From: D. Richard Hipp <drh@hwaci.com>
Date: Sat, 3 Nov 2018 13:11:24 +0000 (+0000)
Subject: Fix a assert() in the query planner that can arise when doing row-value
X-Git-Tag: version-3.26.0~59
X-Git-Url: https://repo.or.cz/sqlite.git/commitdiff_plain/24298027a30cf7941f16a8cc878d0c1f9f14308f

Fix a assert() in the query planner that can arise when doing row-value
operations on a PRIMARY KEY that contains duplicate columns.
Ticket [1a84668dcfdebaf12415d].

https://sqlite.org/src/info/1a84668dcfdebaf12415d

upstream-Status: Backport
CVE: CVE-2018-20505
affects <= 3.26.0

Signed-off-by: Armin Kuster <akuster@mvista.com>

Index: sqlite-autoconf-3230100/sqlite3.c
===================================================================
--- sqlite-autoconf-3230100.orig/sqlite3.c
+++ sqlite-autoconf-3230100/sqlite3.c
@@ -131231,7 +131231,7 @@ static Expr *removeUnindexableInClauseTe
     for(i=iEq; i<pLoop->nLTerm; i++){
       if( pLoop->aLTerm[i]->pExpr==pX ){
         int iField = pLoop->aLTerm[i]->iField - 1;
-        assert( pOrigRhs->a[iField].pExpr!=0 );
+        if( pOrigRhs->a[iField].pExpr==0 ) continue; /* Duplicate PK column */
         pRhs = sqlite3ExprListAppend(pParse, pRhs, pOrigRhs->a[iField].pExpr);
         pOrigRhs->a[iField].pExpr = 0;
         assert( pOrigLhs->a[iField].pExpr!=0 );