlite3_malloc().
--** If pStart is not NULL then it is sz*cnt bytes of memory to use for
--** the lookaside memory.
--*/
--static int setupLookaside(sqlite3 *db, void *pBuf, int sz, int cnt){
-+** The cnt parameter is the number of slots.  If pBuf is NULL the
-+** space for the lookaside memory is obtained from sqlite3_malloc()
-+** or similar.  If pBuf is not NULL then it is sz*cnt bytes of memory
-+** to use for the lookaside memory.
-+*/
-+static int setupLookaside(
-+  sqlite3 *db,    /* Database connection being configured */
-+  void *pBuf,     /* Memory to use for lookaside.  May be NULL */
-+  int sz,         /* Desired size of each lookaside memory slot */
-+  int cnt         /* Number of slots to allocate */
-+){
- #ifndef SQLITE_OMIT_LOOKASIDE
--  void *pStart;
--  sqlite3_int64 szAlloc;
--  int nBig;   /* Number of full-size slots */
--  int nSm;    /* Number smaller LOOKASIDE_SMALL-byte slots */
-+  void *pStart;          /* Start of the lookaside buffer */
-+  sqlite3_int64 szAlloc; /* Total space set aside for lookaside memory */
-+  int nBig;              /* Number of full-size slots */
-+  int nSm;               /* Number smaller LOOKASIDE_SMALL-byte slots */
- 
-   if( sqlite3LookasideUsed(db,0)>0 ){
-     return SQLITE_BUSY;
-@@ -182320,19 +183406,22 @@
-     sqlite3_free(db->lookaside.pStart);
-   }
-   /* The size of a lookaside slot after ROUNDDOWN8 needs to be larger
--  ** than a pointer to be useful.
-+  ** than a pointer and small enough to fit in a u16.
-   */
--  sz = ROUNDDOWN8(sz);  /* IMP: R-33038-09382 */
-+  sz = ROUNDDOWN8(sz);
-   if( sz<=(int)sizeof(LookasideSlot*) ) sz = 0;
-   if( sz>65528 ) sz = 65528;
--  if( cnt<0 ) cnt = 0;
-+  /* Count must be at least 1 to be useful, but not so large as to use
-+  ** more than 0x7fff0000 total bytes for lookaside. */
-+  if( cnt<1 ) cnt = 0;
-+  if( sz>0 && cnt>(0x7fff0000/sz) ) cnt = 0x7fff0000/sz;
-   szAlloc = (i64)sz*(i64)cnt;
--  if( sz==0 || cnt==0 ){
-+  if( szAlloc==0 ){
-     sz = 0;
-     pStart = 0;
-   }else if( pBuf==0 ){
-     sqlite3BeginBenignMalloc();
--    pStart = sqlite3Malloc( szAlloc );  /* IMP: R-61949-35727 */
-+    pStart = sqlite3Malloc( szAlloc );
-     sqlite3EndBenignMalloc();
-     if( pStart ) szAlloc = sqlite3MallocSize(pStart);
-   }else{
-@@ -183309,6 +184398,9 @@
-   db->busyHandler.pBusyArg = pArg;
-   db->busyHandler.nBusy = 0;
-   db->busyTimeout = 0;
-+#ifdef SQLITE_ENABLE_SETLK_TIMEOUT
-+  db->setlkTimeout = 0;
-+#endif
-   sqlite3_mutex_leave(db->mutex);
-   return SQLITE_OK;
- }
-@@ -183358,6 +184450,9 @@
-     sqlite3_busy_handler(db, (int(*)(void*,int))sqliteDefaultBusyCallback,
-                              (void*)db);
-     db->busyTimeout = ms;
-+#ifdef SQLITE_ENABLE_SETLK_TIMEOUT
-+    db->setlkTimeout = ms;
-+#endif
-   }else{
-     sqlite3_busy_handler(db, 0, 0);
-   }
-@@ -183365,6 +184460,40 @@
- }
- 
- /*
-+** Set the setlk timeout value.
-+*/
-+SQLITE_API int sqlite3_setlk_timeout(sqlite3 *db, int ms, int flags){
-+#ifdef SQLITE_ENABLE_SETLK_TIMEOUT
-+  int iDb;
-+  int bBOC = ((flags & SQLITE_SETLK_BLOCK_ON_CONNECT) ? 1 : 0);
-+#endif
-+#ifdef SQLITE_ENABLE_API_ARMOR
-+  if( !sqlite3SafetyCheckOk(db) ) return SQLITE_MISUSE_BKPT;
-+#endif
-+  if( ms<-1 ) return SQLITE_RANGE;
-+#ifdef SQLITE_ENABLE_SETLK_TIMEOUT
-+  sqlite3_mutex_enter(db->mutex);
-+  db->setlkTimeout = ms;
-+  db->setlkFlags = flags;
-+  sqlite3BtreeEnterAll(db);
-+  for(iDb=0; iDb<db->nDb; iDb++){
-+    Btree *pBt = db->aDb[iDb].pBt;
-+    if( pBt ){
-+      sqlite3_file *fd = sqlite3PagerFile(sqlite3BtreePager(pBt));
-+      sqlite3OsFileControlHint(fd, SQLITE_FCNTL_BLOCK_ON_CONNECT, (void*)&bBOC);
-+    }
-+  }
-+  sqlite3BtreeLeaveAll(db);
-+  sqlite3_mutex_leave(db->mutex);
-+#endif
-+#if !defined(SQLITE_ENABLE_API_ARMOR) && !defined(SQLITE_ENABLE_SETLK_TIMEOUT)
-+  UNUSED_PARAMETER(db);
-+  UNUSED_PARAMETER(flags);
-+#endif
-+  return SQLITE_OK;
-+}
-+
-+/*
- ** Cause any pending operation to stop at its earliest opportunity.
- */
- SQLITE_API void sqlite3_interrupt(sqlite3 *db){
-@@ -185329,7 +186458,7 @@
-     return SQLITE_OK;
-   }else{
-     size_t n = strlen(zName);
--    p = sqlite3_malloc64( sizeof(DbClientData)+n+1 );
-+    p = sqlite3_malloc64( SZ_DBCLIENTDATA(n+1) );
-     if( p==0 ){
-       if( xDestructor ) xDestructor(pData);
-       sqlite3_mutex_leave(db->mutex);
-@@ -185483,13 +186612,10 @@
-   if( zColumnName==0 ){
-     /* Query for existence of table only */
-   }else{
--    for(iCol=0; iCol<pTab->nCol; iCol++){
-+    iCol = sqlite3ColumnIndex(pTab, zColumnName);
-+    if( iCol>=0 ){
-       pCol = &pTab->aCol[iCol];
--      if( 0==sqlite3StrICmp(pCol->zCnName, zColumnName) ){
--        break;
--      }
--    }
--    if( iCol==pTab->nCol ){
-+    }else{
-       if( HasRowid(pTab) && sqlite3IsRowid(zColumnName) ){
-         iCol = pTab->iPKey;
-         pCol = iCol>=0 ? &pTab->aCol[iCol] : 0;
-@@ -185698,8 +186824,8 @@
-     /*  sqlite3_test_control(SQLITE_TESTCTRL_FK_NO_ACTION, sqlite3 *db, int b);
-     **
-     ** If b is true, then activate the SQLITE_FkNoAction setting.  If b is
--    ** false then clearn that setting.  If the SQLITE_FkNoAction setting is
--    ** abled, all foreign key ON DELETE and ON UPDATE actions behave as if
-+    ** false then clear that setting.  If the SQLITE_FkNoAction setting is
-+    ** enabled, all foreign key ON DELETE and ON UPDATE actions behave as if
-     ** they were NO ACTION, regardless of how they are defined.
-     **
-     ** NB:  One must usually run "PRAGMA writable_schema=RESET" after
-@@ -187046,7 +188172,7 @@
- ** Here, array { X } means zero or more occurrences of X, adjacent in
- ** memory.  A "position" is an index of a token in the token stream
- ** generated by the tokenizer. Note that POS_END and POS_COLUMN occur
--** in the same logical place as the position element, and act as sentinals
-+** in the same logical place as the position element, and act as sentinels
- ** ending a position list array.  POS_END is 0.  POS_COLUMN is 1.
- ** The positions numbers are not stored literally but rather as two more
- ** than the difference from the prior position, or the just the position plus
-@@ -187265,6 +188391,13 @@
- #ifndef _FTSINT_H
- #define _FTSINT_H
- 
-+/* #include <assert.h> */
-+/* #include <stdlib.h> */
-+/* #include <stddef.h> */
-+/* #include <stdio.h> */
-+/* #include <string.h> */
-+/* #include <stdarg.h> */
-+
- #if !defined(NDEBUG) && !defined(SQLITE_DEBUG)
- # define NDEBUG 1
- #endif
-@@ -187734,6 +188867,19 @@
- 
- #define deliberate_fall_through
- 
-+/*
-+** Macros needed to provide flexible arrays in a portable way
-+*/
-+#ifndef offsetof
-+# define offsetof(STRUCTURE,FIELD) ((size_t)((char*)&((STRUCTURE*)0)->FIELD))
-+#endif
-+#if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L)
-+# define FLEXARRAY
-+#else
-+# define FLEXARRAY 1
-+#endif
-+
-+
- #endif /* SQLITE_AMALGAMATION */
- 
- #ifdef SQLITE_DEBUG
-@@ -187838,7 +188984,7 @@
- #endif
- 
- #if defined(SQLITE_DEBUG) || defined(SQLITE_TEST)
--  /* True to disable the incremental doclist optimization. This is controled
-+  /* True to disable the incremental doclist optimization. This is controlled
-   ** by special insert command 'test-no-incr-doclist'.  */
-   int bNoIncrDoclist;
- 
-@@ -187890,7 +189036,7 @@
- 
- /*
- ** The Fts3Cursor.eSearch member is always set to one of the following.
--** Actualy, Fts3Cursor.eSearch can be greater than or equal to
-+** Actually, Fts3Cursor.eSearch can be greater than or equal to
- ** FTS3_FULLTEXT_SEARCH.  If so, then Fts3Cursor.eSearch - 2 is the index
- ** of the column to be searched.  For example, in
- **
-@@ -187963,9 +189109,13 @@
-   */
-   int nToken;                /* Number of tokens in the phrase */
-   int iColumn;               /* Index of column this phrase must match */
--  Fts3PhraseToken aToken[1]; /* One entry for each token in the phrase */
-+  Fts3PhraseToken aToken[FLEXARRAY]; /* One for each token in the phrase */
- };
- 
-+/* Size (in bytes) of an Fts3Phrase object large enough to hold N tokens */
-+#define SZ_FTS3PHRASE(N) \
-+  (offsetof(Fts3Phrase,aToken)+(N)*sizeof(Fts3PhraseToken))
-+
- /*
- ** A tree of these objects forms the RHS of a MATCH operator.
- **
-@@ -188199,12 +189349,6 @@
- # define SQLITE_CORE 1
- #endif
- 
--/* #include <assert.h> */
--/* #include <stdlib.h> */
--/* #include <stddef.h> */
--/* #include <stdio.h> */
--/* #include <string.h> */
--/* #include <stdarg.h> */
- 
- /* #include "fts3.h" */
- #ifndef SQLITE_CORE
-@@ -190543,7 +191687,7 @@
-   ** sizes of the two inputs, plus enough space for exactly one of the input
-   ** docids to grow.
-   **
--  ** A symetric argument may be made if the doclists are in descending
-+  ** A symmetric argument may be made if the doclists are in descending
-   ** order.
-   */
-   aOut = sqlite3_malloc64((i64)n1+n2+FTS3_VARINT_MAX-1+FTS3_BUFFER_PADDING);
-@@ -192342,7 +193486,7 @@
-         nDistance = iPrev - nMaxUndeferred;
-       }
- 
--      aOut = (char *)sqlite3Fts3MallocZero(nPoslist+FTS3_BUFFER_PADDING);
-+      aOut = (char *)sqlite3Fts3MallocZero(((i64)nPoslist)+FTS3_BUFFER_PADDING);
-       if( !aOut ){
-         sqlite3_free(aPoslist);
-         return SQLITE_NOMEM;
-@@ -192641,7 +193785,7 @@
- **
- **   * does not contain any deferred tokens.
- **
--** Advance it to the next matching documnent in the database and populate
-+** Advance it to the next matching document in the database and populate
- ** the Fts3Doclist.pList and nList fields.
- **
- ** If there is no "next" entry and no error occurs, then *pbEof is set to
-@@ -193648,7 +194792,7 @@
- }
- 
- /*
--** Restart interation for expression pExpr so that the next call to
-+** Restart iteration for expression pExpr so that the next call to
- ** fts3EvalNext() visits the first row. Do not allow incremental
- ** loading or merging of phrase doclists for this iteration.
- **
-@@ -194841,6 +195985,23 @@
- static int fts3ExprParse(ParseContext *, const char *, int, Fts3Expr **, int *);
- 
- /*
-+** Search buffer z[], size n, for a '"' character. Or, if enable_parenthesis
-+** is defined, search for '(' and ')' as well. Return the index of the first
-+** such character in the buffer. If there is no such character, return -1.
-+*/
-+static int findBarredChar(const char *z, int n){
-+  int ii;
-+  for(ii=0; ii<n; ii++){
-+    if( (z[ii]=='"')
-+     || (sqlite3_fts3_enable_parentheses && (z[ii]=='(' || z[ii]==')'))
-+    ){
-+      return ii;
-+    }
-+  }
-+  return -1;
-+}
-+
-+/*
- ** Extract the next token from buffer z (length n) using the tokenizer
- ** and other information (column names etc.) in pParse. Create an Fts3Expr
- ** structure of type FTSQUERY_PHRASE containing a phrase consisting of this
-@@ -194864,16 +196025,9 @@
-   int rc;
-   sqlite3_tokenizer_cursor *pCursor;
-   Fts3Expr *pRet = 0;
--  int i = 0;
--
--  /* Set variable i to the maximum number of bytes of input to tokenize. */
--  for(i=0; i<n; i++){
--    if( sqlite3_fts3_enable_parentheses && (z[i]=='(' || z[i]==')') ) break;
--    if( z[i]=='"' ) break;
--  }
- 
--  *pnConsumed = i;
--  rc = sqlite3Fts3OpenTokenizer(pTokenizer, pParse->iLangid, z, i, &pCursor);
-+  *pnConsumed = n;
-+  rc = sqlite3Fts3OpenTokenizer(pTokenizer, pParse->iLangid, z, n, &pCursor);
-   if( rc==SQLITE_OK ){
-     const char *zToken;
-     int nToken = 0, iStart = 0, iEnd = 0, iPosition = 0;
-@@ -194881,7 +196035,18 @@
- 
-     rc = pModule->xNext(pCursor, &zToken, &nToken, &iStart, &iEnd, &iPosition);
-     if( rc==SQLITE_OK ){
--      nByte = sizeof(Fts3Expr) + sizeof(Fts3Phrase) + nToken;
-+      /* Check that this tokenization did not gobble up any " characters. Or,
-+      ** if enable_parenthesis is true, that it did not gobble up any
-+      ** open or close parenthesis characters either. If it did, call
-+      ** getNextToken() again, but pass only that part of the input buffer
-+      ** up to the first such character.  */
-+      int iBarred = findBarredChar(z, iEnd);
-+      if( iBarred>=0 ){
-+        pModule->xClose(pCursor);
-+        return getNextToken(pParse, iCol, z, iBarred, ppExpr, pnConsumed);
-+      }
-+
-+      nByte = sizeof(Fts3Expr) + SZ_FTS3PHRASE(1) + nToken;
-       pRet = (Fts3Expr *)sqlite3Fts3MallocZero(nByte);
-       if( !pRet ){
-         rc = SQLITE_NOMEM;
-@@ -194891,7 +196056,7 @@
-         pRet->pPhrase->nToken = 1;
-         pRet->pPhrase->iColumn = iCol;
-         pRet->pPhrase->aToken[0].n = nToken;
--        pRet->pPhrase->aToken[0].z = (char *)&pRet->pPhrase[1];
-+        pRet->pPhrase->aToken[0].z = (char*)&pRet->pPhrase->aToken[1];
-         memcpy(pRet->pPhrase->aToken[0].z, zToken, nToken);
- 
-         if( iEnd<n && z[iEnd]=='*' ){
-@@ -194915,7 +196080,11 @@
- 
-       }
-       *pnConsumed = iEnd;
--    }else if( i && rc==SQLITE_DONE ){
-+    }else if( n && rc==SQLITE_DONE ){
-+      int iBarred = findBarredChar(z, n);
-+      if( iBarred>=0 ){
-+        *pnConsumed = iBarred;
-+      }
-       rc = SQLITE_OK;
-     }
- 
-@@ -194962,9 +196131,9 @@
-   Fts3Expr *p = 0;
-   sqlite3_tokenizer_cursor *pCursor = 0;
-   char *zTemp = 0;
--  int nTemp = 0;
-+  i64 nTemp = 0;
- 
--  const int nSpace = sizeof(Fts3Expr) + sizeof(Fts3Phrase);
-+  const int nSpace = sizeof(Fts3Expr) + SZ_FTS3PHRASE(1);
-   int nToken = 0;
- 
-   /* The final Fts3Expr data structure, including the Fts3Phrase,
-@@ -195336,7 +196505,7 @@
- 
-           /* The isRequirePhrase variable is set to true if a phrase or
-           ** an expression contained in parenthesis is required. If a
--          ** binary operator (AND, OR, NOT or NEAR) is encounted when
-+          ** binary operator (AND, OR, NOT or NEAR) is encountered when
-           ** isRequirePhrase is set, this is a syntax error.
-           */
-           if( !isPhrase && isRequirePhrase ){
-@@ -195918,7 +197087,6 @@
-   }
- 
-   if( rc!=SQLITE_OK && rc!=SQLITE_NOMEM ){
--    sqlite3Fts3ExprFree(pExpr);
-     sqlite3_result_error(context, "Error parsing expression", -1);
-   }else if( rc==SQLITE_NOMEM || !(zBuf = exprToString(pExpr, 0)) ){
-     sqlite3_result_error_nomem(context);
-@@ -196161,7 +197329,7 @@
- }
- 
- 
--/* Resize the hash table so that it cantains "new_size" buckets.
-+/* Resize the hash table so that it contains "new_size" buckets.
- ** "new_size" must be a power of 2.  The hash table might fail
- ** to resize if sqliteMalloc() fails.
- **
-@@ -196616,7 +197784,7 @@
- 
- /*
- ** If the word ends with zFrom and xCond() is true for the stem
--** of the word that preceeds the zFrom ending, then change the
-+** of the word that precedes the zFrom ending, then change the
- ** ending to zTo.
- **
- ** The input word *pz and zFrom are both in reverse order.  zTo
-@@ -198127,7 +199295,7 @@
-   fts3tokResetCursor(pCsr);
-   if( idxNum==1 ){
-     const char *zByte = (const char *)sqlite3_value_text(apVal[0]);
--    int nByte = sqlite3_value_bytes(apVal[0]);
-+    sqlite3_int64 nByte = sqlite3_value_bytes(apVal[0]);
-     pCsr->zInput = sqlite3_malloc64(nByte+1);
-     if( pCsr->zInput==0 ){
-       rc = SQLITE_NOMEM;
-@@ -202199,7 +203367,7 @@
- **
- ** It is assumed that the buffer associated with pNode is already large
- ** enough to accommodate the new entry. The buffer associated with pPrev
--** is extended by this function if requrired.
-+** is extended by this function if required.
- **
- ** If an error (i.e. OOM condition) occurs, an SQLite error code is
- ** returned. Otherwise, SQLITE_OK.
-@@ -203862,7 +205030,7 @@
- /*
- ** SQLite value pRowid contains the rowid of a row that may or may not be
- ** present in the FTS3 table. If it is, delete it and adjust the contents
--** of subsiduary data structures accordingly.
-+** of subsidiary data structures accordingly.
- */
- static int fts3DeleteByRowid(
-   Fts3Table *p,
-@@ -204188,9 +205356,13 @@
-   int nElem;
-   int bGlobal;                    /* Set if global data is loaded */
-   char *zMatchinfo;
--  u32 aMatchinfo[1];
-+  u32 aMI[FLEXARRAY];
- };
- 
-+/* Size (in bytes) of a MatchinfoBuffer sufficient for N elements */
-+#define SZ_MATCHINFOBUFFER(N) \
-+            (offsetof(MatchinfoBuffer,aMI)+(((N)+1)/2)*sizeof(u64))
-+
- 
- /*
- ** The snippet() and offsets() functions both return text values. An instance
-@@ -204215,13 +205387,13 @@
- static MatchinfoBuffer *fts3MIBufferNew(size_t nElem, const char *zMatchinfo){
-   MatchinfoBuffer *pRet;
-   sqlite3_int64 nByte = sizeof(u32) * (2*(sqlite3_int64)nElem + 1)
--                           + sizeof(MatchinfoBuffer);
-+                           + SZ_MATCHINFOBUFFER(1);
-   sqlite3_int64 nStr = strlen(zMatchinfo);
- 
-   pRet = sqlite3Fts3MallocZero(nByte + nStr+1);
-   if( pRet ){
--    pRet->aMatchinfo[0] = (u8*)(&pRet->aMatchinfo[1]) - (u8*)pRet;
--    pRet->aMatchinfo[1+nElem] = pRet->aMatchinfo[0]
-+    pRet->aMI[0] = (u8*)(&pRet->aMI[1]) - (u8*)pRet;
-+    pRet->aMI[1+nElem] = pRet->aMI[0]
-                                       + sizeof(u32)*((int)nElem+1);
-     pRet->nElem = (int)nElem;
-     pRet->zMatchinfo = ((char*)pRet) + nByte;
-@@ -204235,10 +205407,10 @@
- static void fts3MIBufferFree(void *p){
-   MatchinfoBuffer *pBuf = (MatchinfoBuffer*)((u8*)p - ((u32*)p)[-1]);
- 
--  assert( (u32*)p==&pBuf->aMatchinfo[1]
--       || (u32*)p==&pBuf->aMatchinfo[pBuf->nElem+2]
-+  assert( (u32*)p==&pBuf->aMI[1]
-+       || (u32*)p==&pBuf->aMI[pBuf->nElem+2]
-   );
--  if( (u32*)p==&pBuf->aMatchinfo[1] ){
-+  if( (u32*)p==&pBuf->aMI[1] ){
-     pBuf->aRef[1] = 0;
-   }else{
-     pBuf->aRef[2] = 0;
-@@ -204255,18 +205427,18 @@
- 
-   if( p->aRef[1]==0 ){
-     p->aRef[1] = 1;
--    aOut = &p->aMatchinfo[1];
-+    aOut = &p->aMI[1];
-     xRet = fts3MIBufferFree;
-   }
-   else if( p->aRef[2]==0 ){
-     p->aRef[2] = 1;
--    aOut = &p->aMatchinfo[p->nElem+2];
-+    aOut = &p->aMI[p->nElem+2];
-     xRet = fts3MIBufferFree;
-   }else{
-     aOut = (u32*)sqlite3_malloc64(p->nElem * sizeof(u32));
-     if( aOut ){
-       xRet = sqlite3_free;
--      if( p->bGlobal ) memcpy(aOut, &p->aMatchinfo[1], p->nElem*sizeof(u32));
-+      if( p->bGlobal ) memcpy(aOut, &p->aMI[1], p->nElem*sizeof(u32));
-     }
-   }
- 
-@@ -204276,7 +205448,7 @@
- 
- static void fts3MIBufferSetGlobal(MatchinfoBuffer *p){
-   p->bGlobal = 1;
--  memcpy(&p->aMatchinfo[2+p->nElem], &p->aMatchinfo[1], p->nElem*sizeof(u32));
-+  memcpy(&p->aMI[2+p->nElem], &p->aMI[1], p->nElem*sizeof(u32));
- }
- 
- /*
-@@ -204691,7 +205863,7 @@
-   }
- 
-   /* If there is insufficient space allocated at StrBuffer.z, use realloc()
--  ** to grow the buffer until so that it is big enough to accomadate the
-+  ** to grow the buffer until so that it is big enough to accommodate the
-   ** appended data.
-   */
-   if( pStr->n+nAppend+1>=pStr->nAlloc ){
-@@ -205103,16 +206275,16 @@
-       break;
- 
-     case FTS3_MATCHINFO_LHITS:
--      nVal = pInfo->nCol * pInfo->nPhrase;
-+      nVal = (size_t)pInfo->nCol * pInfo->nPhrase;
-       break;
- 
-     case FTS3_MATCHINFO_LHITS_BM:
--      nVal = pInfo->nPhrase * ((pInfo->nCol + 31) / 32);
-+      nVal = (size_t)pInfo->nPhrase * ((pInfo->nCol + 31) / 32);
-       break;
- 
-     default:
-       assert( cArg==FTS3_MATCHINFO_HITS );
--      nVal = pInfo->nCol * pInfo->nPhrase * 3;
-+      nVal = (size_t)pInfo->nCol * pInfo->nPhrase * 3;
-       break;
-   }
- 
-@@ -206670,8 +207842,8 @@
