Fossil SCM

Fix compiler warnings in the shell.c from the previous check-in. Also bring in the latest trunk version of SQLite for testing.

drh 2017-06-15 13:12 trunk

Commit 2ada39bab8a6194ff21b469963e18af6cb95fe95338766cdda564eb73ccd2cdf

Parent d9e555194ac7709…

3 files changed +3 -3 +482 -392 +13 -4

~ src/shell.c ~ src/sqlite3.c ~ src/sqlite3.h

M src/shell.c

+3 -3

		--- src/shell.c
		+++ src/shell.c
		@@ -1215,11 +1215,11 @@
1215	1215	"UNIQUE INDEX",
1216	1216	"VIEW",
1217	1217	"TRIGGER",
1218	1218	"VIRTUAL TABLE"
1219	1219	};
1220		- int i = 0, n;
	1220	+ int i = 0;
1221	1221	const char zIn = (const char)sqlite3_value_text(apVal[0]);
1222	1222	const char zSchema = (const char)sqlite3_value_text(apVal[1]);
1223	1223	assert( nVal==2 );
1224	1224	if( zIn!=0 && strncmp(zIn, "CREATE ", 7)==0 ){
1225	1225	for(i=0; i<sizeof(aPrefix)/sizeof(aPrefix[0]); i++){
		@@ -5816,17 +5816,17 @@
5816	5816	sqlite3_snprintf(sizeof(zScNum), zScNum, "%d", ++iSchema);
5817	5817	appendText(&sSelect, zDiv, 0);
5818	5818	zDiv = " UNION ALL ";
5819	5819	if( strcmp(zDb, "main")!=0 ){
5820	5820	appendText(&sSelect, "SELECT shell_add_schema(sql,", 0);
5821		- appendText(&sSelect, sqlite3_column_text(pStmt, 0), '"');
	5821	+ appendText(&sSelect, zDb, '"');
5822	5822	appendText(&sSelect, ") AS sql, type, tbl_name, name, rowid,", 0);
5823	5823	appendText(&sSelect, zScNum, 0);
5824	5824	appendText(&sSelect, " AS snum, ", 0);
5825	5825	appendText(&sSelect, zDb, '\'');
5826	5826	appendText(&sSelect, " AS sname FROM ", 0);
5827		- appendText(&sSelect, sqlite3_column_text(pStmt, 0), '"');
	5827	+ appendText(&sSelect, zDb, '"');
5828	5828	appendText(&sSelect, ".sqlite_master", 0);
5829	5829	}else{
5830	5830	appendText(&sSelect, "SELECT sql, type, tbl_name, name, rowid, ", 0);
5831	5831	appendText(&sSelect, zScNum, 0);
5832	5832	appendText(&sSelect, " AS snum, 'main' AS sname FROM sqlite_master",0);
5833	5833

	--- src/shell.c
	+++ src/shell.c
	@@ -1215,11 +1215,11 @@
1215	"UNIQUE INDEX",
1216	"VIEW",
1217	"TRIGGER",
1218	"VIRTUAL TABLE"
1219	};
1220	int i = 0, n;
1221	const char zIn = (const char)sqlite3_value_text(apVal[0]);
1222	const char zSchema = (const char)sqlite3_value_text(apVal[1]);
1223	assert( nVal==2 );
1224	if( zIn!=0 && strncmp(zIn, "CREATE ", 7)==0 ){
1225	for(i=0; i<sizeof(aPrefix)/sizeof(aPrefix[0]); i++){
	@@ -5816,17 +5816,17 @@
5816	sqlite3_snprintf(sizeof(zScNum), zScNum, "%d", ++iSchema);
5817	appendText(&sSelect, zDiv, 0);
5818	zDiv = " UNION ALL ";
5819	if( strcmp(zDb, "main")!=0 ){
5820	appendText(&sSelect, "SELECT shell_add_schema(sql,", 0);
5821	appendText(&sSelect, sqlite3_column_text(pStmt, 0), '"');
5822	appendText(&sSelect, ") AS sql, type, tbl_name, name, rowid,", 0);
5823	appendText(&sSelect, zScNum, 0);
5824	appendText(&sSelect, " AS snum, ", 0);
5825	appendText(&sSelect, zDb, '\'');
5826	appendText(&sSelect, " AS sname FROM ", 0);
5827	appendText(&sSelect, sqlite3_column_text(pStmt, 0), '"');
5828	appendText(&sSelect, ".sqlite_master", 0);
5829	}else{
5830	appendText(&sSelect, "SELECT sql, type, tbl_name, name, rowid, ", 0);
5831	appendText(&sSelect, zScNum, 0);
5832	appendText(&sSelect, " AS snum, 'main' AS sname FROM sqlite_master",0);
5833

	--- src/shell.c
	+++ src/shell.c
	@@ -1215,11 +1215,11 @@
1215	"UNIQUE INDEX",
1216	"VIEW",
1217	"TRIGGER",
1218	"VIRTUAL TABLE"
1219	};
1220	int i = 0;
1221	const char zIn = (const char)sqlite3_value_text(apVal[0]);
1222	const char zSchema = (const char)sqlite3_value_text(apVal[1]);
1223	assert( nVal==2 );
1224	if( zIn!=0 && strncmp(zIn, "CREATE ", 7)==0 ){
1225	for(i=0; i<sizeof(aPrefix)/sizeof(aPrefix[0]); i++){
	@@ -5816,17 +5816,17 @@
5816	sqlite3_snprintf(sizeof(zScNum), zScNum, "%d", ++iSchema);
5817	appendText(&sSelect, zDiv, 0);
5818	zDiv = " UNION ALL ";
5819	if( strcmp(zDb, "main")!=0 ){
5820	appendText(&sSelect, "SELECT shell_add_schema(sql,", 0);
5821	appendText(&sSelect, zDb, '"');
5822	appendText(&sSelect, ") AS sql, type, tbl_name, name, rowid,", 0);
5823	appendText(&sSelect, zScNum, 0);
5824	appendText(&sSelect, " AS snum, ", 0);
5825	appendText(&sSelect, zDb, '\'');
5826	appendText(&sSelect, " AS sname FROM ", 0);
5827	appendText(&sSelect, zDb, '"');
5828	appendText(&sSelect, ".sqlite_master", 0);
5829	}else{
5830	appendText(&sSelect, "SELECT sql, type, tbl_name, name, rowid, ", 0);
5831	appendText(&sSelect, zScNum, 0);
5832	appendText(&sSelect, " AS snum, 'main' AS sname FROM sqlite_master",0);
5833

