18 lines
785 B
Diff
18 lines
785 B
Diff
Subject: [PATCH] When processing constant integer values in ORDER BY clauses of
|
|
window definitions (see check-in [7e4809eadfe99ebf]) be sure to fully disable
|
|
the constant value to avoid an invalid pointer dereference if the expression
|
|
is ever duplicated.
|
|
|
|
diff --git a/src/window.c b/src/window.c
|
|
index 56c0145..c65eadd 100644
|
|
--- a/src/window.c
|
|
+++ b/src/window.c
|
|
@@ -730,6 +730,7 @@ static ExprList *exprListAppendList(
|
|
int nInit = pList ? pList->nExpr : 0;
|
|
for(i=0; i<pAppend->nExpr; i++){
|
|
Expr *pDup = sqlite3ExprDup(pParse->db, pAppend->a[i].pExpr, 0);
|
|
+ assert( pDup == NULL || !ExprHasProperty(pDup, EP_MemToken) );
|
|
pList = sqlite3ExprListAppend(pParse, pList, pDup);
|
|
if( pList ) pList->a[nInit+i].sortOrder = pAppend->a[i].sortOrder;
|
|
}
|