- ** Beginning with version 3.45.0 (circa 2024-01-01), these routines also
- ** accept BLOB values that have JSON encoded using a binary representation
- ** called "JSONB".  The name JSONB comes from PostgreSQL, however the on-disk
--** format SQLite JSONB is completely different and incompatible with
--** PostgreSQL JSONB.
-+** format for SQLite-JSONB is completely different and incompatible with
-+** PostgreSQL-JSONB.
- **
- ** Decoding and interpreting JSONB is still O(N) where N is the size of
- ** the input, the same as text JSON.  However, the constant of proportionality
-@@ -206728,7 +207900,7 @@
- **
- ** The payload size need not be expressed in its minimal form.  For example,
- ** if the payload size is 10, the size can be expressed in any of 5 different
--** ways: (1) (X>>4)==10, (2) (X>>4)==12 following by on 0x0a byte,
-+** ways: (1) (X>>4)==10, (2) (X>>4)==12 following by one 0x0a byte,
- ** (3) (X>>4)==13 followed by 0x00 and 0x0a, (4) (X>>4)==14 followed by
- ** 0x00 0x00 0x00 0x0a, or (5) (X>>4)==15 followed by 7 bytes of 0x00 and
- ** a single byte of 0x0a.  The shorter forms are preferred, of course, but
-@@ -206738,7 +207910,7 @@
- ** the size when it becomes known, resulting in a non-minimal encoding.
- **
- ** The value (X>>4)==15 is not actually used in the current implementation
--** (as SQLite is currently unable handle BLOBs larger than about 2GB)
-+** (as SQLite is currently unable to handle BLOBs larger than about 2GB)
- ** but is included in the design to allow for future enhancements.
- **
- ** The payload follows the header.  NULL, TRUE, and FALSE have no payload and
-@@ -206798,23 +207970,47 @@
- ** increase for the text-JSON parser.  (Ubuntu14.10 gcc 4.8.4 x64 with -Os).
- */
- static const char jsonIsSpace[] = {
--  0, 0, 0, 0, 0, 0, 0, 0,  0, 1, 1, 0, 0, 1, 0, 0,
--  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,
--  1, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,
--  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,
--  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,
--  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,
--  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,
--  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,
--
--  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,
--  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,
--  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,
--  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,
--  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,
--  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,
--  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,
--  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,
-+#ifdef SQLITE_ASCII
-+/*0  1  2  3  4  5  6  7   8  9  a  b  c  d  e  f  */
-+  0, 0, 0, 0, 0, 0, 0, 0,  0, 1, 1, 0, 0, 1, 0, 0,  /* 0 */
-+  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,  /* 1 */
-+  1, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,  /* 2 */
-+  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,  /* 3 */
-+  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,  /* 4 */
-+  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,  /* 5 */
-+  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,  /* 6 */
-+  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,  /* 7 */
-+
-+  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,  /* 8 */
-+  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,  /* 9 */
-+  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,  /* a */
-+  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,  /* b */
-+  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,  /* c */
-+  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,  /* d */
-+  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,  /* e */
-+  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,  /* f */
-+#endif
-+#ifdef SQLITE_EBCDIC
-+/*0  1  2  3  4  5  6  7   8  9  a  b  c  d  e  f  */
-+  0, 0, 0, 0, 0, 1, 0, 0,  0, 0, 0, 0, 0, 1, 0, 0,  /* 0 */
-+  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,  /* 1 */
-+  0, 0, 0, 0, 0, 1, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,  /* 2 */
-+  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,  /* 3 */
-+  1, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,  /* 4 */
-+  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,  /* 5 */
-+  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,  /* 6 */
-+  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,  /* 7 */
-+
-+  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,  /* 8 */
-+  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,  /* 9 */
-+  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,  /* a */
-+  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,  /* b */
-+  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,  /* c */
-+  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,  /* d */
-+  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,  /* e */
-+  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,  /* f */
-+#endif
-+
- };
- #define jsonIsspace(x) (jsonIsSpace[(unsigned char)x])
- 
-@@ -206822,7 +208018,13 @@
- ** The set of all space characters recognized by jsonIsspace().
- ** Useful as the second argument to strspn().
- */
-+#ifdef SQLITE_ASCII
- static const char jsonSpaces[] = "\011\012\015\040";
-+#endif
-+#ifdef SQLITE_EBCDIC
-+static const char jsonSpaces[] = "\005\045\015\100";
-+#endif
-+
- 
- /*
- ** Characters that are special to JSON.  Control characters,
-@@ -206831,23 +208033,46 @@
- ** it in the set of special characters.
- */
- static const char jsonIsOk[256] = {
--  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,
--  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,
--  1, 1, 0, 1, 1, 1, 1, 0,  1, 1, 1, 1, 1, 1, 1, 1,
--  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 1, 1, 1,
--  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 1, 1, 1,
--  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 0, 1, 1, 1,
--  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 1, 1, 1,
--  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 1, 1, 1,
--
--  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 1, 1, 1,
--  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 1, 1, 1,
--  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 1, 1, 1,
--  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 1, 1, 1,
--  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 1, 1, 1,
--  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 1, 1, 1,
--  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 1, 1, 1,
--  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 1, 1, 1
-+#ifdef SQLITE_ASCII
-+/*0  1  2  3  4  5  6  7   8  9  a  b  c  d  e  f  */
-+  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,  /* 0 */
-+  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,  /* 1 */
-+  1, 1, 0, 1, 1, 1, 1, 0,  1, 1, 1, 1, 1, 1, 1, 1,  /* 2 */
-+  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 1, 1, 1,  /* 3 */
-+  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 1, 1, 1,  /* 4 */
-+  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 0, 1, 1, 1,  /* 5 */
-+  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 1, 1, 1,  /* 6 */
-+  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 1, 1, 1,  /* 7 */
-+
-+  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 1, 1, 1,  /* 8 */
-+  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 1, 1, 1,  /* 9 */
-+  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 1, 1, 1,  /* a */
-+  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 1, 1, 1,  /* b */
-+  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 1, 1, 1,  /* c */
-+  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 1, 1, 1,  /* d */
-+  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 1, 1, 1,  /* e */
-+  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 1, 1, 1   /* f */
-+#endif
-+#ifdef SQLITE_EBCDIC
-+/*0  1  2  3  4  5  6  7   8  9  a  b  c  d  e  f  */
-+  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,  /* 0 */
-+  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,  /* 1 */
-+  0, 0, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 0, 0,  /* 2 */
-+  1, 1, 0, 0, 0, 0, 0, 0,  0, 0, 0, 0, 0, 0, 1, 0,  /* 3 */
-+  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 1, 1, 1,  /* 4 */
-+  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 1, 1, 1,  /* 5 */
-+  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 1, 1, 1,  /* 6 */
-+  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 0, 1, 0,  /* 7 */
-+
-+  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 1, 1, 1,  /* 8 */
-+  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 1, 1, 1,  /* 9 */
-+  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 1, 1, 1,  /* a */
-+  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 1, 1, 1,  /* b */
-+  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 1, 1, 1,  /* c */
-+  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 1, 1, 1,  /* d */
-+  0, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 1, 1, 1,  /* e */
-+  1, 1, 1, 1, 1, 1, 1, 1,  1, 1, 1, 1, 1, 1, 1, 1   /* f */
-+#endif
- };
- 
- /* Objects */
-@@ -206992,7 +208217,7 @@
- ** Forward references
- **************************************************************************/
- static void jsonReturnStringAsBlob(JsonString*);
--static int jsonFuncArgMightBeBinary(sqlite3_value *pJson);
-+static int jsonArgIsJsonb(sqlite3_value *pJson, JsonParse *p);
- static u32 jsonTranslateBlobToText(const JsonParse*,u32,JsonString*);
- static void jsonReturnParse(sqlite3_context*,JsonParse*);
- static JsonParse *jsonParseFuncArg(sqlite3_context*,sqlite3_value*,u32);
-@@ -207066,7 +208291,7 @@
- ** most-recently used entry if it isn't so already.
- **
- ** The JsonParse object returned still belongs to the Cache and might
--** be deleted at any moment.  If the caller whants the JsonParse to
-+** be deleted at any moment.  If the caller wants the JsonParse to
- ** linger, it needs to increment the nPJRef reference counter.
- */
- static JsonParse *jsonCacheSearch(
-@@ -207410,11 +208635,9 @@
-       break;
-     }
-     default: {
--      if( jsonFuncArgMightBeBinary(pValue) ){
--        JsonParse px;
--        memset(&px, 0, sizeof(px));
--        px.aBlob = (u8*)sqlite3_value_blob(pValue);
--        px.nBlob = sqlite3_value_bytes(pValue);
-+      JsonParse px;
-+      memset(&px, 0, sizeof(px));
-+      if( jsonArgIsJsonb(pValue, &px) ){
-         jsonTranslateBlobToText(&px, 0, p);
-       }else if( p->eErr==0 ){
-         sqlite3_result_error(p->pCtx, "JSON cannot hold BLOB values", -1);
-@@ -207733,7 +208956,7 @@
- */
- static int jsonBlobExpand(JsonParse *pParse, u32 N){
-   u8 *aNew;
--  u32 t;
-+  u64 t;
-   assert( N>pParse->nBlobAlloc );
-   if( pParse->nBlobAlloc==0 ){
-     t = 100;
-@@ -207743,8 +208966,9 @@
-   if( t<N ) t = N+100;
-   aNew = sqlite3DbRealloc(pParse->db, pParse->aBlob, t);
-   if( aNew==0 ){ pParse->oom = 1; return 1; }
-+  assert( t<0x7fffffff );
-   pParse->aBlob = aNew;
--  pParse->nBlobAlloc = t;
-+  pParse->nBlobAlloc = (u32)t;
-   return 0;
- }
- 
-@@ -207811,7 +209035,7 @@
- }
- 
- 
--/* Append an node type byte together with the payload size and
-+/* Append a node type byte together with the payload size and
- ** possibly also the payload.
- **
- ** If aPayload is not NULL, then it is a pointer to the payload which
-@@ -207880,8 +209104,10 @@
-     nExtra = 1;
-   }else if( szType==13 ){
-     nExtra = 2;
--  }else{
-+  }else if( szType==14 ){
-     nExtra = 4;
-+  }else{
-+    nExtra = 8;
-   }
-   if( szPayload<=11 ){
-     nNeeded = 0;
-@@ -208351,7 +209577,12 @@
-            || c=='n' || c=='r' || c=='t'
-            || (c=='u' && jsonIs4Hex(&z[j+1])) ){
-           if( opcode==JSONB_TEXT ) opcode = JSONB_TEXTJ;
--        }else if( c=='\'' || c=='0' || c=='v' || c=='\n'
-+        }else if( c=='\'' ||  c=='v' || c=='\n'
-+#ifdef SQLITE_BUG_COMPATIBLE_20250510
-+           || (c=='0')                            /* Legacy bug compatible */
-+#else
-+           || (c=='0' && !sqlite3Isdigit(z[j+1])) /* Correct implementation */
-+#endif
-            || (0xe2==(u8)c && 0x80==(u8)z[j+1]
-                 && (0xa8==(u8)z[j+2] || 0xa9==(u8)z[j+2]))
-            || (c=='x' && jsonIs2Hex(&z[j+1])) ){
-@@ -208701,10 +209932,7 @@
-   u8 x;
-   u32 sz;
-   u32 n;
--  if( NEVER(i>pParse->nBlob) ){
--    *pSz = 0;
--    return 0;
--  }
-+  assert( i<=pParse->nBlob );
-   x = pParse->aBlob[i]>>4;
-   if( x<=11 ){
-     sz = x;
-@@ -208741,15 +209969,15 @@
-       *pSz = 0;
-       return 0;
-     }
--    sz = (pParse->aBlob[i+5]<<24) + (pParse->aBlob[i+6]<<16) +
-+    sz = ((u32)pParse->aBlob[i+5]<<24) + (pParse->aBlob[i+6]<<16) +
-          (pParse->aBlob[i+7]<<8) + pParse->aBlob[i+8];
-     n = 9;
-   }
-   if( (i64)i+sz+n > pParse->nBlob
-    && (i64)i+sz+n > pParse->nBlob-pParse->delta
-   ){
--    sz = 0;
--    n = 0;
-+    *pSz = 0;
-+    return 0;
-   }
-   *pSz = sz;
-   return n;
-@@ -208846,9 +210074,12 @@
-     }
-     case JSONB_TEXT:
-     case JSONB_TEXTJ: {
--      jsonAppendChar(pOut, '"');
--      jsonAppendRaw(pOut, (const char*)&pParse->aBlob[i+n], sz);
--      jsonAppendChar(pOut, '"');
-+      if( pOut->nUsed+sz+2<=pOut->nAlloc || jsonStringGrow(pOut, sz+2)==0 ){
-+        pOut->zBuf[pOut->nUsed] = '"';
-+        memcpy(pOut->zBuf+pOut->nUsed+1,(const char*)&pParse->aBlob[i+n],sz);
-+        pOut->zBuf[pOut->nUsed+sz+1] = '"';
-+        pOut->nUsed += sz+2;
-+      }
-       break;
-     }
-     case JSONB_TEXT5: {
-@@ -209087,33 +210318,6 @@
-   return i;
- }
- 
--
--/* Return true if the input pJson
--**
--** For performance reasons, this routine does not do a detailed check of the
--** input BLOB to ensure that it is well-formed.  Hence, false positives are
--** possible.  False negatives should never occur, however.
--*/
--static int jsonFuncArgMightBeBinary(sqlite3_value *pJson){
--  u32 sz, n;
--  const u8 *aBlob;
--  int nBlob;
--  JsonParse s;
--  if( sqlite3_value_type(pJson)!=SQLITE_BLOB ) return 0;
--  aBlob = sqlite3_value_blob(pJson);
--  nBlob = sqlite3_value_bytes(pJson);
--  if( nBlob<1 ) return 0;
--  if( NEVER(aBlob==0) || (aBlob[0] & 0x0f)>JSONB_OBJECT ) return 0;
--  memset(&s, 0, sizeof(s));
--  s.aBlob = (u8*)aBlob;
--  s.nBlob = nBlob;
--  n = jsonbPayloadSize(&s, 0, &sz);
--  if( n==0 ) return 0;
--  if( sz+n!=(u32)nBlob ) return 0;
--  if( (aBlob[0] & 0x0f)<=JSONB_FALSE && sz>0 ) return 0;
--  return sz+n==(u32)nBlob;
--}
--
- /*
- ** Given that a JSONB_ARRAY object starts at offset i, return
- ** the number of entries in that array.
-@@ -209147,6 +210351,82 @@
- }
- 
- /*
-+** If the JSONB at aIns[0..nIns-1] can be expanded (by denormalizing the
-+** size field) by d bytes, then write the expansion into aOut[] and
-+** return true.  In this way, an overwrite happens without changing the
-+** size of the JSONB, which reduces memcpy() operations and also make it
-+** faster and easier to update the B-Tree entry that contains the JSONB
-+** in the database.
-+**
-+** If the expansion of aIns[] by d bytes cannot be (easily) accomplished
-+** then return false.
-+**
-+** The d parameter is guaranteed to be between 1 and 8.
-+**
-+** This routine is an optimization.  A correct answer is obtained if it
-+** always leaves the output unchanged and returns false.
-+*/
-+static int jsonBlobOverwrite(
-+  u8 *aOut,                 /* Overwrite here */
-+  const u8 *aIns,           /* New content */
-+  u32 nIns,                 /* Bytes of new content */
-+  u32 d                     /* Need to expand new content by this much */
-+){
-+  u32 szPayload;       /* Bytes of payload */
-+  u32 i;               /* New header size, after expansion & a loop counter */
-+  u8 szHdr;            /* Size of header before expansion */
-+
-+  /* Lookup table for finding the upper 4 bits of the first byte of the
-+  ** expanded aIns[], based on the size of the expanded aIns[] header:
-+  **
-+  **                             2     3  4     5  6  7  8     9 */
-+  static const u8 aType[] = { 0xc0, 0xd0, 0, 0xe0, 0, 0, 0, 0xf0 };
-+
-+  if( (aIns[0]&0x0f)<=2 ) return 0;    /* Cannot enlarge NULL, true, false */
-+  switch( aIns[0]>>4 ){
-+    default: {                         /* aIns[] header size 1 */
-+      if( ((1<<d)&0x116)==0 ) return 0;  /* d must be 1, 2, 4, or 8 */
-+      i = d + 1;                         /* New hdr sz: 2, 3, 5, or 9 */
-+      szHdr = 1;
-+      break;
-+    }
-+    case 12: {                         /* aIns[] header size is 2 */
-+      if( ((1<<d)&0x8a)==0) return 0;    /* d must be 1, 3, or 7 */
-+      i = d + 2;                         /* New hdr sz: 2, 5, or 9 */
-+      szHdr = 2;
-+      break;
-+    }
-+    case 13: {                         /* aIns[] header size is 3 */
-+      if( d!=2 && d!=6 ) return 0;       /* d must be 2 or 6 */
-+      i = d + 3;                         /* New hdr sz: 5 or 9 */
-+      szHdr = 3;
-+      break;
-+    }
-+    case 14: {                         /* aIns[] header size is 5 */
-+      if( d!=4 ) return 0;               /* d must be 4 */
-+      i = 9;                             /* New hdr sz: 9 */
-+      szHdr = 5;
-+      break;
-+    }
-+    case 15: {                         /* aIns[] header size is 9 */
-+      return 0;                          /* No solution */
-+    }
-+  }
-+  assert( i>=2 && i<=9 && aType[i-2]!=0 );
-+  aOut[0] = (aIns[0] & 0x0f) | aType[i-2];
-+  memcpy(&aOut[i], &aIns[szHdr], nIns-szHdr);
-+  szPayload = nIns - szHdr;
-+  while( 1/*edit-by-break*/ ){
-+    i--;
-+    aOut[i] = szPayload & 0xff;
-+    if( i==1 ) break;
-+    szPayload >>= 8;
-+  }
-+  assert( (szPayload>>8)==0 );
-+  return 1;
-+}
-+
-+/*
- ** Modify the JSONB blob at pParse->aBlob by removing nDel bytes of
- ** content beginning at iDel, and replacing them with nIns bytes of
- ** content given by aIns.
-@@ -209167,6 +210447,11 @@
-   u32 nIns               /* Bytes of content to insert */
- ){
-   i64 d = (i64)nIns - (i64)nDel;
-+  if( d<0 && d>=(-8) && aIns!=0
-+   && jsonBlobOverwrite(&pParse->aBlob[iDel], aIns, nIns, (int)-d)
-+  ){
-+    return;
-+  }
-   if( d!=0 ){
-     if( pParse->nBlob + d > pParse->nBlobAlloc ){
-       jsonBlobExpand(pParse, pParse->nBlob+d);
-@@ -209178,7 +210463,9 @@
-     pParse->nBlob += d;
-     pParse->delta += d;
-   }
--  if( nIns && aIns ) memcpy(&pParse->aBlob[iDel], aIns, nIns);
-+  if( nIns && aIns ){
-+    memcpy(&pParse->aBlob[iDel], aIns, nIns);
-+  }
- }
- 
- /*
-@@ -209263,7 +210550,21 @@
-     case 'r': {   *piOut = '\r';  return 2; }
-     case 't': {   *piOut = '\t';  return 2; }
-     case 'v': {   *piOut = '\v';  return 2; }
--    case '0': {   *piOut = 0;     return 2; }
-+    case '0': {
-+      /* JSON5 requires that the \0 escape not be followed by a digit.
-+      ** But SQLite did not enforce this restriction in versions 3.42.0
-+      ** through 3.49.2.  That was a bug.  But some applications might have
-+      ** come to depend on that bug.  Use the SQLITE_BUG_COMPATIBLE_20250510
-+      ** option to restore the old buggy behavior. */
-+#ifdef SQLITE_BUG_COMPATIBLE_20250510
-+      /* Legacy bug-compatible behavior */
-+      *piOut = 0;
-+#else
-+      /* Correct behavior */