M src/sqlite3.c

+482 -392

		--- src/sqlite3.c
		+++ src/sqlite3.c
		@@ -1,8 +1,8 @@
1	1	/******************************************************************************
2	2	** This file is an amalgamation of many separate C source files from SQLite
3		-** version 3.19.3. By combining all the individual C code files into this
	3	+** version 3.20.0. By combining all the individual C code files into this
4	4	** single large file, the entire code can be compiled as a single translation
5	5	** unit. This allows many compilers to do optimizations that would not be
6	6	** possible if the files were compiled separately. Performance improvements
7	7	** of 5% or more are commonly seen when SQLite is compiled as a single
8	8	** translation unit.
		@@ -396,13 +396,13 @@
396	396	**
397	397	** See also: [sqlite3_libversion()],
398	398	** [sqlite3_libversion_number()], [sqlite3_sourceid()],
399	399	** [sqlite_version()] and [sqlite_source_id()].
400	400	*/
401		-#define SQLITE_VERSION "3.19.3"
402		-#define SQLITE_VERSION_NUMBER 3019003
403		-#define SQLITE_SOURCE_ID "2017-06-08 14:26:16 0ee482a1e0eae22e08edc8978c9733a96603d4509645f348ebf55b579e89636b"
	401	+#define SQLITE_VERSION "3.20.0"
	402	+#define SQLITE_VERSION_NUMBER 3020000
	403	+#define SQLITE_SOURCE_ID "2017-06-15 13:07:56 9afd7a2ffd3a39456190ad05e85ff6485298aae262d9e0698a58c1d73507a36f"
404	404
405	405	/*
406	406	** CAPI3REF: Run-Time Library Version Numbers
407	407	** KEYWORDS: sqlite3_version sqlite3_sourceid
408	408	**
		@@ -5895,11 +5895,13 @@
5895	5895	** column exists. ^The sqlite3_table_column_metadata() interface returns
5896	5896	** SQLITE_ERROR and if the specified column does not exist.
5897	5897	** ^If the column-name parameter to sqlite3_table_column_metadata() is a
5898	5898	** NULL pointer, then this routine simply checks for the existence of the
5899	5899	** table and returns SQLITE_OK if the table exists and SQLITE_ERROR if it
5900		-** does not.
	5900	+** does not. If the table name parameter T in a call to
	5901	+** sqlite3_table_column_metadata(X,D,T,C,...) is NULL then the result is
	5902	+** undefined behavior.
5901	5903	**
5902	5904	** ^The column is identified by the second, third and fourth parameters to
5903	5905	** this function. ^(The second parameter is either the name of the database
5904	5906	** (i.e. "main", "temp", or an attached database) containing the specified
5905	5907	** table or NULL.)^ ^If it is NULL, then all attached databases are searched
		@@ -7408,17 +7410,24 @@
7408	7410	** by the prepared statement if that number is less than or equal
7409	7411	** to 2147483647. The number of virtual machine operations can be
7410	7412	** used as a proxy for the total work done by the prepared statement.
7411	7413	** If the number of virtual machine operations exceeds 2147483647
7412	7414	** then the value returned by this statement status code is undefined.
	7415	+**
	7416	+** [[SQLITE_STMTSTATUS_MEMUSED]] <dt>SQLITE_STMTSTATUS_MEMUSED</dt>
	7417	+** <dd>^This is the approximate number of bytes of heap memory
	7418	+** used to store the prepared statement. ^This value is not actually
	7419	+** a counter, and so the resetFlg parameter to sqlite3_stmt_status()
	7420	+** is ignored when the opcode is SQLITE_STMTSTATUS_MEMUSED.
7413	7421	** </dd>
7414	7422	** </dl>
7415	7423	*/
7416	7424	#define SQLITE_STMTSTATUS_FULLSCAN_STEP 1
7417	7425	#define SQLITE_STMTSTATUS_SORT 2
7418	7426	#define SQLITE_STMTSTATUS_AUTOINDEX 3
7419	7427	#define SQLITE_STMTSTATUS_VM_STEP 4
	7428	+#define SQLITE_STMTSTATUS_MEMUSED 5
7420	7429
7421	7430	/*
7422	7431	** CAPI3REF: Custom Page Cache Object
7423	7432	**
7424	7433	** The sqlite3_pcache type is opaque. It is implemented by
		@@ -12478,13 +12487,13 @@
12478	12487
12479	12488	SQLITE_PRIVATE int sqlite3BtreeInsert(BtCursor, const BtreePayload pPayload,
12480	12489	int flags, int seekResult);
12481	12490	SQLITE_PRIVATE int sqlite3BtreeFirst(BtCursor, int pRes);
12482	12491	SQLITE_PRIVATE int sqlite3BtreeLast(BtCursor, int pRes);
12483		-SQLITE_PRIVATE int sqlite3BtreeNext(BtCursor, int pRes);
	12492	+SQLITE_PRIVATE int sqlite3BtreeNext(BtCursor*, int flags);
12484	12493	SQLITE_PRIVATE int sqlite3BtreeEof(BtCursor*);
12485		-SQLITE_PRIVATE int sqlite3BtreePrevious(BtCursor, int pRes);
	12494	+SQLITE_PRIVATE int sqlite3BtreePrevious(BtCursor*, int flags);
12486	12495	SQLITE_PRIVATE i64 sqlite3BtreeIntegerKey(BtCursor*);
12487	12496	SQLITE_PRIVATE int sqlite3BtreePayload(BtCursor, u32 offset, u32 amt, void);
12488	12497	SQLITE_PRIVATE const void sqlite3BtreePayloadFetch(BtCursor, u32 *pAmt);
12489	12498	SQLITE_PRIVATE u32 sqlite3BtreePayloadSize(BtCursor*);
12490	12499
		@@ -12631,11 +12640,11 @@
12631	12640	SubProgram pProgram; / Used when p4type is P4_SUBPROGRAM */
12632	12641	Table pTab; / Used when p4type is P4_TABLE */
12633	12642	#ifdef SQLITE_ENABLE_CURSOR_HINTS
12634	12643	Expr pExpr; / Used when p4type is P4_EXPR */
12635	12644	#endif
12636		- int (xAdvance)(BtCursor , int *);
	12645	+ int (xAdvance)(BtCursor , int);
12637	12646	} p4;
12638	12647	#ifdef SQLITE_ENABLE_EXPLAIN_COMMENTS
12639	12648	char zComment; / Comment to improve readability */
12640	12649	#endif
12641	12650	#ifdef VDBE_PROFILE
		@@ -12865,11 +12874,11 @@
12865	12874	#define OP_Rowid 125 /* synopsis: r[P2]=rowid */
12866	12875	#define OP_NullRow 126
12867	12876	#define OP_SorterInsert 127 /* synopsis: key=r[P2] */
12868	12877	#define OP_IdxInsert 128 /* synopsis: key=r[P2] */
12869	12878	#define OP_IdxDelete 129 /* synopsis: key=r[P2@P3] */
12870		-#define OP_Seek 130 /* synopsis: Move P3 to P1.rowid */
	12879	+#define OP_DeferredSeek 130 /* synopsis: Move P3 to P1.rowid if needed */
12871	12880	#define OP_IdxRowid 131 /* synopsis: r[P2]=rowid */
12872	12881	#define OP_Real 132 /* same as TK_FLOAT, synopsis: r[P2]=P4 */
12873	12882	#define OP_Destroy 133
12874	12883	#define OP_Clear 134
12875	12884	#define OP_ResetSorter 135
		@@ -13369,25 +13378,25 @@
13369	13378	*/
13370	13379	struct PgHdr {
13371	13380	sqlite3_pcache_page pPage; / Pcache object page handle */
13372	13381	void pData; / Page data */
13373	13382	void pExtra; / Extra content */
	13383	+ PCache pCache; / PRIVATE: Cache that owns this page */
13374	13384	PgHdr pDirty; / Transient list of dirty sorted by pgno */
13375	13385	Pager pPager; / The pager this page is part of */
13376	13386	Pgno pgno; /* Page number for this page */
13377	13387	#ifdef SQLITE_CHECK_PAGES
13378	13388	u32 pageHash; /* Hash of page content */
13379	13389	#endif
13380	13390	u16 flags; /* PGHDR flags defined below */
13381	13391
13382	13392	/**********************************************************************
13383		- ** Elements above are public. All that follows is private to pcache.c
13384		- ** and should not be accessed by other modules.
	13393	+ ** Elements above, except pCache, are public. All that follow are
	13394	+ ** private to pcache.c and should not be accessed by other modules.
	13395	+ ** pCache is grouped with the public elements for efficiency.
13385	13396	*/
13386	13397	i16 nRef; /* Number of users of this page */
13387		- PCache pCache; / Cache that owns this page */
13388		-
13389	13398	PgHdr pDirtyNext; / Next element in list of dirty pages */
13390	13399	PgHdr pDirtyPrev; / Previous element in list of dirty pages */
13391	13400	};
13392	13401
13393	13402	/* Bit values for PgHdr.flags */
		@@ -15142,11 +15151,11 @@
15142	15151	** The following are the meanings of bits in the Expr.flags field.
15143	15152	*/
15144	15153	#define EP_FromJoin 0x000001 /* Originates in ON/USING clause of outer join */
15145	15154	#define EP_Agg 0x000002 /* Contains one or more aggregate functions */
15146	15155	#define EP_Resolved 0x000004 /* IDs have been resolved to COLUMNs */
15147		-#define EP_Error 0x000008 /* Expression contains one or more errors */
	15156	+ /* 0x000008 // available for use */
15148	15157	#define EP_Distinct 0x000010 /* Aggregate function with DISTINCT keyword */
15149	15158	#define EP_VarSelect 0x000020 /* pSelect is correlated, not constant */
15150	15159	#define EP_DblQuoted 0x000040 /* token.z was originally in "..." */
15151	15160	#define EP_InfixFunc 0x000080 /* True for an infix function: LIKE, GLOB, etc */
15152	15161	#define EP_Collate 0x000100 /* Tree contains a TK_COLLATE operator */
		@@ -15609,14 +15618,14 @@
15609	15618	** An instance of this object describes where to put of the results of
15610	15619	** a SELECT statement.
15611	15620	*/
15612	15621	struct SelectDest {
15613	15622	u8 eDest; /* How to dispose of the results. On of SRT_* above. */
15614		- char zAffSdst; / Affinity used when eDest==SRT_Set */
15615	15623	int iSDParm; /* A parameter used by the eDest disposal method */
15616	15624	int iSdst; /* Base register where results are written */
15617	15625	int nSdst; /* Number of registers allocated */
	15626	+ char zAffSdst; / Affinity used when eDest==SRT_Set */
15618	15627	ExprList pOrderBy; / Key columns for SRT_Queue and SRT_DistQueue */
15619	15628	};
15620	15629
15621	15630	/*
15622	15631	** During code generation of statements that do inserts into AUTOINCREMENT
		@@ -16115,10 +16124,14 @@
16115	16124	SQLITE_PRIVATE int sqlite3WalkExprList(Walker, ExprList);
16116	16125	SQLITE_PRIVATE int sqlite3WalkSelect(Walker, Select);
16117	16126	SQLITE_PRIVATE int sqlite3WalkSelectExpr(Walker, Select);
16118	16127	SQLITE_PRIVATE int sqlite3WalkSelectFrom(Walker, Select);
16119	16128	SQLITE_PRIVATE int sqlite3ExprWalkNoop(Walker, Expr);
	16129	+SQLITE_PRIVATE int sqlite3SelectWalkNoop(Walker, Select);
	16130	+#ifdef SQLITE_DEBUG
	16131	+SQLITE_PRIVATE void sqlite3SelectWalkAssert2(Walker, Select);
	16132	+#endif
16120	16133
16121	16134	/*
16122	16135	** Return code from the parse-tree walking primitives and their
16123	16136	** callbacks.
16124	16137	*/
		@@ -16176,15 +16189,18 @@
16176	16189	#define SQLITE_MISUSE_BKPT sqlite3MisuseError(__LINE__)
16177	16190	#define SQLITE_CANTOPEN_BKPT sqlite3CantopenError(__LINE__)
16178	16191	#ifdef SQLITE_DEBUG
16179	16192	SQLITE_PRIVATE int sqlite3NomemError(int);
16180	16193	SQLITE_PRIVATE int sqlite3IoerrnomemError(int);
	16194	+SQLITE_PRIVATE int sqlite3CorruptPgnoError(int,Pgno);
16181	16195	# define SQLITE_NOMEM_BKPT sqlite3NomemError(__LINE__)
16182	16196	# define SQLITE_IOERR_NOMEM_BKPT sqlite3IoerrnomemError(__LINE__)
	16197	+# define SQLITE_CORRUPT_PGNO(P) sqlite3CorruptPgnoError(__LINE__,(P))
16183	16198	#else
16184	16199	# define SQLITE_NOMEM_BKPT SQLITE_NOMEM
16185	16200	# define SQLITE_IOERR_NOMEM_BKPT SQLITE_IOERR_NOMEM
	16201	+# define SQLITE_CORRUPT_PGNO(P) sqlite3CorruptError(__LINE__)
16186	16202	#endif
16187	16203
16188	16204	/*
16189	16205	** FTS3 and FTS4 both require virtual table support
16190	16206	*/
		@@ -18438,11 +18454,11 @@
18438	18454
18439	18455	SQLITE_PRIVATE int sqlite3VdbeSorterInit(sqlite3 , int, VdbeCursor );
18440	18456	SQLITE_PRIVATE void sqlite3VdbeSorterReset(sqlite3 , VdbeSorter );
18441	18457	SQLITE_PRIVATE void sqlite3VdbeSorterClose(sqlite3 , VdbeCursor );
18442	18458	SQLITE_PRIVATE int sqlite3VdbeSorterRowkey(const VdbeCursor , Mem );
18443		-SQLITE_PRIVATE int sqlite3VdbeSorterNext(sqlite3 , const VdbeCursor , int *);
	18459	+SQLITE_PRIVATE int sqlite3VdbeSorterNext(sqlite3 , const VdbeCursor );
18444	18460	SQLITE_PRIVATE int sqlite3VdbeSorterRewind(const VdbeCursor , int );
18445	18461	SQLITE_PRIVATE int sqlite3VdbeSorterWrite(const VdbeCursor , Mem );
18446	18462	SQLITE_PRIVATE int sqlite3VdbeSorterCompare(const VdbeCursor , Mem , int, int *);
18447	18463
18448	18464	#if !defined(SQLITE_OMIT_SHARED_CACHE)
		@@ -29638,11 +29654,11 @@
29638	29654	/* 125 */ "Rowid" OpHelp("r[P2]=rowid"),
29639	29655	/* 126 */ "NullRow" OpHelp(""),
29640	29656	/* 127 */ "SorterInsert" OpHelp("key=r[P2]"),
29641	29657	/* 128 */ "IdxInsert" OpHelp("key=r[P2]"),
29642	29658	/* 129 */ "IdxDelete" OpHelp("key=r[P2@P3]"),
29643		- /* 130 */ "Seek" OpHelp("Move P3 to P1.rowid"),
	29659	+ /* 130 */ "DeferredSeek" OpHelp("Move P3 to P1.rowid if needed"),
29644	29660	/* 131 */ "IdxRowid" OpHelp("r[P2]=rowid"),
29645	29661	/* 132 */ "Real" OpHelp("r[P2]=P4"),
29646	29662	/* 133 */ "Destroy" OpHelp(""),
29647	29663	/* 134 */ "Clear" OpHelp(""),
29648	29664	/* 135 */ "ResetSorter" OpHelp(""),
		@@ -50168,11 +50184,11 @@
50168	50184	assert( isOpen(pPager->fd) );
50169	50185	assert( pPager->tempFile==0 );
50170	50186	nPage = sqlite3WalDbsize(pPager->pWal);
50171	50187
50172	50188	/* If the number of pages in the database is not available from the
50173		- ** WAL sub-system, determine the page counte based on the size of
	50189	+ ** WAL sub-system, determine the page count based on the size of
50174	50190	** the database file. If the size of the database file is not an
50175	50191	** integer multiple of the page-size, round up the result.
50176	50192	*/
50177	50193	if( nPage==0 && ALWAYS(isOpen(pPager->fd)) ){
50178	50194	i64 n = 0; /* Size of db file in bytes */
		@@ -50219,27 +50235,25 @@
50219	50235	assert( pPager->eState==PAGER_OPEN );
50220	50236	assert( pPager->eLock>=SHARED_LOCK );
50221	50237
50222	50238	if( !pPager->tempFile ){
50223	50239	int isWal; /* True if WAL file exists */
50224		- Pgno nPage; /* Size of the database file */
50225		-
50226		- rc = pagerPagecount(pPager, &nPage);
50227		- if( rc ) return rc;
50228		- if( nPage==0 ){
50229		- rc = sqlite3OsDelete(pPager->pVfs, pPager->zWal, 0);
50230		- if( rc==SQLITE_IOERR_DELETE_NOENT ) rc = SQLITE_OK;
50231		- isWal = 0;
50232		- }else{
50233		- rc = sqlite3OsAccess(
50234		- pPager->pVfs, pPager->zWal, SQLITE_ACCESS_EXISTS, &isWal
50235		- );
50236		- }
	50240	+ rc = sqlite3OsAccess(
	50241	+ pPager->pVfs, pPager->zWal, SQLITE_ACCESS_EXISTS, &isWal
	50242	+ );
50237	50243	if( rc==SQLITE_OK ){
50238	50244	if( isWal ){
50239		- testcase( sqlite3PcachePagecount(pPager->pPCache)==0 );
50240		- rc = sqlite3PagerOpenWal(pPager, 0);
	50245	+ Pgno nPage; /* Size of the database file */
	50246	+
	50247	+ rc = pagerPagecount(pPager, &nPage);
	50248	+ if( rc ) return rc;
	50249	+ if( nPage==0 ){
	50250	+ rc = sqlite3OsDelete(pPager->pVfs, pPager->zWal, 0);
	50251	+ }else{
	50252	+ testcase( sqlite3PcachePagecount(pPager->pPCache)==0 );
	50253	+ rc = sqlite3PagerOpenWal(pPager, 0);
	50254	+ }
50241	50255	}else if( pPager->journalMode==PAGER_JOURNALMODE_WAL ){
50242	50256	pPager->journalMode = PAGER_JOURNALMODE_DELETE;
50243	50257	}
50244	50258	}
50245	50259	}
		@@ -52178,23 +52192,18 @@
52178	52192	**
52179	52193	** There is a vanishingly small chance that a change will not be
52180	52194	** detected. The chance of an undetected change is so small that
52181	52195	** it can be neglected.
52182	52196	*/
52183		- Pgno nPage = 0;
52184	52197	char dbFileVers[sizeof(pPager->dbFileVers)];
52185	52198
52186		- rc = pagerPagecount(pPager, &nPage);
52187		- if( rc ) goto failed;
52188		-
52189		- if( nPage>0 ){
52190		- IOTRACE(("CKVERS %p %d\n", pPager, sizeof(dbFileVers)));
52191		- rc = sqlite3OsRead(pPager->fd, &dbFileVers, sizeof(dbFileVers), 24);
52192		- if( rc!=SQLITE_OK && rc!=SQLITE_IOERR_SHORT_READ ){
	52199	+ IOTRACE(("CKVERS %p %d\n", pPager, sizeof(dbFileVers)));
	52200	+ rc = sqlite3OsRead(pPager->fd, &dbFileVers, sizeof(dbFileVers), 24);
	52201	+ if( rc!=SQLITE_OK ){
	52202	+ if( rc!=SQLITE_IOERR_SHORT_READ ){
52193	52203	goto failed;
52194	52204	}
52195		- }else{
52196	52205	memset(dbFileVers, 0, sizeof(dbFileVers));
52197	52206	}
52198	52207
52199	52208	if( memcmp(pPager->dbFileVers, dbFileVers, sizeof(dbFileVers))!=0 ){
52200	52209	pager_reset(pPager);
		@@ -59803,11 +59812,11 @@
59803	59812	assert( nKey==(i64)(int)nKey );
59804	59813	pIdxKey = sqlite3VdbeAllocUnpackedRecord(pCur->pKeyInfo);
59805	59814	if( pIdxKey==0 ) return SQLITE_NOMEM_BKPT;
59806	59815	sqlite3VdbeRecordUnpack(pCur->pKeyInfo, (int)nKey, pKey, pIdxKey);
59807	59816	if( pIdxKey->nField==0 ){
59808		- rc = SQLITE_CORRUPT_BKPT;
	59817	+ rc = SQLITE_CORRUPT_PGNO(pCur->apPage[pCur->iPage]->pgno);
59809	59818	goto moveto_done;
59810	59819	}
59811	59820	}else{
59812	59821	pIdxKey = 0;
59813	59822	}
		@@ -60032,11 +60041,11 @@
60032	60041	assert( pEType!=0 );
60033	60042	*pEType = pPtrmap[offset];
60034	60043	if( pPgno ) *pPgno = get4byte(&pPtrmap[offset+1]);
60035	60044
60036	60045	sqlite3PagerUnref(pDbPage);
60037		- if( pEType<1 \|\| pEType>5 ) return SQLITE_CORRUPT_BKPT;
	60046	+ if( pEType<1 \|\| pEType>5 ) return SQLITE_CORRUPT_PGNO(iPtrmap);
60038	60047	return SQLITE_OK;
60039	60048	}
60040	60049
60041	60050	#else /* if defined SQLITE_OMIT_AUTOVACUUM */
60042	60051	#define ptrmapPut(w,x,y,z,rc)
		@@ -60417,11 +60426,11 @@
60417	60426	u8 *pAddr;
60418	60427	int sz2 = 0;
60419	60428	int sz = get2byte(&data[iFree+2]);
60420	60429	int top = get2byte(&data[hdr+5]);
60421	60430	if( iFree2 ){
60422		- if( iFree+sz>iFree2 ) return SQLITE_CORRUPT_BKPT;
	60431	+ if( iFree+sz>iFree2 ) return SQLITE_CORRUPT_PGNO(pPage->pgno);
60423	60432	sz2 = get2byte(&data[iFree2+2]);
60424	60433	assert( iFree+sz+sz2+iFree2-(iFree+sz) <= usableSize );
60425	60434	memmove(&data[iFree+sz+sz2], &data[iFree+sz], iFree2-(iFree+sz));
60426	60435	sz += sz2;
60427	60436	}
		@@ -60448,17 +60457,17 @@
60448	60457	testcase( pc==iCellLast );
60449	60458	/* These conditions have already been verified in btreeInitPage()
60450	60459	** if PRAGMA cell_size_check=ON.
60451	60460	*/
60452	60461	if( pc<iCellFirst \|\| pc>iCellLast ){
60453		- return SQLITE_CORRUPT_BKPT;
	60462	+ return SQLITE_CORRUPT_PGNO(pPage->pgno);
60454	60463	}
60455	60464	assert( pc>=iCellFirst && pc<=iCellLast );
60456	60465	size = pPage->xCellSize(pPage, &src[pc]);
60457	60466	cbrk -= size;
60458	60467	if( cbrk<iCellFirst \|\| pc+size>usableSize ){
60459		- return SQLITE_CORRUPT_BKPT;
	60468	+ return SQLITE_CORRUPT_PGNO(pPage->pgno);
60460	60469	}
60461	60470	assert( cbrk+size<=usableSize && cbrk>=iCellFirst );
60462	60471	testcase( cbrk+size==usableSize );
60463	60472	testcase( pc+size==usableSize );
60464	60473	put2byte(pAddr, cbrk);
		@@ -60474,11 +60483,11 @@
60474	60483	}
60475	60484	data[hdr+7] = 0;
60476	60485
60477	60486	defragment_out:
60478	60487	if( data[hdr+7]+cbrk-iCellFirst!=pPage->nFree ){
60479		- return SQLITE_CORRUPT_BKPT;
	60488	+ return SQLITE_CORRUPT_PGNO(pPage->pgno);
60480	60489	}
60481	60490	assert( cbrk>=iCellFirst );
60482	60491	put2byte(&data[hdr+5], cbrk);
60483	60492	data[hdr+1] = 0;
60484	60493	data[hdr+2] = 0;
		@@ -60513,11 +60522,11 @@
60513	60522	do{
60514	60523	int size; /* Size of the free slot */
60515	60524	/* EVIDENCE-OF: R-06866-39125 Freeblocks are always connected in order of
60516	60525	** increasing offset. */
60517	60526	if( pc>usableSize-4 \|\| pc<iAddr+4 ){
60518		- *pRc = SQLITE_CORRUPT_BKPT;
	60527	+ *pRc = SQLITE_CORRUPT_PGNO(pPg->pgno);
60519	60528	return 0;
60520	60529	}
60521	60530	/* EVIDENCE-OF: R-22710-53328 The third and fourth bytes of each
60522	60531	** freeblock form a big-endian integer which is the size of the freeblock
60523	60532	** in bytes, including the 4-byte header. */
		@@ -60524,11 +60533,11 @@
60524	60533	size = get2byte(&aData[pc+2]);
60525	60534	if( (x = size - nByte)>=0 ){
60526	60535	testcase( x==4 );
60527	60536	testcase( x==3 );
60528	60537	if( pc < pPg->cellOffset+2*pPg->nCell \|\| size+pc > usableSize ){
60529		- *pRc = SQLITE_CORRUPT_BKPT;
	60538	+ *pRc = SQLITE_CORRUPT_PGNO(pPg->pgno);
60530	60539	return 0;
60531	60540	}else if( x<4 ){
60532	60541	/* EVIDENCE-OF: R-11498-58022 In a well-formed b-tree page, the total
60533	60542	** number of bytes in fragments may not exceed 60. */
60534	60543	if( aData[hdr+7]>57 ) return 0;
		@@ -60591,11 +60600,11 @@
60591	60600	assert( top<=(int)pPage->pBt->usableSize ); /* Prevent by getAndInitPage() */
60592	60601	if( gap>top ){
60593	60602	if( top==0 && pPage->pBt->usableSize==65536 ){
60594	60603	top = 65536;
60595	60604	}else{
60596		- return SQLITE_CORRUPT_BKPT;
	60605	+ return SQLITE_CORRUPT_PGNO(pPage->pgno);
60597	60606	}
60598	60607	}
60599	60608
60600	60609	/* If there is enough space between gap and top for one more cell pointer
60601	60610	** array entry offset, and if the freelist is not empty, then search the
		@@ -60687,15 +60696,15 @@
60687	60696	iFreeBlk = 0; /* Shortcut for the case when the freelist is empty */
60688	60697	}else{
60689	60698	while( (iFreeBlk = get2byte(&data[iPtr]))<iStart ){
60690	60699	if( iFreeBlk<iPtr+4 ){
60691	60700	if( iFreeBlk==0 ) break;
60692		- return SQLITE_CORRUPT_BKPT;
	60701	+ return SQLITE_CORRUPT_PGNO(pPage->pgno);
60693	60702	}
60694	60703	iPtr = iFreeBlk;
60695	60704	}
60696		- if( iFreeBlk>iLast ) return SQLITE_CORRUPT_BKPT;
	60705	+ if( iFreeBlk>iLast ) return SQLITE_CORRUPT_PGNO(pPage->pgno);
60697	60706	assert( iFreeBlk>iPtr \|\| iFreeBlk==0 );
60698	60707
60699	60708	/* At this point:
60700	60709	** iFreeBlk: First freeblock after iStart, or zero if none
60701	60710	** iPtr: The address of a pointer to iFreeBlk
		@@ -60702,13 +60711,15 @@
60702	60711	**
60703	60712	** Check to see if iFreeBlk should be coalesced onto the end of iStart.
60704	60713	*/
60705	60714	if( iFreeBlk && iEnd+3>=iFreeBlk ){
60706	60715	nFrag = iFreeBlk - iEnd;
60707		- if( iEnd>iFreeBlk ) return SQLITE_CORRUPT_BKPT;
	60716	+ if( iEnd>iFreeBlk ) return SQLITE_CORRUPT_PGNO(pPage->pgno);
60708	60717	iEnd = iFreeBlk + get2byte(&data[iFreeBlk+2]);
60709		- if( iEnd > pPage->pBt->usableSize ) return SQLITE_CORRUPT_BKPT;
	60718	+ if( iEnd > pPage->pBt->usableSize ){
	60719	+ return SQLITE_CORRUPT_PGNO(pPage->pgno);
	60720	+ }
60710	60721	iSize = iEnd - iStart;
60711	60722	iFreeBlk = get2byte(&data[iFreeBlk]);
60712	60723	}
60713	60724
60714	60725	/* If iPtr is another freeblock (that is, if iPtr is not the freelist
		@@ -60716,24 +60727,24 @@
60716	60727	** coalesced onto the end of iPtr.
60717	60728	*/
60718	60729	if( iPtr>hdr+1 ){
60719	60730	int iPtrEnd = iPtr + get2byte(&data[iPtr+2]);
60720	60731	if( iPtrEnd+3>=iStart ){
60721		- if( iPtrEnd>iStart ) return SQLITE_CORRUPT_BKPT;
	60732	+ if( iPtrEnd>iStart ) return SQLITE_CORRUPT_PGNO(pPage->pgno);
60722	60733	nFrag += iStart - iPtrEnd;
60723	60734	iSize = iEnd - iPtr;
60724	60735	iStart = iPtr;
60725	60736	}
60726	60737	}
60727		- if( nFrag>data[hdr+7] ) return SQLITE_CORRUPT_BKPT;
	60738	+ if( nFrag>data[hdr+7] ) return SQLITE_CORRUPT_PGNO(pPage->pgno);
60728	60739	data[hdr+7] -= nFrag;
60729	60740	}
60730	60741	if( iStart==get2byte(&data[hdr+5]) ){
60731	60742	/* The new freeblock is at the beginning of the cell content area,
60732	60743	** so just extend the cell content area rather than create another
60733	60744	** freelist entry */
60734		- if( iPtr!=hdr+1 ) return SQLITE_CORRUPT_BKPT;
	60745	+ if( iPtr!=hdr+1 ) return SQLITE_CORRUPT_PGNO(pPage->pgno);
60735	60746	put2byte(&data[hdr+1], iFreeBlk);
60736	60747	put2byte(&data[hdr+5], iEnd);
60737	60748	}else{
60738	60749	/* Insert the new freeblock into the freelist */
60739	60750	put2byte(&data[iPtr], iStart);
		@@ -60797,11 +60808,11 @@
60797	60808	pPage->maxLocal = pBt->maxLocal;
60798	60809	pPage->minLocal = pBt->minLocal;
60799	60810	}else{
60800	60811	/* EVIDENCE-OF: R-47608-56469 Any other value for the b-tree page type is
60801	60812	** an error. */
60802		- return SQLITE_CORRUPT_BKPT;
	60813	+ return SQLITE_CORRUPT_PGNO(pPage->pgno);
60803	60814	}
60804	60815	pPage->max1bytePayload = pBt->max1bytePayload;
60805	60816	return SQLITE_OK;
60806	60817	}
60807	60818
		@@ -60813,138 +60824,140 @@
60813	60824	** SQLITE_CORRUPT. Note that a return of SQLITE_OK does not
60814	60825	** guarantee that the page is well-formed. It only shows that
60815	60826	** we failed to detect any corruption.
60816	60827	*/
60817	60828	static int btreeInitPage(MemPage *pPage){
	60829	+ int pc; /* Address of a freeblock within pPage->aData[] */
	60830	+ u8 hdr; /* Offset to beginning of page header */
	60831	+ u8 data; / Equal to pPage->aData */
	60832	+ BtShared pBt; / The main btree structure */
	60833	+ int usableSize; /* Amount of usable space on each page */
	60834	+ u16 cellOffset; /* Offset from start of page to first cell pointer */
	60835	+ int nFree; /* Number of unused bytes on the page */
	60836	+ int top; /* First byte of the cell content area */
	60837	+ int iCellFirst; /* First allowable cell or freeblock offset */
	60838	+ int iCellLast; /* Last possible cell or freeblock offset */
60818	60839
60819	60840	assert( pPage->pBt!=0 );
60820	60841	assert( pPage->pBt->db!=0 );
60821	60842	assert( sqlite3_mutex_held(pPage->pBt->mutex) );
60822	60843	assert( pPage->pgno==sqlite3PagerPagenumber(pPage->pDbPage) );
60823	60844	assert( pPage == sqlite3PagerGetExtra(pPage->pDbPage) );
60824	60845	assert( pPage->aData == sqlite3PagerGetData(pPage->pDbPage) );
60825		-
60826		- if( !pPage->isInit ){
60827		- int pc; /* Address of a freeblock within pPage->aData[] */
60828		- u8 hdr; /* Offset to beginning of page header */
60829		- u8 data; / Equal to pPage->aData */
60830		- BtShared pBt; / The main btree structure */
60831		- int usableSize; /* Amount of usable space on each page */
60832		- u16 cellOffset; /* Offset from start of page to first cell pointer */
60833		- int nFree; /* Number of unused bytes on the page */
60834		- int top; /* First byte of the cell content area */
60835		- int iCellFirst; /* First allowable cell or freeblock offset */
60836		- int iCellLast; /* Last possible cell or freeblock offset */
60837		-
60838		- pBt = pPage->pBt;
60839		-
60840		- hdr = pPage->hdrOffset;
60841		- data = pPage->aData;
60842		- /* EVIDENCE-OF: R-28594-02890 The one-byte flag at offset 0 indicating
60843		- ** the b-tree page type. */
60844		- if( decodeFlags(pPage, data[hdr]) ) return SQLITE_CORRUPT_BKPT;
60845		- assert( pBt->pageSize>=512 && pBt->pageSize<=65536 );
60846		- pPage->maskPage = (u16)(pBt->pageSize - 1);
60847		- pPage->nOverflow = 0;
60848		- usableSize = pBt->usableSize;
60849		- pPage->cellOffset = cellOffset = hdr + 8 + pPage->childPtrSize;
60850		- pPage->aDataEnd = &data[usableSize];
60851		- pPage->aCellIdx = &data[cellOffset];
60852		- pPage->aDataOfst = &data[pPage->childPtrSize];
60853		- /* EVIDENCE-OF: R-58015-48175 The two-byte integer at offset 5 designates
60854		- ** the start of the cell content area. A zero value for this integer is
60855		- ** interpreted as 65536. */
60856		- top = get2byteNotZero(&data[hdr+5]);
60857		- /* EVIDENCE-OF: R-37002-32774 The two-byte integer at offset 3 gives the
60858		- ** number of cells on the page. */
60859		- pPage->nCell = get2byte(&data[hdr+3]);
60860		- if( pPage->nCell>MX_CELL(pBt) ){
60861		- /* To many cells for a single page. The page must be corrupt */
60862		- return SQLITE_CORRUPT_BKPT;
60863		- }
60864		- testcase( pPage->nCell==MX_CELL(pBt) );
60865		- /* EVIDENCE-OF: R-24089-57979 If a page contains no cells (which is only
60866		- ** possible for a root page of a table that contains no rows) then the
60867		- ** offset to the cell content area will equal the page size minus the
60868		- ** bytes of reserved space. */
60869		- assert( pPage->nCell>0 \|\| top==usableSize \|\| CORRUPT_DB );
60870		-
60871		- /* A malformed database page might cause us to read past the end
60872		- ** of page when parsing a cell.
60873		- **
60874		- ** The following block of code checks early to see if a cell extends
60875		- ** past the end of a page boundary and causes SQLITE_CORRUPT to be
60876		- ** returned if it does.
60877		- */
60878		- iCellFirst = cellOffset + 2*pPage->nCell;
60879		- iCellLast = usableSize - 4;
60880		- if( pBt->db->flags & SQLITE_CellSizeCk ){
60881		- int i; /* Index into the cell pointer array */
60882		- int sz; /* Size of a cell */
60883		-
60884		- if( !pPage->leaf ) iCellLast--;
60885		- for(i=0; i<pPage->nCell; i++){
60886		- pc = get2byteAligned(&data[cellOffset+i*2]);
60887		- testcase( pc==iCellFirst );
60888		- testcase( pc==iCellLast );
60889		- if( pc<iCellFirst \|\| pc>iCellLast ){
60890		- return SQLITE_CORRUPT_BKPT;
60891		- }
60892		- sz = pPage->xCellSize(pPage, &data[pc]);
60893		- testcase( pc+sz==usableSize );
60894		- if( pc+sz>usableSize ){
60895		- return SQLITE_CORRUPT_BKPT;
60896		- }
60897		- }
60898		- if( !pPage->leaf ) iCellLast++;
60899		- }
60900		-
60901		- /* Compute the total free space on the page
60902		- ** EVIDENCE-OF: R-23588-34450 The two-byte integer at offset 1 gives the
60903		- ** start of the first freeblock on the page, or is zero if there are no
60904		- ** freeblocks. */
60905		- pc = get2byte(&data[hdr+1]);
60906		- nFree = data[hdr+7] + top; /* Init nFree to non-freeblock free space */
60907		- if( pc>0 ){
60908		- u32 next, size;
60909		- if( pc<iCellFirst ){
60910		- /* EVIDENCE-OF: R-55530-52930 In a well-formed b-tree page, there will
60911		- ** always be at least one cell before the first freeblock.
60912		- */
60913		- return SQLITE_CORRUPT_BKPT;
60914		- }
60915		- while( 1 ){
60916		- if( pc>iCellLast ){
60917		- return SQLITE_CORRUPT_BKPT; /* Freeblock off the end of the page */
60918		- }
60919		- next = get2byte(&data[pc]);
60920		- size = get2byte(&data[pc+2]);
60921		- nFree = nFree + size;
60922		- if( next<=pc+size+3 ) break;
60923		- pc = next;
60924		- }
60925		- if( next>0 ){
60926		- return SQLITE_CORRUPT_BKPT; /* Freeblock not in ascending order */
60927		- }
60928		- if( pc+size>(unsigned int)usableSize ){
60929		- return SQLITE_CORRUPT_BKPT; /* Last freeblock extends past page end */
60930		- }
60931		- }
60932		-
60933		- /* At this point, nFree contains the sum of the offset to the start
60934		- ** of the cell-content area plus the number of free bytes within
60935		- ** the cell-content area. If this is greater than the usable-size
60936		- ** of the page, then the page must be corrupted. This check also
60937		- ** serves to verify that the offset to the start of the cell-content
60938		- ** area, according to the page header, lies within the page.
60939		- */
60940		- if( nFree>usableSize ){
60941		- return SQLITE_CORRUPT_BKPT;
60942		- }
60943		- pPage->nFree = (u16)(nFree - iCellFirst);
60944		- pPage->isInit = 1;
60945		- }
	60846	+ assert( pPage->isInit==0 );
	60847	+
	60848	+ pBt = pPage->pBt;
	60849	+ hdr = pPage->hdrOffset;
	60850	+ data = pPage->aData;
	60851	+ /* EVIDENCE-OF: R-28594-02890 The one-byte flag at offset 0 indicating
	60852	+ ** the b-tree page type. */
	60853	+ if( decodeFlags(pPage, data[hdr]) ){
	60854	+ return SQLITE_CORRUPT_PGNO(pPage->pgno);
	60855	+ }
	60856	+ assert( pBt->pageSize>=512 && pBt->pageSize<=65536 );
	60857	+ pPage->maskPage = (u16)(pBt->pageSize - 1);
	60858	+ pPage->nOverflow = 0;
	60859	+ usableSize = pBt->usableSize;
	60860	+ pPage->cellOffset = cellOffset = hdr + 8 + pPage->childPtrSize;
	60861	+ pPage->aDataEnd = &data[usableSize];
	60862	+ pPage->aCellIdx = &data[cellOffset];
	60863	+ pPage->aDataOfst = &data[pPage->childPtrSize];
	60864	+ /* EVIDENCE-OF: R-58015-48175 The two-byte integer at offset 5 designates
	60865	+ ** the start of the cell content area. A zero value for this integer is
	60866	+ ** interpreted as 65536. */
	60867	+ top = get2byteNotZero(&data[hdr+5]);
	60868	+ /* EVIDENCE-OF: R-37002-32774 The two-byte integer at offset 3 gives the
	60869	+ ** number of cells on the page. */
	60870	+ pPage->nCell = get2byte(&data[hdr+3]);
	60871	+ if( pPage->nCell>MX_CELL(pBt) ){
	60872	+ /* To many cells for a single page. The page must be corrupt */
	60873	+ return SQLITE_CORRUPT_PGNO(pPage->pgno);
	60874	+ }
	60875	+ testcase( pPage->nCell==MX_CELL(pBt) );
	60876	+ /* EVIDENCE-OF: R-24089-57979 If a page contains no cells (which is only
	60877	+ ** possible for a root page of a table that contains no rows) then the
	60878	+ ** offset to the cell content area will equal the page size minus the
	60879	+ ** bytes of reserved space. */
	60880	+ assert( pPage->nCell>0 \|\| top==usableSize \|\| CORRUPT_DB );
	60881	+
	60882	+ /* A malformed database page might cause us to read past the end
	60883	+ ** of page when parsing a cell.
	60884	+ **
	60885	+ ** The following block of code checks early to see if a cell extends
	60886	+ ** past the end of a page boundary and causes SQLITE_CORRUPT to be
	60887	+ ** returned if it does.
	60888	+ */
	60889	+ iCellFirst = cellOffset + 2*pPage->nCell;
	60890	+ iCellLast = usableSize - 4;
	60891	+ if( pBt->db->flags & SQLITE_CellSizeCk ){
	60892	+ int i; /* Index into the cell pointer array */
	60893	+ int sz; /* Size of a cell */
	60894	+
	60895	+ if( !pPage->leaf ) iCellLast--;
	60896	+ for(i=0; i<pPage->nCell; i++){
	60897	+ pc = get2byteAligned(&data[cellOffset+i*2]);
	60898	+ testcase( pc==iCellFirst );
	60899	+ testcase( pc==iCellLast );
	60900	+ if( pc<iCellFirst \|\| pc>iCellLast ){
	60901	+ return SQLITE_CORRUPT_PGNO(pPage->pgno);
	60902	+ }
	60903	+ sz = pPage->xCellSize(pPage, &data[pc]);
	60904	+ testcase( pc+sz==usableSize );
	60905	+ if( pc+sz>usableSize ){
	60906	+ return SQLITE_CORRUPT_PGNO(pPage->pgno);
	60907	+ }
	60908	+ }
	60909	+ if( !pPage->leaf ) iCellLast++;
	60910	+ }
	60911	+
	60912	+ /* Compute the total free space on the page
	60913	+ ** EVIDENCE-OF: R-23588-34450 The two-byte integer at offset 1 gives the
	60914	+ ** start of the first freeblock on the page, or is zero if there are no
	60915	+ ** freeblocks. */
	60916	+ pc = get2byte(&data[hdr+1]);
	60917	+ nFree = data[hdr+7] + top; /* Init nFree to non-freeblock free space */
	60918	+ if( pc>0 ){
	60919	+ u32 next, size;
	60920	+ if( pc<iCellFirst ){
	60921	+ /* EVIDENCE-OF: R-55530-52930 In a well-formed b-tree page, there will
	60922	+ ** always be at least one cell before the first freeblock.
	60923	+ */
	60924	+ return SQLITE_CORRUPT_PGNO(pPage->pgno);
	60925	+ }
	60926	+ while( 1 ){
	60927	+ if( pc>iCellLast ){
	60928	+ /* Freeblock off the end of the page */
	60929	+ return SQLITE_CORRUPT_PGNO(pPage->pgno);
	60930	+ }
	60931	+ next = get2byte(&data[pc]);
	60932	+ size = get2byte(&data[pc+2]);
	60933	+ nFree = nFree + size;
	60934	+ if( next<=pc+size+3 ) break;
	60935	+ pc = next;
	60936	+ }
	60937	+ if( next>0 ){
	60938	+ /* Freeblock not in ascending order */
	60939	+ return SQLITE_CORRUPT_PGNO(pPage->pgno);
	60940	+ }
	60941	+ if( pc+size>(unsigned int)usableSize ){
	60942	+ /* Last freeblock extends past page end */
	60943	+ return SQLITE_CORRUPT_PGNO(pPage->pgno);
	60944	+ }
	60945	+ }
	60946	+
	60947	+ /* At this point, nFree contains the sum of the offset to the start
	60948	+ ** of the cell-content area plus the number of free bytes within
	60949	+ ** the cell-content area. If this is greater than the usable-size
	60950	+ ** of the page, then the page must be corrupted. This check also
	60951	+ ** serves to verify that the offset to the start of the cell-content
	60952	+ ** area, according to the page header, lies within the page.
	60953	+ */
	60954	+ if( nFree>usableSize ){
	60955	+ return SQLITE_CORRUPT_PGNO(pPage->pgno);
	60956	+ }
	60957	+ pPage->nFree = (u16)(nFree - iCellFirst);
	60958	+ pPage->isInit = 1;
60946	60959	return SQLITE_OK;
60947	60960	}
60948	60961
60949	60962	/*
60950	60963	** Set up a raw page so that it looks like a database page holding
		@@ -61104,11 +61117,11 @@
61104	61117	assert( (*ppPage)->aData==sqlite3PagerGetData(pDbPage) );
61105	61118
61106	61119	/* If obtaining a child page for a cursor, we must verify that the page is
61107	61120	** compatible with the root page. */
61108	61121	if( pCur && ((ppPage)->nCell<1 \|\| (ppPage)->intKey!=pCur->curIntKey) ){
61109		- rc = SQLITE_CORRUPT_BKPT;
	61122	+ rc = SQLITE_CORRUPT_PGNO(pgno);
61110	61123	releasePage(*ppPage);
61111	61124	goto getAndInitPage_error;
61112	61125	}
61113	61126	return SQLITE_OK;
61114	61127
		@@ -62392,11 +62405,11 @@
62392	62405	int rc; /* Return code */
62393	62406	BtShared *pBt = pPage->pBt;
62394	62407	Pgno pgno = pPage->pgno;
62395	62408
62396	62409	assert( sqlite3_mutex_held(pPage->pBt->mutex) );
62397		- rc = btreeInitPage(pPage);
	62410	+ rc = pPage->isInit ? SQLITE_OK : btreeInitPage(pPage);
62398	62411	if( rc!=SQLITE_OK ) return rc;
62399	62412	nCell = pPage->nCell;
62400	62413
62401	62414	for(i=0; i<nCell; i++){
62402	62415	u8 *pCell = findCell(pPage, i);
		@@ -62435,19 +62448,19 @@
62435	62448	assert( sqlite3_mutex_held(pPage->pBt->mutex) );
62436	62449	assert( sqlite3PagerIswriteable(pPage->pDbPage) );
62437	62450	if( eType==PTRMAP_OVERFLOW2 ){
62438	62451	/* The pointer is always the first 4 bytes of the page in this case. */
62439	62452	if( get4byte(pPage->aData)!=iFrom ){
62440		- return SQLITE_CORRUPT_BKPT;
	62453	+ return SQLITE_CORRUPT_PGNO(pPage->pgno);
62441	62454	}
62442	62455	put4byte(pPage->aData, iTo);
62443	62456	}else{
62444	62457	int i;
62445	62458	int nCell;
62446	62459	int rc;
62447	62460
62448		- rc = btreeInitPage(pPage);
	62461	+ rc = pPage->isInit ? SQLITE_OK : btreeInitPage(pPage);
62449	62462	if( rc ) return rc;
62450	62463	nCell = pPage->nCell;
62451	62464
62452	62465	for(i=0; i<nCell; i++){
62453	62466	u8 *pCell = findCell(pPage, i);
		@@ -62454,11 +62467,11 @@
62454	62467	if( eType==PTRMAP_OVERFLOW1 ){
62455	62468	CellInfo info;
62456	62469	pPage->xParseCell(pPage, pCell, &info);
62457	62470	if( info.nLocal<info.nPayload ){
62458	62471	if( pCell+info.nSize > pPage->aData+pPage->pBt->usableSize ){
62459		- return SQLITE_CORRUPT_BKPT;
	62472	+ return SQLITE_CORRUPT_PGNO(pPage->pgno);
62460	62473	}
62461	62474	if( iFrom==get4byte(pCell+info.nSize-4) ){
62462	62475	put4byte(pCell+info.nSize-4, iTo);
62463	62476	break;
62464	62477	}
		@@ -62472,11 +62485,11 @@
62472	62485	}
62473	62486
62474	62487	if( i==nCell ){
62475	62488	if( eType!=PTRMAP_BTREE \|\|
62476	62489	get4byte(&pPage->aData[pPage->hdrOffset+8])!=iFrom ){
62477		- return SQLITE_CORRUPT_BKPT;
	62490	+ return SQLITE_CORRUPT_PGNO(pPage->pgno);
62478	62491	}
62479	62492	put4byte(&pPage->aData[pPage->hdrOffset+8], iTo);
62480	62493	}
62481	62494	}
62482	62495	return SQLITE_OK;
		@@ -63580,11 +63593,11 @@
63580	63593	/* Trying to read or write past the end of the data is an error. The
63581	63594	** conditional above is really:
63582	63595	** &aPayload[pCur->info.nLocal] > &pPage->aData[pBt->usableSize]
63583	63596	** but is recast into its current form to avoid integer overflow problems
63584	63597	*/
63585		- return SQLITE_CORRUPT_BKPT;
	63598	+ return SQLITE_CORRUPT_PGNO(pPage->pgno);
63586	63599	}
63587	63600
63588	63601	/* Check if data must be read/written to/from the btree page itself. */
63589	63602	if( offset<pCur->info.nLocal ){
63590	63603	int a = amt;
		@@ -63727,11 +63740,12 @@
63727	63740	iIdx++;
63728	63741	}
63729	63742	}
63730	63743
63731	63744	if( rc==SQLITE_OK && amt>0 ){
63732		- return SQLITE_CORRUPT_BKPT; /* Overflow chain ends prematurely */
	63745	+ /* Overflow chain ends prematurely */
	63746	+ return SQLITE_CORRUPT_PGNO(pPage->pgno);
63733	63747	}
63734	63748	return rc;
63735	63749	}
63736	63750
63737	63751	/*
		@@ -63993,11 +64007,11 @@
63993	64007	** if pCur->iPage>=0). But this is not so if the database is corrupted
63994	64008	** in such a way that page pRoot is linked into a second b-tree table
63995	64009	** (or the freelist). */
63996	64010	assert( pRoot->intKey==1 \|\| pRoot->intKey==0 );
63997	64011	if( pRoot->isInit==0 \|\| (pCur->pKeyInfo==0)!=pRoot->intKey ){
63998		- return SQLITE_CORRUPT_BKPT;
	64012	+ return SQLITE_CORRUPT_PGNO(pCur->apPage[pCur->iPage]->pgno);
63999	64013	}
64000	64014
64001	64015	skip_init:
64002	64016	pCur->ix = 0;
64003	64017	pCur->info.nSize = 0;
		@@ -64198,20 +64212,23 @@
64198	64212	return SQLITE_OK;
64199	64213	}
64200	64214	/* If the requested key is one more than the previous key, then
64201	64215	** try to get there using sqlite3BtreeNext() rather than a full
64202	64216	** binary search. This is an optimization only. The correct answer
64203		- ** is still obtained without this ase, only a little more slowely */
	64217	+ ** is still obtained without this case, only a little more slowely */
64204	64218	if( pCur->info.nKey+1==intKey && !pCur->skipNext ){
64205	64219	*pRes = 0;
64206		- rc = sqlite3BtreeNext(pCur, pRes);
64207		- if( rc ) return rc;
64208		- if( *pRes==0 ){
	64220	+ rc = sqlite3BtreeNext(pCur, 0);
	64221	+ if( rc==SQLITE_OK ){
64209	64222	getCellInfo(pCur);
64210	64223	if( pCur->info.nKey==intKey ){
64211	64224	return SQLITE_OK;
64212	64225	}
	64226	+ }else if( rc==SQLITE_DONE ){
	64227	+ rc = SQLITE_OK;
	64228	+ }else{
	64229	+ return rc;
64213	64230	}
64214	64231	}
64215	64232	}
64216	64233	}
64217	64234
		@@ -64263,11 +64280,13 @@
64263	64280	for(;;){
64264	64281	i64 nCellKey;
64265	64282	pCell = findCellPastPtr(pPage, idx);
64266	64283	if( pPage->intKeyLeaf ){
64267	64284	while( 0x80 <= *(pCell++) ){
64268		- if( pCell>=pPage->aDataEnd ) return SQLITE_CORRUPT_BKPT;
	64285	+ if( pCell>=pPage->aDataEnd ){
	64286	+ return SQLITE_CORRUPT_PGNO(pPage->pgno);
	64287	+ }
64269	64288	}
64270	64289	}
64271	64290	getVarint(pCell, (u64*)&nCellKey);
64272	64291	if( nCellKey<intKey ){
64273	64292	lwr = idx+1;
		@@ -64336,11 +64355,11 @@
64336	64355	testcase( nCell<0 ); /* True if key size is 2^32 or more */
64337	64356	testcase( nCell==0 ); /* Invalid key size: 0x80 0x80 0x00 */
64338	64357	testcase( nCell==1 ); /* Invalid key size: 0x80 0x80 0x01 */
64339	64358	testcase( nCell==2 ); /* Minimum legal index key size */
64340	64359	if( nCell<2 ){
64341		- rc = SQLITE_CORRUPT_BKPT;
	64360	+ rc = SQLITE_CORRUPT_PGNO(pPage->pgno);
64342	64361	goto moveto_finish;
64343	64362	}
64344	64363	pCellKey = sqlite3Malloc( nCell+18 );
64345	64364	if( pCellKey==0 ){
64346	64365	rc = SQLITE_NOMEM_BKPT;
		@@ -64441,47 +64460,44 @@
64441	64460	}
64442	64461	return n;
64443	64462	}
64444	64463
64445	64464	/*
64446		-** Advance the cursor to the next entry in the database. If
64447		-** successful then set *pRes=0. If the cursor
64448		-** was already pointing to the last entry in the database before
64449		-** this routine was called, then set *pRes=1.
	64465	+** Advance the cursor to the next entry in the database.
	64466	+** Return value:
	64467	+**
	64468	+** SQLITE_OK success
	64469	+** SQLITE_DONE cursor is already pointing at the last element
	64470	+** otherwise some kind of error occurred
64450	64471	**
64451	64472	** The main entry point is sqlite3BtreeNext(). That routine is optimized
64452	64473	** for the common case of merely incrementing the cell counter BtCursor.aiIdx
64453	64474	** to the next cell on the current page. The (slower) btreeNext() helper
64454	64475	** routine is called when it is necessary to move to a different page or
64455	64476	** to restore the cursor.
64456	64477	**
64457		-** The calling function will set pRes to 0 or 1. The initial pRes value
64458		-** will be 1 if the cursor being stepped corresponds to an SQL index and
64459		-** if this routine could have been skipped if that SQL index had been
64460		-** a unique index. Otherwise the caller will have set *pRes to zero.
64461		-** Zero is the common case. The btree implementation is free to use the
64462		-** initial *pRes value as a hint to improve performance, but the current
64463		-** SQLite btree implementation does not. (Note that the comdb2 btree
64464		-** implementation does use this hint, however.)
	64478	+** If bit 0x01 of the flags argument is 1, then the cursor corresponds to
	64479	+** an SQL index and this routine could have been skipped if the SQL index
	64480	+** had been a unique index. The flags argument is a hint to the implement.
	64481	+** SQLite btree implementation does not use this hint, but COMDB2 does.
64465	64482	*/
64466		-static SQLITE_NOINLINE int btreeNext(BtCursor pCur, int pRes){
	64483	+static SQLITE_NOINLINE int btreeNext(BtCursor *pCur, int flags){
64467	64484	int rc;
64468	64485	int idx;
64469	64486	MemPage *pPage;
64470	64487
64471	64488	assert( cursorOwnsBtShared(pCur) );
64472	64489	assert( pCur->skipNext==0 \|\| pCur->eState!=CURSOR_VALID );
64473		- assert( *pRes==0 );
	64490	+ assert( flags==0 );
64474	64491	if( pCur->eState!=CURSOR_VALID ){
64475	64492	assert( (pCur->curFlags & BTCF_ValidOvfl)==0 );
64476	64493	rc = restoreCursorPosition(pCur);
64477	64494	if( rc!=SQLITE_OK ){
64478	64495	return rc;
64479	64496	}
64480	64497	if( CURSOR_INVALID==pCur->eState ){
64481		- *pRes = 1;
64482		- return SQLITE_OK;
	64498	+ return SQLITE_DONE;
64483	64499	}
64484	64500	if( pCur->skipNext ){
64485	64501	assert( pCur->eState==CURSOR_VALID \|\| pCur->eState==CURSOR_SKIPNEXT );
64486	64502	pCur->eState = CURSOR_VALID;
64487	64503	if( pCur->skipNext>0 ){
		@@ -64509,19 +64525,18 @@
64509	64525	if( rc ) return rc;
64510	64526	return moveToLeftmost(pCur);
64511	64527	}
64512	64528	do{
64513	64529	if( pCur->iPage==0 ){
64514		- *pRes = 1;
64515	64530	pCur->eState = CURSOR_INVALID;
64516		- return SQLITE_OK;
	64531	+ return SQLITE_DONE;
64517	64532	}
64518	64533	moveToParent(pCur);
64519	64534	pPage = pCur->apPage[pCur->iPage];
64520	64535	}while( pCur->ix>=pPage->nCell );
64521	64536	if( pPage->intKey ){
64522		- return sqlite3BtreeNext(pCur, pRes);
	64537	+ return sqlite3BtreeNext(pCur, flags);
64523	64538	}else{
64524	64539	return SQLITE_OK;
64525	64540	}
64526	64541	}
64527	64542	if( pPage->leaf ){
		@@ -64528,71 +64543,66 @@
64528	64543	return SQLITE_OK;
64529	64544	}else{
64530	64545	return moveToLeftmost(pCur);
64531	64546	}
64532	64547	}
64533		-SQLITE_PRIVATE int sqlite3BtreeNext(BtCursor pCur, int pRes){
	64548	+SQLITE_PRIVATE int sqlite3BtreeNext(BtCursor *pCur, int flags){
64534	64549	MemPage *pPage;
64535	64550	assert( cursorOwnsBtShared(pCur) );
64536		- assert( pRes!=0 );
64537		- assert( pRes==0 \|\| pRes==1 );
	64551	+ assert( flags==0 \|\| flags==1 );
64538	64552	assert( pCur->skipNext==0 \|\| pCur->eState!=CURSOR_VALID );
64539	64553	pCur->info.nSize = 0;
64540	64554	pCur->curFlags &= ~(BTCF_ValidNKey\|BTCF_ValidOvfl);
64541		- *pRes = 0;
64542		- if( pCur->eState!=CURSOR_VALID ) return btreeNext(pCur, pRes);
	64555	+ if( pCur->eState!=CURSOR_VALID ) return btreeNext(pCur, 0);
64543	64556	pPage = pCur->apPage[pCur->iPage];
64544	64557	if( (++pCur->ix)>=pPage->nCell ){
64545	64558	pCur->ix--;
64546		- return btreeNext(pCur, pRes);
	64559	+ return btreeNext(pCur, 0);
64547	64560	}
64548	64561	if( pPage->leaf ){
64549	64562	return SQLITE_OK;
64550	64563	}else{
64551	64564	return moveToLeftmost(pCur);
64552	64565	}
64553	64566	}
64554	64567
64555	64568	/*
64556		-** Step the cursor to the back to the previous entry in the database. If
64557		-** successful then set *pRes=0. If the cursor
64558		-** was already pointing to the first entry in the database before
64559		-** this routine was called, then set *pRes=1.
	64569	+** Step the cursor to the back to the previous entry in the database.
	64570	+** Return values:
	64571	+**
	64572	+** SQLITE_OK success
	64573	+** SQLITE_DONE the cursor is already on the first element of the table
	64574	+** otherwise some kind of error occurred
64560	64575	**
64561	64576	** The main entry point is sqlite3BtreePrevious(). That routine is optimized
64562	64577	** for the common case of merely decrementing the cell counter BtCursor.aiIdx
64563	64578	** to the previous cell on the current page. The (slower) btreePrevious()
64564	64579	** helper routine is called when it is necessary to move to a different page
64565	64580	** or to restore the cursor.
64566	64581	**
64567		-** The calling function will set pRes to 0 or 1. The initial pRes value
64568		-** will be 1 if the cursor being stepped corresponds to an SQL index and
64569		-** if this routine could have been skipped if that SQL index had been
64570		-** a unique index. Otherwise the caller will have set *pRes to zero.
64571		-** Zero is the common case. The btree implementation is free to use the
64572		-** initial *pRes value as a hint to improve performance, but the current
64573		-** SQLite btree implementation does not. (Note that the comdb2 btree
64574		-** implementation does use this hint, however.)
	64582	+**
	64583	+** If bit 0x01 of the flags argument is 1, then the cursor corresponds to
	64584	+** an SQL index and this routine could have been skipped if the SQL index
	64585	+** had been a unique index. The flags argument is a hint to the implement.
	64586	+** SQLite btree implementation does not use this hint, but COMDB2 does.
64575	64587	*/
64576		-static SQLITE_NOINLINE int btreePrevious(BtCursor pCur, int pRes){
	64588	+static SQLITE_NOINLINE int btreePrevious(BtCursor *pCur, int flags){
64577	64589	int rc;
64578	64590	MemPage *pPage;
64579	64591
64580	64592	assert( cursorOwnsBtShared(pCur) );
64581		- assert( pRes!=0 );
64582		- assert( *pRes==0 );
	64593	+ assert( flags==0 );
64583	64594	assert( pCur->skipNext==0 \|\| pCur->eState!=CURSOR_VALID );
64584	64595	assert( (pCur->curFlags & (BTCF_AtLast\|BTCF_ValidOvfl\|BTCF_ValidNKey))==0 );
64585	64596	assert( pCur->info.nSize==0 );
64586	64597	if( pCur->eState!=CURSOR_VALID ){
64587	64598	rc = restoreCursorPosition(pCur);
64588	64599	if( rc!=SQLITE_OK ){
64589	64600	return rc;
64590	64601	}
64591	64602	if( CURSOR_INVALID==pCur->eState ){
64592		- *pRes = 1;
64593		- return SQLITE_OK;
	64603	+ return SQLITE_DONE;
64594	64604	}
64595	64605	if( pCur->skipNext ){
64596	64606	assert( pCur->eState==CURSOR_VALID \|\| pCur->eState==CURSOR_SKIPNEXT );
64597	64607	pCur->eState = CURSOR_VALID;
64598	64608	if( pCur->skipNext<0 ){
		@@ -64612,41 +64622,38 @@
64612	64622	rc = moveToRightmost(pCur);
64613	64623	}else{
64614	64624	while( pCur->ix==0 ){
64615	64625	if( pCur->iPage==0 ){
64616	64626	pCur->eState = CURSOR_INVALID;
64617		- *pRes = 1;
64618		- return SQLITE_OK;
	64627	+ return SQLITE_DONE;
64619	64628	}
64620	64629	moveToParent(pCur);
64621	64630	}
64622	64631	assert( pCur->info.nSize==0 );
64623	64632	assert( (pCur->curFlags & (BTCF_ValidOvfl))==0 );
64624	64633
64625	64634	pCur->ix--;
64626	64635	pPage = pCur->apPage[pCur->iPage];
64627	64636	if( pPage->intKey && !pPage->leaf ){
64628		- rc = sqlite3BtreePrevious(pCur, pRes);
	64637	+ rc = sqlite3BtreePrevious(pCur, flags);
64629	64638	}else{
64630	64639	rc = SQLITE_OK;
64631	64640	}
64632	64641	}
64633	64642	return rc;
64634	64643	}
64635		-SQLITE_PRIVATE int sqlite3BtreePrevious(BtCursor pCur, int pRes){
	64644	+SQLITE_PRIVATE int sqlite3BtreePrevious(BtCursor *pCur, int flags){
64636	64645	assert( cursorOwnsBtShared(pCur) );
64637		- assert( pRes!=0 );
64638		- assert( pRes==0 \|\| pRes==1 );
	64646	+ assert( flags==0 \|\| flags==1 );
64639	64647	assert( pCur->skipNext==0 \|\| pCur->eState!=CURSOR_VALID );
64640		- *pRes = 0;
64641	64648	pCur->curFlags &= ~(BTCF_AtLast\|BTCF_ValidOvfl\|BTCF_ValidNKey);
64642	64649	pCur->info.nSize = 0;
64643	64650	if( pCur->eState!=CURSOR_VALID
64644	64651	\|\| pCur->ix==0
64645	64652	\|\| pCur->apPage[pCur->iPage]->leaf==0
64646	64653	){
64647		- return btreePrevious(pCur, pRes);
	64654	+ return btreePrevious(pCur, 0);
