From: dan <dan@noemail.net>
Date: Mon, 26 Oct 2020 13:24:36 +0000
Subject: [PATCH] Fix a problem with ALTER TABLE for views that have a nested
 FROM clause. Ticket [f50af3e8a565776b].

Upstream-Status: Backport [http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz]
CVE: CVE-2020-35527
Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
---
Index: sqlite-autoconf-3310100/sqlite3.c
===================================================================
--- sqlite-autoconf-3310100.orig/sqlite3.c
+++ sqlite-autoconf-3310100/sqlite3.c
@@ -133110,7 +133110,7 @@ static int selectExpander(Walker *pWalke
             pNew = sqlite3ExprListAppend(pParse, pNew, pExpr);
             sqlite3TokenInit(&sColname, zColname);
             sqlite3ExprListSetName(pParse, pNew, &sColname, 0);
-            if( pNew && (p->selFlags & SF_NestedFrom)!=0 ){
+            if( pNew && (p->selFlags & SF_NestedFrom)!=0 && !IN_RENAME_OBJECT ){
               struct ExprList_item *pX = &pNew->a[pNew->nExpr-1];
               sqlite3DbFree(db, pX->zEName);
               if( pSub ){