-+      *piOut = (n>2 && sqlite3Isdigit(z[2])) ? JSON_INVALID_CHAR : 0;
-+#endif
-+      return 2;
-+    }
-     case '\'':
-     case '"':
-     case '/':
-@@ -209763,7 +211064,7 @@
-       char *zOut;
-       u32 nOut = sz;
-       z = (const char*)&pParse->aBlob[i+n];
--      zOut = sqlite3DbMallocRaw(db, nOut+1);
-+      zOut = sqlite3DbMallocRaw(db, ((u64)nOut)+1);
-       if( zOut==0 ) goto returnfromblob_oom;
-       for(iIn=iOut=0; iIn<sz; iIn++){
-         char c = z[iIn];
-@@ -209858,10 +211159,7 @@
-       return 0;
-     }
-     case SQLITE_BLOB: {
--      if( jsonFuncArgMightBeBinary(pArg) ){
--        pParse->aBlob = (u8*)sqlite3_value_blob(pArg);
--        pParse->nBlob = sqlite3_value_bytes(pArg);
--      }else{
-+      if( !jsonArgIsJsonb(pArg, pParse) ){
-         sqlite3_result_error(ctx, "JSON cannot hold BLOB values", -1);
-         return 1;
-       }
-@@ -209941,7 +211239,7 @@
- }
- 
- /* argv[0] is a BLOB that seems likely to be a JSONB.  Subsequent
--** arguments come in parse where each pair contains a JSON path and
-+** arguments come in pairs where each pair contains a JSON path and
- ** content to insert or set at that patch.  Do the updates
- ** and return the result.
- **
-@@ -210012,27 +211310,46 @@
- /*
- ** If pArg is a blob that seems like a JSONB blob, then initialize
- ** p to point to that JSONB and return TRUE.  If pArg does not seem like
--** a JSONB blob, then return FALSE;
-+** a JSONB blob, then return FALSE.
- **
--** This routine is only called if it is already known that pArg is a
--** blob.  The only open question is whether or not the blob appears
--** to be a JSONB blob.
-+** For small BLOBs (having no more than 7 bytes of payload) a full
-+** validity check is done.  So for small BLOBs this routine only returns
-+** true if the value is guaranteed to be a valid JSONB.  For larger BLOBs
-+** (8 byte or more of payload) only the size of the outermost element is
-+** checked to verify that the BLOB is superficially valid JSONB.
-+**
-+** A full JSONB validation is done on smaller BLOBs because those BLOBs might
-+** also be text JSON that has been incorrectly cast into a BLOB.
-+** (See tag-20240123-a and https://sqlite.org/forum/forumpost/012136abd5)
-+** If the BLOB is 9 bytes are larger, then it is not possible for the
-+** superficial size check done here to pass if the input is really text
-+** JSON so we do not need to look deeper in that case.
-+**
-+** Why we only need to do full JSONB validation for smaller BLOBs:
-+**
-+** The first byte of valid JSON text must be one of: '{', '[', '"', ' ', '\n',
-+** '\r', '\t', '-', or a digit '0' through '9'.  Of these, only a subset
-+** can also be the first byte of JSONB:  '{', '[', and digits '3'
-+** through '9'.  In every one of those cases, the payload size is 7 bytes
-+** or less.  So if we do full JSONB validation for every BLOB where the
-+** payload is less than 7 bytes, we will never get a false positive for
-+** JSONB on an input that is really text JSON.
- */
- static int jsonArgIsJsonb(sqlite3_value *pArg, JsonParse *p){
-   u32 n, sz = 0;
-+  u8 c;
-+  if( sqlite3_value_type(pArg)!=SQLITE_BLOB ) return 0;
-   p->aBlob = (u8*)sqlite3_value_blob(pArg);
-   p->nBlob = (u32)sqlite3_value_bytes(pArg);
--  if( p->nBlob==0 ){
--    p->aBlob = 0;
--    return 0;
--  }
--  if( NEVER(p->aBlob==0) ){
--    return 0;
--  }
--  if( (p->aBlob[0] & 0x0f)<=JSONB_OBJECT
-+  if( p->nBlob>0
-+   && ALWAYS(p->aBlob!=0)
-+   && ((c = p->aBlob[0]) & 0x0f)<=JSONB_OBJECT
-    && (n = jsonbPayloadSize(p, 0, &sz))>0
-    && sz+n==p->nBlob
--   && ((p->aBlob[0] & 0x0f)>JSONB_FALSE || sz==0)
-+   && ((c & 0x0f)>JSONB_FALSE || sz==0)
-+   && (sz>7
-+      || (c!=0x7b && c!=0x5b && !sqlite3Isdigit(c))
-+      || jsonbValidityCheck(p, 0, p->nBlob, 1)==0)
-   ){
-     return 1;
-   }
-@@ -210110,7 +211427,7 @@
-     ** JSON functions were suppose to work.  From the beginning, blob was
-     ** reserved for expansion and a blob value should have raised an error.
-     ** But it did not, due to a bug.  And many applications came to depend
--    ** upon this buggy behavior, espeically when using the CLI and reading
-+    ** upon this buggy behavior, especially when using the CLI and reading
-     ** JSON text using readfile(), which returns a blob.  For this reason
-     ** we will continue to support the bug moving forward.
-     ** See for example https://sqlite.org/forum/forumpost/012136abd5292b8d
-@@ -211125,21 +212442,17 @@
-       return;
-     }
-     case SQLITE_BLOB: {
--      if( jsonFuncArgMightBeBinary(argv[0]) ){
-+      JsonParse py;
-+      memset(&py, 0, sizeof(py));
-+      if( jsonArgIsJsonb(argv[0], &py) ){
-         if( flags & 0x04 ){
-           /* Superficial checking only - accomplished by the
--          ** jsonFuncArgMightBeBinary() call above. */
-+          ** jsonArgIsJsonb() call above. */
-           res = 1;
-         }else if( flags & 0x08 ){
-           /* Strict checking.  Check by translating BLOB->TEXT->BLOB.  If
-           ** no errors occur, call that a "strict check". */
--          JsonParse px;
--          u32 iErr;
--          memset(&px, 0, sizeof(px));
--          px.aBlob = (u8*)sqlite3_value_blob(argv[0]);
--          px.nBlob = sqlite3_value_bytes(argv[0]);
--          iErr = jsonbValidityCheck(&px, 0, px.nBlob, 1);
--          res = iErr==0;
-+          res = 0==jsonbValidityCheck(&py, 0, py.nBlob, 1);
-         }
-         break;
-       }
-@@ -211197,9 +212510,7 @@
-   UNUSED_PARAMETER(argc);
-   memset(&s, 0, sizeof(s));
-   s.db = sqlite3_context_db_handle(ctx);
--  if( jsonFuncArgMightBeBinary(argv[0]) ){
--    s.aBlob = (u8*)sqlite3_value_blob(argv[0]);
--    s.nBlob = sqlite3_value_bytes(argv[0]);
-+  if( jsonArgIsJsonb(argv[0], &s) ){
-     iErrPos = (i64)jsonbValidityCheck(&s, 0, s.nBlob, 1);
-   }else{
-     s.zJson = (char*)sqlite3_value_text(argv[0]);
-@@ -211360,18 +212671,20 @@
-   UNUSED_PARAMETER(argc);
-   pStr = (JsonString*)sqlite3_aggregate_context(ctx, sizeof(*pStr));
-   if( pStr ){
-+    z = (const char*)sqlite3_value_text(argv[0]);
-+    n = sqlite3Strlen30(z);
-     if( pStr->zBuf==0 ){
-       jsonStringInit(pStr, ctx);
-       jsonAppendChar(pStr, '{');
--    }else if( pStr->nUsed>1 ){
-+    }else if( pStr->nUsed>1 && z!=0 ){
-       jsonAppendChar(pStr, ',');
-     }
-     pStr->pCtx = ctx;
--    z = (const char*)sqlite3_value_text(argv[0]);
--    n = sqlite3Strlen30(z);
--    jsonAppendString(pStr, z, n);
--    jsonAppendChar(pStr, ':');
--    jsonAppendSqlValue(pStr, argv[1]);
-+    if( z!=0 ){
-+      jsonAppendString(pStr, z, n);
-+      jsonAppendChar(pStr, ':');
-+      jsonAppendSqlValue(pStr, argv[1]);
-+    }
-   }
- }
- static void jsonObjectCompute(sqlite3_context *ctx, int isFinal){
-@@ -211884,9 +213197,8 @@
-   memset(&p->sParse, 0, sizeof(p->sParse));
-   p->sParse.nJPRef = 1;
-   p->sParse.db = p->db;
--  if( jsonFuncArgMightBeBinary(argv[0]) ){
--    p->sParse.nBlob = sqlite3_value_bytes(argv[0]);
--    p->sParse.aBlob = (u8*)sqlite3_value_blob(argv[0]);
-+  if( jsonArgIsJsonb(argv[0], &p->sParse) ){
-+    /* We have JSONB */
-   }else{
-     p->sParse.zJson = (char*)sqlite3_value_text(argv[0]);
-     p->sParse.nJson = sqlite3_value_bytes(argv[0]);
-@@ -212180,6 +213492,8 @@
- #endif
- SQLITE_PRIVATE int sqlite3GetToken(const unsigned char*,int*); /* In the SQLite core */
- 
-+/* #include <stddef.h> */
-+
- /*
- ** If building separately, we will need some setup that is normally
- ** found in sqliteInt.h
-@@ -212210,6 +213524,14 @@
- # define ALWAYS(X)      (X)
- # define NEVER(X)       (X)
- #endif
-+#ifndef offsetof
-+#define offsetof(STRUCTURE,FIELD) ((size_t)((char*)&((STRUCTURE*)0)->FIELD))
-+#endif
-+#if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L)
-+# define FLEXARRAY
-+#else
-+# define FLEXARRAY 1
-+#endif
- #endif /* !defined(SQLITE_AMALGAMATION) */
- 
- /* Macro to check for 4-byte alignment.  Only used inside of assert() */
-@@ -212530,9 +213852,13 @@
-   RtreeGeomCallback cb;       /* Info about the callback functions */
-   int nParam;                 /* Number of parameters to the SQL function */
-   sqlite3_value **apSqlParam; /* Original SQL parameter values */
--  RtreeDValue aParam[1];      /* Values for parameters to the SQL function */
-+  RtreeDValue aParam[FLEXARRAY]; /* Values for parameters to the SQL function */
- };
- 
-+/* Size of an RtreeMatchArg object with N parameters */
-+#define SZ_RTREEMATCHARG(N)  \
-+        (offsetof(RtreeMatchArg,aParam)+(N)*sizeof(RtreeDValue))
-+
- #ifndef MAX
- # define MAX(x,y) ((x) < (y) ? (y) : (x))
- #endif
-@@ -214221,7 +215547,7 @@
- }
- 
- /*
--** Return the N-dimensional volumn of the cell stored in *p.
-+** Return the N-dimensional volume of the cell stored in *p.
- */
- static RtreeDValue cellArea(Rtree *pRtree, RtreeCell *p){
-   RtreeDValue area = (RtreeDValue)1;
-@@ -215987,7 +217313,7 @@
- /*
- ** The second and subsequent arguments to this function are a printf()
- ** style format string and arguments. This function formats the string and
--** appends it to the report being accumuated in pCheck.
-+** appends it to the report being accumulated in pCheck.
- */
- static void rtreeCheckAppendMsg(RtreeCheck *pCheck, const char *zFmt, ...){
-   va_list ap;
-@@ -217175,7 +218501,7 @@
- ** Determine if point (x0,y0) is beneath line segment (x1,y1)->(x2,y2).
- ** Returns:
- **
--**    +2  x0,y0 is on the line segement
-+**    +2  x0,y0 is on the line segment
- **
- **    +1  x0,y0 is beneath line segment
- **
-@@ -217281,7 +218607,7 @@
-   sqlite3_free(p2);
- }
- 
--/* Objects used by the overlap algorihm. */
-+/* Objects used by the overlap algorithm. */
- typedef struct GeoEvent GeoEvent;
- typedef struct GeoSegment GeoSegment;
- typedef struct GeoOverlap GeoOverlap;
-@@ -218328,8 +219654,7 @@
-   sqlite3_int64 nBlob;
-   int memErr = 0;
- 
--  nBlob = sizeof(RtreeMatchArg) + (nArg-1)*sizeof(RtreeDValue)
--           + nArg*sizeof(sqlite3_value*);
-+  nBlob = SZ_RTREEMATCHARG(nArg) + nArg*sizeof(sqlite3_value*);
-   pBlob = (RtreeMatchArg *)sqlite3_malloc64(nBlob);
-   if( !pBlob ){
-     sqlite3_result_error_nomem(ctx);
-@@ -219424,7 +220749,7 @@
- **
- ** "RBU" stands for "Resumable Bulk Update". As in a large database update
- ** transmitted via a wireless network to a mobile device. A transaction
--** applied using this extension is hence refered to as an "RBU update".
-+** applied using this extension is hence referred to as an "RBU update".
- **
- **
- ** LIMITATIONS
-@@ -219721,7 +221046,7 @@
- ** the next call to sqlite3rbu_vacuum() opens a handle that starts a
- ** new RBU vacuum operation.
- **
--** As with sqlite3rbu_open(), Zipvfs users should rever to the comment
-+** As with sqlite3rbu_open(), Zipvfs users should refer to the comment
- ** describing the sqlite3rbu_create_vfs() API function below for
- ** a description of the complications associated with using RBU with
- ** zipvfs databases.
-@@ -219817,7 +221142,7 @@
- **
- ** If the RBU update has been completely applied, mark the RBU database
- ** as fully applied. Otherwise, assuming no error has occurred, save the
--** current state of the RBU update appliation to the RBU database.
-+** current state of the RBU update application to the RBU database.
- **
- ** If an error has already occurred as part of an sqlite3rbu_step()
- ** or sqlite3rbu_open() call, or if one occurs within this function, an
-@@ -224743,7 +226068,7 @@
- 
-   /* If this is an RBU vacuum operation and this is the target database,
-   ** pretend that it has at least one page. Otherwise, SQLite will not
--  ** check for the existance of a *-wal file. rbuVfsRead() contains
-+  ** check for the existence of a *-wal file. rbuVfsRead() contains
-   ** similar logic.  */
-   if( rc==SQLITE_OK && *pSize==0
-    && p->pRbu && rbuIsVacuum(p->pRbu)
-@@ -226675,8 +228000,8 @@
-       /* "INSERT INTO dbpage($PGNO,NULL)" causes page number $PGNO and
-       ** all subsequent pages to be deleted. */
-       pTab->iDbTrunc = iDb;
--      pgno--;
--      pTab->pgnoTrunc = pgno;
-+      pTab->pgnoTrunc = pgno-1;
-+      pgno = 1;
-     }else{
-       zErr = "bad page value";
-       goto update_fail;
-@@ -227973,7 +229298,7 @@
- /*
- ** This function is called to initialize the SessionTable.nCol, azCol[]
- ** abPK[] and azDflt[] members of SessionTable object pTab. If these
--** fields are already initilialized, this function is a no-op.
-+** fields are already initialized, this function is a no-op.
- **
- ** If an error occurs, an error code is stored in sqlite3_session.rc and
- ** non-zero returned. Or, if no error occurs but the table has no primary
-@@ -227992,6 +229317,8 @@
-   if( pTab->nCol==0 ){
-     u8 *abPK;
-     assert( pTab->azCol==0 || pTab->abPK==0 );
-+    sqlite3_free(pTab->azCol);
-+    pTab->abPK = 0;
-     rc = sessionTableInfo(pSession, db, zDb,
-         pTab->zName, &pTab->nCol, &pTab->nTotalCol, 0, &pTab->azCol,
-         &pTab->azDflt, &pTab->aiIdx, &abPK,
-@@ -228999,7 +230326,9 @@
-     SessionTable *pTo;            /* Table zTbl */
- 
-     /* Locate and if necessary initialize the target table object */
-+    pSession->bAutoAttach++;
-     rc = sessionFindTable(pSession, zTbl, &pTo);
-+    pSession->bAutoAttach--;
-     if( pTo==0 ) goto diff_out;
-     if( sessionInitTable(pSession, pTo, pSession->db, pSession->zDb) ){
-       rc = pSession->rc;
-@@ -229010,17 +230339,43 @@
-     if( rc==SQLITE_OK ){
-       int bHasPk = 0;
-       int bMismatch = 0;
--      int nCol;                   /* Columns in zFrom.zTbl */
-+      int nCol = 0;               /* Columns in zFrom.zTbl */
-       int bRowid = 0;
--      u8 *abPK;
-+      u8 *abPK = 0;
-       const char **azCol = 0;
--      rc = sessionTableInfo(0, db, zFrom, zTbl,
--          &nCol, 0, 0, &azCol, 0, 0, &abPK,
--          pSession->bImplicitPK ? &bRowid : 0
--      );
-+      char *zDbExists = 0;
-+
-+      /* Check that database zFrom is attached.  */
-+      zDbExists = sqlite3_mprintf("SELECT * FROM %Q.sqlite_schema", zFrom);
-+      if( zDbExists==0 ){
-+        rc = SQLITE_NOMEM;
-+      }else{
-+        sqlite3_stmt *pDbExists = 0;
-+        rc = sqlite3_prepare_v2(db, zDbExists, -1, &pDbExists, 0);
-+        if( rc==SQLITE_ERROR ){
-+          rc = SQLITE_OK;
-+          nCol = -1;
-+        }
-+        sqlite3_finalize(pDbExists);
-+        sqlite3_free(zDbExists);
-+      }
-+
-+      if( rc==SQLITE_OK && nCol==0 ){
-+        rc = sessionTableInfo(0, db, zFrom, zTbl,
-+            &nCol, 0, 0, &azCol, 0, 0, &abPK,
-+            pSession->bImplicitPK ? &bRowid : 0
-+        );
-+      }
-       if( rc==SQLITE_OK ){
-         if( pTo->nCol!=nCol ){
--          bMismatch = 1;
-+          if( nCol<=0 ){
-+            rc = SQLITE_SCHEMA;
-+            if( pzErrMsg ){
-+              *pzErrMsg = sqlite3_mprintf("no such table: %s.%s", zFrom, zTbl);
-+            }
-+          }else{
-+            bMismatch = 1;
-+          }
-         }else{
-           int i;
-           for(i=0; i<nCol; i++){
-@@ -229796,7 +231151,7 @@
- ){
-   sqlite3 *db = pSession->db;     /* Source database handle */
-   SessionTable *pTab;             /* Used to iterate through attached tables */
--  SessionBuffer buf = {0,0,0};    /* Buffer in which to accumlate changeset */
-+  SessionBuffer buf = {0,0,0};    /* Buffer in which to accumulate changeset */
-   int rc;                         /* Return code */
- 
-   assert( xOutput==0 || (pnChangeset==0 && ppChangeset==0) );
-@@ -230149,14 +231504,15 @@
- ** object and the buffer is full, discard some data to free up space.
- */
- static void sessionDiscardData(SessionInput *pIn){
--  if( pIn->xInput && pIn->iNext>=sessions_strm_chunk_size ){
--    int nMove = pIn->buf.nBuf - pIn->iNext;
-+  if( pIn->xInput && pIn->iCurrent>=sessions_strm_chunk_size ){
-+    int nMove = pIn->buf.nBuf - pIn->iCurrent;
-     assert( nMove>=0 );
-     if( nMove>0 ){
--      memmove(pIn->buf.aBuf, &pIn->buf.aBuf[pIn->iNext], nMove);
-+      memmove(pIn->buf.aBuf, &pIn->buf.aBuf[pIn->iCurrent], nMove);
-     }
--    pIn->buf.nBuf -= pIn->iNext;
--    pIn->iNext = 0;
-+    pIn->buf.nBuf -= pIn->iCurrent;
-+    pIn->iNext -= pIn->iCurrent;
-+    pIn->iCurrent = 0;
-     pIn->nData = pIn->buf.nBuf;
-   }
- }
-@@ -230510,8 +231866,8 @@
-   p->rc = sessionInputBuffer(&p->in, 2);
-   if( p->rc!=SQLITE_OK ) return p->rc;
- 
--  sessionDiscardData(&p->in);
-   p->in.iCurrent = p->in.iNext;
-+  sessionDiscardData(&p->in);
- 
-   /* If the iterator is already at the end of the changeset, return DONE. */
-   if( p->in.iNext>=p->in.nData ){
-@@ -232870,14 +234226,19 @@
-   sqlite3_changegroup *pGrp,
-   sqlite3_changeset_iter *pIter
- ){
-+  int rc = SQLITE_OK;
-+
-   if( pIter->in.iCurrent==pIter->in.iNext
-    || pIter->rc!=SQLITE_OK
-    || pIter->bInvert
-   ){
-     /* Iterator does not point to any valid entry or is an INVERT iterator. */
--    return SQLITE_ERROR;
-+    rc = SQLITE_ERROR;
-+  }else{
-+    pIter->in.bNoDiscard = 1;
-+    rc = sessionOneChangeToHash(pGrp, pIter, 0);
-   }
--  return sessionOneChangeToHash(pGrp, pIter, 0);
-+  return rc;
- }
- 
- /*
-@@ -234175,6 +235536,7 @@
- 
- /* #include <string.h> */
- /* #include <assert.h> */
-+/* #include <stddef.h> */
- 
- #ifndef SQLITE_AMALGAMATION
- 
-@@ -234230,6 +235592,18 @@
- # define EIGHT_BYTE_ALIGNMENT(X)   ((((uptr)(X) - (uptr)0)&7)==0)
- #endif
- 
-+/*
-+** Macros needed to provide flexible arrays in a portable way
-+*/
-+#ifndef offsetof
-+# define offsetof(STRUCTURE,FIELD) ((size_t)((char*)&((STRUCTURE*)0)->FIELD))
-+#endif
-+#if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L)
-+# define FLEXARRAY
-+#else
-+# define FLEXARRAY 1
-+#endif
-+
- #endif
- 
- /* Truncate very long tokens to this many bytes. Hard limit is
-@@ -234302,10 +235676,11 @@
- */
- struct Fts5Colset {
-   int nCol;
--  int aiCol[1];
-+  int aiCol[FLEXARRAY];
- };
- 
--
-+/* Size (int bytes) of a complete Fts5Colset object with N columns. */
-+#define SZ_FTS5COLSET(N) (sizeof(i64)*((N+2)/2))
- 
- /**************************************************************************
- ** Interface to code in fts5_config.c. fts5_config.c contains contains code
-@@ -235134,7 +236509,7 @@
- **
- ** The "lemon" program processes an LALR(1) input grammar file, then uses
- ** this template to construct a parser.  The "lemon" program inserts text
--** at each "%%" line.  Also, any "P-a-r-s-e" identifer prefix (without the
-+** at each "%%" line.  Also, any "P-a-r-s-e" identifier prefix (without the
- ** interstitial "-" characters) contained in this template is changed into
- ** the value of the %name directive from the grammar.  Otherwise, the content
- ** of this template is copied straight through into the generate parser
-@@ -237288,7 +238663,7 @@
-         ** under consideration.
-         **
-         ** The problem with this is that if (N < 2*nHit), the IDF is
--        ** negative. Which is undesirable. So the mimimum allowable IDF is
-+        ** negative. Which is undesirable. So the minimum allowable IDF is
-         ** (1e-6) - roughly the same as a term that appears in just over
-         ** half of set of 5,000,000 documents.  */
-         double idf = log( (nRow - nHit + 0.5) / (nHit + 0.5) );
-@@ -237751,7 +239126,7 @@
- **   * The 52 upper and lower case ASCII characters, and