64648	64655	}
64649	64656	pCur->ix--;
64650	64657	return SQLITE_OK;
64651	64658	}
64652	64659
		@@ -64750,11 +64757,11 @@
64750	64757	** the freelist is empty. */
64751	64758	iTrunk = get4byte(&pPage1->aData[32]);
64752	64759	}
64753	64760	testcase( iTrunk==mxPage );
64754	64761	if( iTrunk>mxPage \|\| nSearch++ > n ){
64755		- rc = SQLITE_CORRUPT_BKPT;
	64762	+ rc = SQLITE_CORRUPT_PGNO(pPrevTrunk ? pPrevTrunk->pgno : 1);
64756	64763	}else{
64757	64764	rc = btreeGetUnusedPage(pBt, iTrunk, &pTrunk, 0);
64758	64765	}
64759	64766	if( rc ){
64760	64767	pTrunk = 0;
		@@ -64779,11 +64786,11 @@
64779	64786	*ppPage = pTrunk;
64780	64787	pTrunk = 0;
64781	64788	TRACE(("ALLOCATE: %d trunk - %d free pages left\n", *pPgno, n-1));
64782	64789	}else if( k>(u32)(pBt->usableSize/4 - 2) ){
64783	64790	/* Value of k is out of range. Database corruption */
64784		- rc = SQLITE_CORRUPT_BKPT;
	64791	+ rc = SQLITE_CORRUPT_PGNO(iTrunk);
64785	64792	goto end_allocate_page;
64786	64793	#ifndef SQLITE_OMIT_AUTOVACUUM
64787	64794	}else if( searchList
64788	64795	&& (nearby==iTrunk \|\| (iTrunk<nearby && eMode==BTALLOC_LE))
64789	64796	){
		@@ -64813,11 +64820,11 @@
64813	64820	** page in this case.
64814	64821	*/
64815	64822	MemPage *pNewTrunk;
64816	64823	Pgno iNewTrunk = get4byte(&pTrunk->aData[8]);
64817	64824	if( iNewTrunk>mxPage ){
64818		- rc = SQLITE_CORRUPT_BKPT;
	64825	+ rc = SQLITE_CORRUPT_PGNO(iTrunk);
64819	64826	goto end_allocate_page;
64820	64827	}
64821	64828	testcase( iNewTrunk==mxPage );
64822	64829	rc = btreeGetUnusedPage(pBt, iNewTrunk, &pNewTrunk, 0);
64823	64830	if( rc!=SQLITE_OK ){
		@@ -64878,11 +64885,11 @@
64878	64885	}
64879	64886
64880	64887	iPage = get4byte(&aData[8+closest*4]);
64881	64888	testcase( iPage==mxPage );
64882	64889	if( iPage>mxPage ){
64883		- rc = SQLITE_CORRUPT_BKPT;
	64890	+ rc = SQLITE_CORRUPT_PGNO(iTrunk);
64884	64891	goto end_allocate_page;
64885	64892	}
64886	64893	testcase( iPage==mxPage );
64887	64894	if( !searchList
64888	64895	\|\| (iPage==nearby \|\| (iPage<nearby && eMode==BTALLOC_LE))
		@@ -65148,11 +65155,12 @@
65148	65155	pPage->xParseCell(pPage, pCell, pInfo);
65149	65156	if( pInfo->nLocal==pInfo->nPayload ){
65150	65157	return SQLITE_OK; /* No overflow pages. Return without doing anything */
65151	65158	}
65152	65159	if( pCell+pInfo->nSize-1 > pPage->aData+pPage->maskPage ){
65153		- return SQLITE_CORRUPT_BKPT; /* Cell extends past end of page */
	65160	+ /* Cell extends past end of page */
	65161	+ return SQLITE_CORRUPT_PGNO(pPage->pgno);
65154	65162	}
65155	65163	ovflPgno = get4byte(pCell + pInfo->nSize - 4);
65156	65164	assert( pBt->usableSize > 4 );
65157	65165	ovflPageSize = pBt->usableSize - 4;
65158	65166	nOvfl = (pInfo->nPayload - pInfo->nLocal + ovflPageSize - 1)/ovflPageSize;
		@@ -67363,12 +67371,12 @@
67363	67371	** from the internal node. The 'previous' entry is used for this instead
67364	67372	** of the 'next' entry, as the previous entry is always a part of the
67365	67373	** sub-tree headed by the child page of the cell being deleted. This makes
67366	67374	** balancing the tree following the delete operation easier. */
67367	67375	if( !pPage->leaf ){
67368		- int notUsed = 0;
67369		- rc = sqlite3BtreePrevious(pCur, &notUsed);
	67376	+ rc = sqlite3BtreePrevious(pCur, 0);
	67377	+ assert( rc!=SQLITE_DONE );
67370	67378	if( rc ) return rc;
67371	67379	}
67372	67380
67373	67381	/* Save the positions of any other cursors open on this table before
67374	67382	** making any modifications. */
		@@ -71024,11 +71032,11 @@
71024	71032	if( enc!=SQLITE_UTF8 ){
71025	71033	rc = sqlite3VdbeChangeEncoding(pVal, enc);
71026	71034	}
71027	71035	}else if( op==TK_UMINUS ) {
71028	71036	/* This branch happens for multiple negative signs. Ex: -(-5) */
71029		- if( SQLITE_OK==sqlite3ValueFromExpr(db,pExpr->pLeft,enc,affinity,&pVal)
	71037	+ if( SQLITE_OK==valueFromExpr(db,pExpr->pLeft,enc,affinity,&pVal,pCtx)
71030	71038	&& pVal!=0
71031	71039	){
71032	71040	sqlite3VdbeMemNumerify(pVal);
71033	71041	if( pVal->flags & MEM_Real ){
71034	71042	pVal->u.r = -pVal->u.r;
		@@ -73578,21 +73586,22 @@
73578	73586	** statement. This is now set at compile time, rather than during
73579	73587	** execution of the vdbe program so that sqlite3_column_count() can
73580	73588	** be called on an SQL statement before sqlite3_step().
73581	73589	*/
73582	73590	SQLITE_PRIVATE void sqlite3VdbeSetNumCols(Vdbe *p, int nResColumn){
73583		- Mem *pColName;
73584	73591	int n;
73585	73592	sqlite3 *db = p->db;
73586	73593
73587		- releaseMemArray(p->aColName, p->nResColumn*COLNAME_N);
73588		- sqlite3DbFree(db, p->aColName);
	73594	+ if( p->nResColumn ){
	73595	+ releaseMemArray(p->aColName, p->nResColumn*COLNAME_N);
	73596	+ sqlite3DbFree(db, p->aColName);
	73597	+ }
73589	73598	n = nResColumn*COLNAME_N;
73590	73599	p->nResColumn = (u16)nResColumn;
73591		- p->aColName = pColName = (Mem)sqlite3DbMallocRawNN(db, sizeof(Mem)n );
	73600	+ p->aColName = (Mem)sqlite3DbMallocRawNN(db, sizeof(Mem)n );
73592	73601	if( p->aColName==0 ) return;
73593		- initMemArray(p->aColName, n, p->db, MEM_Null);
	73602	+ initMemArray(p->aColName, n, db, MEM_Null);
73594	73603	}
73595	73604
73596	73605	/*
73597	73606	** Set the name of the idx'th column to be returned by the SQL statement.
73598	73607	** zName must be a pointer to a nul terminated string.
		@@ -74238,14 +74247,14 @@
74238	74247	sqlite3BeginBenignMalloc();
74239	74248	if( db->pErr==0 ) db->pErr = sqlite3ValueNew(db);
74240	74249	sqlite3ValueSetStr(db->pErr, -1, p->zErrMsg, SQLITE_UTF8, SQLITE_TRANSIENT);
74241	74250	sqlite3EndBenignMalloc();
74242	74251	db->bBenignMalloc--;
74243		- db->errCode = rc;
74244		- }else{
74245		- sqlite3Error(db, rc);
	74252	+ }else if( db->pErr ){
	74253	+ sqlite3ValueSetNull(db->pErr);
74246	74254	}
	74255	+ db->errCode = rc;
74247	74256	return rc;
74248	74257	}
74249	74258
74250	74259	#ifdef SQLITE_ENABLE_SQLLOG
74251	74260	/*
		@@ -75149,23 +75158,24 @@
75149	75158	** comparison function directly */
75150	75159	return pColl->xCmp(pColl->pUser,pMem1->n,pMem1->z,pMem2->n,pMem2->z);
75151	75160	}else{
75152	75161	int rc;
75153	75162	const void v1, v2;
75154		- int n1, n2;
75155	75163	Mem c1;
75156	75164	Mem c2;
75157	75165	sqlite3VdbeMemInit(&c1, pMem1->db, MEM_Null);
75158	75166	sqlite3VdbeMemInit(&c2, pMem1->db, MEM_Null);
75159	75167	sqlite3VdbeMemShallowCopy(&c1, pMem1, MEM_Ephem);
75160	75168	sqlite3VdbeMemShallowCopy(&c2, pMem2, MEM_Ephem);
75161	75169	v1 = sqlite3ValueText((sqlite3_value*)&c1, pColl->enc);
75162		- n1 = v1==0 ? 0 : c1.n;
75163	75170	v2 = sqlite3ValueText((sqlite3_value*)&c2, pColl->enc);
75164		- n2 = v2==0 ? 0 : c2.n;
75165		- rc = pColl->xCmp(pColl->pUser, n1, v1, n2, v2);
75166		- if( (v1==0 \|\| v2==0) && prcErr ) *prcErr = SQLITE_NOMEM_BKPT;
	75171	+ if( (v1==0 \|\| v2==0) ){
	75172	+ if( prcErr ) *prcErr = SQLITE_NOMEM_BKPT;
	75173	+ rc = 0;
	75174	+ }else{
	75175	+ rc = pColl->xCmp(pColl->pUser, c1.n, v1, c2.n, v2);
	75176	+ }
75167	75177	sqlite3VdbeMemRelease(&c1);
75168	75178	sqlite3VdbeMemRelease(&c2);
75169	75179	return rc;
75170	75180	}
75171	75181	}
		@@ -77397,12 +77407,14 @@
77397	77407	pVar = &p->aVar[i-1];
77398	77408	rc = sqlite3VdbeMemSetStr(pVar, zData, nData, encoding, xDel);
77399	77409	if( rc==SQLITE_OK && encoding!=0 ){
77400	77410	rc = sqlite3VdbeChangeEncoding(pVar, ENC(p->db));
77401	77411	}
77402		- sqlite3Error(p->db, rc);
77403		- rc = sqlite3ApiExit(p->db, rc);
	77412	+ if( rc ){
	77413	+ sqlite3Error(p->db, rc);
	77414	+ rc = sqlite3ApiExit(p->db, rc);
	77415	+ }
77404	77416	}
77405	77417	sqlite3_mutex_leave(p->db->mutex);
77406	77418	}else if( xDel!=SQLITE_STATIC && xDel!=SQLITE_TRANSIENT ){
77407	77419	xDel((void*)zData);
77408	77420	}
		@@ -77705,12 +77717,23 @@
77705	77717	if( !pStmt ){
77706	77718	(void)SQLITE_MISUSE_BKPT;
77707	77719	return 0;
77708	77720	}
77709	77721	#endif
77710		- v = pVdbe->aCounter[op];
77711		- if( resetFlag ) pVdbe->aCounter[op] = 0;
	77722	+ if( op==SQLITE_STMTSTATUS_MEMUSED ){
	77723	+ sqlite3 *db = pVdbe->db;
	77724	+ sqlite3_mutex_enter(db->mutex);
	77725	+ v = 0;
	77726	+ db->pnBytesFreed = (int*)&v;
	77727	+ sqlite3VdbeClearObject(db, pVdbe);
	77728	+ sqlite3DbFree(db, pVdbe);
	77729	+ db->pnBytesFreed = 0;
	77730	+ sqlite3_mutex_leave(db->mutex);
	77731	+ }else{
	77732	+ v = pVdbe->aCounter[op];
	77733	+ if( resetFlag ) pVdbe->aCounter[op] = 0;
	77734	+ }
77712	77735	return (int)v;
77713	77736	}
77714	77737
77715	77738	/*
77716	77739	** Return the SQL associated with a prepared statement
		@@ -78861,11 +78884,11 @@
78861	78884	u8 resetSchemaOnFault = 0; /* Reset schema after an error if positive */
78862	78885	u8 encoding = ENC(db); /* The database encoding */
78863	78886	int iCompare = 0; /* Result of last comparison */
78864	78887	unsigned nVmStep = 0; /* Number of virtual machine steps */
78865	78888	#ifndef SQLITE_OMIT_PROGRESS_CALLBACK
78866		- unsigned nProgressLimit = 0;/* Invoke xProgress() when nVmStep reaches this */
	78889	+ unsigned nProgressLimit; /* Invoke xProgress() when nVmStep reaches this */
78867	78890	#endif
78868	78891	Mem aMem = p->aMem; / Copy of p->aMem */
78869	78892	Mem pIn1 = 0; / 1st input operand */
78870	78893	Mem pIn2 = 0; / 2nd input operand */
78871	78894	Mem pIn3 = 0; / 3rd input operand */
		@@ -78893,10 +78916,12 @@
78893	78916	#ifndef SQLITE_OMIT_PROGRESS_CALLBACK
78894	78917	if( db->xProgress ){
78895	78918	u32 iPrior = p->aCounter[SQLITE_STMTSTATUS_VM_STEP];
78896	78919	assert( 0 < db->nProgressOps );
78897	78920	nProgressLimit = db->nProgressOps - (iPrior % db->nProgressOps);
	78921	+ }else{
	78922	+ nProgressLimit = 0xffffffff;
78898	78923	}
78899	78924	#endif
78900	78925	#ifdef SQLITE_DEBUG
78901	78926	sqlite3BeginBenignMalloc();
78902	78927	if( p->pc==0
		@@ -79070,11 +79095,11 @@
79070	79095	** of VDBE ops have been executed (either since this invocation of
79071	79096	** sqlite3VdbeExec() or since last time the progress callback was called).
79072	79097	** If the progress callback returns non-zero, exit the virtual machine with
79073	79098	** a return code SQLITE_ABORT.
79074	79099	*/
79075		- if( db->xProgress!=0 && nVmStep>=nProgressLimit ){
	79100	+ if( nVmStep>=nProgressLimit && db->xProgress!=0 ){
79076	79101	assert( db->nProgressOps!=0 );
79077	79102	nProgressLimit = nVmStep + db->nProgressOps - (nVmStep%db->nProgressOps);
79078	79103	if( db->xProgress(db->pProgressArg) ){
79079	79104	rc = SQLITE_INTERRUPT;
79080	79105	goto abort_due_to_error;
		@@ -79612,11 +79637,11 @@
79612	79637
79613	79638	#ifndef SQLITE_OMIT_PROGRESS_CALLBACK
79614	79639	/* Run the progress counter just before returning.
79615	79640	*/
79616	79641	if( db->xProgress!=0
79617		- && nVmStep>=nProgressLimit
	79642	+ && nVmStep>=nProgressLimit
79618	79643	&& db->xProgress(db->pProgressArg)!=0
79619	79644	){
79620	79645	rc = SQLITE_INTERRUPT;
79621	79646	goto abort_due_to_error;
79622	79647	}
		@@ -80783,11 +80808,13 @@
80783	80808	Mem pReg; / PseudoTable input register */
80784	80809
80785	80810	pC = p->apCsr[pOp->p1];
80786	80811	p2 = pOp->p2;
80787	80812
80788		- /* If the cursor cache is stale, bring it up-to-date */
	80813	+ /* If the cursor cache is stale (meaning it is not currently point at
	80814	+ ** the correct row) then bring it up-to-date by doing the necessary
	80815	+ ** B-Tree seek. */
80789	80816	rc = sqlite3VdbeCursorMoveto(&pC, &p2);
80790	80817	if( rc ) goto abort_due_to_error;
80791	80818
80792	80819	assert( pOp->p3>0 && pOp->p3<=(p->nMem+1 - p->nCursor) );
80793	80820	pDest = &aMem[pOp->p3];
		@@ -82265,21 +82292,35 @@
82265	82292	sqlite3_search_count++;
82266	82293	#endif
82267	82294	if( oc>=OP_SeekGE ){ assert( oc==OP_SeekGE \|\| oc==OP_SeekGT );
82268	82295	if( res<0 \|\| (res==0 && oc==OP_SeekGT) ){
82269	82296	res = 0;
82270		- rc = sqlite3BtreeNext(pC->uc.pCursor, &res);
82271		- if( rc!=SQLITE_OK ) goto abort_due_to_error;
	82297	+ rc = sqlite3BtreeNext(pC->uc.pCursor, 0);
	82298	+ if( rc!=SQLITE_OK ){
	82299	+ if( rc==SQLITE_DONE ){
	82300	+ rc = SQLITE_OK;
	82301	+ res = 1;
	82302	+ }else{
	82303	+ goto abort_due_to_error;
	82304	+ }
	82305	+ }
82272	82306	}else{
82273	82307	res = 0;
82274	82308	}
82275	82309	}else{
82276	82310	assert( oc==OP_SeekLT \|\| oc==OP_SeekLE );
82277	82311	if( res>0 \|\| (res==0 && oc==OP_SeekLT) ){
82278	82312	res = 0;
82279		- rc = sqlite3BtreePrevious(pC->uc.pCursor, &res);
82280		- if( rc!=SQLITE_OK ) goto abort_due_to_error;
	82313	+ rc = sqlite3BtreePrevious(pC->uc.pCursor, 0);
	82314	+ if( rc!=SQLITE_OK ){
	82315	+ if( rc==SQLITE_DONE ){
	82316	+ rc = SQLITE_OK;
	82317	+ res = 1;
	82318	+ }else{
	82319	+ goto abort_due_to_error;
	82320	+ }
	82321	+ }
82281	82322	}else{
82282	82323	/* res might be negative because the table is empty. Check to
82283	82324	** see if this is the case.
82284	82325	*/
82285	82326	res = sqlite3BtreeEof(pC->uc.pCursor);
		@@ -83381,16 +83422,14 @@
83381	83422	** invoked. This opcode advances the cursor to the next sorted
83382	83423	** record, or jumps to P2 if there are no more sorted records.
83383	83424	*/
83384	83425	case OP_SorterNext: { /* jump */
83385	83426	VdbeCursor *pC;
83386		- int res;
83387	83427
83388	83428	pC = p->apCsr[pOp->p1];
83389	83429	assert( isSorter(pC) );
83390		- res = 0;
83391		- rc = sqlite3VdbeSorterNext(db, pC, &res);
	83430	+ rc = sqlite3VdbeSorterNext(db, pC);
83392	83431	goto next_tail;
83393	83432	case OP_PrevIfOpen: /* jump */
83394	83433	case OP_NextIfOpen: /* jump */
83395	83434	if( p->apCsr[pOp->p1]==0 ) break;
83396	83435	/* Fall through */
		@@ -83397,16 +83436,13 @@
83397	83436	case OP_Prev: /* jump */
83398	83437	case OP_Next: /* jump */
83399	83438	assert( pOp->p1>=0 && pOp->p1<p->nCursor );
83400	83439	assert( pOp->p5<ArraySize(p->aCounter) );
83401	83440	pC = p->apCsr[pOp->p1];
83402		- res = pOp->p3;
83403	83441	assert( pC!=0 );
83404	83442	assert( pC->deferredMoveto==0 );
83405	83443	assert( pC->eCurType==CURTYPE_BTREE );
83406		- assert( res==0 \|\| (res==1 && pC->isTable==0) );
83407		- testcase( res==1 );
83408	83444	assert( pOp->opcode!=OP_Next \|\| pOp->p4.xAdvance==sqlite3BtreeNext );
83409	83445	assert( pOp->opcode!=OP_Prev \|\| pOp->p4.xAdvance==sqlite3BtreePrevious );
83410	83446	assert( pOp->opcode!=OP_NextIfOpen \|\| pOp->p4.xAdvance==sqlite3BtreeNext );
83411	83447	assert( pOp->opcode!=OP_PrevIfOpen \|\| pOp->p4.xAdvance==sqlite3BtreePrevious);
83412	83448
		@@ -83417,25 +83453,25 @@
83417	83453	\|\| pC->seekOp==OP_Rewind \|\| pC->seekOp==OP_Found);
83418	83454	assert( pOp->opcode!=OP_Prev \|\| pOp->opcode!=OP_PrevIfOpen
83419	83455	\|\| pC->seekOp==OP_SeekLT \|\| pC->seekOp==OP_SeekLE
83420	83456	\|\| pC->seekOp==OP_Last );
83421	83457
83422		- rc = pOp->p4.xAdvance(pC->uc.pCursor, &res);
	83458	+ rc = pOp->p4.xAdvance(pC->uc.pCursor, pOp->p3);
83423	83459	next_tail:
83424	83460	pC->cacheStatus = CACHE_STALE;
83425		- VdbeBranchTaken(res==0,2);
83426		- if( rc ) goto abort_due_to_error;
83427		- if( res==0 ){
	83461	+ VdbeBranchTaken(rc==SQLITE_OK,2);
	83462	+ if( rc==SQLITE_OK ){
83428	83463	pC->nullRow = 0;
83429	83464	p->aCounter[pOp->p5]++;
83430	83465	#ifdef SQLITE_TEST
83431	83466	sqlite3_search_count++;
83432	83467	#endif
83433	83468	goto jump_to_p2_and_check_for_interrupt;
83434		- }else{
83435		- pC->nullRow = 1;
83436	83469	}
	83470	+ if( rc!=SQLITE_DONE ) goto abort_due_to_error;
	83471	+ rc = SQLITE_OK;
	83472	+ pC->nullRow = 1;
83437	83473	goto check_for_interrupt;
83438	83474	}
83439	83475
83440	83476	/* Opcode: IdxInsert P1 P2 P3 P4 P5
83441	83477	** Synopsis: key=r[P2]
		@@ -83542,12 +83578,12 @@
83542	83578	pC->cacheStatus = CACHE_STALE;
83543	83579	pC->seekResult = 0;
83544	83580	break;
83545	83581	}
83546	83582
83547		-/* Opcode: Seek P1 * P3 P4 *
83548		-** Synopsis: Move P3 to P1.rowid
	83583	+/* Opcode: DeferredSeek P1 * P3 P4 *
	83584	+** Synopsis: Move P3 to P1.rowid if needed
83549	83585	**
83550	83586	** P1 is an open index cursor and P3 is a cursor on the corresponding
83551	83587	** table. This opcode does a deferred seek of the P3 table cursor
83552	83588	** to the row that corresponds to the current row of P1.
83553	83589	**
		@@ -83570,15 +83606,15 @@
83570	83606	** the end of the index key pointed to by cursor P1. This integer should be
83571	83607	** the rowid of the table entry to which this index entry points.
83572	83608	**
83573	83609	** See also: Rowid, MakeRecord.
83574	83610	*/
83575		-case OP_Seek:
83576		-case OP_IdxRowid: { /* out2 */
83577		- VdbeCursor pC; / The P1 index cursor */
83578		- VdbeCursor pTabCur; / The P2 table cursor (OP_Seek only) */
83579		- i64 rowid; /* Rowid that P1 current points to */
	83611	+case OP_DeferredSeek:
	83612	+case OP_IdxRowid: { /* out2 */
	83613	+ VdbeCursor pC; / The P1 index cursor */
	83614	+ VdbeCursor pTabCur; / The P2 table cursor (OP_DeferredSeek only) */
	83615	+ i64 rowid; /* Rowid that P1 current points to */
83580	83616
83581	83617	assert( pOp->p1>=0 && pOp->p1<p->nCursor );
83582	83618	pC = p->apCsr[pOp->p1];
83583	83619	assert( pC!=0 );
83584	83620	assert( pC->eCurType==CURTYPE_BTREE );
		@@ -83600,11 +83636,11 @@
83600	83636	rowid = 0; /* Not needed. Only used to silence a warning. */
83601	83637	rc = sqlite3VdbeIdxRowid(db, pC->uc.pCursor, &rowid);
83602	83638	if( rc!=SQLITE_OK ){
83603	83639	goto abort_due_to_error;
83604	83640	}
83605		- if( pOp->opcode==OP_Seek ){
	83641	+ if( pOp->opcode==OP_DeferredSeek ){
83606	83642	assert( pOp->p3>=0 && pOp->p3<p->nCursor );
83607	83643	pTabCur = p->apCsr[pOp->p3];
83608	83644	assert( pTabCur!=0 );
83609	83645	assert( pTabCur->eCurType==CURTYPE_BTREE );
83610	83646	assert( pTabCur->uc.pCursor!=0 );
		@@ -86827,13 +86863,13 @@
86827	86863
86828	86864	int n1;
86829	86865	int n2;
86830	86866	int res;
86831	86867
86832		- getVarint32(&p1[1], n1); n1 = (n1 - 13) / 2;
86833		- getVarint32(&p2[1], n2); n2 = (n2 - 13) / 2;
86834		- res = memcmp(v1, v2, MIN(n1, n2));
	86868	+ getVarint32(&p1[1], n1);
	86869	+ getVarint32(&p2[1], n2);
	86870	+ res = memcmp(v1, v2, (MIN(n1, n2) - 13)/2);
86835	86871	if( res==0 ){
86836	86872	res = n1 - n2;
86837	86873	}
86838	86874
86839	86875	if( res==0 ){
		@@ -88624,13 +88660,17 @@
88624	88660	vdbeSorterRewindDebug("rewinddone");
88625	88661	return rc;
88626	88662	}
88627	88663
88628	88664	/*
88629		-** Advance to the next element in the sorter.
	88665	+** Advance to the next element in the sorter. Return value:
	88666	+**
	88667	+** SQLITE_OK success
	88668	+** SQLITE_DONE end of data
	88669	+** otherwise some kind of error.
88630	88670	*/
88631		-SQLITE_PRIVATE int sqlite3VdbeSorterNext(sqlite3 db, const VdbeCursor pCsr, int *pbEof){
	88671	+SQLITE_PRIVATE int sqlite3VdbeSorterNext(sqlite3 db, const VdbeCursor pCsr){
88632	88672	VdbeSorter *pSorter;
88633	88673	int rc; /* Return code */
88634	88674
88635	88675	assert( pCsr->eCurType==CURTYPE_SORTER );
88636	88676	pSorter = pCsr->uc.pSorter;
		@@ -88640,25 +88680,26 @@
88640	88680	assert( pSorter->bUseThreads==0 \|\| pSorter->pReader );
88641	88681	assert( pSorter->bUseThreads==1 \|\| pSorter->pMerger );
88642	88682	#if SQLITE_MAX_WORKER_THREADS>0
88643	88683	if( pSorter->bUseThreads ){
88644	88684	rc = vdbePmaReaderNext(pSorter->pReader);
88645		- *pbEof = (pSorter->pReader->pFd==0);
	88685	+ if( rc==SQLITE_OK && pSorter->pReader->pFd==0 ) rc = SQLITE_DONE;
88646	88686	}else
88647	88687	#endif
88648	88688	/if( !pSorter->bUseThreads )/ {
	88689	+ int res = 0;
88649	88690	assert( pSorter->pMerger!=0 );
88650	88691	assert( pSorter->pMerger->pTask==(&pSorter->aTask[0]) );
88651		- rc = vdbeMergeEngineStep(pSorter->pMerger, pbEof);
	88692	+ rc = vdbeMergeEngineStep(pSorter->pMerger, &res);
	88693	+ if( rc==SQLITE_OK && res ) rc = SQLITE_DONE;
88652	88694	}
88653	88695	}else{
88654	88696	SorterRecord *pFree = pSorter->list.pList;
88655	88697	pSorter->list.pList = pFree->u.pNext;
88656	88698	pFree->u.pNext = 0;
88657	88699	if( pSorter->list.aMemory==0 ) vdbeSorterRecordFree(db, pFree);
88658		- *pbEof = !pSorter->list.pList;
88659		- rc = SQLITE_OK;
	88700	+ rc = pSorter->list.pList ? SQLITE_OK : SQLITE_DONE;
88660	88701	}
88661	88702	return rc;
88662	88703	}
88663	88704
88664	88705	/*
		@@ -89308,44 +89349,37 @@
89308	89349	** Invoke sqlite3WalkSelect() for subqueries in the FROM clause and
89309	89350	** on the compound select chain, p->pPrior.
89310	89351	**
89311	89352	** If it is not NULL, the xSelectCallback() callback is invoked before
89312	89353	** the walk of the expressions and FROM clause. The xSelectCallback2()
89313		-** method, if it is not NULL, is invoked following the walk of the
89314		-** expressions and FROM clause.
	89354	+** method is invoked following the walk of the expressions and FROM clause,
	89355	+** but only if both xSelectCallback and xSelectCallback2 are both non-NULL
	89356	+** and if the expressions and FROM clause both return WRC_Continue;
89315	89357	**
89316	89358	** Return WRC_Continue under normal conditions. Return WRC_Abort if
89317	89359	** there is an abort request.
89318	89360	**
89319	89361	** If the Walker does not have an xSelectCallback() then this routine
89320	89362	** is a no-op returning WRC_Continue.
89321	89363	*/
89322	89364	SQLITE_PRIVATE int sqlite3WalkSelect(Walker pWalker, Select p){
89323	89365	int rc;
89324		- if( p==0 \|\| (pWalker->xSelectCallback==0 && pWalker->xSelectCallback2==0) ){
89325		- return WRC_Continue;
89326		- }
89327		- rc = WRC_Continue;
89328		- pWalker->walkerDepth++;
89329		- while( p ){
89330		- if( pWalker->xSelectCallback ){
89331		- rc = pWalker->xSelectCallback(pWalker, p);
89332		- if( rc ) break;
89333		- }
	89366	+ if( p==0 \|\| pWalker->xSelectCallback==0 ) return WRC_Continue;
	89367	+ do{
	89368	+ rc = pWalker->xSelectCallback(pWalker, p);
	89369	+ if( rc ) return rc & WRC_Abort;
89334	89370	if( sqlite3WalkSelectExpr(pWalker, p)
89335	89371	\|\| sqlite3WalkSelectFrom(pWalker, p)
89336	89372	){
89337		- pWalker->walkerDepth--;
89338	89373	return WRC_Abort;
89339	89374	}
89340	89375	if( pWalker->xSelectCallback2 ){
89341	89376	pWalker->xSelectCallback2(pWalker, p);
89342	89377	}
89343	89378	p = p->pPrior;
89344		- }
89345		- pWalker->walkerDepth--;
89346		- return rc & WRC_Abort;
	89379	+ }while( p!=0 );
	89380	+ return WRC_Continue;
89347	89381	}
89348	89382
89349	89383	/************ End of walker.c ********************************************/
89350	89384	/************ Begin file resolve.c ***************************************/
89351	89385	/*
		@@ -90778,41 +90812,33 @@
90778	90812	Expr pExpr / The expression to be analyzed. */
90779	90813	){
90780	90814	u16 savedHasAgg;
90781	90815	Walker w;
90782	90816
90783		- if( pExpr==0 ) return 0;
90784		-#if SQLITE_MAX_EXPR_DEPTH>0
90785		- {
90786		- Parse *pParse = pNC->pParse;
90787		- if( sqlite3ExprCheckHeight(pParse, pExpr->nHeight+pNC->pParse->nHeight) ){
90788		- return 1;
90789		- }
90790		- pParse->nHeight += pExpr->nHeight;
90791		- }
90792		-#endif
	90817	+ if( pExpr==0 ) return SQLITE_OK;
90793	90818	savedHasAgg = pNC->ncFlags & (NC_HasAgg\|NC_MinMaxAgg);
90794	90819	pNC->ncFlags &= ~(NC_HasAgg\|NC_MinMaxAgg);
90795	90820	w.pParse = pNC->pParse;
90796	90821	w.xExprCallback = resolveExprStep;
90797	90822	w.xSelectCallback = resolveSelectStep;
90798	90823	w.xSelectCallback2 = 0;
90799		- w.walkerDepth = 0;
90800		- w.eCode = 0;
90801	90824	w.u.pNC = pNC;
	90825	+#if SQLITE_MAX_EXPR_DEPTH>0
	90826	+ w.pParse->nHeight += pExpr->nHeight;
	90827	+ if( sqlite3ExprCheckHeight(w.pParse, w.pParse->nHeight) ){
	90828	+ return SQLITE_ERROR;
	90829	+ }
	90830	+#endif
90802	90831	sqlite3WalkExpr(&w, pExpr);
90803	90832	#if SQLITE_MAX_EXPR_DEPTH>0
90804		- pNC->pParse->nHeight -= pExpr->nHeight;
	90833	+ w.pParse->nHeight -= pExpr->nHeight;
90805	90834	#endif
90806		- if( pNC->nErr>0 \|\| w.pParse->nErr>0 ){
90807		- ExprSetProperty(pExpr, EP_Error);
90808		- }
90809	90835	if( pNC->ncFlags & NC_HasAgg ){
90810	90836	ExprSetProperty(pExpr, EP_Agg);
90811	90837	}
90812	90838	pNC->ncFlags \|= savedHasAgg;
90813		- return ExprHasProperty(pExpr, EP_Error);
	90839	+ return pNC->nErr>0 \|\| w.pParse->nErr>0;
90814	90840	}
90815	90841
90816	90842	/*
90817	90843	** Resolve all names for all expression in an expression list. This is
90818	90844	** just like sqlite3ResolveExprNames() except that it works for an expression
		@@ -90849,13 +90875,13 @@
90849	90875	NameContext pOuterNC / Name context for parent SELECT statement */
90850	90876	){
90851	90877	Walker w;
90852	90878
90853	90879	assert( p!=0 );
90854		- memset(&w, 0, sizeof(w));
90855	90880	w.xExprCallback = resolveExprStep;
90856	90881	w.xSelectCallback = resolveSelectStep;
	90882	+ w.xSelectCallback2 = 0;
90857	90883	w.pParse = pParse;
90858	90884	w.u.pNC = pOuterNC;
90859	90885	sqlite3WalkSelect(&w, p);
90860	90886	}
90861	90887
		@@ -92384,11 +92410,13 @@
92384	92410	}
92385	92411	pList = pNew;
92386	92412	pList->nAlloc *= 2;
92387	92413	}
92388	92414	pItem = &pList->a[pList->nExpr++];
92389		- memset(pItem, 0, sizeof(*pItem));
	92415	+ assert( offsetof(struct ExprList_item,zName)==sizeof(pItem->pExpr) );
	92416	+ assert( offsetof(struct ExprList_item,pExpr)==0 );
	92417	+ memset(&pItem->zName,0,sizeof(*pItem)-offsetof(struct ExprList_item,zName));
92390	92418	pItem->pExpr = pExpr;
92391	92419	return pList;
92392	92420
92393	92421	no_mem:
92394	92422	/* Avoid leaking memory if malloc has failed. */
		@@ -92668,14 +92696,16 @@
92668	92696	pWalker->eCode = 0;
92669	92697	return WRC_Abort;
92670	92698	}
92671	92699	static int exprIsConst(Expr *p, int initFlag, int iCur){
92672	92700	Walker w;
92673		- memset(&w, 0, sizeof(w));
92674	92701	w.eCode = initFlag;
92675	92702	w.xExprCallback = exprNodeIsConstant;
92676	92703	w.xSelectCallback = selectNodeIsConstant;
	92704	+#ifdef SQLITE_DEBUG
	92705	+ w.xSelectCallback2 = sqlite3SelectWalkAssert2;
	92706	+#endif
92677	92707	w.u.iCur = iCur;
92678	92708	sqlite3WalkExpr(&w, p);
92679	92709	return w.eCode;
92680	92710	}
92681	92711
		@@ -92759,13 +92789,13 @@
92759	92789	** optimization, so we take the easy way out and simply require the
92760	92790	** GROUP BY to use the BINARY collating sequence.
92761	92791	*/
92762	92792	SQLITE_PRIVATE int sqlite3ExprIsConstantOrGroupBy(Parse pParse, Expr p, ExprList *pGroupBy){
92763	92793	Walker w;
92764		- memset(&w, 0, sizeof(w));
92765	92794	w.eCode = 1;
92766	92795	w.xExprCallback = exprNodeIsConstantOrGroupBy;
	92796	+ w.xSelectCallback = 0;
92767	92797	w.u.pGroupBy = pGroupBy;
92768	92798	w.pParse = pParse;
92769	92799	sqlite3WalkExpr(&w, p);
92770	92800	return w.eCode;
92771	92801	}
		@@ -92789,14 +92819,16 @@
92789	92819	** Walk an expression tree. Return 1 if the expression contains a
92790	92820	** subquery of some kind. Return 0 if there are no subqueries.
92791	92821	*/
92792	92822	SQLITE_PRIVATE int sqlite3ExprContainsSubquery(Expr *p){
92793	92823	Walker w;
92794		- memset(&w, 0, sizeof(w));
92795	92824	w.eCode = 1;
92796	92825	w.xExprCallback = sqlite3ExprWalkNoop;
92797	92826	w.xSelectCallback = selectNodeIsConstant;
	92827	+#ifdef SQLITE_DEBUG
	92828	+ w.xSelectCallback2 = sqlite3SelectWalkAssert2;
	92829	+#endif
92798	92830	sqlite3WalkExpr(&w, p);
92799	92831	return w.eCode==0;
92800	92832	}
92801	92833	#endif
92802	92834
		@@ -95797,12 +95829,12 @@
95797	95829	*/
95798	95830	SQLITE_PRIVATE int sqlite3FunctionUsesThisSrc(Expr pExpr, SrcList pSrcList){
95799	95831	Walker w;
95800	95832	struct SrcCount cnt;
95801	95833	assert( pExpr->op==TK_AGG_FUNCTION );
95802		- memset(&w, 0, sizeof(w));
95803	95834	w.xExprCallback = exprSrcCount;
	95835	+ w.xSelectCallback = 0;
95804	95836	w.u.pSrcCount = &cnt;
95805	95837	cnt.pSrc = pSrcList;
95806	95838	cnt.nThis = 0;
95807	95839	cnt.nOther = 0;
95808	95840	sqlite3WalkExprList(&w, pExpr->x.pList);
		@@ -95970,13 +96002,17 @@
95970	96002	}
95971	96003	}
95972	96004	return WRC_Continue;
95973	96005	}
95974	96006	static int analyzeAggregatesInSelect(Walker pWalker, Select pSelect){
95975		- UNUSED_PARAMETER(pWalker);
	96007	+ UNUSED_PARAMETER(pSelect);
	96008	+ pWalker->walkerDepth++;
	96009	+ return WRC_Continue;
	96010	+}
	96011	+static void analyzeAggregatesInSelectEnd(Walker pWalker, Select pSelect){
95976	96012	UNUSED_PARAMETER(pSelect);
95977		- return WRC_Continue;
	96013	+ pWalker->walkerDepth--;
95978	96014	}
95979	96015
95980	96016	/*
95981	96017	** Analyze the pExpr expression looking for aggregate functions and
95982	96018	** for variables that need to be added to AggInfo object that pNC->pAggInfo
		@@ -95986,13 +96022,14 @@
95986	96022	** This routine should only be called after the expression has been
95987	96023	** analyzed by sqlite3ResolveExprNames().
95988	96024	*/
95989	96025	SQLITE_PRIVATE void sqlite3ExprAnalyzeAggregates(NameContext pNC, Expr pExpr){
95990	96026	Walker w;
95991		- memset(&w, 0, sizeof(w));
95992	96027	w.xExprCallback = analyzeAggregate;
95993	96028	w.xSelectCallback = analyzeAggregatesInSelect;
	96029	+ w.xSelectCallback2 = analyzeAggregatesInSelectEnd;
	96030	+ w.walkerDepth = 0;
95994	96031	w.u.pNC = pNC;
95995	96032	assert( pNC->pSrcList!=0 );
95996	96033	sqlite3WalkExpr(&w, pExpr);
95997	96034	}
95998	96035
		@@ -100633,11 +100670,15 @@
100633	100670	}
100634	100671	pTable->zName = zName;
100635	100672	pTable->iPKey = -1;
100636	100673	pTable->pSchema = db->aDb[iDb].pSchema;
100637	100674	pTable->nTabRef = 1;
	100675	+#ifdef SQLITE_DEFAULT_ROWEST
	100676	+ pTable->nRowLogEst = sqlite3LogEst(SQLITE_DEFAULT_ROWEST);
	100677	+#else
100638	100678	pTable->nRowLogEst = 200; assert( 200==sqlite3LogEst(1048576) );
	100679	+#endif
100639	100680	assert( pParse->pNewTable==0 );
100640	100681	pParse->pNewTable = pTable;
100641	100682
100642	100683	/* If this is the magic sqlite_sequence table used by autoincrement,
100643	100684	** then record a pointer to this table in the main database structure
		@@ -104984,11 +105025,11 @@
104984	105025	** It is easier just to erase the whole table. Prior to version 3.6.5,
104985	105026	** this optimization caused the row change count (the value returned by
104986	105027	** API function sqlite3_count_changes) to be set incorrectly.
104987	105028	**
104988	105029	** The "rcauth==SQLITE_OK" terms is the
104989		- ** IMPLEMENATION-OF: R-17228-37124 If the action code is SQLITE_DELETE and
	105030	+ ** IMPLEMENTATION-OF: R-17228-37124 If the action code is SQLITE_DELETE and
104990	105031	** the callback returns SQLITE_IGNORE then the DELETE operation proceeds but
104991	105032	** the truncate optimization is disabled and all rows are deleted
104992	105033	** individually.
104993	105034	*/
104994	105035	if( rcauth==SQLITE_OK
		@@ -105090,11 +105131,11 @@
105090	105131	sqlite3VdbeAddOp4(v, OP_MakeRecord, iPk, nPk, iKey,
105091	105132	sqlite3IndexAffinityStr(pParse->db, pPk), nPk);
105092	105133	sqlite3VdbeAddOp4Int(v, OP_IdxInsert, iEphCur, iKey, iPk, nPk);
105093	105134	}else{
105094	105135	/* Add the rowid of the row to be deleted to the RowSet */
105095		- nKey = 1; /* OP_Seek always uses a single rowid */
	105136	+ nKey = 1; /* OP_DeferredSeek always uses a single rowid */
105096	105137	sqlite3VdbeAddOp2(v, OP_RowSetAdd, iRowSet, iKey);
105097	105138	}
105098	105139	}
105099	105140
105100	105141	/* If this DELETE cannot use the ONEPASS strategy, this is the
		@@ -109354,14 +109395,14 @@
109354	109395	Trigger pTrigger; / List of triggers on pTab, if required */
109355	109396	int tmask; /* Mask of trigger times */
109356	109397	#endif
109357	109398
109358	109399	db = pParse->db;
109359		- memset(&dest, 0, sizeof(dest));
109360	109400	if( pParse->nErr \|\| db->mallocFailed ){
109361	109401	goto insert_cleanup;
109362	109402	}
	109403	+ dest.iSDParm = 0; /* Suppress a harmless compiler warning */
109363	109404
109364	109405	/* If the Select object is really just a simple VALUES() list with a
109365	109406	** single row (the common case) then keep that one row of values
109366	109407	** and discard the other (unused) parts of the pSelect object
109367	109408	*/
		@@ -117550,11 +117591,11 @@
117550	117591	/*
117551	117592	** Allocate a KeyInfo object sufficient for an index of N key columns and
117552	117593	** X extra columns.
117553	117594	*/
117554	117595	SQLITE_PRIVATE KeyInfo sqlite3KeyInfoAlloc(sqlite3 db, int N, int X){
117555		- int nExtra = (N+X)(sizeof(CollSeq)+1);
	117596	+ int nExtra = (N+X)(sizeof(CollSeq)+1) - sizeof(CollSeq*);
117556	117597	KeyInfo *p = sqlite3DbMallocRawNN(db, sizeof(KeyInfo) + nExtra);
117557	117598	if( p ){
117558	117599	p->aSortOrder = (u8*)&p->aColl[N+X];
117559	117600	p->nField = (u16)N;
117560	117601	p->nXField = (u16)X;
		@@ -121129,10 +121170,29 @@
121129	121170	SQLITE_PRIVATE int sqlite3ExprWalkNoop(Walker NotUsed, Expr NotUsed2){
121130	121171	UNUSED_PARAMETER2(NotUsed, NotUsed2);
121131	121172	return WRC_Continue;
121132	121173	}
121133	121174
	121175	+/*
	121176	+** No-op routine for the parse-tree walker for SELECT statements.
	121177	+** subquery in the parser tree.
	121178	+*/
	121179	+SQLITE_PRIVATE int sqlite3SelectWalkNoop(Walker NotUsed, Select NotUsed2){
	121180	+ UNUSED_PARAMETER2(NotUsed, NotUsed2);
	121181	+ return WRC_Continue;
	121182	+}
	121183	+
	121184	+#if SQLITE_DEBUG
	121185	+/*
	121186	+** Always assert. This xSelectCallback2 implementation proves that the
	121187	+** xSelectCallback2 is never invoked.
	121188	+*/
	121189	+SQLITE_PRIVATE void sqlite3SelectWalkAssert2(Walker NotUsed, Select NotUsed2){
	121190	+ UNUSED_PARAMETER2(NotUsed, NotUsed2);
	121191	+ assert( 0 );
	121192	+}
	121193	+#endif
121134	121194	/*
121135	121195	** This routine "expands" a SELECT statement and all of its subqueries.
121136	121196	** For additional information on what it means to "expand" a SELECT
121137	121197	** statement, see the comment on the selectExpand worker callback above.
121138	121198	**
		@@ -121144,15 +121204,15 @@
121144	121204	** The calling function can detect the problem by looking at pParse->nErr
121145	121205	** and/or pParse->db->mallocFailed.
121146	121206	*/
121147	121207	static void sqlite3SelectExpand(Parse pParse, Select pSelect){
121148	121208	Walker w;
121149		- memset(&w, 0, sizeof(w));
121150	121209	w.xExprCallback = sqlite3ExprWalkNoop;
121151	121210	w.pParse = pParse;
121152	121211	if( pParse->hasCompound ){
121153	121212	w.xSelectCallback = convertCompoundSelectToSubquery;
	121213	+ w.xSelectCallback2 = 0;
121154	121214	sqlite3WalkSelect(&w, pSelect);
121155	121215	}
121156	121216	w.xSelectCallback = selectExpander;
121157	121217	w.xSelectCallback2 = selectPopWith;
121158	121218	sqlite3WalkSelect(&w, pSelect);
		@@ -121208,11 +121268,11 @@
121208	121268	** Use this routine after name resolution.
121209	121269	*/
121210	121270	static void sqlite3SelectAddTypeInfo(Parse pParse, Select pSelect){
121211	121271	#ifndef SQLITE_OMIT_SUBQUERY
121212	121272	Walker w;
121213		- memset(&w, 0, sizeof(w));
	121273	+ w.xSelectCallback = sqlite3SelectWalkNoop;
121214	121274	w.xSelectCallback2 = selectAddSubqueryTypeInfo;
121215	121275	w.xExprCallback = sqlite3ExprWalkNoop;
121216	121276	w.pParse = pParse;
121217	121277	sqlite3WalkSelect(&w, pSelect);
121218	121278	#endif
		@@ -121789,10 +121849,13 @@
121789	121849	VdbeNoopComment((v, "materialize \"%s\"", pItem->pTab->zName));
121790	121850	}
121791	121851	pPrior = isSelfJoinView(pTabList, pItem);
121792	121852	if( pPrior ){
121793	121853	sqlite3VdbeAddOp2(v, OP_OpenDup, pItem->iCursor, pPrior->iCursor);
	121854	+ explainSetInteger(pItem->iSelectId, pPrior->iSelectId);
	121855	+ assert( pPrior->pSelect!=0 );
	121856	+ pSub->nSelectRow = pPrior->pSelect->nSelectRow;
121794	121857	}else{
121795	121858	sqlite3SelectDestInit(&dest, SRT_EphemTab, pItem->iCursor);
121796	121859	explainSetInteger(pItem->iSelectId, (u8)pParse->iNextSelectId);
121797	121860	sqlite3Select(pParse, pSub, &dest);
121798	121861	}
		@@ -122948,10 +123011,11 @@
122948	123011	/* Make an entry in the sqlite_master table */
122949	123012	v = sqlite3GetVdbe(pParse);
122950	123013	if( v==0 ) goto triggerfinish_cleanup;
122951	123014	sqlite3BeginWriteOperation(pParse, 0, iDb);
122952	123015	z = sqlite3DbStrNDup(db, (char*)pAll->z, pAll->n);
	123016	+ testcase( z==0 );
122953	123017	sqlite3NestedParse(pParse,
122954	123018	"INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')",
122955	123019	db->aDb[iDb].zDbSName, MASTER_NAME, zName,
122956	123020	pTrig->table, z);
122957	123021	sqlite3DbFree(db, z);
		@@ -127755,14 +127819,14 @@
127755	127819	** function generates code to do a deferred seek of cursor iCur to the
127756	127820	** rowid stored in register iRowid.
127757	127821	**
127758	127822	** Normally, this is just:
127759	127823	**
127760		-** OP_Seek $iCur $iRowid
	127824	+** OP_DeferredSeek $iCur $iRowid
127761	127825	**
127762	127826	** However, if the scan currently being coded is a branch of an OR-loop and
127763		-** the statement currently being coded is a SELECT, then P3 of the OP_Seek
	127827	+** the statement currently being coded is a SELECT, then P3 of OP_DeferredSeek
127764	127828	** is set to iIdxCur and P4 is set to point to an array of integers
127765	127829	** containing one entry for each column of the table cursor iCur is open
127766	127830	** on. For each table column, if the column is the i'th column of the
127767	127831	** index, then the corresponding array entry is set to (i+1). If the column
127768	127832	** does not appear in the index at all, the array entry is set to 0.
		@@ -127777,11 +127841,11 @@
127777	127841	Vdbe v = pParse->pVdbe; / Vdbe to generate code within */
127778	127842
127779	127843	assert( iIdxCur>0 );
127780	127844	assert( pIdx->aiColumn[pIdx->nColumn-1]==-1 );
127781	127845
127782		- sqlite3VdbeAddOp3(v, OP_Seek, iIdxCur, 0, iCur);
	127846	+ sqlite3VdbeAddOp3(v, OP_DeferredSeek, iIdxCur, 0, iCur);
127783	127847	if( (pWInfo->wctrlFlags & WHERE_OR_SUBCLAUSE)
127784	127848	&& DbMaskAllZero(sqlite3ParseToplevel(pParse)->writeMask)
127785	127849	){
127786	127850	int i;
127787	127851	Table *pTab = pIdx->pTable;
		@@ -131579,11 +131643,11 @@
131579	131643	iGap = (iGap*2)/3;
131580	131644	}else{
131581	131645	iGap = iGap/3;
131582	131646	}
131583	131647	aStat[0] = iLower + iGap;
131584		- aStat[1] = pIdx->aAvgEq[iCol];
	131648	+ aStat[1] = pIdx->aAvgEq[nField-1];
131585	131649	}
131586	131650
131587	131651	/* Restore the pRec->nField value before returning. */
131588	131652	pRec->nField = nField;
131589	131653	return i;
		@@ -132332,20 +132396,21 @@
132332	132396	}
132333	132397	}
132334	132398
132335	132399	/*
132336	132400	** Search the list of WhereLoops in *ppPrev looking for one that can be
132337		-** supplanted by pTemplate.
	132401	+** replaced by pTemplate.
132338	132402	**
132339		-** Return NULL if the WhereLoop list contains an entry that can supplant
132340		-** pTemplate, in other words if pTemplate does not belong on the list.
	132403	+** Return NULL if pTemplate does not belong on the WhereLoop list.
	132404	+** In other words if pTemplate ought to be dropped from further consideration.
132341	132405	**
132342		-** If pX is a WhereLoop that pTemplate can supplant, then return the
	132406	+** If pX is a WhereLoop that pTemplate can replace, then return the
132343	132407	** link that points to pX.
132344	132408	**
132345		-** If pTemplate cannot supplant any existing element of the list but needs
132346		-** to be added to the list, then return a pointer to the tail of the list.
	132409	+** If pTemplate cannot replace any existing element of the list but needs
	132410	+** to be added to the list as a new entry, then return a pointer to the
	132411	+** tail of the list.
132347	132412	*/
132348	132413	static WhereLoop **whereLoopFindLesser(
132349	132414	WhereLoop **ppPrev,
132350	132415	const WhereLoop *pTemplate
132351	132416	){
		@@ -132486,12 +132551,14 @@
132486	132551	#if WHERETRACE_ENABLED /* 0x8 */
132487	132552	if( sqlite3WhereTrace & 0x8 ){
132488	132553	if( p!=0 ){
132489	132554	sqlite3DebugPrintf("replace: ");
132490	132555	whereLoopPrint(p, pBuilder->pWC);
	132556	+ sqlite3DebugPrintf(" with: ");
	132557	+ }else{
	132558	+ sqlite3DebugPrintf(" add: ");
132491	132559	}
132492		- sqlite3DebugPrintf(" add: ");
132493	132560	whereLoopPrint(pTemplate, pBuilder->pWC);
132494	132561	}
132495	132562	#endif
132496	132563	if( p==0 ){
132497	132564	/* Allocate a new WhereLoop to add to the end of the list */
		@@ -134387,12 +134454,12 @@
134387	134454	/* The current candidate is no better than any of the mxChoice
134388	134455	** paths currently in the best-so-far buffer. So discard
134389	134456	** this candidate as not viable. */
134390	134457	#ifdef WHERETRACE_ENABLED /* 0x4 */
134391	134458	if( sqlite3WhereTrace&0x4 ){
134392		- sqlite3DebugPrintf("Skip %s cost=%-3d,%3d order=%c\n",
134393		- wherePathName(pFrom, iLoop, pWLoop), rCost, nOut,
	134459	+ sqlite3DebugPrintf("Skip %s cost=%-3d,%3d,%3d order=%c\n",
	134460	+ wherePathName(pFrom, iLoop, pWLoop), rCost, nOut, rUnsorted,
134394	134461	isOrdered>=0 ? isOrdered+'0' : '?');
134395	134462	}
134396	134463	#endif
134397	134464	continue;
134398	134465	}
		@@ -134406,30 +134473,40 @@
134406	134473	jj = mxI;
134407	134474	}
134408	134475	pTo = &aTo[jj];
134409	134476	#ifdef WHERETRACE_ENABLED /* 0x4 */
134410	134477	if( sqlite3WhereTrace&0x4 ){
134411		- sqlite3DebugPrintf("New %s cost=%-3d,%3d order=%c\n",
134412		- wherePathName(pFrom, iLoop, pWLoop), rCost, nOut,
	134478	+ sqlite3DebugPrintf("New %s cost=%-3d,%3d,%3d order=%c\n",
	134479	+ wherePathName(pFrom, iLoop, pWLoop), rCost, nOut, rUnsorted,
134413	134480	isOrdered>=0 ? isOrdered+'0' : '?');
134414	134481	}
134415	134482	#endif
134416	134483	}else{
134417	134484	/* Control reaches here if best-so-far path pTo=aTo[jj] covers the
134418		- ** same set of loops and has the sam isOrdered setting as the
	134485	+ ** same set of loops and has the same isOrdered setting as the
134419	134486	** candidate path. Check to see if the candidate should replace
134420		- ** pTo or if the candidate should be skipped */
134421		- if( pTo->rCost<rCost \|\| (pTo->rCost==rCost && pTo->nRow<=nOut) ){
	134487	+ ** pTo or if the candidate should be skipped.
	134488	+ **
	134489	+ ** The conditional is an expanded vector comparison equivalent to:
	134490	+ ** (pTo->rCost,pTo->nRow,pTo->rUnsorted) <= (rCost,nOut,rUnsorted)
	134491	+ */
	134492	+ if( pTo->rCost<rCost
	134493	+ \|\| (pTo->rCost==rCost
	134494	+ && (pTo->nRow<nOut
	134495	+ \|\| (pTo->nRow==nOut && pTo->rUnsorted<=rUnsorted)
	134496	+ )
	134497	+ )
	134498	+ ){
134422	134499	#ifdef WHERETRACE_ENABLED /* 0x4 */
134423	134500	if( sqlite3WhereTrace&0x4 ){
134424	134501	sqlite3DebugPrintf(
134425		- "Skip %s cost=%-3d,%3d order=%c",
134426		- wherePathName(pFrom, iLoop, pWLoop), rCost, nOut,
	134502	+ "Skip %s cost=%-3d,%3d,%3d order=%c",
	134503	+ wherePathName(pFrom, iLoop, pWLoop), rCost, nOut, rUnsorted,
134427	134504	isOrdered>=0 ? isOrdered+'0' : '?');
134428		- sqlite3DebugPrintf(" vs %s cost=%-3d,%d order=%c\n",
	134505	+ sqlite3DebugPrintf(" vs %s cost=%-3d,%3d,%3d order=%c\n",
134429	134506	wherePathName(pTo, iLoop+1, 0), pTo->rCost, pTo->nRow,
134430		- pTo->isOrdered>=0 ? pTo->isOrdered+'0' : '?');
	134507	+ pTo->rUnsorted, pTo->isOrdered>=0 ? pTo->isOrdered+'0' : '?');
134431	134508	}
134432	134509	#endif
134433	134510	/* Discard the candidate path from further consideration */
134434	134511	testcase( pTo->rCost==rCost );
134435	134512	continue;
		@@ -134438,16 +134515,16 @@
134438	134515	/* Control reaches here if the candidate path is better than the
134439	134516	** pTo path. Replace pTo with the candidate. */
134440	134517	#ifdef WHERETRACE_ENABLED /* 0x4 */
134441	134518	if( sqlite3WhereTrace&0x4 ){
134442	134519	sqlite3DebugPrintf(
134443		- "Update %s cost=%-3d,%3d order=%c",
134444		- wherePathName(pFrom, iLoop, pWLoop), rCost, nOut,
	134520	+ "Update %s cost=%-3d,%3d,%3d order=%c",
	134521	+ wherePathName(pFrom, iLoop, pWLoop), rCost, nOut, rUnsorted,
134445	134522	isOrdered>=0 ? isOrdered+'0' : '?');
134446		- sqlite3DebugPrintf(" was %s cost=%-3d,%3d order=%c\n",
	134523	+ sqlite3DebugPrintf(" was %s cost=%-3d,%3d,%3d order=%c\n",
134447	134524	wherePathName(pTo, iLoop+1, 0), pTo->rCost, pTo->nRow,
134448		- pTo->isOrdered>=0 ? pTo->isOrdered+'0' : '?');
	134525	+ pTo->rUnsorted, pTo->isOrdered>=0 ? pTo->isOrdered+'0' : '?');
134449	134526	}
134450	134527	#endif
134451	134528	}
134452	134529	/* pWLoop is a winner. Add it to the set of best so far */
134453	134530	pTo->maskLoop = pFrom->maskLoop \| pWLoop->maskSelf;
		@@ -134951,11 +135028,11 @@
134951	135028	WhereLoop *p;
134952	135029	int i;
134953	135030	static const char zLabel[] = "0123456789abcdefghijklmnopqrstuvwyxz"
134954	135031	"ABCDEFGHIJKLMNOPQRSTUVWYXZ";
134955	135032	for(p=pWInfo->pLoops, i=0; p; p=p->pNextLoop, i++){
134956		- p->cId = zLabel[i%sizeof(zLabel)];
	135033	+ p->cId = zLabel[i%(sizeof(zLabel)-1)];
134957	135034	whereLoopPrint(p, sWLB.pWC);
134958	135035	}
134959	135036	}
134960	135037	#endif
134961	135038
		@@ -141333,10 +141410,11 @@
141333	141410	int rc, n;
141334	141411	n = nKey1<nKey2 ? nKey1 : nKey2;
141335	141412	/* EVIDENCE-OF: R-65033-28449 The built-in BINARY collation compares
141336	141413	** strings byte by byte using the memcmp() function from the standard C
141337	141414	** library. */
	141415	+ assert( pKey1 && pKey2 );
141338	141416	rc = memcmp(pKey1, pKey2, n);
141339	141417	if( rc==0 ){
141340	141418	if( padFlag
141341	141419	&& allSpaces(((char*)pKey1)+n, nKey1-n)
141342	141420	&& allSpaces(((char*)pKey2)+n, nKey2-n)
		@@ -143803,10 +143881,16 @@
143803	143881	SQLITE_PRIVATE int sqlite3CantopenError(int lineno){
143804	143882	testcase( sqlite3GlobalConfig.xLog!=0 );
143805	143883	return reportError(SQLITE_CANTOPEN, lineno, "cannot open file");
143806	143884	}
143807	143885	#ifdef SQLITE_DEBUG
	143886	+SQLITE_PRIVATE int sqlite3CorruptPgnoError(int lineno, Pgno pgno){
	143887	+ char zMsg[100];
	143888	+ sqlite3_snprintf(sizeof(zMsg), zMsg, "database corruption page %d", pgno);
	143889	+ testcase( sqlite3GlobalConfig.xLog!=0 );
	143890	+ return reportError(SQLITE_CORRUPT, lineno, zMsg);
	143891	+}
143808	143892	SQLITE_PRIVATE int sqlite3NomemError(int lineno){
143809	143893	testcase( sqlite3GlobalConfig.xLog!=0 );
143810	143894	return reportError(SQLITE_NOMEM, lineno, "OOM");
143811	143895	}
143812	143896	SQLITE_PRIVATE int sqlite3IoerrnomemError(int lineno){
		@@ -169165,14 +169249,14 @@
169165	169249	** as fully applied. Otherwise, assuming no error has occurred, save the
169166	169250	** current state of the RBU update appliation to the RBU database.
169167	169251	**
169168	169252	** If an error has already occurred as part of an sqlite3rbu_step()
169169	169253	** or sqlite3rbu_open() call, or if one occurs within this function, an
169170		-** SQLite error code is returned. Additionally, *pzErrmsg may be set to
169171		-** point to a buffer containing a utf-8 formatted English language error
169172		-** message. It is the responsibility of the caller to eventually free any
169173		-** such buffer using sqlite3_free().
	169254	+** SQLite error code is returned. Additionally, if pzErrmsg is not NULL,
	169255	+** *pzErrmsg may be set to point to a buffer containing a utf-8 formatted
	169256	+** English language error message. It is the responsibility of the caller to
	169257	+** eventually free any such buffer using sqlite3_free().
169174	169258	**
169175	169259	** Otherwise, if no error occurs, this function returns SQLITE_OK if the
169176	169260	** update has been partially applied, or SQLITE_DONE if it has been
169177	169261	** completely applied.
169178	169262	*/
		@@ -173024,11 +173108,15 @@
173024	173108	sqlite3_free(p->aBuf);
173025	173109	sqlite3_free(p->aFrame);
173026	173110
173027	173111	rbuEditErrmsg(p);
173028	173112	rc = p->rc;
173029		- *pzErrmsg = p->zErrmsg;
	173113	+ if( pzErrmsg ){
	173114	+ *pzErrmsg = p->zErrmsg;
	173115	+ }else{
	173116	+ sqlite3_free(p->zErrmsg);
	173117	+ }
173030	173118	sqlite3_free(p->zState);
173031	173119	sqlite3_free(p);
173032	173120	}else{
173033	173121	rc = SQLITE_NOMEM;
173034	173122	*pzErrmsg = 0;
		@@ -177582,15 +177670,16 @@
177582	177670
177583	177671	sessionDiscardData(&p->in);
177584	177672	p->in.iCurrent = p->in.iNext;
177585	177673
177586	177674	op = p->in.aData[p->in.iNext++];
177587		- if( op=='T' \|\| op=='P' ){
	177675	+ while( op=='T' \|\| op=='P' ){
177588	177676	p->bPatchset = (op=='P');
177589	177677	if( sessionChangesetReadTblhdr(p) ) return p->rc;
177590	177678	if( (p->rc = sessionInputBuffer(&p->in, 2)) ) return p->rc;
177591	177679	p->in.iCurrent = p->in.iNext;
	177680	+ if( p->in.iNext>=p->in.nData ) return SQLITE_DONE;
177592	177681	op = p->in.aData[p->in.iNext++];
177593	177682	}
177594	177683
177595	177684	p->op = op;
177596	177685	p->bIndirect = p->in.aData[p->in.iNext++];
		@@ -189573,14 +189662,15 @@
189573	189662	if( !apNew ) return SQLITE_NOMEM;
189574	189663	memset(apNew, 0, nNewsizeof(Fts5HashEntry));
189575	189664
189576	189665	for(i=0; i<pHash->nSlot; i++){
189577	189666	while( apOld[i] ){
189578		- int iHash;
	189667	+ unsigned int iHash;
189579	189668	Fts5HashEntry *p = apOld[i];
189580	189669	apOld[i] = p->pHashNext;
189581		- iHash = fts5HashKey(nNew, (u8*)fts5EntryKey(p), strlen(fts5EntryKey(p)));
	189670	+ iHash = fts5HashKey(nNew, (u8*)fts5EntryKey(p),
	189671	+ (int)strlen(fts5EntryKey(p)));
189582	189672	p->pHashNext = apNew[iHash];
189583	189673	apNew[iHash] = p;
189584	189674	}
189585	189675	}
189586	189676
		@@ -189879,11 +189969,11 @@
189879	189969	const char pTerm, int nTerm, / Query term */
189880	189970	const u8 *ppDoclist, / OUT: Pointer to doclist for pTerm */
189881	189971	int pnDoclist / OUT: Size of doclist in bytes */
189882	189972	){
189883	189973	unsigned int iHash = fts5HashKey(pHash->nSlot, (const u8*)pTerm, nTerm);
189884		- char *zKey;
	189974	+ char *zKey = 0;
189885	189975	Fts5HashEntry *p;
189886	189976
189887	189977	for(p=pHash->aSlot[iHash]; p; p=p->pHashNext){
189888	189978	zKey = fts5EntryKey(p);
189889	189979	if( memcmp(zKey, pTerm, nTerm)==0 && zKey[nTerm]==0 ) break;
		@@ -199060,11 +199150,11 @@
199060	199150	int nArg, /* Number of args */
199061	199151	sqlite3_value *apUnused / Function arguments */
199062	199152	){
199063	199153	assert( nArg==0 );
199064	199154	UNUSED_PARAM2(nArg, apUnused);
199065		- sqlite3_result_text(pCtx, "fts5: 2017-06-08 14:26:16 0ee482a1e0eae22e08edc8978c9733a96603d4509645f348ebf55b579e89636b", -1, SQLITE_TRANSIENT);
	199155	+ sqlite3_result_text(pCtx, "fts5: 2017-06-13 04:31:54 35b34bdf0843b49be39e13ed212e918c2d45afdb8374b5cd02ba6d2d5b16b3b9", -1, SQLITE_TRANSIENT);
199066	199156	}
199067	199157
199068	199158	static int fts5Init(sqlite3 *db){
199069	199159	static const sqlite3_module fts5Mod = {
199070	199160	/* iVersion */ 2,
199071	199161

