Make sure the authenticator does not try to authenticate columns in
subqueries. Ticket #1607. (CVS 2939)
FossilOrigin-Name: 55b7dfaf4d3a6d01fffdaf1707e88bcd215d7333
diff --git a/src/auth.c b/src/auth.c
index b24976e..964ae66 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -14,7 +14,7 @@
** systems that do not need this facility may omit it by recompiling
** the library with -DSQLITE_OMIT_AUTHORIZATION=1
**
-** $Id: auth.c,v 1.23 2006/01/05 11:34:34 danielk1977 Exp $
+** $Id: auth.c,v 1.24 2006/01/13 13:55:45 drh Exp $
*/
#include "sqliteInt.h"
@@ -118,6 +118,11 @@
if( pExpr->op==TK_AS ) return;
assert( pExpr->op==TK_COLUMN );
iDb = sqlite3SchemaToIndex(pParse->db, pExpr->pSchema);
+ if( iDb<0 ){
+ /* An attempt to read a column out of a subquery or other
+ ** temporary table. */
+ return;
+ }
for(iSrc=0; pTabList && iSrc<pTabList->nSrc; iSrc++){
if( pExpr->iTable==pTabList->a[iSrc].iCursor ) break;
}
@@ -142,7 +147,7 @@
}else{
zCol = "ROWID";
}
- assert( iDb<db->nDb );
+ assert( iDb>=0 && iDb<db->nDb );
zDBase = db->aDb[iDb].zName;
rc = db->xAuth(db->pAuthArg, SQLITE_READ, pTab->zName, zCol, zDBase,
pParse->zAuthContext);