- **   * The 10 integer ASCII characters.
- **   * The underscore character "_" (0x5F).
--**   * The unicode "subsitute" character (0x1A).
-+**   * The unicode "substitute" character (0x1A).
- */
- static int sqlite3Fts5IsBareword(char t){
-   u8 aBareword[128] = {
-@@ -239069,9 +240444,13 @@
-   /* Child nodes. For a NOT node, this array always contains 2 entries. For
-   ** AND or OR nodes, it contains 2 or more entries.  */
-   int nChild;                     /* Number of child nodes */
--  Fts5ExprNode *apChild[1];       /* Array of child nodes */
-+  Fts5ExprNode *apChild[FLEXARRAY]; /* Array of child nodes */
- };
- 
-+/* Size (in bytes) of an Fts5ExprNode object that holds up to N children */
-+#define SZ_FTS5EXPRNODE(N) \
-+  (offsetof(Fts5ExprNode,apChild) + (N)*sizeof(Fts5ExprNode*))
-+
- #define Fts5NodeIsString(p) ((p)->eType==FTS5_TERM || (p)->eType==FTS5_STRING)
- 
- /*
-@@ -239102,9 +240481,13 @@
-   Fts5ExprNode *pNode;            /* FTS5_STRING node this phrase is part of */
-   Fts5Buffer poslist;             /* Current position list */
-   int nTerm;                      /* Number of entries in aTerm[] */
--  Fts5ExprTerm aTerm[1];          /* Terms that make up this phrase */
-+  Fts5ExprTerm aTerm[FLEXARRAY];  /* Terms that make up this phrase */
- };
- 
-+/* Size (in bytes) of an Fts5ExprPhrase object that holds up to N terms */
-+#define SZ_FTS5EXPRPHRASE(N) \
-+    (offsetof(Fts5ExprPhrase,aTerm) + (N)*sizeof(Fts5ExprTerm))
-+
- /*
- ** One or more phrases that must appear within a certain token distance of
- ** each other within each matching document.
-@@ -239113,9 +240496,12 @@
-   int nNear;                      /* NEAR parameter */
-   Fts5Colset *pColset;            /* Columns to search (NULL -> all columns) */
-   int nPhrase;                    /* Number of entries in aPhrase[] array */
--  Fts5ExprPhrase *apPhrase[1];    /* Array of phrase pointers */
-+  Fts5ExprPhrase *apPhrase[FLEXARRAY]; /* Array of phrase pointers */
- };
- 
-+/* Size (in bytes) of an Fts5ExprNearset object covering up to N phrases */
-+#define SZ_FTS5EXPRNEARSET(N) \
-+  (offsetof(Fts5ExprNearset,apPhrase)+(N)*sizeof(Fts5ExprPhrase*))
- 
- /*
- ** Parse context.
-@@ -239275,7 +240661,7 @@
-   /* If the LHS of the MATCH expression was a user column, apply the
-   ** implicit column-filter.  */
-   if( sParse.rc==SQLITE_OK && iCol<pConfig->nCol ){
--    int n = sizeof(Fts5Colset);
-+    int n = SZ_FTS5COLSET(1);
-     Fts5Colset *pColset = (Fts5Colset*)sqlite3Fts5MallocZero(&sParse.rc, n);
-     if( pColset ){
-       pColset->nCol = 1;
-@@ -240633,7 +242019,7 @@
-   if( pParse->rc==SQLITE_OK ){
-     if( pNear==0 ){
-       sqlite3_int64 nByte;
--      nByte = sizeof(Fts5ExprNearset) + SZALLOC * sizeof(Fts5ExprPhrase*);
-+      nByte = SZ_FTS5EXPRNEARSET(SZALLOC+1);
-       pRet = sqlite3_malloc64(nByte);
-       if( pRet==0 ){
-         pParse->rc = SQLITE_NOMEM;
-@@ -240644,7 +242030,7 @@
-       int nNew = pNear->nPhrase + SZALLOC;
-       sqlite3_int64 nByte;
- 
--      nByte = sizeof(Fts5ExprNearset) + nNew * sizeof(Fts5ExprPhrase*);
-+      nByte = SZ_FTS5EXPRNEARSET(nNew+1);
-       pRet = (Fts5ExprNearset*)sqlite3_realloc64(pNear, nByte);
-       if( pRet==0 ){
-         pParse->rc = SQLITE_NOMEM;
-@@ -240735,12 +242121,12 @@
-       int nNew = SZALLOC + (pPhrase ? pPhrase->nTerm : 0);
- 
-       pNew = (Fts5ExprPhrase*)sqlite3_realloc64(pPhrase,
--          sizeof(Fts5ExprPhrase) + sizeof(Fts5ExprTerm) * nNew
-+          SZ_FTS5EXPRPHRASE(nNew+1)
-       );
-       if( pNew==0 ){
-         rc = SQLITE_NOMEM;
-       }else{
--        if( pPhrase==0 ) memset(pNew, 0, sizeof(Fts5ExprPhrase));
-+        if( pPhrase==0 ) memset(pNew, 0, SZ_FTS5EXPRPHRASE(1));
-         pCtx->pPhrase = pPhrase = pNew;
-         pNew->nTerm = nNew - SZALLOC;
-       }
-@@ -240848,7 +242234,7 @@
-     if( sCtx.pPhrase==0 ){
-       /* This happens when parsing a token or quoted phrase that contains
-       ** no token characters at all. (e.g ... MATCH '""'). */
--      sCtx.pPhrase = sqlite3Fts5MallocZero(&pParse->rc, sizeof(Fts5ExprPhrase));
-+      sCtx.pPhrase = sqlite3Fts5MallocZero(&pParse->rc, SZ_FTS5EXPRPHRASE(1));
-     }else if( sCtx.pPhrase->nTerm ){
-       sCtx.pPhrase->aTerm[sCtx.pPhrase->nTerm-1].bPrefix = (u8)bPrefix;
-     }
-@@ -240883,19 +242269,18 @@
-         sizeof(Fts5ExprPhrase*));
-   }
-   if( rc==SQLITE_OK ){
--    pNew->pRoot = (Fts5ExprNode*)sqlite3Fts5MallocZero(&rc,
--        sizeof(Fts5ExprNode));
-+    pNew->pRoot = (Fts5ExprNode*)sqlite3Fts5MallocZero(&rc, SZ_FTS5EXPRNODE(1));
-   }
-   if( rc==SQLITE_OK ){
-     pNew->pRoot->pNear = (Fts5ExprNearset*)sqlite3Fts5MallocZero(&rc,
--        sizeof(Fts5ExprNearset) + sizeof(Fts5ExprPhrase*));
-+                                                    SZ_FTS5EXPRNEARSET(2));
-   }
-   if( rc==SQLITE_OK && ALWAYS(pOrig!=0) ){
-     Fts5Colset *pColsetOrig = pOrig->pNode->pNear->pColset;
-     if( pColsetOrig ){
-       sqlite3_int64 nByte;
-       Fts5Colset *pColset;
--      nByte = sizeof(Fts5Colset) + (pColsetOrig->nCol-1) * sizeof(int);
-+      nByte = SZ_FTS5COLSET(pColsetOrig->nCol);
-       pColset = (Fts5Colset*)sqlite3Fts5MallocZero(&rc, nByte);
-       if( pColset ){
-         memcpy(pColset, pColsetOrig, (size_t)nByte);
-@@ -240923,7 +242308,7 @@
-     }else{
-       /* This happens when parsing a token or quoted phrase that contains
-       ** no token characters at all. (e.g ... MATCH '""'). */
--      sCtx.pPhrase = sqlite3Fts5MallocZero(&rc, sizeof(Fts5ExprPhrase));
-+      sCtx.pPhrase = sqlite3Fts5MallocZero(&rc, SZ_FTS5EXPRPHRASE(1));
-     }
-   }
- 
-@@ -240988,7 +242373,8 @@
-               );
-           return;
-         }
--        nNear = nNear * 10 + (p->p[i] - '0');
-+        if( nNear<214748363 ) nNear = nNear * 10 + (p->p[i] - '0');
-+        /*  ^^^^^^^^^^^^^^^---  Prevent integer overflow */
-       }
-     }else{
-       nNear = FTS5_DEFAULT_NEARDIST;
-@@ -241017,7 +242403,7 @@
-   assert( pParse->rc==SQLITE_OK );
-   assert( iCol>=0 && iCol<pParse->pConfig->nCol );
- 
--  pNew = sqlite3_realloc64(p, sizeof(Fts5Colset) + sizeof(int)*nCol);
-+  pNew = sqlite3_realloc64(p, SZ_FTS5COLSET(nCol+1));
-   if( pNew==0 ){
-     pParse->rc = SQLITE_NOMEM;
-   }else{
-@@ -241052,7 +242438,7 @@
-   int nCol = pParse->pConfig->nCol;
- 
-   pRet = (Fts5Colset*)sqlite3Fts5MallocZero(&pParse->rc,
--      sizeof(Fts5Colset) + sizeof(int)*nCol
-+      SZ_FTS5COLSET(nCol+1)
-   );
-   if( pRet ){
-     int i;
-@@ -241113,7 +242499,7 @@
- static Fts5Colset *fts5CloneColset(int *pRc, Fts5Colset *pOrig){
-   Fts5Colset *pRet;
-   if( pOrig ){
--    sqlite3_int64 nByte = sizeof(Fts5Colset) + (pOrig->nCol-1) * sizeof(int);
-+    sqlite3_int64 nByte = SZ_FTS5COLSET(pOrig->nCol);
-     pRet = (Fts5Colset*)sqlite3Fts5MallocZero(pRc, nByte);
-     if( pRet ){
-       memcpy(pRet, pOrig, (size_t)nByte);
-@@ -241281,7 +242667,7 @@
-   assert( pNear->nPhrase==1 );
-   assert( pParse->bPhraseToAnd );
- 
--  nByte = sizeof(Fts5ExprNode) + nTerm*sizeof(Fts5ExprNode*);
-+  nByte = SZ_FTS5EXPRNODE(nTerm+1);
-   pRet = (Fts5ExprNode*)sqlite3Fts5MallocZero(&pParse->rc, nByte);
-   if( pRet ){
-     pRet->eType = FTS5_AND;
-@@ -241291,7 +242677,7 @@
-     pParse->nPhrase--;
-     for(ii=0; ii<nTerm; ii++){
-       Fts5ExprPhrase *pPhrase = (Fts5ExprPhrase*)sqlite3Fts5MallocZero(
--          &pParse->rc, sizeof(Fts5ExprPhrase)
-+          &pParse->rc, SZ_FTS5EXPRPHRASE(1)
-       );
-       if( pPhrase ){
-         if( parseGrowPhraseArray(pParse) ){
-@@ -241360,7 +242746,7 @@
-         if( pRight->eType==eType ) nChild += pRight->nChild-1;
-       }
- 
--      nByte = sizeof(Fts5ExprNode) + sizeof(Fts5ExprNode*)*(nChild-1);
-+      nByte = SZ_FTS5EXPRNODE(nChild);
-       pRet = (Fts5ExprNode*)sqlite3Fts5MallocZero(&pParse->rc, nByte);
- 
-       if( pRet ){
-@@ -242235,7 +243621,7 @@
- }
- 
- /*
--** Clear the token mappings for all Fts5IndexIter objects mannaged by
-+** Clear the token mappings for all Fts5IndexIter objects managed by
- ** the expression passed as the only argument.
- */
- static void sqlite3Fts5ExprClearTokens(Fts5Expr *pExpr){
-@@ -242270,7 +243656,7 @@
- 
- /*
- ** This file contains the implementation of an in-memory hash table used
--** to accumuluate "term -> doclist" content before it is flused to a level-0
-+** to accumulate "term -> doclist" content before it is flushed to a level-0
- ** segment.
- */
- 
-@@ -242327,7 +243713,7 @@
- };
- 
- /*
--** Eqivalent to:
-+** Equivalent to:
- **
- **   char *fts5EntryKey(Fts5HashEntry *pEntry){ return zKey; }
- */
-@@ -243263,9 +244649,13 @@
-   u64 nOriginCntr;                /* Origin value for next top-level segment */
-   int nSegment;                   /* Total segments in this structure */
-   int nLevel;                     /* Number of levels in this index */
--  Fts5StructureLevel aLevel[1];   /* Array of nLevel level objects */
-+  Fts5StructureLevel aLevel[FLEXARRAY]; /* Array of nLevel level objects */
- };
- 
-+/* Size (in bytes) of an Fts5Structure object holding up to N levels */
-+#define SZ_FTS5STRUCTURE(N) \
-+         (offsetof(Fts5Structure,aLevel) + (N)*sizeof(Fts5StructureLevel))
-+
- /*
- ** An object of type Fts5SegWriter is used to write to segments.
- */
-@@ -243395,11 +244785,15 @@
- ** Array of tombstone pages. Reference counted.
- */
- struct Fts5TombstoneArray {
--  int nRef;                       /* Number of pointers to this object */
-+  int nRef;                         /* Number of pointers to this object */
-   int nTombstone;
--  Fts5Data *apTombstone[1];       /* Array of tombstone pages */
-+  Fts5Data *apTombstone[FLEXARRAY]; /* Array of tombstone pages */
- };
- 
-+/* Size (in bytes) of an Fts5TombstoneArray holding up to N tombstones */
-+#define SZ_FTS5TOMBSTONEARRAY(N) \
-+  (offsetof(Fts5TombstoneArray,apTombstone)+(N)*sizeof(Fts5Data*))
-+
- /*
- ** Argument is a pointer to an Fts5Data structure that contains a
- ** leaf page.
-@@ -243468,9 +244862,12 @@
- 
-   i64 iSwitchRowid;               /* Firstest rowid of other than aFirst[1] */
-   Fts5CResult *aFirst;            /* Current merge state (see above) */
--  Fts5SegIter aSeg[1];            /* Array of segment iterators */
-+  Fts5SegIter aSeg[FLEXARRAY];    /* Array of segment iterators */
- };
- 
-+/* Size (in bytes) of an Fts5Iter object holding up to N segment iterators */
-+#define SZ_FTS5ITER(N)  (offsetof(Fts5Iter,aSeg)+(N)*sizeof(Fts5SegIter))
-+
- /*
- ** An instance of the following type is used to iterate through the contents
- ** of a doclist-index record.
-@@ -243497,9 +244894,13 @@
- struct Fts5DlidxIter {
-   int nLvl;
-   int iSegid;
--  Fts5DlidxLvl aLvl[1];
-+  Fts5DlidxLvl aLvl[FLEXARRAY];
- };
- 
-+/* Size (in bytes) of an Fts5DlidxIter object with up to N levels */
-+#define SZ_FTS5DLIDXITER(N) \
-+          (offsetof(Fts5DlidxIter,aLvl)+(N)*sizeof(Fts5DlidxLvl))
-+
- static void fts5PutU16(u8 *aOut, u16 iVal){
-   aOut[0] = (iVal>>8);
-   aOut[1] = (iVal&0xFF);
-@@ -243867,7 +245268,7 @@
- static void fts5StructureMakeWritable(int *pRc, Fts5Structure **pp){
-   Fts5Structure *p = *pp;
-   if( *pRc==SQLITE_OK && p->nRef>1 ){
--    i64 nByte = sizeof(Fts5Structure)+(p->nLevel-1)*sizeof(Fts5StructureLevel);
-+    i64 nByte = SZ_FTS5STRUCTURE(p->nLevel);
-     Fts5Structure *pNew;
-     pNew = (Fts5Structure*)sqlite3Fts5MallocZero(pRc, nByte);
-     if( pNew ){
-@@ -243941,10 +245342,7 @@
-   ){
-     return FTS5_CORRUPT;
-   }
--  nByte = (
--      sizeof(Fts5Structure) +                    /* Main structure */
--      sizeof(Fts5StructureLevel) * (nLevel-1)    /* aLevel[] array */
--  );
-+  nByte = SZ_FTS5STRUCTURE(nLevel);
-   pRet = (Fts5Structure*)sqlite3Fts5MallocZero(&rc, nByte);
- 
-   if( pRet ){
-@@ -244024,10 +245422,7 @@
-   if( *pRc==SQLITE_OK ){
-     Fts5Structure *pStruct = *ppStruct;
-     int nLevel = pStruct->nLevel;
--    sqlite3_int64 nByte = (
--        sizeof(Fts5Structure) +                  /* Main structure */
--        sizeof(Fts5StructureLevel) * (nLevel+1)  /* aLevel[] array */
--    );
-+    sqlite3_int64 nByte = SZ_FTS5STRUCTURE(nLevel+2);
- 
-     pStruct = sqlite3_realloc64(pStruct, nByte);
-     if( pStruct ){
-@@ -244566,7 +245961,7 @@
-   int bDone = 0;
- 
-   for(i=0; p->rc==SQLITE_OK && bDone==0; i++){
--    sqlite3_int64 nByte = sizeof(Fts5DlidxIter) + i * sizeof(Fts5DlidxLvl);
-+    sqlite3_int64 nByte = SZ_FTS5DLIDXITER(i+1);
-     Fts5DlidxIter *pNew;
- 
-     pNew = (Fts5DlidxIter*)sqlite3_realloc64(pIter, nByte);
-@@ -244782,9 +246177,9 @@
- ** leave an error in the Fts5Index object.
- */
- static void fts5SegIterAllocTombstone(Fts5Index *p, Fts5SegIter *pIter){
--  const int nTomb = pIter->pSeg->nPgTombstone;
-+  const i64 nTomb = (i64)pIter->pSeg->nPgTombstone;
-   if( nTomb>0 ){
--    int nByte = nTomb * sizeof(Fts5Data*) + sizeof(Fts5TombstoneArray);
-+    i64 nByte = SZ_FTS5TOMBSTONEARRAY(nTomb+1);
-     Fts5TombstoneArray *pNew;
-     pNew = (Fts5TombstoneArray*)sqlite3Fts5MallocZero(&p->rc, nByte);
-     if( pNew ){
-@@ -246245,8 +247640,7 @@
- 
-   for(nSlot=2; nSlot<nSeg; nSlot=nSlot*2);
-   pNew = fts5IdxMalloc(p,
--      sizeof(Fts5Iter) +                  /* pNew */
--      sizeof(Fts5SegIter) * (nSlot-1) +   /* pNew->aSeg[] */
-+      SZ_FTS5ITER(nSlot) +                /* pNew + pNew->aSeg[] */
-       sizeof(Fts5CResult) * nSlot         /* pNew->aFirst[] */
-   );
-   if( pNew ){
-@@ -248047,7 +249441,7 @@
-   int iDelKeyOff = 0;       /* Offset of deleted key, if any */
- 
-   nIdx = nPg-iPgIdx;
--  aIdx = sqlite3Fts5MallocZero(&p->rc, nIdx+16);
-+  aIdx = sqlite3Fts5MallocZero(&p->rc, ((i64)nIdx)+16);
-   if( p->rc ) return;
-   memcpy(aIdx, &aPg[iPgIdx], nIdx);
- 
-@@ -248612,7 +250006,7 @@
-   Fts5Structure *pStruct
- ){
-   Fts5Structure *pNew = 0;
--  sqlite3_int64 nByte = sizeof(Fts5Structure);
-+  sqlite3_int64 nByte = SZ_FTS5STRUCTURE(1);
-   int nSeg = pStruct->nSegment;
-   int i;
- 
-@@ -248641,7 +250035,8 @@
-     assert( pStruct->aLevel[i].nMerge<=nThis );
-   }
- 
--  nByte += (pStruct->nLevel+1) * sizeof(Fts5StructureLevel);
-+  nByte += (((i64)pStruct->nLevel)+1) * sizeof(Fts5StructureLevel);
-+  assert( nByte==SZ_FTS5STRUCTURE(pStruct->nLevel+2) );
-   pNew = (Fts5Structure*)sqlite3Fts5MallocZero(&p->rc, nByte);
- 
-   if( pNew ){
-@@ -249218,9 +250613,13 @@
-   int nIterAlloc;
-   Fts5PoslistReader *aPoslistReader;
-   int *aPoslistToIter;
--  Fts5Iter *apIter[1];
-+  Fts5Iter *apIter[FLEXARRAY];
- };
- 
-+/* Size in bytes of an Fts5TokenDataIter object holding up to N iterators */
-+#define SZ_FTS5TOKENDATAITER(N) \
-+    (offsetof(Fts5TokenDataIter,apIter) + (N)*sizeof(Fts5Iter))
-+
- /*
- ** The two input arrays - a1[] and a2[] - are in sorted order. This function
- ** merges the two arrays together and writes the result to output array
-@@ -249292,7 +250691,7 @@
- /*
- ** Sort the contents of the pT->aMap[] array.
- **
--** The sorting algorithm requries a malloc(). If this fails, an error code
-+** The sorting algorithm requires a malloc(). If this fails, an error code
- ** is left in Fts5Index.rc before returning.
- */
- static void fts5TokendataIterSortMap(Fts5Index *p, Fts5TokenDataIter *pT){
-@@ -249483,7 +250882,7 @@
-    && p->pConfig->bPrefixInsttoken
-   ){
-     s.pTokendata = &s2;
--    s2.pT = (Fts5TokenDataIter*)fts5IdxMalloc(p, sizeof(*s2.pT));
-+    s2.pT = (Fts5TokenDataIter*)fts5IdxMalloc(p, SZ_FTS5TOKENDATAITER(1));
-   }
- 
-   if( p->pConfig->eDetail==FTS5_DETAIL_NONE ){
-@@ -249529,7 +250928,8 @@
-       }
-     }
- 
--    pData = fts5IdxMalloc(p, sizeof(*pData)+s.doclist.n+FTS5_DATA_ZERO_PADDING);
-+    pData = fts5IdxMalloc(p, sizeof(*pData)
-+                             + ((i64)s.doclist.n)+FTS5_DATA_ZERO_PADDING);
-     assert( pData!=0 || p->rc!=SQLITE_OK );
-     if( pData ){
-       pData->p = (u8*)&pData[1];
-@@ -249610,15 +251010,17 @@
- ** and the initial version of the "averages" record (a zero-byte blob).
- */
- static int sqlite3Fts5IndexReinit(Fts5Index *p){
--  Fts5Structure s;
-+  Fts5Structure *pTmp;
-+  u8 tmpSpace[SZ_FTS5STRUCTURE(1)];
-   fts5StructureInvalidate(p);
-   fts5IndexDiscardData(p);
--  memset(&s, 0, sizeof(Fts5Structure));
-+  pTmp = (Fts5Structure*)tmpSpace;
-+  memset(pTmp, 0, SZ_FTS5STRUCTURE(1));
-   if( p->pConfig->bContentlessDelete ){
--    s.nOriginCntr = 1;
-+    pTmp->nOriginCntr = 1;
-   }
-   fts5DataWrite(p, FTS5_AVERAGES_ROWID, (const u8*)"", 0);
--  fts5StructureWrite(p, &s);
-+  fts5StructureWrite(p, pTmp);
-   return fts5IndexReturn(p);
- }
- 
-@@ -249826,7 +251228,7 @@
-   if( p->rc==SQLITE_OK ){
-     if( pIn==0 || pIn->nIter==pIn->nIterAlloc ){
-       int nAlloc = pIn ? pIn->nIterAlloc*2 : 16;
--      int nByte = nAlloc * sizeof(Fts5Iter*) + sizeof(Fts5TokenDataIter);
-+      int nByte = SZ_FTS5TOKENDATAITER(nAlloc+1);
-       Fts5TokenDataIter *pNew = (Fts5TokenDataIter*)sqlite3_realloc(pIn, nByte);
- 
-       if( pNew==0 ){
-@@ -250342,7 +251744,8 @@
- 
-   fts5BufferGrow(&p->rc, &token, nToken+1);
-   assert( token.p!=0 || p->rc!=SQLITE_OK );
--  ctx.pT = (Fts5TokenDataIter*)sqlite3Fts5MallocZero(&p->rc, sizeof(*ctx.pT));
-+  ctx.pT = (Fts5TokenDataIter*)sqlite3Fts5MallocZero(&p->rc,
-+                                                   SZ_FTS5TOKENDATAITER(1));
- 
-   if( p->rc==SQLITE_OK ){
- 
-@@ -250473,7 +251876,8 @@
-   if( pIter->nSeg>0 ){
-     /* This is a prefix term iterator. */
-     if( pT==0 ){
--      pT = (Fts5TokenDataIter*)sqlite3Fts5MallocZero(&p->rc, sizeof(*pT));
-+      pT = (Fts5TokenDataIter*)sqlite3Fts5MallocZero(&p->rc,
-+                                           SZ_FTS5TOKENDATAITER(1));
-       pIter->pTokenDataIter = pT;
-     }
-     if( pT ){
-@@ -251507,7 +252911,7 @@
- 
- #if defined(SQLITE_TEST) || defined(SQLITE_FTS5_DEBUG)
- static void fts5DebugRowid(int *pRc, Fts5Buffer *pBuf, i64 iKey){
--  int iSegid, iHeight, iPgno, bDlidx, bTomb;     /* Rowid compenents */
-+  int iSegid, iHeight, iPgno, bDlidx, bTomb;     /* Rowid components */
-   fts5DecodeRowid(iKey, &bTomb, &iSegid, &bDlidx, &iHeight, &iPgno);
- 
-   if( iSegid==0 ){
-@@ -251753,7 +253157,7 @@
-   ** buffer overreads even if the record is corrupt.  */
-   n = sqlite3_value_bytes(apVal[1]);
-   aBlob = sqlite3_value_blob(apVal[1]);
--  nSpace = n + FTS5_DATA_ZERO_PADDING;
-+  nSpace = ((i64)n) + FTS5_DATA_ZERO_PADDING;
-   a = (u8*)sqlite3Fts5MallocZero(&rc, nSpace);
-   if( a==0 ) goto decode_out;
-   if( n>0 ) memcpy(a, aBlob, n);
-@@ -252468,9 +253872,11 @@
-   i64 iRowid;                     /* Current rowid */
-   const u8 *aPoslist;             /* Position lists for current row */
-   int nIdx;                       /* Number of entries in aIdx[] */
--  int aIdx[1];                    /* Offsets into aPoslist for current row */
-+  int aIdx[FLEXARRAY];            /* Offsets into aPoslist for current row */
- };
- 
-+/* Size (int bytes) of an Fts5Sorter object with N indexes */
-+#define SZ_FTS5SORTER(N) (offsetof(Fts5Sorter,nIdx)+((N+2)/2)*sizeof(i64))
- 
- /*
- ** Virtual-table cursor object.
-@@ -253348,7 +254754,7 @@
-   const char *zRankArgs = pCsr->zRankArgs;
- 
-   nPhrase = sqlite3Fts5ExprPhraseCount(pCsr->pExpr);
--  nByte = sizeof(Fts5Sorter) + sizeof(int) * (nPhrase-1);
-+  nByte = SZ_FTS5SORTER(nPhrase);
-   pSorter = (Fts5Sorter*)sqlite3_malloc64(nByte);
-   if( pSorter==0 ) return SQLITE_NOMEM;