	--- src/sqlite3.c
	+++ src/sqlite3.c
	@@ -1,8 +1,8 @@
1	/******************************************************************************
2	** This file is an amalgamation of many separate C source files from SQLite
3	** version 3.19.3. By combining all the individual C code files into this
4	** single large file, the entire code can be compiled as a single translation
5	** unit. This allows many compilers to do optimizations that would not be
6	** possible if the files were compiled separately. Performance improvements
7	** of 5% or more are commonly seen when SQLite is compiled as a single
8	** translation unit.
	@@ -396,13 +396,13 @@
396	**
397	** See also: [sqlite3_libversion()],
398	** [sqlite3_libversion_number()], [sqlite3_sourceid()],
399	** [sqlite_version()] and [sqlite_source_id()].
400	*/
401	#define SQLITE_VERSION "3.19.3"
402	#define SQLITE_VERSION_NUMBER 3019003
403	#define SQLITE_SOURCE_ID "2017-06-08 14:26:16 0ee482a1e0eae22e08edc8978c9733a96603d4509645f348ebf55b579e89636b"
404
405	/*
406	** CAPI3REF: Run-Time Library Version Numbers
407	** KEYWORDS: sqlite3_version sqlite3_sourceid
408	**
	@@ -5895,11 +5895,13 @@
5895	** column exists. ^The sqlite3_table_column_metadata() interface returns
5896	** SQLITE_ERROR and if the specified column does not exist.
5897	** ^If the column-name parameter to sqlite3_table_column_metadata() is a
5898	** NULL pointer, then this routine simply checks for the existence of the
5899	** table and returns SQLITE_OK if the table exists and SQLITE_ERROR if it
5900	** does not.


