Subject: [PATCH] When processing constant integer values in ORDER BY clauses of
window definitions (see check-in [7e4809eadfe99ebf]) be sure to fully disable
the constant value to avoid an invalid pointer dereference if the expression
is ever duplicated.

diff --git a/src/window.c b/src/window.c
index 56c0145..c65eadd 100644
--- a/src/window.c
+++ b/src/window.c
@@ -730,6 +730,7 @@ static ExprList *exprListAppendList(
     int nInit = pList ? pList->nExpr : 0;
     for(i=0; i<pAppend->nExpr; i++){
       Expr *pDup = sqlite3ExprDup(pParse->db, pAppend->a[i].pExpr, 0);
+      assert( pDup == NULL || !ExprHasProperty(pDup, EP_MemToken) );
       pList = sqlite3ExprListAppend(pParse, pList, pDup);
       if( pList ) pList->a[nInit+i].sortOrder = pAppend->a[i].sortOrder;
     }