-   memset(pSorter, 0, (size_t)nByte);
-@@ -255874,7 +257280,7 @@
- ){
-   assert( nArg==0 );
-   UNUSED_PARAM2(nArg, apUnused);
--  sqlite3_result_text(pCtx, "fts5: 2025-02-18 13:38:58 873d4e274b4988d260ba8354a9718324a1c26187a4ab4c1cc0227c03d0f10e70", -1, SQLITE_TRANSIENT);
-+  sqlite3_result_text(pCtx, "fts5: 2025-07-17 13:25:10 3ce993b8657d6d9deda380a93cdd6404a8c8ba1b185b2bc423703e41ae5f2543", -1, SQLITE_TRANSIENT);
- }
- 
- /*
-@@ -256099,8 +257505,8 @@
-   ** its entry point to enable the matchinfo() demo.  */
- #ifdef SQLITE_FTS5_ENABLE_TEST_MI
-   if( rc==SQLITE_OK ){
--    extern int sqlite3Fts5TestRegisterMatchinfo(sqlite3*);
--    rc = sqlite3Fts5TestRegisterMatchinfo(db);
-+    extern int sqlite3Fts5TestRegisterMatchinfoAPI(fts5_api*);
-+    rc = sqlite3Fts5TestRegisterMatchinfoAPI(&pGlobal->api);
-   }
- #endif
- 
-@@ -256689,6 +258095,7 @@
-   for(iCol=1; rc==SQLITE_OK && iCol<=pConfig->nCol; iCol++){
-     if( pConfig->abUnindexed[iCol-1]==0 ){
-       sqlite3_value *pVal = 0;
-+      sqlite3_value *pFree = 0;
-       const char *pText = 0;
-       int nText = 0;
-       const char *pLoc = 0;
-@@ -256705,11 +258112,22 @@
-       if( pConfig->bLocale && sqlite3Fts5IsLocaleValue(pConfig, pVal) ){
-         rc = sqlite3Fts5DecodeLocaleValue(pVal, &pText, &nText, &pLoc, &nLoc);
-       }else{
--        pText = (const char*)sqlite3_value_text(pVal);
--        nText = sqlite3_value_bytes(pVal);
--        if( pConfig->bLocale && pSeek ){
--          pLoc = (const char*)sqlite3_column_text(pSeek, iCol + pConfig->nCol);
--          nLoc = sqlite3_column_bytes(pSeek, iCol + pConfig->nCol);
-+        if( sqlite3_value_type(pVal)!=SQLITE_TEXT ){
-+          /* Make a copy of the value to work with. This is because the call
-+          ** to sqlite3_value_text() below forces the type of the value to
-+          ** SQLITE_TEXT, and we may need to use it again later. */
-+          pFree = pVal = sqlite3_value_dup(pVal);
-+          if( pVal==0 ){
-+            rc = SQLITE_NOMEM;
-+          }
-+        }
-+        if( rc==SQLITE_OK ){
-+          pText = (const char*)sqlite3_value_text(pVal);
-+          nText = sqlite3_value_bytes(pVal);
-+          if( pConfig->bLocale && pSeek ){
-+            pLoc = (const char*)sqlite3_column_text(pSeek, iCol+pConfig->nCol);
-+            nLoc = sqlite3_column_bytes(pSeek, iCol + pConfig->nCol);
-+          }
-         }
-       }
- 
-@@ -256725,6 +258143,7 @@
-         }
-         sqlite3Fts5ClearLocale(pConfig);
-       }
-+      sqlite3_value_free(pFree);
-     }
-   }
-   if( rc==SQLITE_OK && p->nTotalRow<1 ){
-@@ -259938,7 +261357,6 @@
-   aAscii[0] = 0;                  /* 0x00 is never a token character */
- }
- 
--
- /*
- ** 2015 May 30
- **
-@@ -260479,12 +261897,12 @@
-     *pzErr = sqlite3_mprintf("wrong number of vtable arguments");
-     rc = SQLITE_ERROR;
-   }else{
--    int nByte;                      /* Bytes of space to allocate */
-+    i64 nByte;                      /* Bytes of space to allocate */
-     const char *zDb = bDb ? argv[3] : argv[1];
-     const char *zTab = bDb ? argv[4] : argv[3];
-     const char *zType = bDb ? argv[5] : argv[4];
--    int nDb = (int)strlen(zDb)+1;
--    int nTab = (int)strlen(zTab)+1;
-+    i64 nDb = strlen(zDb)+1;
-+    i64 nTab = strlen(zTab)+1;
-     int eType = 0;
- 
-     rc = fts5VocabTableType(zType, pzErr, &eType);
-diff --color -ruN node-v22.16.0/deps/sqlite/sqlite3ext.h node-modded/deps/sqlite/sqlite3ext.h
---- node-v22.16.0/deps/sqlite/sqlite3ext.h	2025-05-21 06:12:48.000000000 +0200
-+++ node-modded/deps/sqlite/sqlite3ext.h	2025-07-17 16:20:17.642660211 +0200
-@@ -366,6 +366,8 @@
-   /* Version 3.44.0 and later */
-   void *(*get_clientdata)(sqlite3*,const char*);
-   int (*set_clientdata)(sqlite3*, const char*, void*, void(*)(void*));
-+  /* Version 3.50.0 and later */
-+  int (*setlk_timeout)(sqlite3*,int,int);
- };
- 
- /*
-@@ -699,6 +701,8 @@
- /* Version 3.44.0 and later */
- #define sqlite3_get_clientdata         sqlite3_api->get_clientdata
- #define sqlite3_set_clientdata         sqlite3_api->set_clientdata
-+/* Version 3.50.0 and later */
-+#define sqlite3_setlk_timeout          sqlite3_api->setlk_timeout
- #endif /* !defined(SQLITE_CORE) && !defined(SQLITE_OMIT_LOAD_EXTENSION) */
- 
- #if !defined(SQLITE_CORE) && !defined(SQLITE_OMIT_LOAD_EXTENSION)
-diff --color -ruN node-v22.16.0/deps/sqlite/sqlite3.h node-modded/deps/sqlite/sqlite3.h
---- node-v22.16.0/deps/sqlite/sqlite3.h	2025-05-21 06:12:48.000000000 +0200
-+++ node-modded/deps/sqlite/sqlite3.h	2025-07-17 16:20:17.635901069 +0200
-@@ -133,7 +133,7 @@
- **
- ** Since [version 3.6.18] ([dateof:3.6.18]),
- ** SQLite source code has been stored in the
--** <a href="http://www.fossil-scm.org/">Fossil configuration management
-+** <a href="http://fossil-scm.org/">Fossil configuration management
- ** system</a>.  ^The SQLITE_SOURCE_ID macro evaluates to
- ** a string which identifies a particular check-in of SQLite
- ** within its configuration management system.  ^The SQLITE_SOURCE_ID
-@@ -146,9 +146,9 @@
- ** [sqlite3_libversion_number()], [sqlite3_sourceid()],
- ** [sqlite_version()] and [sqlite_source_id()].
- */
--#define SQLITE_VERSION        "3.49.1"
--#define SQLITE_VERSION_NUMBER 3049001
--#define SQLITE_SOURCE_ID      "2025-02-18 13:38:58 873d4e274b4988d260ba8354a9718324a1c26187a4ab4c1cc0227c03d0f10e70"
-+#define SQLITE_VERSION        "3.50.3"
-+#define SQLITE_VERSION_NUMBER 3050003
-+#define SQLITE_SOURCE_ID      "2025-07-17 13:25:10 3ce993b8657d6d9deda380a93cdd6404a8c8ba1b185b2bc423703e41ae5f2543"
- 
- /*
- ** CAPI3REF: Run-Time Library Version Numbers
-@@ -1163,6 +1163,12 @@
- ** the value that M is to be set to. Before returning, the 32-bit signed
- ** integer is overwritten with the previous value of M.
- **
-+** <li>[[SQLITE_FCNTL_BLOCK_ON_CONNECT]]
-+** The [SQLITE_FCNTL_BLOCK_ON_CONNECT] opcode is used to configure the
-+** VFS to block when taking a SHARED lock to connect to a wal mode database.
-+** This is used to implement the functionality associated with
-+** SQLITE_SETLK_BLOCK_ON_CONNECT.
-+**
- ** <li>[[SQLITE_FCNTL_DATA_VERSION]]
- ** The [SQLITE_FCNTL_DATA_VERSION] opcode is used to detect changes to
- ** a database file.  The argument is a pointer to a 32-bit unsigned integer.
-@@ -1259,6 +1265,7 @@
- #define SQLITE_FCNTL_CKSM_FILE              41
- #define SQLITE_FCNTL_RESET_CACHE            42
- #define SQLITE_FCNTL_NULL_IO                43
-+#define SQLITE_FCNTL_BLOCK_ON_CONNECT       44
- 
- /* deprecated names */
- #define SQLITE_GET_LOCKPROXYFILE      SQLITE_FCNTL_GET_LOCKPROXYFILE
-@@ -1989,13 +1996,16 @@
- **
- ** [[SQLITE_CONFIG_LOOKASIDE]] <dt>SQLITE_CONFIG_LOOKASIDE</dt>
- ** <dd> ^(The SQLITE_CONFIG_LOOKASIDE option takes two arguments that determine
--** the default size of lookaside memory on each [database connection].
-+** the default size of [lookaside memory] on each [database connection].
- ** The first argument is the
--** size of each lookaside buffer slot and the second is the number of
--** slots allocated to each database connection.)^  ^(SQLITE_CONFIG_LOOKASIDE
--** sets the <i>default</i> lookaside size. The [SQLITE_DBCONFIG_LOOKASIDE]
--** option to [sqlite3_db_config()] can be used to change the lookaside
--** configuration on individual connections.)^ </dd>
-+** size of each lookaside buffer slot ("sz") and the second is the number of
-+** slots allocated to each database connection ("cnt").)^
-+** ^(SQLITE_CONFIG_LOOKASIDE sets the <i>default</i> lookaside size.
-+** The [SQLITE_DBCONFIG_LOOKASIDE] option to [sqlite3_db_config()] can
-+** be used to change the lookaside configuration on individual connections.)^
-+** The [-DSQLITE_DEFAULT_LOOKASIDE] option can be used to change the
-+** default lookaside configuration at compile-time.
-+** </dd>
- **
- ** [[SQLITE_CONFIG_PCACHE2]] <dt>SQLITE_CONFIG_PCACHE2</dt>
- ** <dd> ^(The SQLITE_CONFIG_PCACHE2 option takes a single argument which is
-@@ -2232,31 +2242,50 @@
- ** [[SQLITE_DBCONFIG_LOOKASIDE]]
- ** <dt>SQLITE_DBCONFIG_LOOKASIDE</dt>
- ** <dd> The SQLITE_DBCONFIG_LOOKASIDE option is used to adjust the
--** configuration of the lookaside memory allocator within a database
-+** configuration of the [lookaside memory allocator] within a database
- ** connection.
- ** The arguments to the SQLITE_DBCONFIG_LOOKASIDE option are <i>not</i>
- ** in the [DBCONFIG arguments|usual format].
- ** The SQLITE_DBCONFIG_LOOKASIDE option takes three arguments, not two,
- ** so that a call to [sqlite3_db_config()] that uses SQLITE_DBCONFIG_LOOKASIDE
- ** should have a total of five parameters.
--** ^The first argument (the third parameter to [sqlite3_db_config()] is a
-+** <ol>
-+** <li><p>The first argument ("buf") is a
- ** pointer to a memory buffer to use for lookaside memory.
--** ^The first argument after the SQLITE_DBCONFIG_LOOKASIDE verb
--** may be NULL in which case SQLite will allocate the
--** lookaside buffer itself using [sqlite3_malloc()]. ^The second argument is the
--** size of each lookaside buffer slot.  ^The third argument is the number of
--** slots.  The size of the buffer in the first argument must be greater than
--** or equal to the product of the second and third arguments.  The buffer
--** must be aligned to an 8-byte boundary.  ^If the second argument to
--** SQLITE_DBCONFIG_LOOKASIDE is not a multiple of 8, it is internally
--** rounded down to the next smaller multiple of 8.  ^(The lookaside memory
-+** The first argument may be NULL in which case SQLite will allocate the
-+** lookaside buffer itself using [sqlite3_malloc()].
-+** <li><P>The second argument ("sz") is the
-+** size of each lookaside buffer slot.  Lookaside is disabled if "sz"
-+** is less than 8.  The "sz" argument should be a multiple of 8 less than
-+** 65536.  If "sz" does not meet this constraint, it is reduced in size until
-+** it does.
-+** <li><p>The third argument ("cnt") is the number of slots. Lookaside is disabled
-+** if "cnt"is less than 1.  The "cnt" value will be reduced, if necessary, so
-+** that the product of "sz" and "cnt" does not exceed 2,147,418,112.  The "cnt"
-+** parameter is usually chosen so that the product of "sz" and "cnt" is less
-+** than 1,000,000.
-+** </ol>
-+** <p>If the "buf" argument is not NULL, then it must
-+** point to a memory buffer with a size that is greater than
-+** or equal to the product of "sz" and "cnt".
-+** The buffer must be aligned to an 8-byte boundary.
-+** The lookaside memory
- ** configuration for a database connection can only be changed when that
- ** connection is not currently using lookaside memory, or in other words
--** when the "current value" returned by
--** [sqlite3_db_status](D,[SQLITE_DBSTATUS_LOOKASIDE_USED],...) is zero.
-+** when the value returned by [SQLITE_DBSTATUS_LOOKASIDE_USED] is zero.
- ** Any attempt to change the lookaside memory configuration when lookaside
- ** memory is in use leaves the configuration unchanged and returns
--** [SQLITE_BUSY].)^</dd>
-+** [SQLITE_BUSY].
-+** If the "buf" argument is NULL and an attempt
-+** to allocate memory based on "sz" and "cnt" fails, then
-+** lookaside is silently disabled.
-+** <p>
-+** The [SQLITE_CONFIG_LOOKASIDE] configuration option can be used to set the
-+** default lookaside configuration at initialization.  The
-+** [-DSQLITE_DEFAULT_LOOKASIDE] option can be used to set the default lookaside
-+** configuration at compile-time.  Typical values for lookaside are 1200 for
-+** "sz" and 40 to 100 for "cnt".
-+** </dd>
- **
- ** [[SQLITE_DBCONFIG_ENABLE_FKEY]]
- ** <dt>SQLITE_DBCONFIG_ENABLE_FKEY</dt>
-@@ -2994,6 +3023,44 @@
- SQLITE_API int sqlite3_busy_timeout(sqlite3*, int ms);
- 
- /*
-+** CAPI3REF: Set the Setlk Timeout
-+** METHOD: sqlite3
-+**
-+** This routine is only useful in SQLITE_ENABLE_SETLK_TIMEOUT builds. If
-+** the VFS supports blocking locks, it sets the timeout in ms used by
-+** eligible locks taken on wal mode databases by the specified database
-+** handle. In non-SQLITE_ENABLE_SETLK_TIMEOUT builds, or if the VFS does
-+** not support blocking locks, this function is a no-op.
-+**
-+** Passing 0 to this function disables blocking locks altogether. Passing
-+** -1 to this function requests that the VFS blocks for a long time -
-+** indefinitely if possible. The results of passing any other negative value
-+** are undefined.
-+**
-+** Internally, each SQLite database handle store two timeout values - the
-+** busy-timeout (used for rollback mode databases, or if the VFS does not
-+** support blocking locks) and the setlk-timeout (used for blocking locks
-+** on wal-mode databases). The sqlite3_busy_timeout() method sets both
-+** values, this function sets only the setlk-timeout value. Therefore,
-+** to configure separate busy-timeout and setlk-timeout values for a single
-+** database handle, call sqlite3_busy_timeout() followed by this function.
-+**
-+** Whenever the number of connections to a wal mode database falls from
-+** 1 to 0, the last connection takes an exclusive lock on the database,
-+** then checkpoints and deletes the wal file. While it is doing this, any
-+** new connection that tries to read from the database fails with an
-+** SQLITE_BUSY error. Or, if the SQLITE_SETLK_BLOCK_ON_CONNECT flag is
-+** passed to this API, the new connection blocks until the exclusive lock
-+** has been released.
-+*/
-+SQLITE_API int sqlite3_setlk_timeout(sqlite3*, int ms, int flags);
-+
-+/*
-+** CAPI3REF: Flags for sqlite3_setlk_timeout()
-+*/
-+#define SQLITE_SETLK_BLOCK_ON_CONNECT 0x01
-+
-+/*
- ** CAPI3REF: Convenience Routines For Running Queries
- ** METHOD: sqlite3
- **
-@@ -4012,7 +4079,7 @@
- **
- ** The sqlite3_create_filename(D,J,W,N,P) allocates memory to hold a version of
- ** database filename D with corresponding journal file J and WAL file W and
--** with N URI parameters key/values pairs in the array P.  The result from
-+** an array P of N URI Key/Value pairs.  The result from
- ** sqlite3_create_filename(D,J,W,N,P) is a pointer to a database filename that
- ** is safe to pass to routines like:
- ** <ul>
-@@ -4693,7 +4760,7 @@
- ** METHOD: sqlite3_stmt
- **
- ** ^(In the SQL statement text input to [sqlite3_prepare_v2()] and its variants,
--** literals may be replaced by a [parameter] that matches one of following
-+** literals may be replaced by a [parameter] that matches one of the following
- ** templates:
- **
- ** <ul>
-@@ -4738,7 +4805,7 @@
- **
- ** [[byte-order determination rules]] ^The byte-order of
- ** UTF16 input text is determined by the byte-order mark (BOM, U+FEFF)
--** found in first character, which is removed, or in the absence of a BOM
-+** found in the first character, which is removed, or in the absence of a BOM
- ** the byte order is the native byte order of the host
- ** machine for sqlite3_bind_text16() or the byte order specified in
- ** the 6th parameter for sqlite3_bind_text64().)^
-@@ -4758,7 +4825,7 @@
- ** or sqlite3_bind_text16() or sqlite3_bind_text64() then
- ** that parameter must be the byte offset
- ** where the NUL terminator would occur assuming the string were NUL
--** terminated.  If any NUL characters occurs at byte offsets less than
-+** terminated.  If any NUL characters occur at byte offsets less than
- ** the value of the fourth parameter then the resulting string value will
- ** contain embedded NULs.  The result of expressions involving strings
- ** with embedded NULs is undefined.
-@@ -4970,7 +5037,7 @@
- ** METHOD: sqlite3_stmt
- **
- ** ^These routines provide a means to determine the database, table, and
--** table column that is the origin of a particular result column in
-+** table column that is the origin of a particular result column in a
- ** [SELECT] statement.
- ** ^The name of the database or table or column can be returned as
- ** either a UTF-8 or UTF-16 string.  ^The _database_ routines return
-@@ -5108,7 +5175,7 @@
- ** other than [SQLITE_ROW] before any subsequent invocation of
- ** sqlite3_step().  Failure to reset the prepared statement using
- ** [sqlite3_reset()] would result in an [SQLITE_MISUSE] return from
--** sqlite3_step().  But after [version 3.6.23.1] ([dateof:3.6.23.1],
-+** sqlite3_step().  But after [version 3.6.23.1] ([dateof:3.6.23.1]),
- ** sqlite3_step() began
- ** calling [sqlite3_reset()] automatically in this circumstance rather
- ** than returning [SQLITE_MISUSE].  This is not considered a compatibility
-@@ -5539,8 +5606,8 @@
- **
- ** For best security, the [SQLITE_DIRECTONLY] flag is recommended for
- ** all application-defined SQL functions that do not need to be
--** used inside of triggers, view, CHECK constraints, or other elements of
--** the database schema.  This flags is especially recommended for SQL
-+** used inside of triggers, views, CHECK constraints, or other elements of
-+** the database schema.  This flag is especially recommended for SQL
- ** functions that have side effects or reveal internal application state.
- ** Without this flag, an attacker might be able to modify the schema of
- ** a database file to include invocations of the function with parameters
-@@ -5571,7 +5638,7 @@
- ** [user-defined window functions|available here].
- **
- ** ^(If the final parameter to sqlite3_create_function_v2() or
--** sqlite3_create_window_function() is not NULL, then it is destructor for
-+** sqlite3_create_window_function() is not NULL, then it is the destructor for
- ** the application data pointer. The destructor is invoked when the function
- ** is deleted, either by being overloaded or when the database connection
- ** closes.)^ ^The destructor is also invoked if the call to
-@@ -5971,7 +6038,7 @@
- ** METHOD: sqlite3_value
- **
- ** ^The sqlite3_value_dup(V) interface makes a copy of the [sqlite3_value]
--** object D and returns a pointer to that copy.  ^The [sqlite3_value] returned
-+** object V and returns a pointer to that copy.  ^The [sqlite3_value] returned
- ** is a [protected sqlite3_value] object even if the input is not.
- ** ^The sqlite3_value_dup(V) interface returns NULL if V is NULL or if a
- ** memory allocation fails. ^If V is a [pointer value], then the result
-@@ -6009,7 +6076,7 @@
- ** allocation error occurs.
- **
- ** ^(The amount of space allocated by sqlite3_aggregate_context(C,N) is
--** determined by the N parameter on first successful call.  Changing the
-+** determined by the N parameter on the first successful call.  Changing the
- ** value of N in any subsequent call to sqlite3_aggregate_context() within
- ** the same aggregate function instance will not resize the memory
- ** allocation.)^  Within the xFinal callback, it is customary to set
-@@ -6171,7 +6238,7 @@
- **
- ** Security Warning:  These interfaces should not be exposed in scripting
- ** languages or in other circumstances where it might be possible for an
--** an attacker to invoke them.  Any agent that can invoke these interfaces
-+** attacker to invoke them.  Any agent that can invoke these interfaces
- ** can probably also take control of the process.
- **
- ** Database connection client data is only available for SQLite
-@@ -6285,7 +6352,7 @@
- ** pointed to by the 2nd parameter are taken as the application-defined
- ** function result.  If the 3rd parameter is non-negative, then it
- ** must be the byte offset into the string where the NUL terminator would
