40 lines
1.3 KiB
Diff
40 lines
1.3 KiB
Diff
From 396afe6f6aa90a31303c183e11b2b2d4b7956b35 Mon Sep 17 00:00:00 2001
|
|
From: drh <drh@noemail.net>
|
|
Date: Wed, 18 Dec 2019 20:51:58 +0000
|
|
Subject: [PATCH] Fix CVE-2019-19926
|
|
Continue to back away from the LEFT JOIN optimization of
|
|
check-in [41c27bc0ff1d3135] by disallowing query flattening if the outer
|
|
query is DISTINCT. Without this fix, if an index scan is run on the table
|
|
within the view on the right-hand side of the LEFT JOIN, stale result
|
|
registers might be accessed yielding incorrect results, and/or an
|
|
OP_IfNullRow opcode might be invoked on the un-opened table, resulting in a
|
|
NULL-pointer dereference. This problem was found by the Yongheng and Rui
|
|
fuzzer.
|
|
|
|
FossilOrigin-Name: 862974312edf00e9d1068115d1a39b7235b7db68b6d86b81d38a12f025a4748e
|
|
|
|
Change by Weifeng <suweifeng1@huawei.com>:
|
|
Fit for version 3.24.0
|
|
---
|
|
src/select.c | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/select.c b/src/select.c
|
|
index 4510b77..f78c8a5 100644
|
|
--- a/src/select.c
|
|
+++ b/src/select.c
|
|
@@ -2813,7 +2813,8 @@ static int multiSelect(
|
|
}
|
|
#endif
|
|
}
|
|
-
|
|
+ if( pParse->nErr ) goto multi_select_end;
|
|
+
|
|
/* Compute collating sequences used by
|
|
** temporary tables needed to implement the compound select.
|
|
** Attach the KeyInfo structure to all temporary tables.
|
|
--
|
|
2.19.1
|
|
|
|
|