sqlite.patch001

diff -Npur -x .git sqlite.3.31.1/manifest sqlite.3.31.1_CVE-2020-9327_bf48ce49_78d1d225_patch001/manifest
--- sqlite.3.31.1/manifest	2020-04-20 10:21:03.622574899 +0800
+++ sqlite.3.31.1_CVE-2020-9327_bf48ce49_78d1d225_patch001/manifest	2020-04-20 11:05:54.613993594 +0800
@@ -482,8 +482,8 @@ F src/ctime.c 1b0724e66f95f33b160b1af85c
 F src/date.c 6c408fdd2e9ddf6e8431aba76315a2d061bea2cec8fbb75e25d7c1ba08274712
 F src/dbpage.c 8a01e865bf8bc6d7b1844b4314443a6436c07c3efe1d488ed89e81719047833a
 F src/dbstat.c 0f55297469d4244ab7df395849e1af98eb5e95816af7c661e7d2d8402dea23da
-F src/delete.c a5c59b9c0251cf7682bc52af0d64f09b1aefc6781a63592c8f1136f7b73c66e4
-F src/expr.c 003c59158b33d7f3b198122cb0d1e13c06517cc3932e56b42283eb0e96696d66
+F src/delete.c 11000121c4281c0bce4e41db29addfaea0038eaa127ece02557c9207bc3e541d
+F src/expr.c 4b25db7f9472b3532560242193bc4eefaefc7720dc4f2d7ec9a89ada410c6ea2
 F src/fault.c 460f3e55994363812d9d60844b2a6de88826e007
 F src/fkey.c 92a248ec0fa4ed8ab60c98d9b188ce173aaf218f32e7737ba77deb2a684f9847
 F src/func.c 108577cebe8a50c86d849a93b99493a54e348dd0b846f00d13b52ca973d5baf4
@@ -536,8 +536,8 @@ F src/shell.c.in c2e20c43a44fb5588a6c27c
 F src/sqlite.h.in 75d0304247a2154122d6d06f12219c1e29291d72304f0eeef4c1ec6b1409b443
 F src/sqlite3.rc 5121c9e10c3964d5755191c80dd1180c122fc3a8
 F src/sqlite3ext.h 27951f294f29cd875c6027f2707d644ef99f469bd97514568b5a8581a114db8c
-F src/sqliteInt.h 7a29ba700a51eeb925731749a570cf3859f6a58ed94797ecf47508875b0ba279
-F src/sqliteLimit.h 1513bfb7b20378aa0041e7022d04acb73525de35b80b252f1b83fedb4de6a76b
+F src/sqliteInt.h d736043dc6291d3af289d911237da0801b6c05be086ae322eedd47a089ae8d2f
+F src/sqliteLimit.h 95cb8479ca459496d9c1c6a9f76b38aee12203a56ce1092fe13e50ae2454c032
 F src/status.c 9ff2210207c6c3b4d9631a8241a7d45ab1b26a0e9c84cb07a9b5ce2de9a3b278
 F src/table.c b46ad567748f24a326d9de40e5b9659f96ffff34
 F src/tclsqlite.c 97590069efaba5a4928ecffb606e3771dd93ee8e6bf248a62a6507c37a2b2e46
@@ -619,8 +619,8 @@ F src/wal.h 606292549f5a7be50b6227bd685f
 F src/walker.c a137468bf36c92e64d2275caa80c83902e3a0fc59273591b96c6416d3253d05d
 F src/where.c 2005d0511e05e5f7b6fb3be514b44f264f23d45f3b0cc5e150c63e3006a003e5
 F src/whereInt.h 9157228db086f436a574589f8cc5749bd971e94017c552305ad9ec472ed2e098
-F src/wherecode.c ec8870d6fe79668dd12d7edc65ae9771828d6cdfe478348c8abd872a89fdbadd
-F src/whereexpr.c 4b34be1434183e7bb8a05d4bf42bd53ea53021b0b060936fbd12062b4ff6b396
+F src/wherecode.c f5df56e395ade2240cabb2d39500c681bd29f8cc0636c3301c4996ad160df94d
+F src/whereexpr.c 264d58971eaf8256eb5b0917bcd7fc7a1f1109fdda183a8382308a1b18a2dce7
 F src/window.c f8ba2ee12a19b51d3ba42c16277c74185ee9215306bc0d5a03974ade8b5bc98f
 F test/8_3_names.test ebbb5cd36741350040fd28b432ceadf495be25b2
 F test/affinity2.test ce1aafc86e110685b324e9a763eab4f2a73f737842ec3b687bd965867de90627
@@ -1857,10 +1857,10 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 6fb9a8fb85486a8fccc462856316ef523450c23a7a7a81c8dfb323fbe809f8f5
-R bf075f6bcc1758c5c1ecd13052997456
+P 9d0d4ab95dc0c56e053c2924ed322a9ea7b25439e6f74599f706905a1994e454
+R 1c052b7cdf4947664b7043564b643ac3
 T +bgcolor * #d0c0ff
 T +sym-release *
 T +sym-version-3.31.1 *
 U drh
-Z 7c50801eed3eaef969e028ef5a0a641a
+Z e960557a43b001a47933dacf8bc1d10e
diff -Npur -x .git sqlite.3.31.1/manifest.uuid sqlite.3.31.1_CVE-2020-9327_bf48ce49_78d1d225_patch001/manifest.uuid
--- sqlite.3.31.1/manifest.uuid	2020-04-20 10:21:03.630574843 +0800
+++ sqlite.3.31.1_CVE-2020-9327_bf48ce49_78d1d225_patch001/manifest.uuid	2020-04-20 11:05:54.613993594 +0800
@@ -1 +1 @@
-3bfa9cc97da10598521b342961df8f5f68c7388fa117345eeb516eaa837bb4d6
\ 文件尾没有换行符
+abc473fb8fb999005dc79a360e34f97b3b25429decf1820dd2afa5c19577753d