--** appear if the string where NUL terminated.  If any NUL characters occur
-+** appear if the string were NUL terminated.  If any NUL characters occur
- ** in the string at a byte offset that is less than the value of the 3rd
- ** parameter, then the resulting string will contain embedded NULs and the
- ** result of expressions operating on strings with embedded NULs is undefined.
-@@ -6343,7 +6410,7 @@
- ** string and preferably a string literal. The sqlite3_result_pointer()
- ** routine is part of the [pointer passing interface] added for SQLite 3.20.0.
- **
--** If these routines are called from within the different thread
-+** If these routines are called from within a different thread
- ** than the one containing the application-defined function that received
- ** the [sqlite3_context] pointer, the results are undefined.
- */
-@@ -6749,7 +6816,7 @@
- ** METHOD: sqlite3
- **
- ** ^The sqlite3_db_name(D,N) interface returns a pointer to the schema name
--** for the N-th database on database connection D, or a NULL pointer of N is
-+** for the N-th database on database connection D, or a NULL pointer if N is
- ** out of range.  An N value of 0 means the main database file.  An N of 1 is
- ** the "temp" schema.  Larger values of N correspond to various ATTACH-ed
- ** databases.
-@@ -6844,7 +6911,7 @@
- ** <dd>The SQLITE_TXN_READ state means that the database is currently
- ** in a read transaction.  Content has been read from the database file
- ** but nothing in the database file has changed.  The transaction state
--** will advanced to SQLITE_TXN_WRITE if any changes occur and there are
-+** will be advanced to SQLITE_TXN_WRITE if any changes occur and there are
- ** no other conflicting concurrent write transactions.  The transaction
- ** state will revert to SQLITE_TXN_NONE following a [ROLLBACK] or
- ** [COMMIT].</dd>
-@@ -6853,7 +6920,7 @@
- ** <dd>The SQLITE_TXN_WRITE state means that the database is currently
- ** in a write transaction.  Content has been written to the database file
- ** but has not yet committed.  The transaction state will change to
--** to SQLITE_TXN_NONE at the next [ROLLBACK] or [COMMIT].</dd>
-+** SQLITE_TXN_NONE at the next [ROLLBACK] or [COMMIT].</dd>
- */
- #define SQLITE_TXN_NONE  0
- #define SQLITE_TXN_READ  1
-@@ -7004,6 +7071,8 @@
- **
- ** ^The second argument is a pointer to the function to invoke when a
- ** row is updated, inserted or deleted in a rowid table.
-+** ^The update hook is disabled by invoking sqlite3_update_hook()
-+** with a NULL pointer as the second parameter.
- ** ^The first argument to the callback is a copy of the third argument
- ** to sqlite3_update_hook().
- ** ^The second callback argument is one of [SQLITE_INSERT], [SQLITE_DELETE],
-@@ -7132,7 +7201,7 @@
- ** CAPI3REF: Impose A Limit On Heap Size
- **
- ** These interfaces impose limits on the amount of heap memory that will be
--** by all database connections within a single process.
-+** used by all database connections within a single process.
- **
- ** ^The sqlite3_soft_heap_limit64() interface sets and/or queries the
- ** soft limit on the amount of heap memory that may be allocated by SQLite.
-@@ -7190,7 +7259,7 @@
- ** </ul>)^
- **
- ** The circumstances under which SQLite will enforce the heap limits may
--** changes in future releases of SQLite.
-+** change in future releases of SQLite.
- */
- SQLITE_API sqlite3_int64 sqlite3_soft_heap_limit64(sqlite3_int64 N);
- SQLITE_API sqlite3_int64 sqlite3_hard_heap_limit64(sqlite3_int64 N);
-@@ -7305,8 +7374,8 @@
- ** ^The entry point is zProc.
- ** ^(zProc may be 0, in which case SQLite will try to come up with an
- ** entry point name on its own.  It first tries "sqlite3_extension_init".
--** If that does not work, it constructs a name "sqlite3_X_init" where the
--** X is consists of the lower-case equivalent of all ASCII alphabetic
-+** If that does not work, it constructs a name "sqlite3_X_init" where
-+** X consists of the lower-case equivalent of all ASCII alphabetic
- ** characters in the filename from the last "/" to the first following
- ** "." and omitting any initial "lib".)^
- ** ^The sqlite3_load_extension() interface returns
-@@ -7377,7 +7446,7 @@
- ** ^(Even though the function prototype shows that xEntryPoint() takes
- ** no arguments and returns void, SQLite invokes xEntryPoint() with three
- ** arguments and expects an integer result as if the signature of the
--** entry point where as follows:
-+** entry point were as follows:
- **
- ** <blockquote><pre>
- ** &nbsp;  int xEntryPoint(
-@@ -7541,7 +7610,7 @@
- ** virtual table and might not be checked again by the byte code.)^ ^(The
- ** aConstraintUsage[].omit flag is an optimization hint. When the omit flag
- ** is left in its default setting of false, the constraint will always be
--** checked separately in byte code.  If the omit flag is change to true, then
-+** checked separately in byte code.  If the omit flag is changed to true, then
- ** the constraint may or may not be checked in byte code.  In other words,
- ** when the omit flag is true there is no guarantee that the constraint will
- ** not be checked again using byte code.)^
-@@ -7567,7 +7636,7 @@
- ** The xBestIndex method may optionally populate the idxFlags field with a
- ** mask of SQLITE_INDEX_SCAN_* flags. One such flag is
- ** [SQLITE_INDEX_SCAN_HEX], which if set causes the [EXPLAIN QUERY PLAN]
--** output to show the idxNum has hex instead of as decimal.  Another flag is
-+** output to show the idxNum as hex instead of as decimal.  Another flag is
- ** SQLITE_INDEX_SCAN_UNIQUE, which if set indicates that the query plan will
- ** return at most one row.
- **
-@@ -7708,7 +7777,7 @@
- ** the implementation of the [virtual table module].   ^The fourth
- ** parameter is an arbitrary client data pointer that is passed through
- ** into the [xCreate] and [xConnect] methods of the virtual table module
--** when a new virtual table is be being created or reinitialized.
-+** when a new virtual table is being created or reinitialized.
- **
- ** ^The sqlite3_create_module_v2() interface has a fifth parameter which
- ** is a pointer to a destructor for the pClientData.  ^SQLite will
-@@ -7873,7 +7942,7 @@
- ** in *ppBlob. Otherwise an [error code] is returned and, unless the error
- ** code is SQLITE_MISUSE, *ppBlob is set to NULL.)^ ^This means that, provided
- ** the API is not misused, it is always safe to call [sqlite3_blob_close()]
--** on *ppBlob after this function it returns.
-+** on *ppBlob after this function returns.
- **
- ** This function fails with SQLITE_ERROR if any of the following are true:
- ** <ul>
-@@ -7993,7 +8062,7 @@
- **
- ** ^Returns the size in bytes of the BLOB accessible via the
- ** successfully opened [BLOB handle] in its only argument.  ^The
--** incremental blob I/O routines can only read or overwriting existing
-+** incremental blob I/O routines can only read or overwrite existing
- ** blob content; they cannot change the size of a blob.
- **
- ** This routine only works on a [BLOB handle] which has been created
-@@ -8143,7 +8212,7 @@
- ** ^The sqlite3_mutex_alloc() routine allocates a new
- ** mutex and returns a pointer to it. ^The sqlite3_mutex_alloc()
- ** routine returns NULL if it is unable to allocate the requested
--** mutex.  The argument to sqlite3_mutex_alloc() must one of these
-+** mutex.  The argument to sqlite3_mutex_alloc() must be one of these
- ** integer constants:
- **
- ** <ul>
-@@ -8376,7 +8445,7 @@
- ** CAPI3REF: Retrieve the mutex for a database connection
- ** METHOD: sqlite3
- **
--** ^This interface returns a pointer the [sqlite3_mutex] object that
-+** ^This interface returns a pointer to the [sqlite3_mutex] object that
- ** serializes access to the [database connection] given in the argument
- ** when the [threading mode] is Serialized.
- ** ^If the [threading mode] is Single-thread or Multi-thread then this
-@@ -8499,7 +8568,7 @@
- ** CAPI3REF: SQL Keyword Checking
- **
- ** These routines provide access to the set of SQL language keywords
--** recognized by SQLite.  Applications can uses these routines to determine
-+** recognized by SQLite.  Applications can use these routines to determine
- ** whether or not a specific identifier needs to be escaped (for example,
- ** by enclosing in double-quotes) so as not to confuse the parser.
- **
-@@ -8667,7 +8736,7 @@
- ** content of the dynamic string under construction in X.  The value
- ** returned by [sqlite3_str_value(X)] is managed by the sqlite3_str object X
- ** and might be freed or altered by any subsequent method on the same
--** [sqlite3_str] object.  Applications must not used the pointer returned
-+** [sqlite3_str] object.  Applications must not use the pointer returned by
- ** [sqlite3_str_value(X)] after any subsequent method call on the same
- ** object.  ^Applications may change the content of the string returned
- ** by [sqlite3_str_value(X)] as long as they do not write into any bytes
-@@ -8753,7 +8822,7 @@
- ** allocation which could not be satisfied by the [SQLITE_CONFIG_PAGECACHE]
- ** buffer and where forced to overflow to [sqlite3_malloc()].  The
- ** returned value includes allocations that overflowed because they
--** where too large (they were larger than the "sz" parameter to
-+** were too large (they were larger than the "sz" parameter to
- ** [SQLITE_CONFIG_PAGECACHE]) and allocations that overflowed because
- ** no space was left in the page cache.</dd>)^
- **
-@@ -8837,28 +8906,29 @@
- ** [[SQLITE_DBSTATUS_LOOKASIDE_HIT]] ^(<dt>SQLITE_DBSTATUS_LOOKASIDE_HIT</dt>
- ** <dd>This parameter returns the number of malloc attempts that were
- ** satisfied using lookaside memory. Only the high-water value is meaningful;
--** the current value is always zero.)^
-+** the current value is always zero.</dd>)^
- **
- ** [[SQLITE_DBSTATUS_LOOKASIDE_MISS_SIZE]]
- ** ^(<dt>SQLITE_DBSTATUS_LOOKASIDE_MISS_SIZE</dt>
--** <dd>This parameter returns the number malloc attempts that might have
-+** <dd>This parameter returns the number of malloc attempts that might have
- ** been satisfied using lookaside memory but failed due to the amount of
- ** memory requested being larger than the lookaside slot size.
- ** Only the high-water value is meaningful;
--** the current value is always zero.)^
-+** the current value is always zero.</dd>)^
- **
- ** [[SQLITE_DBSTATUS_LOOKASIDE_MISS_FULL]]
- ** ^(<dt>SQLITE_DBSTATUS_LOOKASIDE_MISS_FULL</dt>
--** <dd>This parameter returns the number malloc attempts that might have
-+** <dd>This parameter returns the number of malloc attempts that might have
- ** been satisfied using lookaside memory but failed due to all lookaside
- ** memory already being in use.
- ** Only the high-water value is meaningful;
--** the current value is always zero.)^
-+** the current value is always zero.</dd>)^
- **
- ** [[SQLITE_DBSTATUS_CACHE_USED]] ^(<dt>SQLITE_DBSTATUS_CACHE_USED</dt>
- ** <dd>This parameter returns the approximate number of bytes of heap
- ** memory used by all pager caches associated with the database connection.)^
- ** ^The highwater mark associated with SQLITE_DBSTATUS_CACHE_USED is always 0.
-+** </dd>
- **
- ** [[SQLITE_DBSTATUS_CACHE_USED_SHARED]]
- ** ^(<dt>SQLITE_DBSTATUS_CACHE_USED_SHARED</dt>
-@@ -8867,10 +8937,10 @@
- ** memory used by that pager cache is divided evenly between the attached
- ** connections.)^  In other words, if none of the pager caches associated
- ** with the database connection are shared, this request returns the same
--** value as DBSTATUS_CACHE_USED. Or, if one or more or the pager caches are
-+** value as DBSTATUS_CACHE_USED. Or, if one or more of the pager caches are
- ** shared, the value returned by this call will be smaller than that returned
- ** by DBSTATUS_CACHE_USED. ^The highwater mark associated with
--** SQLITE_DBSTATUS_CACHE_USED_SHARED is always 0.
-+** SQLITE_DBSTATUS_CACHE_USED_SHARED is always 0.</dd>
- **
- ** [[SQLITE_DBSTATUS_SCHEMA_USED]] ^(<dt>SQLITE_DBSTATUS_SCHEMA_USED</dt>
- ** <dd>This parameter returns the approximate number of bytes of heap
-@@ -8880,6 +8950,7 @@
- ** schema memory is shared with other database connections due to
- ** [shared cache mode] being enabled.
- ** ^The highwater mark associated with SQLITE_DBSTATUS_SCHEMA_USED is always 0.
-+** </dd>
- **
- ** [[SQLITE_DBSTATUS_STMT_USED]] ^(<dt>SQLITE_DBSTATUS_STMT_USED</dt>
- ** <dd>This parameter returns the approximate number of bytes of heap
-@@ -8916,7 +8987,7 @@
- ** been written to disk in the middle of a transaction due to the page
- ** cache overflowing. Transactions are more efficient if they are written
- ** to disk all at once. When pages spill mid-transaction, that introduces
--** additional overhead. This parameter can be used help identify
-+** additional overhead. This parameter can be used to help identify
- ** inefficiencies that can be resolved by increasing the cache size.
- ** </dd>
- **
-@@ -8987,13 +9058,13 @@
- ** [[SQLITE_STMTSTATUS_SORT]] <dt>SQLITE_STMTSTATUS_SORT</dt>
- ** <dd>^This is the number of sort operations that have occurred.
- ** A non-zero value in this counter may indicate an opportunity to
--** improvement performance through careful use of indices.</dd>
-+** improve performance through careful use of indices.</dd>
- **
- ** [[SQLITE_STMTSTATUS_AUTOINDEX]] <dt>SQLITE_STMTSTATUS_AUTOINDEX</dt>
- ** <dd>^This is the number of rows inserted into transient indices that
- ** were created automatically in order to help joins run faster.
- ** A non-zero value in this counter may indicate an opportunity to
--** improvement performance by adding permanent indices that do not
-+** improve performance by adding permanent indices that do not
- ** need to be reinitialized each time the statement is run.</dd>
- **
- ** [[SQLITE_STMTSTATUS_VM_STEP]] <dt>SQLITE_STMTSTATUS_VM_STEP</dt>
-@@ -9002,19 +9073,19 @@
- ** to 2147483647.  The number of virtual machine operations can be
- ** used as a proxy for the total work done by the prepared statement.
- ** If the number of virtual machine operations exceeds 2147483647
--** then the value returned by this statement status code is undefined.
-+** then the value returned by this statement status code is undefined.</dd>
- **
- ** [[SQLITE_STMTSTATUS_REPREPARE]] <dt>SQLITE_STMTSTATUS_REPREPARE</dt>
- ** <dd>^This is the number of times that the prepare statement has been
- ** automatically regenerated due to schema changes or changes to
--** [bound parameters] that might affect the query plan.
-+** [bound parameters] that might affect the query plan.</dd>
- **
- ** [[SQLITE_STMTSTATUS_RUN]] <dt>SQLITE_STMTSTATUS_RUN</dt>
- ** <dd>^This is the number of times that the prepared statement has
- ** been run.  A single "run" for the purposes of this counter is one
- ** or more calls to [sqlite3_step()] followed by a call to [sqlite3_reset()].
- ** The counter is incremented on the first [sqlite3_step()] call of each
--** cycle.
-+** cycle.</dd>
- **
- ** [[SQLITE_STMTSTATUS_FILTER_MISS]]
- ** [[SQLITE_STMTSTATUS_FILTER HIT]]
-@@ -9024,7 +9095,7 @@
- ** step was bypassed because a Bloom filter returned not-found.  The
- ** corresponding SQLITE_STMTSTATUS_FILTER_MISS value is the number of
- ** times that the Bloom filter returned a find, and thus the join step
--** had to be processed as normal.
-+** had to be processed as normal.</dd>
- **
- ** [[SQLITE_STMTSTATUS_MEMUSED]] <dt>SQLITE_STMTSTATUS_MEMUSED</dt>
- ** <dd>^This is the approximate number of bytes of heap memory
-@@ -9129,9 +9200,9 @@
- ** SQLite will typically create one cache instance for each open database file,
- ** though this is not guaranteed. ^The
- ** first parameter, szPage, is the size in bytes of the pages that must
--** be allocated by the cache.  ^szPage will always a power of two.  ^The
-+** be allocated by the cache.  ^szPage will always be a power of two.  ^The
- ** second parameter szExtra is a number of bytes of extra storage
--** associated with each page cache entry.  ^The szExtra parameter will
-+** associated with each page cache entry.  ^The szExtra parameter will be
- ** a number less than 250.  SQLite will use the
- ** extra szExtra bytes on each page to store metadata about the underlying
- ** database page on disk.  The value passed into szExtra depends
-@@ -9139,17 +9210,17 @@
- ** ^The third argument to xCreate(), bPurgeable, is true if the cache being
- ** created will be used to cache database pages of a file stored on disk, or
- ** false if it is used for an in-memory database. The cache implementation
--** does not have to do anything special based with the value of bPurgeable;
-+** does not have to do anything special based upon the value of bPurgeable;
- ** it is purely advisory.  ^On a cache where bPurgeable is false, SQLite will
- ** never invoke xUnpin() except to deliberately delete a page.
- ** ^In other words, calls to xUnpin() on a cache with bPurgeable set to
- ** false will always have the "discard" flag set to true.
--** ^Hence, a cache created with bPurgeable false will
-+** ^Hence, a cache created with bPurgeable set to false will
- ** never contain any unpinned pages.
- **
- ** [[the xCachesize() page cache method]]
- ** ^(The xCachesize() method may be called at any time by SQLite to set the
--** suggested maximum cache-size (number of pages stored by) the cache
-+** suggested maximum cache-size (number of pages stored) for the cache
- ** instance passed as the first argument. This is the value configured using
- ** the SQLite "[PRAGMA cache_size]" command.)^  As with the bPurgeable
- ** parameter, the implementation is not required to do anything with this
-@@ -9176,12 +9247,12 @@
- ** implementation must return a pointer to the page buffer with its content
- ** intact.  If the requested page is not already in the cache, then the
- ** cache implementation should use the value of the createFlag
--** parameter to help it determined what action to take:
-+** parameter to help it determine what action to take:
- **
- ** <table border=1 width=85% align=center>
- ** <tr><th> createFlag <th> Behavior when page is not already in cache
- ** <tr><td> 0 <td> Do not allocate a new page.  Return NULL.
--** <tr><td> 1 <td> Allocate a new page if it easy and convenient to do so.
-+** <tr><td> 1 <td> Allocate a new page if it is easy and convenient to do so.
- **                 Otherwise return NULL.
- ** <tr><td> 2 <td> Make every effort to allocate a new page.  Only return
- **                 NULL if allocating a new page is effectively impossible.
-@@ -9198,7 +9269,7 @@
- ** as its second argument.  If the third parameter, discard, is non-zero,
- ** then the page must be evicted from the cache.
- ** ^If the discard parameter is
--** zero, then the page may be discarded or retained at the discretion of
-+** zero, then the page may be discarded or retained at the discretion of the
- ** page cache implementation. ^The page cache implementation
- ** may choose to evict unpinned pages at any time.
- **
-@@ -9216,7 +9287,7 @@
- ** When SQLite calls the xTruncate() method, the cache must discard all
- ** existing cache entries with page numbers (keys) greater than or equal
- ** to the value of the iLimit parameter passed to xTruncate(). If any
--** of these pages are pinned, they are implicitly unpinned, meaning that