5901	**
5902	** ^The column is identified by the second, third and fourth parameters to
5903	** this function. ^(The second parameter is either the name of the database
5904	** (i.e. "main", "temp", or an attached database) containing the specified
5905	** table or NULL.)^ ^If it is NULL, then all attached databases are searched
	@@ -7408,17 +7410,24 @@
7408	** by the prepared statement if that number is less than or equal
7409	** to 2147483647. The number of virtual machine operations can be
7410	** used as a proxy for the total work done by the prepared statement.
7411	** If the number of virtual machine operations exceeds 2147483647
7412	** then the value returned by this statement status code is undefined.






7413	** </dd>
7414	** </dl>
7415	*/
7416	#define SQLITE_STMTSTATUS_FULLSCAN_STEP 1
7417	#define SQLITE_STMTSTATUS_SORT 2
7418	#define SQLITE_STMTSTATUS_AUTOINDEX 3
7419	#define SQLITE_STMTSTATUS_VM_STEP 4

7420
7421	/*
7422	** CAPI3REF: Custom Page Cache Object
7423	**
7424	** The sqlite3_pcache type is opaque. It is implemented by
	@@ -12478,13 +12487,13 @@
12478
12479	SQLITE_PRIVATE int sqlite3BtreeInsert(BtCursor, const BtreePayload pPayload,
12480	int flags, int seekResult);
12481	SQLITE_PRIVATE int sqlite3BtreeFirst(BtCursor, int pRes);
12482	SQLITE_PRIVATE int sqlite3BtreeLast(BtCursor, int pRes);
12483	SQLITE_PRIVATE int sqlite3BtreeNext(BtCursor, int pRes);
12484	SQLITE_PRIVATE int sqlite3BtreeEof(BtCursor*);
12485	SQLITE_PRIVATE int sqlite3BtreePrevious(BtCursor, int pRes);
12486	SQLITE_PRIVATE i64 sqlite3BtreeIntegerKey(BtCursor*);
12487	SQLITE_PRIVATE int sqlite3BtreePayload(BtCursor, u32 offset, u32 amt, void);
12488	SQLITE_PRIVATE const void sqlite3BtreePayloadFetch(BtCursor, u32 *pAmt);
12489	SQLITE_PRIVATE u32 sqlite3BtreePayloadSize(BtCursor*);
12490
	@@ -12631,11 +12640,11 @@
12631	SubProgram pProgram; / Used when p4type is P4_SUBPROGRAM */
12632	Table pTab; / Used when p4type is P4_TABLE */
12633	#ifdef SQLITE_ENABLE_CURSOR_HINTS
12634	Expr pExpr; / Used when p4type is P4_EXPR */
12635	#endif
12636	int (xAdvance)(BtCursor , int *);
12637	} p4;
12638	#ifdef SQLITE_ENABLE_EXPLAIN_COMMENTS
12639	char zComment; / Comment to improve readability */
12640	#endif
12641	#ifdef VDBE_PROFILE
	@@ -12865,11 +12874,11 @@
12865	#define OP_Rowid 125 /* synopsis: r[P2]=rowid */
12866	#define OP_NullRow 126
12867	#define OP_SorterInsert 127 /* synopsis: key=r[P2] */
12868	#define OP_IdxInsert 128 /* synopsis: key=r[P2] */
12869	#define OP_IdxDelete 129 /* synopsis: key=r[P2@P3] */
12870	#define OP_Seek 130 /* synopsis: Move P3 to P1.rowid */
12871	#define OP_IdxRowid 131 /* synopsis: r[P2]=rowid */
12872	#define OP_Real 132 /* same as TK_FLOAT, synopsis: r[P2]=P4 */
12873	#define OP_Destroy 133
12874	#define OP_Clear 134
12875	#define OP_ResetSorter 135
	@@ -13369,25 +13378,25 @@
13369	*/
13370	struct PgHdr {
13371	sqlite3_pcache_page pPage; / Pcache object page handle */
13372	void pData; / Page data */
13373	void pExtra; / Extra content */

13374	PgHdr pDirty; / Transient list of dirty sorted by pgno */
13375	Pager pPager; / The pager this page is part of */
13376	Pgno pgno; /* Page number for this page */
13377	#ifdef SQLITE_CHECK_PAGES
13378	u32 pageHash; /* Hash of page content */
13379	#endif
13380	u16 flags; /* PGHDR flags defined below */
13381
13382	/**********************************************************************
13383	** Elements above are public. All that follows is private to pcache.c
13384	** and should not be accessed by other modules.

13385	*/
13386	i16 nRef; /* Number of users of this page */
13387	PCache pCache; / Cache that owns this page */
13388
13389	PgHdr pDirtyNext; / Next element in list of dirty pages */
13390	PgHdr pDirtyPrev; / Previous element in list of dirty pages */
13391	};
13392
13393	/* Bit values for PgHdr.flags */
	@@ -15142,11 +15151,11 @@
15142	** The following are the meanings of bits in the Expr.flags field.
15143	*/
15144	#define EP_FromJoin 0x000001 /* Originates in ON/USING clause of outer join */
15145	#define EP_Agg 0x000002 /* Contains one or more aggregate functions */
15146	#define EP_Resolved 0x000004 /* IDs have been resolved to COLUMNs */
15147	#define EP_Error 0x000008 /* Expression contains one or more errors */
15148	#define EP_Distinct 0x000010 /* Aggregate function with DISTINCT keyword */
15149	#define EP_VarSelect 0x000020 /* pSelect is correlated, not constant */
15150	#define EP_DblQuoted 0x000040 /* token.z was originally in "..." */
15151	#define EP_InfixFunc 0x000080 /* True for an infix function: LIKE, GLOB, etc */
15152	#define EP_Collate 0x000100 /* Tree contains a TK_COLLATE operator */
	@@ -15609,14 +15618,14 @@
15609	** An instance of this object describes where to put of the results of
15610	** a SELECT statement.
15611	*/
15612	struct SelectDest {
15613	u8 eDest; /* How to dispose of the results. On of SRT_* above. */
15614	char zAffSdst; / Affinity used when eDest==SRT_Set */
15615	int iSDParm; /* A parameter used by the eDest disposal method */
15616	int iSdst; /* Base register where results are written */
15617	int nSdst; /* Number of registers allocated */

15618	ExprList pOrderBy; / Key columns for SRT_Queue and SRT_DistQueue */
15619	};
15620
15621	/*
15622	** During code generation of statements that do inserts into AUTOINCREMENT
	@@ -16115,10 +16124,14 @@
16115	SQLITE_PRIVATE int sqlite3WalkExprList(Walker, ExprList);
16116	SQLITE_PRIVATE int sqlite3WalkSelect(Walker, Select);
16117	SQLITE_PRIVATE int sqlite3WalkSelectExpr(Walker, Select);
16118	SQLITE_PRIVATE int sqlite3WalkSelectFrom(Walker, Select);
16119	SQLITE_PRIVATE int sqlite3ExprWalkNoop(Walker, Expr);




16120
16121	/*
16122	** Return code from the parse-tree walking primitives and their
16123	** callbacks.
16124	*/
	@@ -16176,15 +16189,18 @@
16176	#define SQLITE_MISUSE_BKPT sqlite3MisuseError(__LINE__)
16177	#define SQLITE_CANTOPEN_BKPT sqlite3CantopenError(__LINE__)
16178	#ifdef SQLITE_DEBUG
16179	SQLITE_PRIVATE int sqlite3NomemError(int);
16180	SQLITE_PRIVATE int sqlite3IoerrnomemError(int);

16181	# define SQLITE_NOMEM_BKPT sqlite3NomemError(__LINE__)
16182	# define SQLITE_IOERR_NOMEM_BKPT sqlite3IoerrnomemError(__LINE__)

16183	#else
16184	# define SQLITE_NOMEM_BKPT SQLITE_NOMEM
16185	# define SQLITE_IOERR_NOMEM_BKPT SQLITE_IOERR_NOMEM

16186	#endif
16187
16188	/*
16189	** FTS3 and FTS4 both require virtual table support
16190	*/
	@@ -18438,11 +18454,11 @@
18438
18439	SQLITE_PRIVATE int sqlite3VdbeSorterInit(sqlite3 , int, VdbeCursor );
18440	SQLITE_PRIVATE void sqlite3VdbeSorterReset(sqlite3 , VdbeSorter );
18441	SQLITE_PRIVATE void sqlite3VdbeSorterClose(sqlite3 , VdbeCursor );
18442	SQLITE_PRIVATE int sqlite3VdbeSorterRowkey(const VdbeCursor , Mem );
18443	SQLITE_PRIVATE int sqlite3VdbeSorterNext(sqlite3 , const VdbeCursor , int *);
18444	SQLITE_PRIVATE int sqlite3VdbeSorterRewind(const VdbeCursor , int );
18445	SQLITE_PRIVATE int sqlite3VdbeSorterWrite(const VdbeCursor , Mem );
18446	SQLITE_PRIVATE int sqlite3VdbeSorterCompare(const VdbeCursor , Mem , int, int *);
18447
18448	#if !defined(SQLITE_OMIT_SHARED_CACHE)
	@@ -29638,11 +29654,11 @@
29638	/* 125 */ "Rowid" OpHelp("r[P2]=rowid"),
29639	/* 126 */ "NullRow" OpHelp(""),
29640	/* 127 */ "SorterInsert" OpHelp("key=r[P2]"),
29641	/* 128 */ "IdxInsert" OpHelp("key=r[P2]"),
29642	/* 129 */ "IdxDelete" OpHelp("key=r[P2@P3]"),
29643	/* 130 */ "Seek" OpHelp("Move P3 to P1.rowid"),
29644	/* 131 */ "IdxRowid" OpHelp("r[P2]=rowid"),
29645	/* 132 */ "Real" OpHelp("r[P2]=P4"),
29646	/* 133 */ "Destroy" OpHelp(""),
29647	/* 134 */ "Clear" OpHelp(""),
29648	/* 135 */ "ResetSorter" OpHelp(""),
	@@ -50168,11 +50184,11 @@
50168	assert( isOpen(pPager->fd) );
50169	assert( pPager->tempFile==0 );
50170	nPage = sqlite3WalDbsize(pPager->pWal);
50171
50172	/* If the number of pages in the database is not available from the
50173	** WAL sub-system, determine the page counte based on the size of
50174	** the database file. If the size of the database file is not an
50175	** integer multiple of the page-size, round up the result.
50176	*/
50177	if( nPage==0 && ALWAYS(isOpen(pPager->fd)) ){
50178	i64 n = 0; /* Size of db file in bytes */
	@@ -50219,27 +50235,25 @@
50219	assert( pPager->eState==PAGER_OPEN );
50220	assert( pPager->eLock>=SHARED_LOCK );
50221
50222	if( !pPager->tempFile ){
50223	int isWal; /* True if WAL file exists */
50224	Pgno nPage; /* Size of the database file */
50225
50226	rc = pagerPagecount(pPager, &nPage);
50227	if( rc ) return rc;
50228	if( nPage==0 ){
50229	rc = sqlite3OsDelete(pPager->pVfs, pPager->zWal, 0);
50230	if( rc==SQLITE_IOERR_DELETE_NOENT ) rc = SQLITE_OK;
50231	isWal = 0;
50232	}else{
50233	rc = sqlite3OsAccess(
50234	pPager->pVfs, pPager->zWal, SQLITE_ACCESS_EXISTS, &isWal
50235	);
50236	}
50237	if( rc==SQLITE_OK ){
50238	if( isWal ){
50239	testcase( sqlite3PcachePagecount(pPager->pPCache)==0 );
50240	rc = sqlite3PagerOpenWal(pPager, 0);








50241	}else if( pPager->journalMode==PAGER_JOURNALMODE_WAL ){
50242	pPager->journalMode = PAGER_JOURNALMODE_DELETE;
50243	}
50244	}
50245	}
	@@ -52178,23 +52192,18 @@
52178	**
52179	** There is a vanishingly small chance that a change will not be
52180	** detected. The chance of an undetected change is so small that
52181	** it can be neglected.
52182	*/
52183	Pgno nPage = 0;
52184	char dbFileVers[sizeof(pPager->dbFileVers)];
52185
52186	rc = pagerPagecount(pPager, &nPage);
52187	if( rc ) goto failed;
52188
52189	if( nPage>0 ){
52190	IOTRACE(("CKVERS %p %d\n", pPager, sizeof(dbFileVers)));
52191	rc = sqlite3OsRead(pPager->fd, &dbFileVers, sizeof(dbFileVers), 24);
52192	if( rc!=SQLITE_OK && rc!=SQLITE_IOERR_SHORT_READ ){
52193	goto failed;
52194	}
52195	}else{
52196	memset(dbFileVers, 0, sizeof(dbFileVers));
52197	}
52198
52199	if( memcmp(pPager->dbFileVers, dbFileVers, sizeof(dbFileVers))!=0 ){
52200	pager_reset(pPager);
	@@ -59803,11 +59812,11 @@
59803	assert( nKey==(i64)(int)nKey );
59804	pIdxKey = sqlite3VdbeAllocUnpackedRecord(pCur->pKeyInfo);
59805	if( pIdxKey==0 ) return SQLITE_NOMEM_BKPT;
59806	sqlite3VdbeRecordUnpack(pCur->pKeyInfo, (int)nKey, pKey, pIdxKey);
59807	if( pIdxKey->nField==0 ){
59808	rc = SQLITE_CORRUPT_BKPT;
59809	goto moveto_done;
59810	}
59811	}else{
59812	pIdxKey = 0;
59813	}
	@@ -60032,11 +60041,11 @@
60032	assert( pEType!=0 );
60033	*pEType = pPtrmap[offset];
60034	if( pPgno ) *pPgno = get4byte(&pPtrmap[offset+1]);
60035
60036	sqlite3PagerUnref(pDbPage);
60037	if( pEType<1 \|\| pEType>5 ) return SQLITE_CORRUPT_BKPT;
60038	return SQLITE_OK;
60039	}
60040
60041	#else /* if defined SQLITE_OMIT_AUTOVACUUM */
60042	#define ptrmapPut(w,x,y,z,rc)
	@@ -60417,11 +60426,11 @@
60417	u8 *pAddr;
60418	int sz2 = 0;
60419	int sz = get2byte(&data[iFree+2]);
60420	int top = get2byte(&data[hdr+5]);
60421	if( iFree2 ){
60422	if( iFree+sz>iFree2 ) return SQLITE_CORRUPT_BKPT;
60423	sz2 = get2byte(&data[iFree2+2]);
60424	assert( iFree+sz+sz2+iFree2-(iFree+sz) <= usableSize );
60425	memmove(&data[iFree+sz+sz2], &data[iFree+sz], iFree2-(iFree+sz));
60426	sz += sz2;
60427	}
	@@ -60448,17 +60457,17 @@
60448	testcase( pc==iCellLast );
60449	/* These conditions have already been verified in btreeInitPage()
60450	** if PRAGMA cell_size_check=ON.
60451	*/
60452	if( pc<iCellFirst \|\| pc>iCellLast ){
60453	return SQLITE_CORRUPT_BKPT;
60454	}
60455	assert( pc>=iCellFirst && pc<=iCellLast );
60456	size = pPage->xCellSize(pPage, &src[pc]);
60457	cbrk -= size;
60458	if( cbrk<iCellFirst \|\| pc+size>usableSize ){
60459	return SQLITE_CORRUPT_BKPT;
60460	}
60461	assert( cbrk+size<=usableSize && cbrk>=iCellFirst );
60462	testcase( cbrk+size==usableSize );
60463	testcase( pc+size==usableSize );
60464	put2byte(pAddr, cbrk);
	@@ -60474,11 +60483,11 @@
60474	}
60475	data[hdr+7] = 0;
60476
60477	defragment_out:
60478	if( data[hdr+7]+cbrk-iCellFirst!=pPage->nFree ){
60479	return SQLITE_CORRUPT_BKPT;
60480	}
60481	assert( cbrk>=iCellFirst );
60482	put2byte(&data[hdr+5], cbrk);
60483	data[hdr+1] = 0;
60484	data[hdr+2] = 0;
	@@ -60513,11 +60522,11 @@
60513	do{
60514	int size; /* Size of the free slot */
60515	/* EVIDENCE-OF: R-06866-39125 Freeblocks are always connected in order of
60516	** increasing offset. */
60517	if( pc>usableSize-4 \|\| pc<iAddr+4 ){
60518	*pRc = SQLITE_CORRUPT_BKPT;
60519	return 0;
60520	}
60521	/* EVIDENCE-OF: R-22710-53328 The third and fourth bytes of each
60522	** freeblock form a big-endian integer which is the size of the freeblock
60523	** in bytes, including the 4-byte header. */
	@@ -60524,11 +60533,11 @@
60524	size = get2byte(&aData[pc+2]);
60525	if( (x = size - nByte)>=0 ){
60526	testcase( x==4 );
60527	testcase( x==3 );
60528	if( pc < pPg->cellOffset+2*pPg->nCell \|\| size+pc > usableSize ){
60529	*pRc = SQLITE_CORRUPT_BKPT;
60530	return 0;
60531	}else if( x<4 ){
60532	/* EVIDENCE-OF: R-11498-58022 In a well-formed b-tree page, the total
60533	** number of bytes in fragments may not exceed 60. */
60534	if( aData[hdr+7]>57 ) return 0;
	@@ -60591,11 +60600,11 @@
60591	assert( top<=(int)pPage->pBt->usableSize ); /* Prevent by getAndInitPage() */
60592	if( gap>top ){
60593	if( top==0 && pPage->pBt->usableSize==65536 ){
60594	top = 65536;
60595	}else{
60596	return SQLITE_CORRUPT_BKPT;
60597	}
60598	}
60599
60600	/* If there is enough space between gap and top for one more cell pointer
60601	** array entry offset, and if the freelist is not empty, then search the
	@@ -60687,15 +60696,15 @@
60687	iFreeBlk = 0; /* Shortcut for the case when the freelist is empty */
60688	}else{
60689	while( (iFreeBlk = get2byte(&data[iPtr]))<iStart ){
60690	if( iFreeBlk<iPtr+4 ){
60691	if( iFreeBlk==0 ) break;
60692	return SQLITE_CORRUPT_BKPT;
60693	}
60694	iPtr = iFreeBlk;
60695	}
60696	if( iFreeBlk>iLast ) return SQLITE_CORRUPT_BKPT;
60697	assert( iFreeBlk>iPtr \|\| iFreeBlk==0 );
60698
60699	/* At this point:
60700	** iFreeBlk: First freeblock after iStart, or zero if none
60701	** iPtr: The address of a pointer to iFreeBlk
	@@ -60702,13 +60711,15 @@
60702	**
60703	** Check to see if iFreeBlk should be coalesced onto the end of iStart.
60704	*/
60705	if( iFreeBlk && iEnd+3>=iFreeBlk ){
60706	nFrag = iFreeBlk - iEnd;
60707	if( iEnd>iFreeBlk ) return SQLITE_CORRUPT_BKPT;
60708	iEnd = iFreeBlk + get2byte(&data[iFreeBlk+2]);
60709	if( iEnd > pPage->pBt->usableSize ) return SQLITE_CORRUPT_BKPT;


60710	iSize = iEnd - iStart;
60711	iFreeBlk = get2byte(&data[iFreeBlk]);
60712	}
60713
60714	/* If iPtr is another freeblock (that is, if iPtr is not the freelist
	@@ -60716,24 +60727,24 @@
60716	** coalesced onto the end of iPtr.
60717	*/
60718	if( iPtr>hdr+1 ){
60719	int iPtrEnd = iPtr + get2byte(&data[iPtr+2]);
60720	if( iPtrEnd+3>=iStart ){
60721	if( iPtrEnd>iStart ) return SQLITE_CORRUPT_BKPT;
60722	nFrag += iStart - iPtrEnd;
60723	iSize = iEnd - iPtr;
60724	iStart = iPtr;
60725	}
60726	}
60727	if( nFrag>data[hdr+7] ) return SQLITE_CORRUPT_BKPT;
60728	data[hdr+7] -= nFrag;
60729	}
60730	if( iStart==get2byte(&data[hdr+5]) ){
60731	/* The new freeblock is at the beginning of the cell content area,
60732	** so just extend the cell content area rather than create another
60733	** freelist entry */
60734	if( iPtr!=hdr+1 ) return SQLITE_CORRUPT_BKPT;
60735	put2byte(&data[hdr+1], iFreeBlk);
60736	put2byte(&data[hdr+5], iEnd);
60737	}else{
60738	/* Insert the new freeblock into the freelist */
60739	put2byte(&data[iPtr], iStart);
	@@ -60797,11 +60808,11 @@
60797	pPage->maxLocal = pBt->maxLocal;
60798	pPage->minLocal = pBt->minLocal;
60799	}else{
60800	/* EVIDENCE-OF: R-47608-56469 Any other value for the b-tree page type is
60801	** an error. */
60802	return SQLITE_CORRUPT_BKPT;
60803	}
60804	pPage->max1bytePayload = pBt->max1bytePayload;
60805	return SQLITE_OK;
60806	}
60807
	@@ -60813,138 +60824,140 @@
60813	** SQLITE_CORRUPT. Note that a return of SQLITE_OK does not
60814	** guarantee that the page is well-formed. It only shows that
60815	** we failed to detect any corruption.
60816	*/
60817	static int btreeInitPage(MemPage *pPage){