diff -Npur -x .git sqlite.3.31.1/src/expr.c sqlite.3.31.1_CVE-2020-9327_bf48ce49_78d1d225_patch001/src/expr.c
--- sqlite.3.31.1/src/expr.c	2020-04-20 10:21:03.642574758 +0800
+++ sqlite.3.31.1_CVE-2020-9327_bf48ce49_78d1d225_patch001/src/expr.c	2020-04-20 11:05:54.617993541 +0800
@@ -5463,19 +5463,25 @@ static int impliesNotNullRow(Walker *pWa
     case TK_LT:
     case TK_LE:
     case TK_GT:
-    case TK_GE:
+    case TK_GE: {
+      Expr *pLeft = pExpr->pLeft;
+      Expr *pRight = pExpr->pRight;
       testcase( pExpr->op==TK_EQ );
       testcase( pExpr->op==TK_NE );
       testcase( pExpr->op==TK_LT );
       testcase( pExpr->op==TK_LE );
       testcase( pExpr->op==TK_GT );
       testcase( pExpr->op==TK_GE );
-      if( (pExpr->pLeft->op==TK_COLUMN && IsVirtual(pExpr->pLeft->y.pTab))
-       || (pExpr->pRight->op==TK_COLUMN && IsVirtual(pExpr->pRight->y.pTab))
+      /* The y.pTab=0 assignment in wherecode.c always happens after the
+      ** impliesNotNullRow() test */
+      if( (pLeft->op==TK_COLUMN && ALWAYS(pLeft->y.pTab!=0)
+                               && IsVirtual(pLeft->y.pTab))
+       || (pRight->op==TK_COLUMN && ALWAYS(pRight->y.pTab!=0)
+                               && IsVirtual(pRight->y.pTab))
       ){
-       return WRC_Prune;
+        return WRC_Prune;
       }
-
+    }
     default:
       return WRC_Continue;
   }
diff -Npur -x .git sqlite.3.31.1/src/sqliteInt.h sqlite.3.31.1_CVE-2020-9327_bf48ce49_78d1d225_patch001/src/sqliteInt.h
--- sqlite.3.31.1/src/sqliteInt.h	2020-04-20 10:21:03.642574758 +0800
+++ sqlite.3.31.1_CVE-2020-9327_bf48ce49_78d1d225_patch001/src/sqliteInt.h	2020-04-20 11:05:54.617993541 +0800
@@ -2153,8 +2153,11 @@ struct Table {
 */
 #ifndef SQLITE_OMIT_VIRTUALTABLE
 #  define IsVirtual(X)      ((X)->nModuleArg)
+#  define ExprIsVtab(X)  \
+              ((X)->op==TK_COLUMN && (X)->y.pTab!=0 && (X)->y.pTab->nModuleArg)
 #else
 #  define IsVirtual(X)      0
+#  define ExprIsVtab(X)     0
 #endif
 
 /*
diff -Npur -x .git sqlite.3.31.1/src/whereexpr.c sqlite.3.31.1_CVE-2020-9327_bf48ce49_78d1d225_patch001/src/whereexpr.c
--- sqlite.3.31.1/src/whereexpr.c	2020-04-20 10:21:03.642574758 +0800
+++ sqlite.3.31.1_CVE-2020-9327_bf48ce49_78d1d225_patch001/src/whereexpr.c	2020-04-20 11:05:54.617993541 +0800
@@ -377,7 +377,8 @@ static int isAuxiliaryVtabOperator(
     **       MATCH(expression,vtab_column)
     */
     pCol = pList->a[1].pExpr;
-    if( pCol->op==TK_COLUMN && IsVirtual(pCol->y.pTab) ){
+    testcase( pCol->op==TK_COLUMN && pCol->y.pTab==0 );
+    if( ExprIsVtab(pCol) ){
       for(i=0; i<ArraySize(aOp); i++){
         if( sqlite3StrICmp(pExpr->u.zToken, aOp[i].zOp)==0 ){
           *peOp2 = aOp[i].eOp2;
@@ -399,7 +400,8 @@ static int isAuxiliaryVtabOperator(
     ** with function names in an arbitrary case.
     */
     pCol = pList->a[0].pExpr;
-    if( pCol->op==TK_COLUMN && IsVirtual(pCol->y.pTab) ){
+    testcase( pCol->op==TK_COLUMN && pCol->y.pTab==0 );
+    if( ExprIsVtab(pCol) ){
       sqlite3_vtab *pVtab;
       sqlite3_module *pMod;
       void (*xNotUsed)(sqlite3_context*,int,sqlite3_value**);
@@ -422,10 +424,12 @@ static int isAuxiliaryVtabOperator(
     int res = 0;
     Expr *pLeft = pExpr->pLeft;
     Expr *pRight = pExpr->pRight;
-    if( pLeft->op==TK_COLUMN && IsVirtual(pLeft->y.pTab) ){
+    testcase( pLeft->op==TK_COLUMN && pLeft->y.pTab==0 );
+    if( ExprIsVtab(pLeft) ){
       res++;
     }
-    if( pRight && pRight->op==TK_COLUMN && IsVirtual(pRight->y.pTab) ){
+    testcase( pRight && pRight->op==TK_COLUMN && pRight->y.pTab==0 );
+    if( pRight && ExprIsVtab(pRight) ){
       res++;
       SWAP(Expr*, pLeft, pRight);
     }