-+** of these pages are pinned, they become implicitly unpinned, meaning that
- ** they can be safely discarded.
- **
- ** [[the xDestroy() page cache method]]
-@@ -9396,7 +9467,7 @@
- ** external process or via a database connection other than the one being
- ** used by the backup operation, then the backup will be automatically
- ** restarted by the next call to sqlite3_backup_step(). ^If the source
--** database is modified by the using the same database connection as is used
-+** database is modified by using the same database connection as is used
- ** by the backup operation, then the backup database is automatically
- ** updated at the same time.
- **
-@@ -9413,7 +9484,7 @@
- ** and may not be used following a call to sqlite3_backup_finish().
- **
- ** ^The value returned by sqlite3_backup_finish is [SQLITE_OK] if no
--** sqlite3_backup_step() errors occurred, regardless or whether or not
-+** sqlite3_backup_step() errors occurred, regardless of whether or not
- ** sqlite3_backup_step() completed.
- ** ^If an out-of-memory condition or IO error occurred during any prior
- ** sqlite3_backup_step() call on the same [sqlite3_backup] object, then
-@@ -9515,7 +9586,7 @@
- ** application receives an SQLITE_LOCKED error, it may call the
- ** sqlite3_unlock_notify() method with the blocked connection handle as
- ** the first argument to register for a callback that will be invoked
--** when the blocking connections current transaction is concluded. ^The
-+** when the blocking connection's current transaction is concluded. ^The
- ** callback is invoked from within the [sqlite3_step] or [sqlite3_close]
- ** call that concludes the blocking connection's transaction.
- **
-@@ -9535,7 +9606,7 @@
- ** blocked connection already has a registered unlock-notify callback,
- ** then the new callback replaces the old.)^ ^If sqlite3_unlock_notify() is
- ** called with a NULL pointer as its second argument, then any existing
--** unlock-notify callback is canceled. ^The blocked connections
-+** unlock-notify callback is canceled. ^The blocked connection's
- ** unlock-notify callback may also be canceled by closing the blocked
- ** connection using [sqlite3_close()].
- **
-@@ -9933,7 +10004,7 @@
- ** support constraints.  In this configuration (which is the default) if
- ** a call to the [xUpdate] method returns [SQLITE_CONSTRAINT], then the entire
- ** statement is rolled back as if [ON CONFLICT | OR ABORT] had been
--** specified as part of the users SQL statement, regardless of the actual
-+** specified as part of the user's SQL statement, regardless of the actual
- ** ON CONFLICT mode specified.
- **
- ** If X is non-zero, then the virtual table implementation guarantees
-@@ -9967,7 +10038,7 @@
- ** [[SQLITE_VTAB_INNOCUOUS]]<dt>SQLITE_VTAB_INNOCUOUS</dt>
- ** <dd>Calls of the form
- ** [sqlite3_vtab_config](db,SQLITE_VTAB_INNOCUOUS) from within the
--** the [xConnect] or [xCreate] methods of a [virtual table] implementation
-+** [xConnect] or [xCreate] methods of a [virtual table] implementation
- ** identify that virtual table as being safe to use from within triggers
- ** and views.  Conceptually, the SQLITE_VTAB_INNOCUOUS tag means that the
- ** virtual table can do no serious harm even if it is controlled by a
-@@ -10135,7 +10206,7 @@
- ** </table>
- **
- ** ^For the purposes of comparing virtual table output values to see if the
--** values are same value for sorting purposes, two NULL values are considered
-+** values are the same value for sorting purposes, two NULL values are considered
- ** to be the same.  In other words, the comparison operator is "IS"
- ** (or "IS NOT DISTINCT FROM") and not "==".
- **
-@@ -10145,7 +10216,7 @@
- **
- ** ^A virtual table implementation is always free to return rows in any order
- ** it wants, as long as the "orderByConsumed" flag is not set.  ^When the
--** the "orderByConsumed" flag is unset, the query planner will add extra
-+** "orderByConsumed" flag is unset, the query planner will add extra
- ** [bytecode] to ensure that the final results returned by the SQL query are
- ** ordered correctly.  The use of the "orderByConsumed" flag and the
- ** sqlite3_vtab_distinct() interface is merely an optimization.  ^Careful
-@@ -10242,7 +10313,7 @@
- ** sqlite3_vtab_in_next(X,P) should be one of the parameters to the
- ** xFilter method which invokes these routines, and specifically
- ** a parameter that was previously selected for all-at-once IN constraint
--** processing use the [sqlite3_vtab_in()] interface in the
-+** processing using the [sqlite3_vtab_in()] interface in the
- ** [xBestIndex|xBestIndex method].  ^(If the X parameter is not
- ** an xFilter argument that was selected for all-at-once IN constraint
- ** processing, then these routines return [SQLITE_ERROR].)^
-@@ -10297,7 +10368,7 @@
- ** and only if *V is set to a value.  ^The sqlite3_vtab_rhs_value(P,J,V)
- ** inteface returns SQLITE_NOTFOUND if the right-hand side of the J-th
- ** constraint is not available.  ^The sqlite3_vtab_rhs_value() interface
--** can return an result code other than SQLITE_OK or SQLITE_NOTFOUND if
-+** can return a result code other than SQLITE_OK or SQLITE_NOTFOUND if
- ** something goes wrong.
- **
- ** The sqlite3_vtab_rhs_value() interface is usually only successful if
-@@ -10325,8 +10396,8 @@
- ** KEYWORDS: {conflict resolution mode}
- **
- ** These constants are returned by [sqlite3_vtab_on_conflict()] to
--** inform a [virtual table] implementation what the [ON CONFLICT] mode
--** is for the SQL statement being evaluated.
-+** inform a [virtual table] implementation of the [ON CONFLICT] mode
-+** for the SQL statement being evaluated.
- **
- ** Note that the [SQLITE_IGNORE] constant is also used as a potential
- ** return value from the [sqlite3_set_authorizer()] callback and that
-@@ -10366,39 +10437,39 @@
- ** [[SQLITE_SCANSTAT_EST]] <dt>SQLITE_SCANSTAT_EST</dt>
- ** <dd>^The "double" variable pointed to by the V parameter will be set to the
- ** query planner's estimate for the average number of rows output from each
--** iteration of the X-th loop.  If the query planner's estimates was accurate,
-+** iteration of the X-th loop.  If the query planner's estimate was accurate,
- ** then this value will approximate the quotient NVISIT/NLOOP and the
- ** product of this value for all prior loops with the same SELECTID will
--** be the NLOOP value for the current loop.
-+** be the NLOOP value for the current loop.</dd>
- **
- ** [[SQLITE_SCANSTAT_NAME]] <dt>SQLITE_SCANSTAT_NAME</dt>
- ** <dd>^The "const char *" variable pointed to by the V parameter will be set
- ** to a zero-terminated UTF-8 string containing the name of the index or table
--** used for the X-th loop.
-+** used for the X-th loop.</dd>
- **
- ** [[SQLITE_SCANSTAT_EXPLAIN]] <dt>SQLITE_SCANSTAT_EXPLAIN</dt>
- ** <dd>^The "const char *" variable pointed to by the V parameter will be set
- ** to a zero-terminated UTF-8 string containing the [EXPLAIN QUERY PLAN]
--** description for the X-th loop.
-+** description for the X-th loop.</dd>
- **
- ** [[SQLITE_SCANSTAT_SELECTID]] <dt>SQLITE_SCANSTAT_SELECTID</dt>
- ** <dd>^The "int" variable pointed to by the V parameter will be set to the
- ** id for the X-th query plan element. The id value is unique within the
- ** statement. The select-id is the same value as is output in the first
--** column of an [EXPLAIN QUERY PLAN] query.
-+** column of an [EXPLAIN QUERY PLAN] query.</dd>
- **
- ** [[SQLITE_SCANSTAT_PARENTID]] <dt>SQLITE_SCANSTAT_PARENTID</dt>
- ** <dd>The "int" variable pointed to by the V parameter will be set to the
--** the id of the parent of the current query element, if applicable, or
-+** id of the parent of the current query element, if applicable, or
- ** to zero if the query element has no parent. This is the same value as
--** returned in the second column of an [EXPLAIN QUERY PLAN] query.
-+** returned in the second column of an [EXPLAIN QUERY PLAN] query.</dd>
- **
- ** [[SQLITE_SCANSTAT_NCYCLE]] <dt>SQLITE_SCANSTAT_NCYCLE</dt>
- ** <dd>The sqlite3_int64 output value is set to the number of cycles,
- ** according to the processor time-stamp counter, that elapsed while the
- ** query element was being processed. This value is not available for
- ** all query elements - if it is unavailable the output variable is
--** set to -1.
-+** set to -1.</dd>
- ** </dl>
- */
- #define SQLITE_SCANSTAT_NLOOP    0
-@@ -10439,8 +10510,8 @@
- ** sqlite3_stmt_scanstatus_v2() with a zeroed flags parameter.
- **
- ** Parameter "idx" identifies the specific query element to retrieve statistics
--** for. Query elements are numbered starting from zero. A value of -1 may be
--** to query for statistics regarding the entire query. ^If idx is out of range
-+** for. Query elements are numbered starting from zero. A value of -1 may
-+** retrieve statistics for the entire query. ^If idx is out of range
- ** - less than -1 or greater than or equal to the total number of query
- ** elements used to implement the statement - a non-zero value is returned and
- ** the variable that pOut points to is unchanged.
-@@ -10483,7 +10554,7 @@
- ** METHOD: sqlite3
- **
- ** ^If a write-transaction is open on [database connection] D when the
--** [sqlite3_db_cacheflush(D)] interface invoked, any dirty
-+** [sqlite3_db_cacheflush(D)] interface is invoked, any dirty
- ** pages in the pager-cache that are not currently in use are written out
- ** to disk. A dirty page may be in use if a database cursor created by an
- ** active SQL statement is reading from it, or if it is page 1 of a database
-@@ -10597,8 +10668,8 @@
- ** triggers; and so forth.
- **
- ** When the [sqlite3_blob_write()] API is used to update a blob column,
--** the pre-update hook is invoked with SQLITE_DELETE. This is because the
--** in this case the new values are not available. In this case, when a
-+** the pre-update hook is invoked with SQLITE_DELETE, because
-+** the new values are not yet available. In this case, when a
- ** callback made with op==SQLITE_DELETE is actually a write using the
- ** sqlite3_blob_write() API, the [sqlite3_preupdate_blobwrite()] returns
- ** the index of the column being written. In other cases, where the
-@@ -10851,7 +10922,7 @@
- ** For an ordinary on-disk database file, the serialization is just a
- ** copy of the disk file.  For an in-memory database or a "TEMP" database,
- ** the serialization is the same sequence of bytes which would be written
--** to disk if that database where backed up to disk.
-+** to disk if that database were backed up to disk.
- **
- ** The usual case is that sqlite3_serialize() copies the serialization of
- ** the database into memory obtained from [sqlite3_malloc64()] and returns
-@@ -10860,7 +10931,7 @@
- ** contains the SQLITE_SERIALIZE_NOCOPY bit, then no memory allocations
- ** are made, and the sqlite3_serialize() function will return a pointer
- ** to the contiguous memory representation of the database that SQLite
--** is currently using for that database, or NULL if the no such contiguous
-+** is currently using for that database, or NULL if no such contiguous
- ** memory representation of the database exists.  A contiguous memory
- ** representation of the database will usually only exist if there has
- ** been a prior call to [sqlite3_deserialize(D,S,...)] with the same
-@@ -10931,7 +11002,7 @@
- ** database is currently in a read transaction or is involved in a backup
- ** operation.
- **
--** It is not possible to deserialized into the TEMP database.  If the
-+** It is not possible to deserialize into the TEMP database.  If the
- ** S argument to sqlite3_deserialize(D,S,P,N,M,F) is "temp" then the
- ** function returns SQLITE_ERROR.
- **
-@@ -10953,7 +11024,7 @@
-   sqlite3 *db,            /* The database connection */
-   const char *zSchema,    /* Which DB to reopen with the deserialization */
-   unsigned char *pData,   /* The serialized database content */
--  sqlite3_int64 szDb,     /* Number bytes in the deserialization */
-+  sqlite3_int64 szDb,     /* Number of bytes in the deserialization */
-   sqlite3_int64 szBuf,    /* Total size of buffer pData[] */
-   unsigned mFlags         /* Zero or more SQLITE_DESERIALIZE_* flags */
- );
-@@ -10961,7 +11032,7 @@
- /*
- ** CAPI3REF: Flags for sqlite3_deserialize()
- **
--** The following are allowed values for 6th argument (the F argument) to
-+** The following are allowed values for the 6th argument (the F argument) to
- ** the [sqlite3_deserialize(D,S,P,N,M,F)] interface.
- **
- ** The SQLITE_DESERIALIZE_FREEONCLOSE means that the database serialization
-@@ -11486,9 +11557,10 @@
- ** is inserted while a session object is enabled, then later deleted while
- ** the same session object is disabled, no INSERT record will appear in the
- ** changeset, even though the delete took place while the session was disabled.
--** Or, if one field of a row is updated while a session is disabled, and
--** another field of the same row is updated while the session is enabled, the
--** resulting changeset will contain an UPDATE change that updates both fields.
-+** Or, if one field of a row is updated while a session is enabled, and
-+** then another field of the same row is updated while the session is disabled,
-+** the resulting changeset will contain an UPDATE change that updates both
-+** fields.
- */
- SQLITE_API int sqlite3session_changeset(
-   sqlite3_session *pSession,      /* Session object */
-@@ -11560,8 +11632,9 @@
- ** database zFrom the contents of the two compatible tables would be
- ** identical.
- **
--** It an error if database zFrom does not exist or does not contain the
--** required compatible table.
-+** Unless the call to this function is a no-op as described above, it is an
-+** error if database zFrom does not exist or does not contain the required
-+** compatible table.
- **
- ** If the operation is successful, SQLITE_OK is returned. Otherwise, an SQLite
- ** error code. In this case, if argument pzErrMsg is not NULL, *pzErrMsg
-@@ -11696,7 +11769,7 @@
- ** The following flags may passed via the 4th parameter to
- ** [sqlite3changeset_start_v2] and [sqlite3changeset_start_v2_strm]:
- **
--** <dt>SQLITE_CHANGESETAPPLY_INVERT <dd>
-+** <dt>SQLITE_CHANGESETSTART_INVERT <dd>
- **   Invert the changeset while iterating through it. This is equivalent to
- **   inverting a changeset using sqlite3changeset_invert() before applying it.
- **   It is an error to specify this flag with a patchset.
-@@ -12011,19 +12084,6 @@
-   void **ppOut                    /* OUT: Buffer containing output changeset */
- );
- 
--
--/*
--** CAPI3REF: Upgrade the Schema of a Changeset/Patchset
--*/
--SQLITE_API int sqlite3changeset_upgrade(
--  sqlite3 *db,
--  const char *zDb,
--  int nIn, const void *pIn,       /* Input changeset */
--  int *pnOut, void **ppOut        /* OUT: Inverse of input */
--);
--
--
--
- /*
- ** CAPI3REF: Changegroup Handle
- **
diff --git a/SOURCES/0003-fips-disable-options.patch b/SOURCES/0003-fips-disable-options.patch
new file mode 100644
index 0000000..56482a2
--- /dev/null
+++ b/SOURCES/0003-fips-disable-options.patch
@@ -0,0 +1,84 @@
+From 98738d27288bd9ca634e29181ef665e812e7bbd3 Mon Sep 17 00:00:00 2001
+From: Michael Dawson <midawson@redhat.com>
+Date: Fri, 23 Feb 2024 13:43:56 +0100
+Subject: [PATCH] Disable FIPS options
+
+On RHEL, FIPS should be configured only on system level.
+Additionally, the related options may cause segfault when used on RHEL.
+
+This patch causes the option processing to end sooner
+than the problematic code gets executed.
+Additionally, the JS-level options to mess with FIPS settings
+are similarly disabled.
+
+Upstream report: https://github.com/nodejs/node/pull/48950
+RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2226726
+---
+ lib/crypto.js             | 10 ++++++++++
+ lib/internal/errors.js    |  6 ++++++
+ src/crypto/crypto_util.cc |  2 ++
+ 3 files changed, 18 insertions(+)
+
+diff --git a/lib/crypto.js b/lib/crypto.js
+index 41adecc..b2627ac 100644
+--- a/lib/crypto.js
++++ b/lib/crypto.js
+@@ -36,7 +36,10 @@ const {
+ assertCrypto();
+
+ const {
++  // RHEL specific error
++  ERR_CRYPTO_FIPS_SYSTEM_CONTROLLED,
++
+   ERR_CRYPTO_FIPS_FORCED,
+   ERR_WORKER_UNSUPPORTED_OPERATION,
+ } = require('internal/errors').codes;
+ const constants = internalBinding('constants').crypto;
+@@ -251,6 +254,13 @@ function getFips() {
+ }
+ 
+ function setFips(val) {
++  // in RHEL FIPS enable/disable should only be done at system level
++  if (getFips() != val) {
++    throw new ERR_CRYPTO_FIPS_SYSTEM_CONTROLLED();
++  } else {
++    return;
++  }
++
+   if (getOptionValue('--force-fips')) {
+     if (val) return;
+     throw new ERR_CRYPTO_FIPS_FORCED();
+diff --git a/lib/internal/errors.js b/lib/internal/errors.js
+index a722360..04d8a53 100644
+--- a/lib/internal/errors.js
++++ b/lib/internal/errors.js
+@@ -1111,6 +1111,12 @@ module.exports = {
+ //
+ // Note: Node.js specific errors must begin with the prefix ERR_
+ 
++// insert RHEL specific erro
++E('ERR_CRYPTO_FIPS_SYSTEM_CONTROLLED',
++  'Cannot set FIPS mode. FIPS should be enabled/disabled at system level. See' +
++  'https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n',
++  Error);
++
+ E('ERR_ACCESS_DENIED',
+   function(msg, permission = '', resource = '') {
+     this.permission = permission;
+diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
+index 5734d8f..ef9d1b1 100644
+--- a/src/crypto/crypto_util.cc
++++ b/src/crypto/crypto_util.cc
+@@ -121,6 +121,8 @@ bool ProcessFipsOptions() {
+   /* Override FIPS settings in configuration file, if needed. */
+   if (per_process::cli_options->enable_fips_crypto ||
+       per_process::cli_options->force_fips_crypto) {
++      fprintf(stderr, "ERROR: Using options related to FIPS is not recommended, configure FIPS in openssl instead. See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n");
++      return false;
+ #if OPENSSL_VERSION_MAJOR >= 3
+     OSSL_PROVIDER* fips_provider = OSSL_PROVIDER_load(nullptr, "fips");
+     if (fips_provider == nullptr)
+-- 
+2.43.2
+
+
diff --git a/SOURCES/nodejs-tarball.sh b/SOURCES/nodejs-tarball.sh
index a908c63..395e12b 100755
--- a/SOURCES/nodejs-tarball.sh
+++ b/SOURCES/nodejs-tarball.sh
@@ -123,8 +123,8 @@ tar -zcf node-v${version}-stripped.tar.gz node-v${version}
 ICU_MAJOR=$(jq -r '.[0].url' node-v${version}/tools/icu/current_ver.dep | sed --expression='s/.*release-\([[:digit:]]\+\)-\([[:digit:]]\+\).*/\1/g')
 ICU_MINOR=$(jq -r '.[0].url' node-v${version}/tools/icu/current_ver.dep | sed --expression='s/.*release-\([[:digit:]]\+\)-\([[:digit:]]\+\).*/\2/g')
 rm -Rf icu4c-${ICU_MAJOR}_${ICU_MINOR}-data-bin-*.zip
-wget $(grep Source3 nodejs.spec | sed --expression="s/.*http/http/g" --expression="s/\(\%{icu_major}\)/${ICU_MAJOR}/g" --expression="s/\(\%{icu_minor}\)/${ICU_MINOR}/g")
-wget $(grep Source4 nodejs.spec | sed --expression="s/.*http/http/g" --expression="s/\(\%{icu_major}\)/${ICU_MAJOR}/g" --expression="s/\(\%{icu_minor}\)/${ICU_MINOR}/g")
+wget $(grep -w 'Source3' nodejs*.spec | sed --expression="s/.*http/http/g" --expression="s/\(\%{icu_major}\)/${ICU_MAJOR}/g" --expression="s/\(\%{icu_minor}\)/${ICU_MINOR}/g")
+wget $(grep -w 'Source4' nodejs*.spec | sed --expression="s/.*http/http/g" --expression="s/\(\%{icu_major}\)/${ICU_MAJOR}/g" --expression="s/\(\%{icu_minor}\)/${ICU_MINOR}/g")
 
