Do not allow a column reference that is converted into a constant by the
WHERE-clause constant propagation optimization to be moved to the init-time
constant expression list, as the table reference will not work there.
This fixes a problem found by OSSFuzz.
FossilOrigin-Name: d30b2a947313b146f29e2b53f0fd471409fda7938151241d3fb5863614f88999
diff --git a/src/expr.c b/src/expr.c
index 986b4f9..e469bda 100644
--- a/src/expr.c
+++ b/src/expr.c
@@ -1848,7 +1848,7 @@
testcase( pExpr->op==TK_COLUMN );
testcase( pExpr->op==TK_AGG_FUNCTION );
testcase( pExpr->op==TK_AGG_COLUMN );
- if( ExprHasProperty(pExpr, EP_FixedCol) ){
+ if( ExprHasProperty(pExpr, EP_FixedCol) && pWalker->eCode!=2 ){
return WRC_Continue;
}
if( pWalker->eCode==3 && pExpr->iTable==pWalker->u.iCur ){
@@ -1906,10 +1906,17 @@
}
/*
-** Walk an expression tree. Return non-zero if the expression is constant
-** that does no originate from the ON or USING clauses of a join.
-** Return 0 if it involves variables or function calls or terms from
-** an ON or USING clause.
+** Walk an expression tree. Return non-zero if
+**
+** (1) the expression is constant, and
+** (2) the expression does originate in the ON or USING clause
+** of a LEFT JOIN, and
+** (3) the expression does not contain any EP_FixedCol TK_COLUMN
+** operands created by the constant propagation optimization.
+**
+** When this routine returns true, it indicates that the expression
+** can be added to the pParse->pConstExpr list and evaluated once when
+** the prepared statement starts up. See sqlite3ExprCodeAtInit().
*/
int sqlite3ExprIsConstantNotJoin(Expr *p){
return exprIsConst(p, 2, 0);