CVE: CVE-2019-19880
Upstream-Status: Backport
Signed-off-by: Ross Burton <ross.burton@intel.com>

From 3622d20ad10dfac9586d4423547ed960cbc66fcf Mon Sep 17 00:00:00 2001
From: "D. Richard Hipp" <drh@hwaci.com>
Date: Wed, 18 Dec 2019 00:05:50 +0000
Subject: [PATCH] When processing constant integer values in ORDER BY clauses
 of window definitions (see check-in [7e4 ---

---
 sqlite3.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/sqlite3.c b/sqlite3.c
index db1c649..a83b3d2 100644
--- a/sqlite3.c
+++ b/sqlite3.c
@@ -147584,9 +147584,11 @@ static ExprList *exprListAppendList(
     int nInit = pList ? pList->nExpr : 0;
     for(i=0; i<pAppend->nExpr; i++){
       Expr *pDup = sqlite3ExprDup(pParse->db, pAppend->a[i].pExpr, 0);
+      assert( pDup==0 || !ExprHasProperty(pDup, EP_MemToken) );
       if( bIntToNull && pDup && pDup->op==TK_INTEGER ){
         pDup->op = TK_NULL;
         pDup->flags &= ~(EP_IntValue|EP_IsTrue|EP_IsFalse);
+        pDup->u.zToken = 0;
       }
       pList = sqlite3ExprListAppend(pParse, pList, pDup);
       if( pList ) pList->a[nInit+i].sortFlags = pAppend->a[i].sortFlags;
-- 
2.24.1