 #fedpkg new-sources node-v${version}-stripped.tar.gz icu4c*-src.tgz
 
diff --git a/SPECS/nodejs.spec b/SPECS/nodejs.spec
index 6fc9fef..3e7d98c 100644
--- a/SPECS/nodejs.spec
+++ b/SPECS/nodejs.spec
@@ -57,7 +57,7 @@
 # than a Fedora release lifecycle.
 %global nodejs_epoch 1
 %global nodejs_major 22
-%global nodejs_minor 16
+%global nodejs_minor 19
 %global nodejs_patch 0
 # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
 %global nodejs_soversion 127
@@ -81,17 +81,17 @@
 %global v8_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release}
 
 # zlib - from deps/zlib/zlib.h
-%global zlib_version 1.3.0.1-motley
+%global zlib_version 1.3.1
 
 # c-ares - from deps/cares/include/ares_version.h
 # https://github.com/nodejs/node/pull/9332
 %global c_ares_version 1.34.5
 
 # llhttp - from deps/llhttp/include/llhttp.h
-%global llhttp_version 9.2.1
+%global llhttp_version 9.3.0
 
 # libuv - from deps/uv/include/uv/version.h
-%global libuv_version 1.49.2
+%global libuv_version 1.51.0
 
 # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
 %global nghttp2_version 1.64.0
@@ -125,7 +125,7 @@
 
 # npm - from deps/npm/package.json
 %global npm_epoch 1
-%global npm_version 10.9.2
+%global npm_version 10.9.3
 
 # In order to avoid needing to keep incrementing the release version for the
 # main package forever, we will just construct one for npm that is guaranteed
@@ -142,7 +142,7 @@
 %global histogram_version 0.11.8
 
 # sqlite - from deps/sqlite/sqlite3.h
-%global sqlite_version 3.50.3
+%global sqlite_version 3.50.4
 
 
 Name: nodejs
@@ -174,8 +174,7 @@ Source300: test-runner.sh
 Source301: test-should-pass.txt
 
 Patch: 0001-Remove-unused-OpenSSL-config.patch
-Patch: 0002-sqlite-CVE-2025-6965.patch
-
+Patch: 0003-fips-disable-options.patch
 %global pkgname nodejs
 
 BuildRequires: make
@@ -573,7 +572,8 @@ export PATH="${cwd}/.bin:$PATH"
            --with-intl=small-icu \
            --with-icu-default-data-dir=%{icudatadir} \
            --without-corepack \
-           --openssl-use-def-ca-store
+           --openssl-use-def-ca-store \
+           --use-prefix-to-find-headers
 
 %ninja_build -C out/Release
 
@@ -896,6 +896,10 @@ end
 
 
 %changelog
+* Fri Aug 29 2025 Tomas Juhasz <tjuhasz@redhat.com> - 1:22.19.0-1
+- Update to 22.19.0
+  Resolves: RHEL-111912
+
 * Mon Jul 21 2025 Tomas Juhasz <tjuhasz@redhat.com> - 1:22.16.0-2
 - Patch fix for CVE-2025-6965
   Resolves: RHEL-103851