60818
60819	assert( pPage->pBt!=0 );
60820	assert( pPage->pBt->db!=0 );
60821	assert( sqlite3_mutex_held(pPage->pBt->mutex) );
60822	assert( pPage->pgno==sqlite3PagerPagenumber(pPage->pDbPage) );
60823	assert( pPage == sqlite3PagerGetExtra(pPage->pDbPage) );
60824	assert( pPage->aData == sqlite3PagerGetData(pPage->pDbPage) );
60825
60826	if( !pPage->isInit ){
60827	int pc; /* Address of a freeblock within pPage->aData[] */
60828	u8 hdr; /* Offset to beginning of page header */
60829	u8 data; / Equal to pPage->aData */
60830	BtShared pBt; / The main btree structure */
60831	int usableSize; /* Amount of usable space on each page */
60832	u16 cellOffset; /* Offset from start of page to first cell pointer */
60833	int nFree; /* Number of unused bytes on the page */
60834	int top; /* First byte of the cell content area */
60835	int iCellFirst; /* First allowable cell or freeblock offset */
60836	int iCellLast; /* Last possible cell or freeblock offset */
60837
60838	pBt = pPage->pBt;
60839
60840	hdr = pPage->hdrOffset;
60841	data = pPage->aData;
60842	/* EVIDENCE-OF: R-28594-02890 The one-byte flag at offset 0 indicating
60843	** the b-tree page type. */
60844	if( decodeFlags(pPage, data[hdr]) ) return SQLITE_CORRUPT_BKPT;
60845	assert( pBt->pageSize>=512 && pBt->pageSize<=65536 );
60846	pPage->maskPage = (u16)(pBt->pageSize - 1);
60847	pPage->nOverflow = 0;
60848	usableSize = pBt->usableSize;
60849	pPage->cellOffset = cellOffset = hdr + 8 + pPage->childPtrSize;
60850	pPage->aDataEnd = &data[usableSize];
60851	pPage->aCellIdx = &data[cellOffset];
60852	pPage->aDataOfst = &data[pPage->childPtrSize];
60853	/* EVIDENCE-OF: R-58015-48175 The two-byte integer at offset 5 designates
60854	** the start of the cell content area. A zero value for this integer is
60855	** interpreted as 65536. */
60856	top = get2byteNotZero(&data[hdr+5]);
60857	/* EVIDENCE-OF: R-37002-32774 The two-byte integer at offset 3 gives the
60858	** number of cells on the page. */
60859	pPage->nCell = get2byte(&data[hdr+3]);
60860	if( pPage->nCell>MX_CELL(pBt) ){
60861	/* To many cells for a single page. The page must be corrupt */
60862	return SQLITE_CORRUPT_BKPT;
60863	}
60864	testcase( pPage->nCell==MX_CELL(pBt) );
60865	/* EVIDENCE-OF: R-24089-57979 If a page contains no cells (which is only
60866	** possible for a root page of a table that contains no rows) then the
60867	** offset to the cell content area will equal the page size minus the
60868	** bytes of reserved space. */
60869	assert( pPage->nCell>0 \|\| top==usableSize \|\| CORRUPT_DB );
60870
60871	/* A malformed database page might cause us to read past the end
60872	** of page when parsing a cell.
60873	**
60874	** The following block of code checks early to see if a cell extends
60875	** past the end of a page boundary and causes SQLITE_CORRUPT to be
60876	** returned if it does.
60877	*/
60878	iCellFirst = cellOffset + 2*pPage->nCell;
60879	iCellLast = usableSize - 4;
60880	if( pBt->db->flags & SQLITE_CellSizeCk ){
60881	int i; /* Index into the cell pointer array */
60882	int sz; /* Size of a cell */
60883
60884	if( !pPage->leaf ) iCellLast--;
60885	for(i=0; i<pPage->nCell; i++){
60886	pc = get2byteAligned(&data[cellOffset+i*2]);
60887	testcase( pc==iCellFirst );
60888	testcase( pc==iCellLast );
60889	if( pc<iCellFirst \|\| pc>iCellLast ){
60890	return SQLITE_CORRUPT_BKPT;
60891	}
60892	sz = pPage->xCellSize(pPage, &data[pc]);
60893	testcase( pc+sz==usableSize );
60894	if( pc+sz>usableSize ){
60895	return SQLITE_CORRUPT_BKPT;
60896	}
60897	}
60898	if( !pPage->leaf ) iCellLast++;
60899	}
60900
60901	/* Compute the total free space on the page
60902	** EVIDENCE-OF: R-23588-34450 The two-byte integer at offset 1 gives the
60903	** start of the first freeblock on the page, or is zero if there are no
60904	** freeblocks. */
60905	pc = get2byte(&data[hdr+1]);
60906	nFree = data[hdr+7] + top; /* Init nFree to non-freeblock free space */
60907	if( pc>0 ){
60908	u32 next, size;
60909	if( pc<iCellFirst ){
60910	/* EVIDENCE-OF: R-55530-52930 In a well-formed b-tree page, there will
60911	** always be at least one cell before the first freeblock.
60912	*/
60913	return SQLITE_CORRUPT_BKPT;
60914	}
60915	while( 1 ){
60916	if( pc>iCellLast ){
60917	return SQLITE_CORRUPT_BKPT; /* Freeblock off the end of the page */
60918	}
60919	next = get2byte(&data[pc]);
60920	size = get2byte(&data[pc+2]);
60921	nFree = nFree + size;
60922	if( next<=pc+size+3 ) break;
60923	pc = next;
60924	}
60925	if( next>0 ){
60926	return SQLITE_CORRUPT_BKPT; /* Freeblock not in ascending order */
60927	}
60928	if( pc+size>(unsigned int)usableSize ){
60929	return SQLITE_CORRUPT_BKPT; /* Last freeblock extends past page end */
60930	}
60931	}
60932
60933	/* At this point, nFree contains the sum of the offset to the start
60934	** of the cell-content area plus the number of free bytes within
60935	** the cell-content area. If this is greater than the usable-size
60936	** of the page, then the page must be corrupted. This check also
60937	** serves to verify that the offset to the start of the cell-content
60938	** area, according to the page header, lies within the page.
60939	*/
60940	if( nFree>usableSize ){
60941	return SQLITE_CORRUPT_BKPT;
60942	}
60943	pPage->nFree = (u16)(nFree - iCellFirst);
60944	pPage->isInit = 1;
60945	}
60946	return SQLITE_OK;
60947	}
60948
60949	/*
60950	** Set up a raw page so that it looks like a database page holding
	@@ -61104,11 +61117,11 @@
61104	assert( (*ppPage)->aData==sqlite3PagerGetData(pDbPage) );
61105
61106	/* If obtaining a child page for a cursor, we must verify that the page is
61107	** compatible with the root page. */
61108	if( pCur && ((ppPage)->nCell<1 \|\| (ppPage)->intKey!=pCur->curIntKey) ){
61109	rc = SQLITE_CORRUPT_BKPT;
61110	releasePage(*ppPage);
61111	goto getAndInitPage_error;
61112	}
61113	return SQLITE_OK;
61114
	@@ -62392,11 +62405,11 @@
62392	int rc; /* Return code */
62393	BtShared *pBt = pPage->pBt;
62394	Pgno pgno = pPage->pgno;
62395
62396	assert( sqlite3_mutex_held(pPage->pBt->mutex) );
62397	rc = btreeInitPage(pPage);
62398	if( rc!=SQLITE_OK ) return rc;
62399	nCell = pPage->nCell;
62400
62401	for(i=0; i<nCell; i++){
62402	u8 *pCell = findCell(pPage, i);
	@@ -62435,19 +62448,19 @@
62435	assert( sqlite3_mutex_held(pPage->pBt->mutex) );
62436	assert( sqlite3PagerIswriteable(pPage->pDbPage) );
62437	if( eType==PTRMAP_OVERFLOW2 ){
62438	/* The pointer is always the first 4 bytes of the page in this case. */
62439	if( get4byte(pPage->aData)!=iFrom ){
62440	return SQLITE_CORRUPT_BKPT;
62441	}
62442	put4byte(pPage->aData, iTo);
62443	}else{
62444	int i;
62445	int nCell;
62446	int rc;
62447
62448	rc = btreeInitPage(pPage);
62449	if( rc ) return rc;
62450	nCell = pPage->nCell;
62451
62452	for(i=0; i<nCell; i++){
62453	u8 *pCell = findCell(pPage, i);
	@@ -62454,11 +62467,11 @@
62454	if( eType==PTRMAP_OVERFLOW1 ){
62455	CellInfo info;
62456	pPage->xParseCell(pPage, pCell, &info);
62457	if( info.nLocal<info.nPayload ){
62458	if( pCell+info.nSize > pPage->aData+pPage->pBt->usableSize ){
62459	return SQLITE_CORRUPT_BKPT;
62460	}
62461	if( iFrom==get4byte(pCell+info.nSize-4) ){
62462	put4byte(pCell+info.nSize-4, iTo);
62463	break;
62464	}
	@@ -62472,11 +62485,11 @@
62472	}
62473
62474	if( i==nCell ){
62475	if( eType!=PTRMAP_BTREE \|\|
62476	get4byte(&pPage->aData[pPage->hdrOffset+8])!=iFrom ){
62477	return SQLITE_CORRUPT_BKPT;
62478	}
62479	put4byte(&pPage->aData[pPage->hdrOffset+8], iTo);
62480	}
62481	}
62482	return SQLITE_OK;
	@@ -63580,11 +63593,11 @@
63580	/* Trying to read or write past the end of the data is an error. The
63581	** conditional above is really:
63582	** &aPayload[pCur->info.nLocal] > &pPage->aData[pBt->usableSize]
63583	** but is recast into its current form to avoid integer overflow problems
63584	*/
63585	return SQLITE_CORRUPT_BKPT;
63586	}
63587
63588	/* Check if data must be read/written to/from the btree page itself. */
63589	if( offset<pCur->info.nLocal ){
63590	int a = amt;
	@@ -63727,11 +63740,12 @@
63727	iIdx++;
63728	}
63729	}
63730
63731	if( rc==SQLITE_OK && amt>0 ){
63732	return SQLITE_CORRUPT_BKPT; /* Overflow chain ends prematurely */

63733	}
63734	return rc;
63735	}
63736
63737	/*
	@@ -63993,11 +64007,11 @@
63993	** if pCur->iPage>=0). But this is not so if the database is corrupted
63994	** in such a way that page pRoot is linked into a second b-tree table
63995	** (or the freelist). */
63996	assert( pRoot->intKey==1 \|\| pRoot->intKey==0 );
63997	if( pRoot->isInit==0 \|\| (pCur->pKeyInfo==0)!=pRoot->intKey ){
63998	return SQLITE_CORRUPT_BKPT;
63999	}
64000
64001	skip_init:
64002	pCur->ix = 0;
64003	pCur->info.nSize = 0;
	@@ -64198,20 +64212,23 @@
64198	return SQLITE_OK;
64199	}
64200	/* If the requested key is one more than the previous key, then
64201	** try to get there using sqlite3BtreeNext() rather than a full
64202	** binary search. This is an optimization only. The correct answer
64203	** is still obtained without this ase, only a little more slowely */
64204	if( pCur->info.nKey+1==intKey && !pCur->skipNext ){
64205	*pRes = 0;
64206	rc = sqlite3BtreeNext(pCur, pRes);
64207	if( rc ) return rc;
64208	if( *pRes==0 ){
64209	getCellInfo(pCur);
64210	if( pCur->info.nKey==intKey ){
64211	return SQLITE_OK;
64212	}




64213	}
64214	}
64215	}
64216	}
64217
	@@ -64263,11 +64280,13 @@
64263	for(;;){
64264	i64 nCellKey;
64265	pCell = findCellPastPtr(pPage, idx);
64266	if( pPage->intKeyLeaf ){
64267	while( 0x80 <= *(pCell++) ){
64268	if( pCell>=pPage->aDataEnd ) return SQLITE_CORRUPT_BKPT;


64269	}
64270	}
64271	getVarint(pCell, (u64*)&nCellKey);
64272	if( nCellKey<intKey ){
64273	lwr = idx+1;
	@@ -64336,11 +64355,11 @@
64336	testcase( nCell<0 ); /* True if key size is 2^32 or more */
64337	testcase( nCell==0 ); /* Invalid key size: 0x80 0x80 0x00 */
64338	testcase( nCell==1 ); /* Invalid key size: 0x80 0x80 0x01 */
64339	testcase( nCell==2 ); /* Minimum legal index key size */
64340	if( nCell<2 ){
64341	rc = SQLITE_CORRUPT_BKPT;
64342	goto moveto_finish;
64343	}
64344	pCellKey = sqlite3Malloc( nCell+18 );
64345	if( pCellKey==0 ){
64346	rc = SQLITE_NOMEM_BKPT;
	@@ -64441,47 +64460,44 @@
64441	}
64442	return n;
64443	}
64444
64445	/*
64446	** Advance the cursor to the next entry in the database. If
64447	** successful then set *pRes=0. If the cursor
64448	** was already pointing to the last entry in the database before
64449	** this routine was called, then set *pRes=1.


64450	**
64451	** The main entry point is sqlite3BtreeNext(). That routine is optimized
64452	** for the common case of merely incrementing the cell counter BtCursor.aiIdx
64453	** to the next cell on the current page. The (slower) btreeNext() helper
64454	** routine is called when it is necessary to move to a different page or
64455	** to restore the cursor.
64456	**
64457	** The calling function will set pRes to 0 or 1. The initial pRes value
64458	** will be 1 if the cursor being stepped corresponds to an SQL index and
64459	** if this routine could have been skipped if that SQL index had been
64460	** a unique index. Otherwise the caller will have set *pRes to zero.
64461	** Zero is the common case. The btree implementation is free to use the
64462	** initial *pRes value as a hint to improve performance, but the current
64463	** SQLite btree implementation does not. (Note that the comdb2 btree
64464	** implementation does use this hint, however.)
64465	*/
64466	static SQLITE_NOINLINE int btreeNext(BtCursor pCur, int pRes){
64467	int rc;
64468	int idx;
64469	MemPage *pPage;
64470
64471	assert( cursorOwnsBtShared(pCur) );
64472	assert( pCur->skipNext==0 \|\| pCur->eState!=CURSOR_VALID );
64473	assert( *pRes==0 );
64474	if( pCur->eState!=CURSOR_VALID ){
64475	assert( (pCur->curFlags & BTCF_ValidOvfl)==0 );
64476	rc = restoreCursorPosition(pCur);
64477	if( rc!=SQLITE_OK ){
64478	return rc;
64479	}
64480	if( CURSOR_INVALID==pCur->eState ){
64481	*pRes = 1;
64482	return SQLITE_OK;
64483	}
64484	if( pCur->skipNext ){
64485	assert( pCur->eState==CURSOR_VALID \|\| pCur->eState==CURSOR_SKIPNEXT );
64486	pCur->eState = CURSOR_VALID;
64487	if( pCur->skipNext>0 ){
	@@ -64509,19 +64525,18 @@
64509	if( rc ) return rc;
64510	return moveToLeftmost(pCur);
64511	}
64512	do{
64513	if( pCur->iPage==0 ){
64514	*pRes = 1;
64515	pCur->eState = CURSOR_INVALID;
64516	return SQLITE_OK;
64517	}
64518	moveToParent(pCur);
64519	pPage = pCur->apPage[pCur->iPage];
64520	}while( pCur->ix>=pPage->nCell );
64521	if( pPage->intKey ){
64522	return sqlite3BtreeNext(pCur, pRes);
64523	}else{
64524	return SQLITE_OK;
64525	}
64526	}
64527	if( pPage->leaf ){
	@@ -64528,71 +64543,66 @@
64528	return SQLITE_OK;
64529	}else{
64530	return moveToLeftmost(pCur);
64531	}
64532	}
64533	SQLITE_PRIVATE int sqlite3BtreeNext(BtCursor pCur, int pRes){
64534	MemPage *pPage;
64535	assert( cursorOwnsBtShared(pCur) );
64536	assert( pRes!=0 );
64537	assert( pRes==0 \|\| pRes==1 );
64538	assert( pCur->skipNext==0 \|\| pCur->eState!=CURSOR_VALID );
64539	pCur->info.nSize = 0;
64540	pCur->curFlags &= ~(BTCF_ValidNKey\|BTCF_ValidOvfl);
64541	*pRes = 0;
64542	if( pCur->eState!=CURSOR_VALID ) return btreeNext(pCur, pRes);
64543	pPage = pCur->apPage[pCur->iPage];
64544	if( (++pCur->ix)>=pPage->nCell ){
64545	pCur->ix--;
64546	return btreeNext(pCur, pRes);
64547	}
64548	if( pPage->leaf ){
64549	return SQLITE_OK;
64550	}else{
64551	return moveToLeftmost(pCur);
64552	}
64553	}
64554
64555	/*
64556	** Step the cursor to the back to the previous entry in the database. If
64557	** successful then set *pRes=0. If the cursor
64558	** was already pointing to the first entry in the database before
64559	** this routine was called, then set *pRes=1.


64560	**
64561	** The main entry point is sqlite3BtreePrevious(). That routine is optimized
64562	** for the common case of merely decrementing the cell counter BtCursor.aiIdx
64563	** to the previous cell on the current page. The (slower) btreePrevious()
64564	** helper routine is called when it is necessary to move to a different page
64565	** or to restore the cursor.
64566	**
64567	** The calling function will set pRes to 0 or 1. The initial pRes value
64568	** will be 1 if the cursor being stepped corresponds to an SQL index and
64569	** if this routine could have been skipped if that SQL index had been
64570	** a unique index. Otherwise the caller will have set *pRes to zero.
64571	** Zero is the common case. The btree implementation is free to use the
64572	** initial *pRes value as a hint to improve performance, but the current
64573	** SQLite btree implementation does not. (Note that the comdb2 btree
64574	** implementation does use this hint, however.)
64575	*/
64576	static SQLITE_NOINLINE int btreePrevious(BtCursor pCur, int pRes){
64577	int rc;
64578	MemPage *pPage;
64579
64580	assert( cursorOwnsBtShared(pCur) );
64581	assert( pRes!=0 );
64582	assert( *pRes==0 );
64583	assert( pCur->skipNext==0 \|\| pCur->eState!=CURSOR_VALID );
64584	assert( (pCur->curFlags & (BTCF_AtLast\|BTCF_ValidOvfl\|BTCF_ValidNKey))==0 );
64585	assert( pCur->info.nSize==0 );
64586	if( pCur->eState!=CURSOR_VALID ){
64587	rc = restoreCursorPosition(pCur);
64588	if( rc!=SQLITE_OK ){
64589	return rc;
64590	}
64591	if( CURSOR_INVALID==pCur->eState ){
64592	*pRes = 1;
64593	return SQLITE_OK;
64594	}
64595	if( pCur->skipNext ){
64596	assert( pCur->eState==CURSOR_VALID \|\| pCur->eState==CURSOR_SKIPNEXT );
64597	pCur->eState = CURSOR_VALID;
64598	if( pCur->skipNext<0 ){
	@@ -64612,41 +64622,38 @@
64612	rc = moveToRightmost(pCur);
64613	}else{
64614	while( pCur->ix==0 ){
64615	if( pCur->iPage==0 ){
64616	pCur->eState = CURSOR_INVALID;
64617	*pRes = 1;
64618	return SQLITE_OK;
64619	}
64620	moveToParent(pCur);
64621	}
64622	assert( pCur->info.nSize==0 );
64623	assert( (pCur->curFlags & (BTCF_ValidOvfl))==0 );
64624
64625	pCur->ix--;
64626	pPage = pCur->apPage[pCur->iPage];
64627	if( pPage->intKey && !pPage->leaf ){
64628	rc = sqlite3BtreePrevious(pCur, pRes);
64629	}else{
64630	rc = SQLITE_OK;
64631	}
64632	}
64633	return rc;
64634	}
64635	SQLITE_PRIVATE int sqlite3BtreePrevious(BtCursor pCur, int pRes){
64636	assert( cursorOwnsBtShared(pCur) );
64637	assert( pRes!=0 );
64638	assert( pRes==0 \|\| pRes==1 );
64639	assert( pCur->skipNext==0 \|\| pCur->eState!=CURSOR_VALID );
64640	*pRes = 0;
64641	pCur->curFlags &= ~(BTCF_AtLast\|BTCF_ValidOvfl\|BTCF_ValidNKey);
64642	pCur->info.nSize = 0;
64643	if( pCur->eState!=CURSOR_VALID
64644	\|\| pCur->ix==0
64645	\|\| pCur->apPage[pCur->iPage]->leaf==0
64646	){
64647	return btreePrevious(pCur, pRes);
64648	}
64649	pCur->ix--;
64650	return SQLITE_OK;
64651	}
64652
	@@ -64750,11 +64757,11 @@
64750	** the freelist is empty. */
64751	iTrunk = get4byte(&pPage1->aData[32]);
64752	}
64753	testcase( iTrunk==mxPage );
64754	if( iTrunk>mxPage \|\| nSearch++ > n ){
64755	rc = SQLITE_CORRUPT_BKPT;
64756	}else{
64757	rc = btreeGetUnusedPage(pBt, iTrunk, &pTrunk, 0);
64758	}
64759	if( rc ){
64760	pTrunk = 0;
	@@ -64779,11 +64786,11 @@
64779	*ppPage = pTrunk;
64780	pTrunk = 0;
64781	TRACE(("ALLOCATE: %d trunk - %d free pages left\n", *pPgno, n-1));
64782	}else if( k>(u32)(pBt->usableSize/4 - 2) ){
64783	/* Value of k is out of range. Database corruption */
64784	rc = SQLITE_CORRUPT_BKPT;
64785	goto end_allocate_page;
64786	#ifndef SQLITE_OMIT_AUTOVACUUM
64787	}else if( searchList
64788	&& (nearby==iTrunk \|\| (iTrunk<nearby && eMode==BTALLOC_LE))
64789	){
	@@ -64813,11 +64820,11 @@
64813	** page in this case.
64814	*/
64815	MemPage *pNewTrunk;
64816	Pgno iNewTrunk = get4byte(&pTrunk->aData[8]);
64817	if( iNewTrunk>mxPage ){
64818	rc = SQLITE_CORRUPT_BKPT;
64819	goto end_allocate_page;
64820	}
64821	testcase( iNewTrunk==mxPage );
64822	rc = btreeGetUnusedPage(pBt, iNewTrunk, &pNewTrunk, 0);
64823	if( rc!=SQLITE_OK ){
	@@ -64878,11 +64885,11 @@
64878	}
64879
64880	iPage = get4byte(&aData[8+closest*4]);
64881	testcase( iPage==mxPage );
64882	if( iPage>mxPage ){
64883	rc = SQLITE_CORRUPT_BKPT;
64884	goto end_allocate_page;
64885	}
64886	testcase( iPage==mxPage );
64887	if( !searchList
64888	\|\| (iPage==nearby \|\| (iPage<nearby && eMode==BTALLOC_LE))
	@@ -65148,11 +65155,12 @@
65148	pPage->xParseCell(pPage, pCell, pInfo);
65149	if( pInfo->nLocal==pInfo->nPayload ){
65150	return SQLITE_OK; /* No overflow pages. Return without doing anything */
65151	}
65152	if( pCell+pInfo->nSize-1 > pPage->aData+pPage->maskPage ){
65153	return SQLITE_CORRUPT_BKPT; /* Cell extends past end of page */

65154	}
65155	ovflPgno = get4byte(pCell + pInfo->nSize - 4);
65156	assert( pBt->usableSize > 4 );
65157	ovflPageSize = pBt->usableSize - 4;
65158	nOvfl = (pInfo->nPayload - pInfo->nLocal + ovflPageSize - 1)/ovflPageSize;
	@@ -67363,12 +67371,12 @@
67363	** from the internal node. The 'previous' entry is used for this instead
67364	** of the 'next' entry, as the previous entry is always a part of the
67365	** sub-tree headed by the child page of the cell being deleted. This makes
67366	** balancing the tree following the delete operation easier. */
67367	if( !pPage->leaf ){
67368	int notUsed = 0;
67369	rc = sqlite3BtreePrevious(pCur, &notUsed);
67370	if( rc ) return rc;
67371	}
67372
67373	/* Save the positions of any other cursors open on this table before
67374	** making any modifications. */
	@@ -71024,11 +71032,11 @@
71024	if( enc!=SQLITE_UTF8 ){
71025	rc = sqlite3VdbeChangeEncoding(pVal, enc);
71026	}
71027	}else if( op==TK_UMINUS ) {
71028	/* This branch happens for multiple negative signs. Ex: -(-5) */
71029	if( SQLITE_OK==sqlite3ValueFromExpr(db,pExpr->pLeft,enc,affinity,&pVal)
71030	&& pVal!=0
71031	){
71032	sqlite3VdbeMemNumerify(pVal);
71033	if( pVal->flags & MEM_Real ){
71034	pVal->u.r = -pVal->u.r;
	@@ -73578,21 +73586,22 @@
73578	** statement. This is now set at compile time, rather than during
73579	** execution of the vdbe program so that sqlite3_column_count() can
73580	** be called on an SQL statement before sqlite3_step().
73581	*/
73582	SQLITE_PRIVATE void sqlite3VdbeSetNumCols(Vdbe *p, int nResColumn){
73583	Mem *pColName;
73584	int n;
73585	sqlite3 *db = p->db;
73586
73587	releaseMemArray(p->aColName, p->nResColumn*COLNAME_N);
73588	sqlite3DbFree(db, p->aColName);


73589	n = nResColumn*COLNAME_N;
73590	p->nResColumn = (u16)nResColumn;
73591	p->aColName = pColName = (Mem)sqlite3DbMallocRawNN(db, sizeof(Mem)n );
73592	if( p->aColName==0 ) return;
73593	initMemArray(p->aColName, n, p->db, MEM_Null);
73594	}
73595
73596	/*
73597	** Set the name of the idx'th column to be returned by the SQL statement.
73598	** zName must be a pointer to a nul terminated string.
	@@ -74238,14 +74247,14 @@
74238	sqlite3BeginBenignMalloc();
74239	if( db->pErr==0 ) db->pErr = sqlite3ValueNew(db);
74240	sqlite3ValueSetStr(db->pErr, -1, p->zErrMsg, SQLITE_UTF8, SQLITE_TRANSIENT);
74241	sqlite3EndBenignMalloc();
74242	db->bBenignMalloc--;
74243	db->errCode = rc;
74244	}else{
74245	sqlite3Error(db, rc);
74246	}

74247	return rc;
74248	}
74249
74250	#ifdef SQLITE_ENABLE_SQLLOG
74251	/*
	@@ -75149,23 +75158,24 @@
75149	** comparison function directly */
75150	return pColl->xCmp(pColl->pUser,pMem1->n,pMem1->z,pMem2->n,pMem2->z);
75151	}else{
75152	int rc;
75153	const void v1, v2;
75154	int n1, n2;
75155	Mem c1;
75156	Mem c2;
75157	sqlite3VdbeMemInit(&c1, pMem1->db, MEM_Null);
75158	sqlite3VdbeMemInit(&c2, pMem1->db, MEM_Null);
75159	sqlite3VdbeMemShallowCopy(&c1, pMem1, MEM_Ephem);
75160	sqlite3VdbeMemShallowCopy(&c2, pMem2, MEM_Ephem);
75161	v1 = sqlite3ValueText((sqlite3_value*)&c1, pColl->enc);
75162	n1 = v1==0 ? 0 : c1.n;
75163	v2 = sqlite3ValueText((sqlite3_value*)&c2, pColl->enc);
75164	n2 = v2==0 ? 0 : c2.n;
75165	rc = pColl->xCmp(pColl->pUser, n1, v1, n2, v2);
75166	if( (v1==0 \|\| v2==0) && prcErr ) *prcErr = SQLITE_NOMEM_BKPT;



75167	sqlite3VdbeMemRelease(&c1);
75168	sqlite3VdbeMemRelease(&c2);
75169	return rc;
75170	}
75171	}
	@@ -77397,12 +77407,14 @@
77397	pVar = &p->aVar[i-1];
77398	rc = sqlite3VdbeMemSetStr(pVar, zData, nData, encoding, xDel);
77399	if( rc==SQLITE_OK && encoding!=0 ){
77400	rc = sqlite3VdbeChangeEncoding(pVar, ENC(p->db));
77401	}
77402	sqlite3Error(p->db, rc);
77403	rc = sqlite3ApiExit(p->db, rc);


77404	}
77405	sqlite3_mutex_leave(p->db->mutex);
77406	}else if( xDel!=SQLITE_STATIC && xDel!=SQLITE_TRANSIENT ){
77407	xDel((void*)zData);
77408	}
	@@ -77705,12 +77717,23 @@
77705	if( !pStmt ){
77706	(void)SQLITE_MISUSE_BKPT;
77707	return 0;
77708	}
77709	#endif
77710	v = pVdbe->aCounter[op];
77711	if( resetFlag ) pVdbe->aCounter[op] = 0;











77712	return (int)v;
77713	}
77714
77715	/*
77716	** Return the SQL associated with a prepared statement
	@@ -78861,11 +78884,11 @@
78861	u8 resetSchemaOnFault = 0; /* Reset schema after an error if positive */
78862	u8 encoding = ENC(db); /* The database encoding */
78863	int iCompare = 0; /* Result of last comparison */
78864	unsigned nVmStep = 0; /* Number of virtual machine steps */
78865	#ifndef SQLITE_OMIT_PROGRESS_CALLBACK
78866	unsigned nProgressLimit = 0;/* Invoke xProgress() when nVmStep reaches this */
78867	#endif
78868	Mem aMem = p->aMem; / Copy of p->aMem */
78869	Mem pIn1 = 0; / 1st input operand */
78870	Mem pIn2 = 0; / 2nd input operand */
78871	Mem pIn3 = 0; / 3rd input operand */
	@@ -78893,10 +78916,12 @@
78893	#ifndef SQLITE_OMIT_PROGRESS_CALLBACK
78894	if( db->xProgress ){
78895	u32 iPrior = p->aCounter[SQLITE_STMTSTATUS_VM_STEP];
78896	assert( 0 < db->nProgressOps );
78897	nProgressLimit = db->nProgressOps - (iPrior % db->nProgressOps);


78898	}
78899	#endif
78900	#ifdef SQLITE_DEBUG
78901	sqlite3BeginBenignMalloc();
78902	if( p->pc==0
	@@ -79070,11 +79095,11 @@
79070	** of VDBE ops have been executed (either since this invocation of
79071	** sqlite3VdbeExec() or since last time the progress callback was called).
79072	** If the progress callback returns non-zero, exit the virtual machine with
79073	** a return code SQLITE_ABORT.
79074	*/
79075	if( db->xProgress!=0 && nVmStep>=nProgressLimit ){
79076	assert( db->nProgressOps!=0 );
79077	nProgressLimit = nVmStep + db->nProgressOps - (nVmStep%db->nProgressOps);
79078	if( db->xProgress(db->pProgressArg) ){
79079	rc = SQLITE_INTERRUPT;
79080	goto abort_due_to_error;
	@@ -79612,11 +79637,11 @@
79612
79613	#ifndef SQLITE_OMIT_PROGRESS_CALLBACK
79614	/* Run the progress counter just before returning.
79615	*/
79616	if( db->xProgress!=0
79617	&& nVmStep>=nProgressLimit
79618	&& db->xProgress(db->pProgressArg)!=0
79619	){
79620	rc = SQLITE_INTERRUPT;
79621	goto abort_due_to_error;
79622	}
	@@ -80783,11 +80808,13 @@
80783	Mem pReg; / PseudoTable input register */
80784
80785	pC = p->apCsr[pOp->p1];
80786	p2 = pOp->p2;
80787
80788	/* If the cursor cache is stale, bring it up-to-date */


80789	rc = sqlite3VdbeCursorMoveto(&pC, &p2);
80790	if( rc ) goto abort_due_to_error;
80791
80792	assert( pOp->p3>0 && pOp->p3<=(p->nMem+1 - p->nCursor) );
80793	pDest = &aMem[pOp->p3];
	@@ -82265,21 +82292,35 @@
82265	sqlite3_search_count++;
82266	#endif
82267	if( oc>=OP_SeekGE ){ assert( oc==OP_SeekGE \|\| oc==OP_SeekGT );
82268	if( res<0 \|\| (res==0 && oc==OP_SeekGT) ){
82269	res = 0;
82270	rc = sqlite3BtreeNext(pC->uc.pCursor, &res);
82271	if( rc!=SQLITE_OK ) goto abort_due_to_error;







82272	}else{
82273	res = 0;
82274	}
82275	}else{
82276	assert( oc==OP_SeekLT \|\| oc==OP_SeekLE );
82277	if( res>0 \|\| (res==0 && oc==OP_SeekLT) ){
82278	res = 0;
82279	rc = sqlite3BtreePrevious(pC->uc.pCursor, &res);
82280	if( rc!=SQLITE_OK ) goto abort_due_to_error;







82281	}else{
82282	/* res might be negative because the table is empty. Check to
82283	** see if this is the case.
82284	*/
82285	res = sqlite3BtreeEof(pC->uc.pCursor);
	@@ -83381,16 +83422,14 @@
83381	** invoked. This opcode advances the cursor to the next sorted
83382	** record, or jumps to P2 if there are no more sorted records.
83383	*/
83384	case OP_SorterNext: { /* jump */
83385	VdbeCursor *pC;
83386	int res;
83387
83388	pC = p->apCsr[pOp->p1];
83389	assert( isSorter(pC) );
83390	res = 0;
83391	rc = sqlite3VdbeSorterNext(db, pC, &res);
83392	goto next_tail;
83393	case OP_PrevIfOpen: /* jump */
83394	case OP_NextIfOpen: /* jump */
83395	if( p->apCsr[pOp->p1]==0 ) break;
83396	/* Fall through */
	@@ -83397,16 +83436,13 @@
83397	case OP_Prev: /* jump */
83398	case OP_Next: /* jump */
83399	assert( pOp->p1>=0 && pOp->p1<p->nCursor );
83400	assert( pOp->p5<ArraySize(p->aCounter) );
83401	pC = p->apCsr[pOp->p1];
83402	res = pOp->p3;
83403	assert( pC!=0 );
83404	assert( pC->deferredMoveto==0 );
83405	assert( pC->eCurType==CURTYPE_BTREE );
83406	assert( res==0 \|\| (res==1 && pC->isTable==0) );
83407	testcase( res==1 );
83408	assert( pOp->opcode!=OP_Next \|\| pOp->p4.xAdvance==sqlite3BtreeNext );
83409	assert( pOp->opcode!=OP_Prev \|\| pOp->p4.xAdvance==sqlite3BtreePrevious );
83410	assert( pOp->opcode!=OP_NextIfOpen \|\| pOp->p4.xAdvance==sqlite3BtreeNext );
83411	assert( pOp->opcode!=OP_PrevIfOpen \|\| pOp->p4.xAdvance==sqlite3BtreePrevious);
83412
	@@ -83417,25 +83453,25 @@
83417	\|\| pC->seekOp==OP_Rewind \|\| pC->seekOp==OP_Found);
83418	assert( pOp->opcode!=OP_Prev \|\| pOp->opcode!=OP_PrevIfOpen
83419	\|\| pC->seekOp==OP_SeekLT \|\| pC->seekOp==OP_SeekLE
83420	\|\| pC->seekOp==OP_Last );
83421
83422	rc = pOp->p4.xAdvance(pC->uc.pCursor, &res);
83423	next_tail:
83424	pC->cacheStatus = CACHE_STALE;
83425	VdbeBranchTaken(res==0,2);
83426	if( rc ) goto abort_due_to_error;
83427	if( res==0 ){
83428	pC->nullRow = 0;
83429	p->aCounter[pOp->p5]++;
83430	#ifdef SQLITE_TEST
83431	sqlite3_search_count++;
83432	#endif
83433	goto jump_to_p2_and_check_for_interrupt;
83434	}else{
83435	pC->nullRow = 1;
83436	}



83437	goto check_for_interrupt;
83438	}
83439
83440	/* Opcode: IdxInsert P1 P2 P3 P4 P5
83441	** Synopsis: key=r[P2]
	@@ -83542,12 +83578,12 @@
83542	pC->cacheStatus = CACHE_STALE;
83543	pC->seekResult = 0;
83544	break;
83545	}
83546
83547	/* Opcode: Seek P1 * P3 P4 *
83548	** Synopsis: Move P3 to P1.rowid
83549	**
83550	** P1 is an open index cursor and P3 is a cursor on the corresponding
83551	** table. This opcode does a deferred seek of the P3 table cursor
83552	** to the row that corresponds to the current row of P1.
83553	**
	@@ -83570,15 +83606,15 @@
83570	** the end of the index key pointed to by cursor P1. This integer should be
83571	** the rowid of the table entry to which this index entry points.
83572	**
83573	** See also: Rowid, MakeRecord.
83574	*/
83575	case OP_Seek:
83576	case OP_IdxRowid: { /* out2 */
83577	VdbeCursor pC; / The P1 index cursor */
83578	VdbeCursor pTabCur; / The P2 table cursor (OP_Seek only) */
83579	i64 rowid; /* Rowid that P1 current points to */
83580
83581	assert( pOp->p1>=0 && pOp->p1<p->nCursor );
83582	pC = p->apCsr[pOp->p1];
83583	assert( pC!=0 );
83584	assert( pC->eCurType==CURTYPE_BTREE );
	@@ -83600,11 +83636,11 @@
83600	rowid = 0; /* Not needed. Only used to silence a warning. */
83601	rc = sqlite3VdbeIdxRowid(db, pC->uc.pCursor, &rowid);
83602	if( rc!=SQLITE_OK ){
83603	goto abort_due_to_error;
83604	}
83605	if( pOp->opcode==OP_Seek ){
83606	assert( pOp->p3>=0 && pOp->p3<p->nCursor );
83607	pTabCur = p->apCsr[pOp->p3];
83608	assert( pTabCur!=0 );
83609	assert( pTabCur->eCurType==CURTYPE_BTREE );
83610	assert( pTabCur->uc.pCursor!=0 );
	@@ -86827,13 +86863,13 @@
86827
86828	int n1;
86829	int n2;
86830	int res;
86831
86832	getVarint32(&p1[1], n1); n1 = (n1 - 13) / 2;
86833	getVarint32(&p2[1], n2); n2 = (n2 - 13) / 2;
86834	res = memcmp(v1, v2, MIN(n1, n2));
86835	if( res==0 ){
86836	res = n1 - n2;
86837	}
86838
86839	if( res==0 ){
	@@ -88624,13 +88660,17 @@
88624	vdbeSorterRewindDebug("rewinddone");
88625	return rc;
88626	}
88627
88628	/*
88629	** Advance to the next element in the sorter.




88630	*/
88631	SQLITE_PRIVATE int sqlite3VdbeSorterNext(sqlite3 db, const VdbeCursor pCsr, int *pbEof){
88632	VdbeSorter *pSorter;
88633	int rc; /* Return code */
88634
88635	assert( pCsr->eCurType==CURTYPE_SORTER );
88636	pSorter = pCsr->uc.pSorter;
	@@ -88640,25 +88680,26 @@
88640	assert( pSorter->bUseThreads==0 \|\| pSorter->pReader );
88641	assert( pSorter->bUseThreads==1 \|\| pSorter->pMerger );
88642	#if SQLITE_MAX_WORKER_THREADS>0
88643	if( pSorter->bUseThreads ){
88644	rc = vdbePmaReaderNext(pSorter->pReader);
88645	*pbEof = (pSorter->pReader->pFd==0);
88646	}else
88647	#endif
88648	/if( !pSorter->bUseThreads )/ {

88649	assert( pSorter->pMerger!=0 );
88650	assert( pSorter->pMerger->pTask==(&pSorter->aTask[0]) );
88651	rc = vdbeMergeEngineStep(pSorter->pMerger, pbEof);

88652	}
88653	}else{
88654	SorterRecord *pFree = pSorter->list.pList;
88655	pSorter->list.pList = pFree->u.pNext;
88656	pFree->u.pNext = 0;
88657	if( pSorter->list.aMemory==0 ) vdbeSorterRecordFree(db, pFree);
88658	*pbEof = !pSorter->list.pList;
88659	rc = SQLITE_OK;
88660	}
88661	return rc;
88662	}
88663
88664	/*
	@@ -89308,44 +89349,37 @@
89308	** Invoke sqlite3WalkSelect() for subqueries in the FROM clause and
89309	** on the compound select chain, p->pPrior.
89310	**
89311	** If it is not NULL, the xSelectCallback() callback is invoked before
89312	** the walk of the expressions and FROM clause. The xSelectCallback2()
89313	** method, if it is not NULL, is invoked following the walk of the
89314	** expressions and FROM clause.

89315	**
89316	** Return WRC_Continue under normal conditions. Return WRC_Abort if
89317	** there is an abort request.
89318	**
89319	** If the Walker does not have an xSelectCallback() then this routine
89320	** is a no-op returning WRC_Continue.
89321	*/
89322	SQLITE_PRIVATE int sqlite3WalkSelect(Walker pWalker, Select p){
89323	int rc;
89324	if( p==0 \|\| (pWalker->xSelectCallback==0 && pWalker->xSelectCallback2==0) ){
89325	return WRC_Continue;
89326	}
89327	rc = WRC_Continue;
89328	pWalker->walkerDepth++;
89329	while( p ){
89330	if( pWalker->xSelectCallback ){
89331	rc = pWalker->xSelectCallback(pWalker, p);
89332	if( rc ) break;
89333	}
89334	if( sqlite3WalkSelectExpr(pWalker, p)
89335	\|\| sqlite3WalkSelectFrom(pWalker, p)
89336	){
89337	pWalker->walkerDepth--;
89338	return WRC_Abort;
89339	}
89340	if( pWalker->xSelectCallback2 ){
89341	pWalker->xSelectCallback2(pWalker, p);
89342	}
89343	p = p->pPrior;
89344	}
89345	pWalker->walkerDepth--;
89346	return rc & WRC_Abort;
89347	}
89348
89349	/************ End of walker.c ********************************************/
89350	/************ Begin file resolve.c ***************************************/
89351	/*
	@@ -90778,41 +90812,33 @@
90778	Expr pExpr / The expression to be analyzed. */
90779	){
90780	u16 savedHasAgg;
90781	Walker w;
90782
90783	if( pExpr==0 ) return 0;
90784	#if SQLITE_MAX_EXPR_DEPTH>0
90785	{
90786	Parse *pParse = pNC->pParse;
90787	if( sqlite3ExprCheckHeight(pParse, pExpr->nHeight+pNC->pParse->nHeight) ){
90788	return 1;
90789	}
90790	pParse->nHeight += pExpr->nHeight;
90791	}
90792	#endif
90793	savedHasAgg = pNC->ncFlags & (NC_HasAgg\|NC_MinMaxAgg);
90794	pNC->ncFlags &= ~(NC_HasAgg\|NC_MinMaxAgg);
90795	w.pParse = pNC->pParse;
90796	w.xExprCallback = resolveExprStep;
90797	w.xSelectCallback = resolveSelectStep;
90798	w.xSelectCallback2 = 0;
90799	w.walkerDepth = 0;
90800	w.eCode = 0;
90801	w.u.pNC = pNC;






90802	sqlite3WalkExpr(&w, pExpr);
90803	#if SQLITE_MAX_EXPR_DEPTH>0
90804	pNC->pParse->nHeight -= pExpr->nHeight;
90805	#endif
90806	if( pNC->nErr>0 \|\| w.pParse->nErr>0 ){
90807	ExprSetProperty(pExpr, EP_Error);
90808	}
90809	if( pNC->ncFlags & NC_HasAgg ){
90810	ExprSetProperty(pExpr, EP_Agg);
90811	}
90812	pNC->ncFlags \|= savedHasAgg;
90813	return ExprHasProperty(pExpr, EP_Error);
90814	}
90815
90816	/*
90817	** Resolve all names for all expression in an expression list. This is
90818	** just like sqlite3ResolveExprNames() except that it works for an expression
	@@ -90849,13 +90875,13 @@
90849	NameContext pOuterNC / Name context for parent SELECT statement */
90850	){
90851	Walker w;
90852
90853	assert( p!=0 );
90854	memset(&w, 0, sizeof(w));
90855	w.xExprCallback = resolveExprStep;
90856	w.xSelectCallback = resolveSelectStep;

90857	w.pParse = pParse;
90858	w.u.pNC = pOuterNC;
90859	sqlite3WalkSelect(&w, p);
90860	}
90861
	@@ -92384,11 +92410,13 @@
92384	}
92385	pList = pNew;
92386	pList->nAlloc *= 2;
92387	}
92388	pItem = &pList->a[pList->nExpr++];
92389	memset(pItem, 0, sizeof(*pItem));


92390	pItem->pExpr = pExpr;
92391	return pList;
92392
92393	no_mem:
92394	/* Avoid leaking memory if malloc has failed. */
	@@ -92668,14 +92696,16 @@
92668	pWalker->eCode = 0;
92669	return WRC_Abort;
92670	}
92671	static int exprIsConst(Expr *p, int initFlag, int iCur){
92672	Walker w;
92673	memset(&w, 0, sizeof(w));
92674	w.eCode = initFlag;
92675	w.xExprCallback = exprNodeIsConstant;
92676	w.xSelectCallback = selectNodeIsConstant;



92677	w.u.iCur = iCur;
92678	sqlite3WalkExpr(&w, p);
92679	return w.eCode;
92680	}
92681
	@@ -92759,13 +92789,13 @@
92759	** optimization, so we take the easy way out and simply require the
92760	** GROUP BY to use the BINARY collating sequence.
92761	*/
92762	SQLITE_PRIVATE int sqlite3ExprIsConstantOrGroupBy(Parse pParse, Expr p, ExprList *pGroupBy){
92763	Walker w;
92764	memset(&w, 0, sizeof(w));
92765	w.eCode = 1;
92766	w.xExprCallback = exprNodeIsConstantOrGroupBy;

92767	w.u.pGroupBy = pGroupBy;
92768	w.pParse = pParse;
92769	sqlite3WalkExpr(&w, p);
92770	return w.eCode;
92771	}
	@@ -92789,14 +92819,16 @@
92789	** Walk an expression tree. Return 1 if the expression contains a
92790	** subquery of some kind. Return 0 if there are no subqueries.
92791	*/
92792	SQLITE_PRIVATE int sqlite3ExprContainsSubquery(Expr *p){
92793	Walker w;
92794	memset(&w, 0, sizeof(w));
92795	w.eCode = 1;
92796	w.xExprCallback = sqlite3ExprWalkNoop;
92797	w.xSelectCallback = selectNodeIsConstant;



92798	sqlite3WalkExpr(&w, p);
92799	return w.eCode==0;
92800	}
92801	#endif
92802
	@@ -95797,12 +95829,12 @@
95797	*/
95798	SQLITE_PRIVATE int sqlite3FunctionUsesThisSrc(Expr pExpr, SrcList pSrcList){
95799	Walker w;
95800	struct SrcCount cnt;
95801	assert( pExpr->op==TK_AGG_FUNCTION );
95802	memset(&w, 0, sizeof(w));
95803	w.xExprCallback = exprSrcCount;

95804	w.u.pSrcCount = &cnt;
95805	cnt.pSrc = pSrcList;
95806	cnt.nThis = 0;
95807	cnt.nOther = 0;
95808	sqlite3WalkExprList(&w, pExpr->x.pList);
	@@ -95970,13 +96002,17 @@
95970	}
95971	}
95972	return WRC_Continue;
95973	}
95974	static int analyzeAggregatesInSelect(Walker pWalker, Select pSelect){
95975	UNUSED_PARAMETER(pWalker);




95976	UNUSED_PARAMETER(pSelect);
95977	return WRC_Continue;
95978	}
95979
95980	/*
95981	** Analyze the pExpr expression looking for aggregate functions and
95982	** for variables that need to be added to AggInfo object that pNC->pAggInfo
	@@ -95986,13 +96022,14 @@
95986	** This routine should only be called after the expression has been
95987	** analyzed by sqlite3ResolveExprNames().
95988	*/
95989	SQLITE_PRIVATE void sqlite3ExprAnalyzeAggregates(NameContext pNC, Expr pExpr){
95990	Walker w;
95991	memset(&w, 0, sizeof(w));
95992	w.xExprCallback = analyzeAggregate;
95993	w.xSelectCallback = analyzeAggregatesInSelect;


95994	w.u.pNC = pNC;
95995	assert( pNC->pSrcList!=0 );
95996	sqlite3WalkExpr(&w, pExpr);
95997	}
95998
	@@ -100633,11 +100670,15 @@
100633	}
100634	pTable->zName = zName;
100635	pTable->iPKey = -1;
100636	pTable->pSchema = db->aDb[iDb].pSchema;
100637	pTable->nTabRef = 1;



100638	pTable->nRowLogEst = 200; assert( 200==sqlite3LogEst(1048576) );

100639	assert( pParse->pNewTable==0 );
100640	pParse->pNewTable = pTable;
100641
100642	/* If this is the magic sqlite_sequence table used by autoincrement,
100643	** then record a pointer to this table in the main database structure
	@@ -104984,11 +105025,11 @@
104984	** It is easier just to erase the whole table. Prior to version 3.6.5,
104985	** this optimization caused the row change count (the value returned by
104986	** API function sqlite3_count_changes) to be set incorrectly.
104987	**
104988	** The "rcauth==SQLITE_OK" terms is the
104989	** IMPLEMENATION-OF: R-17228-37124 If the action code is SQLITE_DELETE and
104990	** the callback returns SQLITE_IGNORE then the DELETE operation proceeds but
104991	** the truncate optimization is disabled and all rows are deleted
104992	** individually.
104993	*/
104994	if( rcauth==SQLITE_OK
	@@ -105090,11 +105131,11 @@
105090	sqlite3VdbeAddOp4(v, OP_MakeRecord, iPk, nPk, iKey,
105091	sqlite3IndexAffinityStr(pParse->db, pPk), nPk);
105092	sqlite3VdbeAddOp4Int(v, OP_IdxInsert, iEphCur, iKey, iPk, nPk);
105093	}else{
105094	/* Add the rowid of the row to be deleted to the RowSet */
105095	nKey = 1; /* OP_Seek always uses a single rowid */
105096	sqlite3VdbeAddOp2(v, OP_RowSetAdd, iRowSet, iKey);
105097	}
105098	}
105099
105100	/* If this DELETE cannot use the ONEPASS strategy, this is the
	@@ -109354,14 +109395,14 @@
109354	Trigger pTrigger; / List of triggers on pTab, if required */
109355	int tmask; /* Mask of trigger times */
109356	#endif
109357
109358	db = pParse->db;
109359	memset(&dest, 0, sizeof(dest));
109360	if( pParse->nErr \|\| db->mallocFailed ){
109361	goto insert_cleanup;
109362	}

109363
109364	/* If the Select object is really just a simple VALUES() list with a
109365	** single row (the common case) then keep that one row of values
109366	** and discard the other (unused) parts of the pSelect object
109367	*/
	@@ -117550,11 +117591,11 @@
117550	/*
117551	** Allocate a KeyInfo object sufficient for an index of N key columns and
117552	** X extra columns.
117553	*/
117554	SQLITE_PRIVATE KeyInfo sqlite3KeyInfoAlloc(sqlite3 db, int N, int X){
117555	int nExtra = (N+X)(sizeof(CollSeq)+1);
117556	KeyInfo *p = sqlite3DbMallocRawNN(db, sizeof(KeyInfo) + nExtra);
117557	if( p ){
117558	p->aSortOrder = (u8*)&p->aColl[N+X];
117559	p->nField = (u16)N;
117560	p->nXField = (u16)X;
	@@ -121129,10 +121170,29 @@
121129	SQLITE_PRIVATE int sqlite3ExprWalkNoop(Walker NotUsed, Expr NotUsed2){
121130	UNUSED_PARAMETER2(NotUsed, NotUsed2);
121131	return WRC_Continue;
121132	}
121133



















121134	/*
121135	** This routine "expands" a SELECT statement and all of its subqueries.
121136	** For additional information on what it means to "expand" a SELECT
121137	** statement, see the comment on the selectExpand worker callback above.
121138	**
	@@ -121144,15 +121204,15 @@
121144	** The calling function can detect the problem by looking at pParse->nErr
121145	** and/or pParse->db->mallocFailed.
121146	*/
121147	static void sqlite3SelectExpand(Parse pParse, Select pSelect){
121148	Walker w;
121149	memset(&w, 0, sizeof(w));
121150	w.xExprCallback = sqlite3ExprWalkNoop;
121151	w.pParse = pParse;
121152	if( pParse->hasCompound ){
121153	w.xSelectCallback = convertCompoundSelectToSubquery;

121154	sqlite3WalkSelect(&w, pSelect);
121155	}
121156	w.xSelectCallback = selectExpander;
121157	w.xSelectCallback2 = selectPopWith;
121158	sqlite3WalkSelect(&w, pSelect);
	@@ -121208,11 +121268,11 @@
121208	** Use this routine after name resolution.
121209	*/
121210	static void sqlite3SelectAddTypeInfo(Parse pParse, Select pSelect){
121211	#ifndef SQLITE_OMIT_SUBQUERY
121212	Walker w;
121213	memset(&w, 0, sizeof(w));
121214	w.xSelectCallback2 = selectAddSubqueryTypeInfo;
121215	w.xExprCallback = sqlite3ExprWalkNoop;
121216	w.pParse = pParse;
121217	sqlite3WalkSelect(&w, pSelect);
121218	#endif
	@@ -121789,10 +121849,13 @@
121789	VdbeNoopComment((v, "materialize \"%s\"", pItem->pTab->zName));
121790	}
121791	pPrior = isSelfJoinView(pTabList, pItem);
121792	if( pPrior ){
121793	sqlite3VdbeAddOp2(v, OP_OpenDup, pItem->iCursor, pPrior->iCursor);



121794	}else{
121795	sqlite3SelectDestInit(&dest, SRT_EphemTab, pItem->iCursor);
121796	explainSetInteger(pItem->iSelectId, (u8)pParse->iNextSelectId);
121797	sqlite3Select(pParse, pSub, &dest);
121798	}
	@@ -122948,10 +123011,11 @@
122948	/* Make an entry in the sqlite_master table */
122949	v = sqlite3GetVdbe(pParse);
122950	if( v==0 ) goto triggerfinish_cleanup;
122951	sqlite3BeginWriteOperation(pParse, 0, iDb);
122952	z = sqlite3DbStrNDup(db, (char*)pAll->z, pAll->n);

122953	sqlite3NestedParse(pParse,
122954	"INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')",
122955	db->aDb[iDb].zDbSName, MASTER_NAME, zName,
122956	pTrig->table, z);
122957	sqlite3DbFree(db, z);
	@@ -127755,14 +127819,14 @@
127755	** function generates code to do a deferred seek of cursor iCur to the
127756	** rowid stored in register iRowid.
127757	**
127758	** Normally, this is just:
127759	**
127760	** OP_Seek $iCur $iRowid
127761	**
127762	** However, if the scan currently being coded is a branch of an OR-loop and
127763	** the statement currently being coded is a SELECT, then P3 of the OP_Seek
127764	** is set to iIdxCur and P4 is set to point to an array of integers
127765	** containing one entry for each column of the table cursor iCur is open
127766	** on. For each table column, if the column is the i'th column of the
127767	** index, then the corresponding array entry is set to (i+1). If the column
127768	** does not appear in the index at all, the array entry is set to 0.
	@@ -127777,11 +127841,11 @@
127777	Vdbe v = pParse->pVdbe; / Vdbe to generate code within */
127778
127779	assert( iIdxCur>0 );
127780	assert( pIdx->aiColumn[pIdx->nColumn-1]==-1 );
127781
127782	sqlite3VdbeAddOp3(v, OP_Seek, iIdxCur, 0, iCur);
127783	if( (pWInfo->wctrlFlags & WHERE_OR_SUBCLAUSE)
127784	&& DbMaskAllZero(sqlite3ParseToplevel(pParse)->writeMask)
127785	){
127786	int i;
127787	Table *pTab = pIdx->pTable;
	@@ -131579,11 +131643,11 @@
131579	iGap = (iGap*2)/3;
131580	}else{
131581	iGap = iGap/3;
131582	}
131583	aStat[0] = iLower + iGap;
131584	aStat[1] = pIdx->aAvgEq[iCol];
131585	}
131586
131587	/* Restore the pRec->nField value before returning. */
131588	pRec->nField = nField;
131589	return i;
	@@ -132332,20 +132396,21 @@
132332	}
132333	}
132334
132335	/*
132336	** Search the list of WhereLoops in *ppPrev looking for one that can be
132337	** supplanted by pTemplate.
132338	**
132339	** Return NULL if the WhereLoop list contains an entry that can supplant
132340	** pTemplate, in other words if pTemplate does not belong on the list.
132341	**
132342	** If pX is a WhereLoop that pTemplate can supplant, then return the
132343	** link that points to pX.
132344	**
132345	** If pTemplate cannot supplant any existing element of the list but needs
132346	** to be added to the list, then return a pointer to the tail of the list.

132347	*/
132348	static WhereLoop **whereLoopFindLesser(
132349	WhereLoop **ppPrev,
132350	const WhereLoop *pTemplate
132351	){
	@@ -132486,12 +132551,14 @@
132486	#if WHERETRACE_ENABLED /* 0x8 */
132487	if( sqlite3WhereTrace & 0x8 ){
132488	if( p!=0 ){
132489	sqlite3DebugPrintf("replace: ");
132490	whereLoopPrint(p, pBuilder->pWC);



132491	}
132492	sqlite3DebugPrintf(" add: ");
132493	whereLoopPrint(pTemplate, pBuilder->pWC);
132494	}
132495	#endif
132496	if( p==0 ){
132497	/* Allocate a new WhereLoop to add to the end of the list */
	@@ -134387,12 +134454,12 @@
134387	/* The current candidate is no better than any of the mxChoice
134388	** paths currently in the best-so-far buffer. So discard
134389	** this candidate as not viable. */
134390	#ifdef WHERETRACE_ENABLED /* 0x4 */
134391	if( sqlite3WhereTrace&0x4 ){
134392	sqlite3DebugPrintf("Skip %s cost=%-3d,%3d order=%c\n",
134393	wherePathName(pFrom, iLoop, pWLoop), rCost, nOut,
134394	isOrdered>=0 ? isOrdered+'0' : '?');
134395	}
134396	#endif
134397	continue;
134398	}
	@@ -134406,30 +134473,40 @@
134406	jj = mxI;
134407	}
134408	pTo = &aTo[jj];
134409	#ifdef WHERETRACE_ENABLED /* 0x4 */
134410	if( sqlite3WhereTrace&0x4 ){
134411	sqlite3DebugPrintf("New %s cost=%-3d,%3d order=%c\n",
134412	wherePathName(pFrom, iLoop, pWLoop), rCost, nOut,
134413	isOrdered>=0 ? isOrdered+'0' : '?');
134414	}
134415	#endif
134416	}else{
134417	/* Control reaches here if best-so-far path pTo=aTo[jj] covers the
134418	** same set of loops and has the sam isOrdered setting as the
134419	** candidate path. Check to see if the candidate should replace
134420	** pTo or if the candidate should be skipped */
134421	if( pTo->rCost<rCost \|\| (pTo->rCost==rCost && pTo->nRow<=nOut) ){










134422	#ifdef WHERETRACE_ENABLED /* 0x4 */
134423	if( sqlite3WhereTrace&0x4 ){
134424	sqlite3DebugPrintf(
134425	"Skip %s cost=%-3d,%3d order=%c",
134426	wherePathName(pFrom, iLoop, pWLoop), rCost, nOut,
134427	isOrdered>=0 ? isOrdered+'0' : '?');
134428	sqlite3DebugPrintf(" vs %s cost=%-3d,%d order=%c\n",
134429	wherePathName(pTo, iLoop+1, 0), pTo->rCost, pTo->nRow,
134430	pTo->isOrdered>=0 ? pTo->isOrdered+'0' : '?');
134431	}
134432	#endif
134433	/* Discard the candidate path from further consideration */
134434	testcase( pTo->rCost==rCost );
134435	continue;
	@@ -134438,16 +134515,16 @@
134438	/* Control reaches here if the candidate path is better than the
134439	** pTo path. Replace pTo with the candidate. */
134440	#ifdef WHERETRACE_ENABLED /* 0x4 */
134441	if( sqlite3WhereTrace&0x4 ){
134442	sqlite3DebugPrintf(
134443	"Update %s cost=%-3d,%3d order=%c",
134444	wherePathName(pFrom, iLoop, pWLoop), rCost, nOut,
134445	isOrdered>=0 ? isOrdered+'0' : '?');
134446	sqlite3DebugPrintf(" was %s cost=%-3d,%3d order=%c\n",
134447	wherePathName(pTo, iLoop+1, 0), pTo->rCost, pTo->nRow,
134448	pTo->isOrdered>=0 ? pTo->isOrdered+'0' : '?');
134449	}
134450	#endif
134451	}
134452	/* pWLoop is a winner. Add it to the set of best so far */
134453	pTo->maskLoop = pFrom->maskLoop \| pWLoop->maskSelf;
	@@ -134951,11 +135028,11 @@
134951	WhereLoop *p;
134952	int i;
134953	static const char zLabel[] = "0123456789abcdefghijklmnopqrstuvwyxz"
134954	"ABCDEFGHIJKLMNOPQRSTUVWYXZ";
134955	for(p=pWInfo->pLoops, i=0; p; p=p->pNextLoop, i++){
134956	p->cId = zLabel[i%sizeof(zLabel)];
134957	whereLoopPrint(p, sWLB.pWC);
134958	}
134959	}
134960	#endif
134961
	@@ -141333,10 +141410,11 @@
141333	int rc, n;
141334	n = nKey1<nKey2 ? nKey1 : nKey2;
141335	/* EVIDENCE-OF: R-65033-28449 The built-in BINARY collation compares
141336	** strings byte by byte using the memcmp() function from the standard C
141337	** library. */

141338	rc = memcmp(pKey1, pKey2, n);
141339	if( rc==0 ){
141340	if( padFlag
141341	&& allSpaces(((char*)pKey1)+n, nKey1-n)
141342	&& allSpaces(((char*)pKey2)+n, nKey2-n)
	@@ -143803,10 +143881,16 @@
143803	SQLITE_PRIVATE int sqlite3CantopenError(int lineno){
143804	testcase( sqlite3GlobalConfig.xLog!=0 );
143805	return reportError(SQLITE_CANTOPEN, lineno, "cannot open file");
143806	}
143807	#ifdef SQLITE_DEBUG






143808	SQLITE_PRIVATE int sqlite3NomemError(int lineno){
143809	testcase( sqlite3GlobalConfig.xLog!=0 );
143810	return reportError(SQLITE_NOMEM, lineno, "OOM");
143811	}
143812	SQLITE_PRIVATE int sqlite3IoerrnomemError(int lineno){
	@@ -169165,14 +169249,14 @@
169165	** as fully applied. Otherwise, assuming no error has occurred, save the
169166	** current state of the RBU update appliation to the RBU database.
169167	**
169168	** If an error has already occurred as part of an sqlite3rbu_step()
169169	** or sqlite3rbu_open() call, or if one occurs within this function, an
169170	** SQLite error code is returned. Additionally, *pzErrmsg may be set to
169171	** point to a buffer containing a utf-8 formatted English language error
169172	** message. It is the responsibility of the caller to eventually free any
169173	** such buffer using sqlite3_free().
169174	**
169175	** Otherwise, if no error occurs, this function returns SQLITE_OK if the
169176	** update has been partially applied, or SQLITE_DONE if it has been
169177	** completely applied.
169178	*/
	@@ -173024,11 +173108,15 @@
173024	sqlite3_free(p->aBuf);
173025	sqlite3_free(p->aFrame);
173026
173027	rbuEditErrmsg(p);
173028	rc = p->rc;
173029	*pzErrmsg = p->zErrmsg;




173030	sqlite3_free(p->zState);
173031	sqlite3_free(p);
173032	}else{
173033	rc = SQLITE_NOMEM;
173034	*pzErrmsg = 0;
	@@ -177582,15 +177670,16 @@
177582
177583	sessionDiscardData(&p->in);
177584	p->in.iCurrent = p->in.iNext;
177585
177586	op = p->in.aData[p->in.iNext++];
177587	if( op=='T' \|\| op=='P' ){
177588	p->bPatchset = (op=='P');
177589	if( sessionChangesetReadTblhdr(p) ) return p->rc;
177590	if( (p->rc = sessionInputBuffer(&p->in, 2)) ) return p->rc;
177591	p->in.iCurrent = p->in.iNext;

177592	op = p->in.aData[p->in.iNext++];
177593	}
177594
177595	p->op = op;
177596	p->bIndirect = p->in.aData[p->in.iNext++];
	@@ -189573,14 +189662,15 @@
189573	if( !apNew ) return SQLITE_NOMEM;
189574	memset(apNew, 0, nNewsizeof(Fts5HashEntry));
189575
189576	for(i=0; i<pHash->nSlot; i++){
189577	while( apOld[i] ){
189578	int iHash;
189579	Fts5HashEntry *p = apOld[i];
189580	apOld[i] = p->pHashNext;
189581	iHash = fts5HashKey(nNew, (u8*)fts5EntryKey(p), strlen(fts5EntryKey(p)));

189582	p->pHashNext = apNew[iHash];
189583	apNew[iHash] = p;
189584	}
189585	}
189586
	@@ -189879,11 +189969,11 @@
189879	const char pTerm, int nTerm, / Query term */
189880	const u8 *ppDoclist, / OUT: Pointer to doclist for pTerm */
189881	int pnDoclist / OUT: Size of doclist in bytes */
189882	){
189883	unsigned int iHash = fts5HashKey(pHash->nSlot, (const u8*)pTerm, nTerm);
189884	char *zKey;
189885	Fts5HashEntry *p;
189886
189887	for(p=pHash->aSlot[iHash]; p; p=p->pHashNext){
189888	zKey = fts5EntryKey(p);
189889	if( memcmp(zKey, pTerm, nTerm)==0 && zKey[nTerm]==0 ) break;
	@@ -199060,11 +199150,11 @@
199060	int nArg, /* Number of args */
199061	sqlite3_value *apUnused / Function arguments */
199062	){
199063	assert( nArg==0 );
199064	UNUSED_PARAM2(nArg, apUnused);
199065	sqlite3_result_text(pCtx, "fts5: 2017-06-08 14:26:16 0ee482a1e0eae22e08edc8978c9733a96603d4509645f348ebf55b579e89636b", -1, SQLITE_TRANSIENT);
199066	}
199067
199068	static int fts5Init(sqlite3 *db){
199069	static const sqlite3_module fts5Mod = {
199070	/* iVersion */ 2,
199071

	--- src/sqlite3.c
	+++ src/sqlite3.c
	@@ -1,8 +1,8 @@
1	/******************************************************************************
2	** This file is an amalgamation of many separate C source files from SQLite
3	** version 3.20.0. By combining all the individual C code files into this
4	** single large file, the entire code can be compiled as a single translation
5	** unit. This allows many compilers to do optimizations that would not be
6	** possible if the files were compiled separately. Performance improvements
7	** of 5% or more are commonly seen when SQLite is compiled as a single
8	** translation unit.
	@@ -396,13 +396,13 @@
396	**
397	** See also: [sqlite3_libversion()],
398	** [sqlite3_libversion_number()], [sqlite3_sourceid()],
399	** [sqlite_version()] and [sqlite_source_id()].
400	*/
401	#define SQLITE_VERSION "3.20.0"
402	#define SQLITE_VERSION_NUMBER 3020000
403	#define SQLITE_SOURCE_ID "2017-06-15 13:07:56 9afd7a2ffd3a39456190ad05e85ff6485298aae262d9e0698a58c1d73507a36f"
404
405	/*
406	** CAPI3REF: Run-Time Library Version Numbers
407	** KEYWORDS: sqlite3_version sqlite3_sourceid
408	**
	@@ -5895,11 +5895,13 @@
5895	** column exists. ^The sqlite3_table_column_metadata() interface returns
5896	** SQLITE_ERROR and if the specified column does not exist.
5897	** ^If the column-name parameter to sqlite3_table_column_metadata() is a
5898	** NULL pointer, then this routine simply checks for the existence of the
5899	** table and returns SQLITE_OK if the table exists and SQLITE_ERROR if it
5900	** does not. If the table name parameter T in a call to
5901	** sqlite3_table_column_metadata(X,D,T,C,...) is NULL then the result is
5902	** undefined behavior.
5903	**
5904	** ^The column is identified by the second, third and fourth parameters to
5905	** this function. ^(The second parameter is either the name of the database
5906	** (i.e. "main", "temp", or an attached database) containing the specified
5907	** table or NULL.)^ ^If it is NULL, then all attached databases are searched
	@@ -7408,17 +7410,24 @@
7410	** by the prepared statement if that number is less than or equal
7411	** to 2147483647. The number of virtual machine operations can be
7412	** used as a proxy for the total work done by the prepared statement.
7413	** If the number of virtual machine operations exceeds 2147483647
7414	** then the value returned by this statement status code is undefined.
7415	**
7416	** [[SQLITE_STMTSTATUS_MEMUSED]] <dt>SQLITE_STMTSTATUS_MEMUSED</dt>
7417	** <dd>^This is the approximate number of bytes of heap memory
7418	** used to store the prepared statement. ^This value is not actually
7419	** a counter, and so the resetFlg parameter to sqlite3_stmt_status()
7420	** is ignored when the opcode is SQLITE_STMTSTATUS_MEMUSED.
7421	** </dd>
7422	** </dl>
7423	*/
7424	#define SQLITE_STMTSTATUS_FULLSCAN_STEP 1
7425	#define SQLITE_STMTSTATUS_SORT 2
7426	#define SQLITE_STMTSTATUS_AUTOINDEX 3
7427	#define SQLITE_STMTSTATUS_VM_STEP 4
7428	#define SQLITE_STMTSTATUS_MEMUSED 5
7429
7430	/*
7431	** CAPI3REF: Custom Page Cache Object
7432	**
7433	** The sqlite3_pcache type is opaque. It is implemented by
	@@ -12478,13 +12487,13 @@
12487
12488	SQLITE_PRIVATE int sqlite3BtreeInsert(BtCursor, const BtreePayload pPayload,
12489	int flags, int seekResult);
12490	SQLITE_PRIVATE int sqlite3BtreeFirst(BtCursor, int pRes);
12491	SQLITE_PRIVATE int sqlite3BtreeLast(BtCursor, int pRes);
12492	SQLITE_PRIVATE int sqlite3BtreeNext(BtCursor*, int flags);
12493	SQLITE_PRIVATE int sqlite3BtreeEof(BtCursor*);
12494	SQLITE_PRIVATE int sqlite3BtreePrevious(BtCursor*, int flags);
12495	SQLITE_PRIVATE i64 sqlite3BtreeIntegerKey(BtCursor*);
12496	SQLITE_PRIVATE int sqlite3BtreePayload(BtCursor, u32 offset, u32 amt, void);
12497	SQLITE_PRIVATE const void sqlite3BtreePayloadFetch(BtCursor, u32 *pAmt);
12498	SQLITE_PRIVATE u32 sqlite3BtreePayloadSize(BtCursor*);
12499
	@@ -12631,11 +12640,11 @@
12640	SubProgram pProgram; / Used when p4type is P4_SUBPROGRAM */
12641	Table pTab; / Used when p4type is P4_TABLE */
12642	#ifdef SQLITE_ENABLE_CURSOR_HINTS
12643	Expr pExpr; / Used when p4type is P4_EXPR */
12644	#endif
12645	int (xAdvance)(BtCursor , int);
12646	} p4;
12647	#ifdef SQLITE_ENABLE_EXPLAIN_COMMENTS
12648	char zComment; / Comment to improve readability */
12649	#endif
12650	#ifdef VDBE_PROFILE
	@@ -12865,11 +12874,11 @@
12874	#define OP_Rowid 125 /* synopsis: r[P2]=rowid */
12875	#define OP_NullRow 126
12876	#define OP_SorterInsert 127 /* synopsis: key=r[P2] */
12877	#define OP_IdxInsert 128 /* synopsis: key=r[P2] */
12878	#define OP_IdxDelete 129 /* synopsis: key=r[P2@P3] */
12879	#define OP_DeferredSeek 130 /* synopsis: Move P3 to P1.rowid if needed */
12880	#define OP_IdxRowid 131 /* synopsis: r[P2]=rowid */
12881	#define OP_Real 132 /* same as TK_FLOAT, synopsis: r[P2]=P4 */
12882	#define OP_Destroy 133
12883	#define OP_Clear 134
12884	#define OP_ResetSorter 135
	@@ -13369,25 +13378,25 @@
13378	*/
13379	struct PgHdr {
13380	sqlite3_pcache_page pPage; / Pcache object page handle */
13381	void pData; / Page data */
13382	void pExtra; / Extra content */
13383	PCache pCache; / PRIVATE: Cache that owns this page */
13384	PgHdr pDirty; / Transient list of dirty sorted by pgno */
13385	Pager pPager; / The pager this page is part of */
13386	Pgno pgno; /* Page number for this page */
13387	#ifdef SQLITE_CHECK_PAGES
13388	u32 pageHash; /* Hash of page content */
13389	#endif
13390	u16 flags; /* PGHDR flags defined below */
13391
13392	/**********************************************************************
13393	** Elements above, except pCache, are public. All that follow are
13394	** private to pcache.c and should not be accessed by other modules.
13395	** pCache is grouped with the public elements for efficiency.
13396	*/
13397	i16 nRef; /* Number of users of this page */


13398	PgHdr pDirtyNext; / Next element in list of dirty pages */
13399	PgHdr pDirtyPrev; / Previous element in list of dirty pages */
13400	};
13401
13402	/* Bit values for PgHdr.flags */
	@@ -15142,11 +15151,11 @@
15151	** The following are the meanings of bits in the Expr.flags field.
15152	*/
15153	#define EP_FromJoin 0x000001 /* Originates in ON/USING clause of outer join */
15154	#define EP_Agg 0x000002 /* Contains one or more aggregate functions */
15155	#define EP_Resolved 0x000004 /* IDs have been resolved to COLUMNs */
15156	/* 0x000008 // available for use */
15157	#define EP_Distinct 0x000010 /* Aggregate function with DISTINCT keyword */
15158	#define EP_VarSelect 0x000020 /* pSelect is correlated, not constant */
15159	#define EP_DblQuoted 0x000040 /* token.z was originally in "..." */
15160	#define EP_InfixFunc 0x000080 /* True for an infix function: LIKE, GLOB, etc */
15161	#define EP_Collate 0x000100 /* Tree contains a TK_COLLATE operator */
	@@ -15609,14 +15618,14 @@
15618	** An instance of this object describes where to put of the results of
15619	** a SELECT statement.
15620	*/
15621	struct SelectDest {
15622	u8 eDest; /* How to dispose of the results. On of SRT_* above. */

15623	int iSDParm; /* A parameter used by the eDest disposal method */
15624	int iSdst; /* Base register where results are written */
15625	int nSdst; /* Number of registers allocated */
15626	char zAffSdst; / Affinity used when eDest==SRT_Set */
15627	ExprList pOrderBy; / Key columns for SRT_Queue and SRT_DistQueue */
15628	};
15629
15630	/*
15631	** During code generation of statements that do inserts into AUTOINCREMENT
	@@ -16115,10 +16124,14 @@
16124	SQLITE_PRIVATE int sqlite3WalkExprList(Walker, ExprList);
16125	SQLITE_PRIVATE int sqlite3WalkSelect(Walker, Select);
16126	SQLITE_PRIVATE int sqlite3WalkSelectExpr(Walker, Select);
16127	SQLITE_PRIVATE int sqlite3WalkSelectFrom(Walker, Select);
16128	SQLITE_PRIVATE int sqlite3ExprWalkNoop(Walker, Expr);
16129	SQLITE_PRIVATE int sqlite3SelectWalkNoop(Walker, Select);
16130	#ifdef SQLITE_DEBUG
16131	SQLITE_PRIVATE void sqlite3SelectWalkAssert2(Walker, Select);
16132	#endif
16133
16134	/*
16135	** Return code from the parse-tree walking primitives and their
16136	** callbacks.
16137	*/
	@@ -16176,15 +16189,18 @@
16189	#define SQLITE_MISUSE_BKPT sqlite3MisuseError(__LINE__)
16190	#define SQLITE_CANTOPEN_BKPT sqlite3CantopenError(__LINE__)
16191	#ifdef SQLITE_DEBUG
16192	SQLITE_PRIVATE int sqlite3NomemError(int);
16193	SQLITE_PRIVATE int sqlite3IoerrnomemError(int);
16194	SQLITE_PRIVATE int sqlite3CorruptPgnoError(int,Pgno);
16195	# define SQLITE_NOMEM_BKPT sqlite3NomemError(__LINE__)
16196	# define SQLITE_IOERR_NOMEM_BKPT sqlite3IoerrnomemError(__LINE__)
16197	# define SQLITE_CORRUPT_PGNO(P) sqlite3CorruptPgnoError(__LINE__,(P))
16198	#else
16199	# define SQLITE_NOMEM_BKPT SQLITE_NOMEM
16200	# define SQLITE_IOERR_NOMEM_BKPT SQLITE_IOERR_NOMEM
16201	# define SQLITE_CORRUPT_PGNO(P) sqlite3CorruptError(__LINE__)
16202	#endif
16203
16204	/*
16205	** FTS3 and FTS4 both require virtual table support
16206	*/
	@@ -18438,11 +18454,11 @@
18454
18455	SQLITE_PRIVATE int sqlite3VdbeSorterInit(sqlite3 , int, VdbeCursor );
18456	SQLITE_PRIVATE void sqlite3VdbeSorterReset(sqlite3 , VdbeSorter );
18457	SQLITE_PRIVATE void sqlite3VdbeSorterClose(sqlite3 , VdbeCursor );
18458	SQLITE_PRIVATE int sqlite3VdbeSorterRowkey(const VdbeCursor , Mem );
18459	SQLITE_PRIVATE int sqlite3VdbeSorterNext(sqlite3 , const VdbeCursor );
18460	SQLITE_PRIVATE int sqlite3VdbeSorterRewind(const VdbeCursor , int );
18461	SQLITE_PRIVATE int sqlite3VdbeSorterWrite(const VdbeCursor , Mem );
18462	SQLITE_PRIVATE int sqlite3VdbeSorterCompare(const VdbeCursor , Mem , int, int *);
18463
18464	#if !defined(SQLITE_OMIT_SHARED_CACHE)
	@@ -29638,11 +29654,11 @@
29654	/* 125 */ "Rowid" OpHelp("r[P2]=rowid"),
29655	/* 126 */ "NullRow" OpHelp(""),
29656	/* 127 */ "SorterInsert" OpHelp("key=r[P2]"),
29657	/* 128 */ "IdxInsert" OpHelp("key=r[P2]"),
29658	/* 129 */ "IdxDelete" OpHelp("key=r[P2@P3]"),
29659	/* 130 */ "DeferredSeek" OpHelp("Move P3 to P1.rowid if needed"),
29660	/* 131 */ "IdxRowid" OpHelp("r[P2]=rowid"),
29661	/* 132 */ "Real" OpHelp("r[P2]=P4"),
29662	/* 133 */ "Destroy" OpHelp(""),
29663	/* 134 */ "Clear" OpHelp(""),
29664	/* 135 */ "ResetSorter" OpHelp(""),
	@@ -50168,11 +50184,11 @@
50184	assert( isOpen(pPager->fd) );
50185	assert( pPager->tempFile==0 );
50186	nPage = sqlite3WalDbsize(pPager->pWal);
50187
50188	/* If the number of pages in the database is not available from the
50189	** WAL sub-system, determine the page count based on the size of
50190	** the database file. If the size of the database file is not an
50191	** integer multiple of the page-size, round up the result.
50192	*/
50193	if( nPage==0 && ALWAYS(isOpen(pPager->fd)) ){
50194	i64 n = 0; /* Size of db file in bytes */
	@@ -50219,27 +50235,25 @@
50235	assert( pPager->eState==PAGER_OPEN );
50236	assert( pPager->eLock>=SHARED_LOCK );
50237
50238	if( !pPager->tempFile ){
50239	int isWal; /* True if WAL file exists */
50240	rc = sqlite3OsAccess(
50241	pPager->pVfs, pPager->zWal, SQLITE_ACCESS_EXISTS, &isWal
50242	);










50243	if( rc==SQLITE_OK ){
50244	if( isWal ){
50245	Pgno nPage; /* Size of the database file */
50246
50247	rc = pagerPagecount(pPager, &nPage);
50248	if( rc ) return rc;
50249	if( nPage==0 ){
50250	rc = sqlite3OsDelete(pPager->pVfs, pPager->zWal, 0);
50251	}else{
50252	testcase( sqlite3PcachePagecount(pPager->pPCache)==0 );
50253	rc = sqlite3PagerOpenWal(pPager, 0);
50254	}
50255	}else if( pPager->journalMode==PAGER_JOURNALMODE_WAL ){
50256	pPager->journalMode = PAGER_JOURNALMODE_DELETE;
50257	}
50258	}
50259	}
	@@ -52178,23 +52192,18 @@
52192	**
52193	** There is a vanishingly small chance that a change will not be
52194	** detected. The chance of an undetected change is so small that
52195	** it can be neglected.
52196	*/

52197	char dbFileVers[sizeof(pPager->dbFileVers)];
52198
52199	IOTRACE(("CKVERS %p %d\n", pPager, sizeof(dbFileVers)));
52200	rc = sqlite3OsRead(pPager->fd, &dbFileVers, sizeof(dbFileVers), 24);
52201	if( rc!=SQLITE_OK ){
52202	if( rc!=SQLITE_IOERR_SHORT_READ ){



52203	goto failed;
52204	}

52205	memset(dbFileVers, 0, sizeof(dbFileVers));
52206	}
52207
52208	if( memcmp(pPager->dbFileVers, dbFileVers, sizeof(dbFileVers))!=0 ){
52209	pager_reset(pPager);
	@@ -59803,11 +59812,11 @@
59812	assert( nKey==(i64)(int)nKey );
59813	pIdxKey = sqlite3VdbeAllocUnpackedRecord(pCur->pKeyInfo);
59814	if( pIdxKey==0 ) return SQLITE_NOMEM_BKPT;
59815	sqlite3VdbeRecordUnpack(pCur->pKeyInfo, (int)nKey, pKey, pIdxKey);
59816	if( pIdxKey->nField==0 ){
59817	rc = SQLITE_CORRUPT_PGNO(pCur->apPage[pCur->iPage]->pgno);
59818	goto moveto_done;
59819	}
59820	}else{
59821	pIdxKey = 0;
59822	}
	@@ -60032,11 +60041,11 @@
60041	assert( pEType!=0 );
60042	*pEType = pPtrmap[offset];
60043	if( pPgno ) *pPgno = get4byte(&pPtrmap[offset+1]);
60044
60045	sqlite3PagerUnref(pDbPage);
60046	if( pEType<1 \|\| pEType>5 ) return SQLITE_CORRUPT_PGNO(iPtrmap);
60047	return SQLITE_OK;
60048	}
60049
60050	#else /* if defined SQLITE_OMIT_AUTOVACUUM */
60051	#define ptrmapPut(w,x,y,z,rc)
	@@ -60417,11 +60426,11 @@
60426	u8 *pAddr;
60427	int sz2 = 0;
60428	int sz = get2byte(&data[iFree+2]);
60429	int top = get2byte(&data[hdr+5]);
60430	if( iFree2 ){
60431	if( iFree+sz>iFree2 ) return SQLITE_CORRUPT_PGNO(pPage->pgno);
60432	sz2 = get2byte(&data[iFree2+2]);
60433	assert( iFree+sz+sz2+iFree2-(iFree+sz) <= usableSize );
60434	memmove(&data[iFree+sz+sz2], &data[iFree+sz], iFree2-(iFree+sz));
60435	sz += sz2;
60436	}
	@@ -60448,17 +60457,17 @@
60457	testcase( pc==iCellLast );
60458	/* These conditions have already been verified in btreeInitPage()
60459	** if PRAGMA cell_size_check=ON.
60460	*/
60461	if( pc<iCellFirst \|\| pc>iCellLast ){
60462	return SQLITE_CORRUPT_PGNO(pPage->pgno);
60463	}
60464	assert( pc>=iCellFirst && pc<=iCellLast );
60465	size = pPage->xCellSize(pPage, &src[pc]);
60466	cbrk -= size;
60467	if( cbrk<iCellFirst \|\| pc+size>usableSize ){
60468	return SQLITE_CORRUPT_PGNO(pPage->pgno);
60469	}
60470	assert( cbrk+size<=usableSize && cbrk>=iCellFirst );
60471	testcase( cbrk+size==usableSize );
60472	testcase( pc+size==usableSize );
60473	put2byte(pAddr, cbrk);
	@@ -60474,11 +60483,11 @@
60483	}
60484	data[hdr+7] = 0;
60485
60486	defragment_out:
60487	if( data[hdr+7]+cbrk-iCellFirst!=pPage->nFree ){
60488	return SQLITE_CORRUPT_PGNO(pPage->pgno);
60489	}
60490	assert( cbrk>=iCellFirst );
60491	put2byte(&data[hdr+5], cbrk);
60492	data[hdr+1] = 0;
60493	data[hdr+2] = 0;
	@@ -60513,11 +60522,11 @@
60522	do{
60523	int size; /* Size of the free slot */
60524	/* EVIDENCE-OF: R-06866-39125 Freeblocks are always connected in order of
60525	** increasing offset. */
60526	if( pc>usableSize-4 \|\| pc<iAddr+4 ){
60527	*pRc = SQLITE_CORRUPT_PGNO(pPg->pgno);
60528	return 0;
60529	}
60530	/* EVIDENCE-OF: R-22710-53328 The third and fourth bytes of each
60531	** freeblock form a big-endian integer which is the size of the freeblock
60532	** in bytes, including the 4-byte header. */
	@@ -60524,11 +60533,11 @@
60533	size = get2byte(&aData[pc+2]);
60534	if( (x = size - nByte)>=0 ){
60535	testcase( x==4 );
60536	testcase( x==3 );
60537	if( pc < pPg->cellOffset+2*pPg->nCell \|\| size+pc > usableSize ){
60538	*pRc = SQLITE_CORRUPT_PGNO(pPg->pgno);
60539	return 0;
60540	}else if( x<4 ){
60541	/* EVIDENCE-OF: R-11498-58022 In a well-formed b-tree page, the total
60542	** number of bytes in fragments may not exceed 60. */
60543	if( aData[hdr+7]>57 ) return 0;
	@@ -60591,11 +60600,11 @@
60600	assert( top<=(int)pPage->pBt->usableSize ); /* Prevent by getAndInitPage() */
60601	if( gap>top ){
60602	if( top==0 && pPage->pBt->usableSize==65536 ){
60603	top = 65536;
60604	}else{
60605	return SQLITE_CORRUPT_PGNO(pPage->pgno);
60606	}
60607	}
60608
60609	/* If there is enough space between gap and top for one more cell pointer
60610	** array entry offset, and if the freelist is not empty, then search the
	@@ -60687,15 +60696,15 @@
60696	iFreeBlk = 0; /* Shortcut for the case when the freelist is empty */
60697	}else{
60698	while( (iFreeBlk = get2byte(&data[iPtr]))<iStart ){
60699	if( iFreeBlk<iPtr+4 ){
60700	if( iFreeBlk==0 ) break;
60701	return SQLITE_CORRUPT_PGNO(pPage->pgno);
60702	}
60703	iPtr = iFreeBlk;
60704	}
60705	if( iFreeBlk>iLast ) return SQLITE_CORRUPT_PGNO(pPage->pgno);
60706	assert( iFreeBlk>iPtr \|\| iFreeBlk==0 );
60707
60708	/* At this point:
60709	** iFreeBlk: First freeblock after iStart, or zero if none
60710	** iPtr: The address of a pointer to iFreeBlk
	@@ -60702,13 +60711,15 @@
60711	**
60712	** Check to see if iFreeBlk should be coalesced onto the end of iStart.
60713	*/
60714	if( iFreeBlk && iEnd+3>=iFreeBlk ){
60715	nFrag = iFreeBlk - iEnd;
60716	if( iEnd>iFreeBlk ) return SQLITE_CORRUPT_PGNO(pPage->pgno);
60717	iEnd = iFreeBlk + get2byte(&data[iFreeBlk+2]);
60718	if( iEnd > pPage->pBt->usableSize ){
60719	return SQLITE_CORRUPT_PGNO(pPage->pgno);
60720	}
60721	iSize = iEnd - iStart;
60722	iFreeBlk = get2byte(&data[iFreeBlk]);
60723	}
60724
60725	/* If iPtr is another freeblock (that is, if iPtr is not the freelist
	@@ -60716,24 +60727,24 @@
60727	** coalesced onto the end of iPtr.
60728	*/
60729	if( iPtr>hdr+1 ){
60730	int iPtrEnd = iPtr + get2byte(&data[iPtr+2]);
60731	if( iPtrEnd+3>=iStart ){
60732	if( iPtrEnd>iStart ) return SQLITE_CORRUPT_PGNO(pPage->pgno);
60733	nFrag += iStart - iPtrEnd;
60734	iSize = iEnd - iPtr;
60735	iStart = iPtr;
60736	}
60737	}
60738	if( nFrag>data[hdr+7] ) return SQLITE_CORRUPT_PGNO(pPage->pgno);
60739	data[hdr+7] -= nFrag;
60740	}
60741	if( iStart==get2byte(&data[hdr+5]) ){
60742	/* The new freeblock is at the beginning of the cell content area,
60743	** so just extend the cell content area rather than create another
60744	** freelist entry */
60745	if( iPtr!=hdr+1 ) return SQLITE_CORRUPT_PGNO(pPage->pgno);
60746	put2byte(&data[hdr+1], iFreeBlk);
60747	put2byte(&data[hdr+5], iEnd);
60748	}else{
60749	/* Insert the new freeblock into the freelist */
60750	put2byte(&data[iPtr], iStart);
	@@ -60797,11 +60808,11 @@
60808	pPage->maxLocal = pBt->maxLocal;
60809	pPage->minLocal = pBt->minLocal;
60810	}else{
60811	/* EVIDENCE-OF: R-47608-56469 Any other value for the b-tree page type is
60812	** an error. */
60813	return SQLITE_CORRUPT_PGNO(pPage->pgno);
60814	}
60815	pPage->max1bytePayload = pBt->max1bytePayload;
60816	return SQLITE_OK;
60817	}
60818
	@@ -60813,138 +60824,140 @@
60824	** SQLITE_CORRUPT. Note that a return of SQLITE_OK does not
60825	** guarantee that the page is well-formed. It only shows that
60826	** we failed to detect any corruption.
60827	*/
60828	static int btreeInitPage(MemPage *pPage){
60829	int pc; /* Address of a freeblock within pPage->aData[] */
60830	u8 hdr; /* Offset to beginning of page header */
60831	u8 data; / Equal to pPage->aData */
60832	BtShared pBt; / The main btree structure */
60833	int usableSize; /* Amount of usable space on each page */
60834	u16 cellOffset; /* Offset from start of page to first cell pointer */
60835	int nFree; /* Number of unused bytes on the page */
60836	int top; /* First byte of the cell content area */
60837	int iCellFirst; /* First allowable cell or freeblock offset */
60838	int iCellLast; /* Last possible cell or freeblock offset */
60839
60840	assert( pPage->pBt!=0 );
60841	assert( pPage->pBt->db!=0 );
60842	assert( sqlite3_mutex_held(pPage->pBt->mutex) );
60843	assert( pPage->pgno==sqlite3PagerPagenumber(pPage->pDbPage) );
60844	assert( pPage == sqlite3PagerGetExtra(pPage->pDbPage) );
60845	assert( pPage->aData == sqlite3PagerGetData(pPage->pDbPage) );
60846	assert( pPage->isInit==0 );
60847
60848	pBt = pPage->pBt;
60849	hdr = pPage->hdrOffset;
60850	data = pPage->aData;
60851	/* EVIDENCE-OF: R-28594-02890 The one-byte flag at offset 0 indicating
60852	** the b-tree page type. */
60853	if( decodeFlags(pPage, data[hdr]) ){
60854	return SQLITE_CORRUPT_PGNO(pPage->pgno);
60855	}
60856	assert( pBt->pageSize>=512 && pBt->pageSize<=65536 );
60857	pPage->maskPage = (u16)(pBt->pageSize - 1);
60858	pPage->nOverflow = 0;
60859	usableSize = pBt->usableSize;
60860	pPage->cellOffset = cellOffset = hdr + 8 + pPage->childPtrSize;
60861	pPage->aDataEnd = &data[usableSize];
60862	pPage->aCellIdx = &data[cellOffset];
60863	pPage->aDataOfst = &data[pPage->childPtrSize];
60864	/* EVIDENCE-OF: R-58015-48175 The two-byte integer at offset 5 designates
60865	** the start of the cell content area. A zero value for this integer is
60866	** interpreted as 65536. */
60867	top = get2byteNotZero(&data[hdr+5]);
60868	/* EVIDENCE-OF: R-37002-32774 The two-byte integer at offset 3 gives the
60869	** number of cells on the page. */
60870	pPage->nCell = get2byte(&data[hdr+3]);
60871	if( pPage->nCell>MX_CELL(pBt) ){
60872	/* To many cells for a single page. The page must be corrupt */
60873	return SQLITE_CORRUPT_PGNO(pPage->pgno);
60874	}
60875	testcase( pPage->nCell==MX_CELL(pBt) );
60876	/* EVIDENCE-OF: R-24089-57979 If a page contains no cells (which is only
60877	** possible for a root page of a table that contains no rows) then the
60878	** offset to the cell content area will equal the page size minus the
60879	** bytes of reserved space. */
60880	assert( pPage->nCell>0 \|\| top==usableSize \|\| CORRUPT_DB );
60881
60882	/* A malformed database page might cause us to read past the end
60883	** of page when parsing a cell.
60884	**
60885	** The following block of code checks early to see if a cell extends
60886	** past the end of a page boundary and causes SQLITE_CORRUPT to be
60887	** returned if it does.
60888	*/
60889	iCellFirst = cellOffset + 2*pPage->nCell;
60890	iCellLast = usableSize - 4;
60891	if( pBt->db->flags & SQLITE_CellSizeCk ){
60892	int i; /* Index into the cell pointer array */
60893	int sz; /* Size of a cell */
60894
60895	if( !pPage->leaf ) iCellLast--;
60896	for(i=0; i<pPage->nCell; i++){
60897	pc = get2byteAligned(&data[cellOffset+i*2]);
60898	testcase( pc==iCellFirst );
60899	testcase( pc==iCellLast );
60900	if( pc<iCellFirst \|\| pc>iCellLast ){
60901	return SQLITE_CORRUPT_PGNO(pPage->pgno);
60902	}
60903	sz = pPage->xCellSize(pPage, &data[pc]);
60904	testcase( pc+sz==usableSize );
60905	if( pc+sz>usableSize ){
60906	return SQLITE_CORRUPT_PGNO(pPage->pgno);
60907	}
60908	}
60909	if( !pPage->leaf ) iCellLast++;
60910	}
60911
60912	/* Compute the total free space on the page
60913	** EVIDENCE-OF: R-23588-34450 The two-byte integer at offset 1 gives the
60914	** start of the first freeblock on the page, or is zero if there are no
60915	** freeblocks. */
60916	pc = get2byte(&data[hdr+1]);
60917	nFree = data[hdr+7] + top; /* Init nFree to non-freeblock free space */
60918	if( pc>0 ){
60919	u32 next, size;
60920	if( pc<iCellFirst ){
60921	/* EVIDENCE-OF: R-55530-52930 In a well-formed b-tree page, there will
60922	** always be at least one cell before the first freeblock.
60923	*/
60924	return SQLITE_CORRUPT_PGNO(pPage->pgno);
60925	}
60926	while( 1 ){
60927	if( pc>iCellLast ){
60928	/* Freeblock off the end of the page */
60929	return SQLITE_CORRUPT_PGNO(pPage->pgno);
60930	}
60931	next = get2byte(&data[pc]);
60932	size = get2byte(&data[pc+2]);
60933	nFree = nFree + size;
60934	if( next<=pc+size+3 ) break;
60935	pc = next;
60936	}
60937	if( next>0 ){
60938	/* Freeblock not in ascending order */
60939	return SQLITE_CORRUPT_PGNO(pPage->pgno);
60940	}
60941	if( pc+size>(unsigned int)usableSize ){
60942	/* Last freeblock extends past page end */
60943	return SQLITE_CORRUPT_PGNO(pPage->pgno);
60944	}
60945	}
60946
60947	/* At this point, nFree contains the sum of the offset to the start
60948	** of the cell-content area plus the number of free bytes within
60949	** the cell-content area. If this is greater than the usable-size
60950	** of the page, then the page must be corrupted. This check also
60951	** serves to verify that the offset to the start of the cell-content
60952	** area, according to the page header, lies within the page.
60953	*/
60954	if( nFree>usableSize ){
60955	return SQLITE_CORRUPT_PGNO(pPage->pgno);
60956	}
60957	pPage->nFree = (u16)(nFree - iCellFirst);
60958	pPage->isInit = 1;








60959	return SQLITE_OK;
60960	}
60961
60962	/*
60963	** Set up a raw page so that it looks like a database page holding
	@@ -61104,11 +61117,11 @@
61117	assert( (*ppPage)->aData==sqlite3PagerGetData(pDbPage) );
61118
61119	/* If obtaining a child page for a cursor, we must verify that the page is
61120	** compatible with the root page. */
61121	if( pCur && ((ppPage)->nCell<1 \|\| (ppPage)->intKey!=pCur->curIntKey) ){
61122	rc = SQLITE_CORRUPT_PGNO(pgno);
61123	releasePage(*ppPage);
61124	goto getAndInitPage_error;
61125	}
61126	return SQLITE_OK;
61127
	@@ -62392,11 +62405,11 @@
62405	int rc; /* Return code */
62406	BtShared *pBt = pPage->pBt;
62407	Pgno pgno = pPage->pgno;
62408
62409	assert( sqlite3_mutex_held(pPage->pBt->mutex) );
62410	rc = pPage->isInit ? SQLITE_OK : btreeInitPage(pPage);
62411	if( rc!=SQLITE_OK ) return rc;
62412	nCell = pPage->nCell;
62413
62414	for(i=0; i<nCell; i++){
62415	u8 *pCell = findCell(pPage, i);
	@@ -62435,19 +62448,19 @@
62448	assert( sqlite3_mutex_held(pPage->pBt->mutex) );
62449	assert( sqlite3PagerIswriteable(pPage->pDbPage) );
62450	if( eType==PTRMAP_OVERFLOW2 ){
62451	/* The pointer is always the first 4 bytes of the page in this case. */
62452	if( get4byte(pPage->aData)!=iFrom ){
62453	return SQLITE_CORRUPT_PGNO(pPage->pgno);
62454	}
62455	put4byte(pPage->aData, iTo);
62456	}else{
62457	int i;
62458	int nCell;
62459	int rc;
62460
62461	rc = pPage->isInit ? SQLITE_OK : btreeInitPage(pPage);
62462	if( rc ) return rc;
62463	nCell = pPage->nCell;
62464
62465	for(i=0; i<nCell; i++){
62466	u8 *pCell = findCell(pPage, i);
	@@ -62454,11 +62467,11 @@
62467	if( eType==PTRMAP_OVERFLOW1 ){
62468	CellInfo info;
62469	pPage->xParseCell(pPage, pCell, &info);
62470	if( info.nLocal<info.nPayload ){
62471	if( pCell+info.nSize > pPage->aData+pPage->pBt->usableSize ){
62472	return SQLITE_CORRUPT_PGNO(pPage->pgno);
62473	}
62474	if( iFrom==get4byte(pCell+info.nSize-4) ){
62475	put4byte(pCell+info.nSize-4, iTo);
62476	break;
62477	}
	@@ -62472,11 +62485,11 @@
62485	}
62486
62487	if( i==nCell ){
62488	if( eType!=PTRMAP_BTREE \|\|
62489	get4byte(&pPage->aData[pPage->hdrOffset+8])!=iFrom ){
62490	return SQLITE_CORRUPT_PGNO(pPage->pgno);
62491	}
62492	put4byte(&pPage->aData[pPage->hdrOffset+8], iTo);
62493	}
62494	}
62495	return SQLITE_OK;
	@@ -63580,11 +63593,11 @@
63593	/* Trying to read or write past the end of the data is an error. The
63594	** conditional above is really:
63595	** &aPayload[pCur->info.nLocal] > &pPage->aData[pBt->usableSize]
63596	** but is recast into its current form to avoid integer overflow problems
63597	*/
63598	return SQLITE_CORRUPT_PGNO(pPage->pgno);
63599	}
63600
63601	/* Check if data must be read/written to/from the btree page itself. */
63602	if( offset<pCur->info.nLocal ){
63603	int a = amt;
	@@ -63727,11 +63740,12 @@
63740	iIdx++;
63741	}
63742	}
63743
63744	if( rc==SQLITE_OK && amt>0 ){
63745	/* Overflow chain ends prematurely */
63746	return SQLITE_CORRUPT_PGNO(pPage->pgno);
63747	}
63748	return rc;
63749	}
63750
63751	/*
	@@ -63993,11 +64007,11 @@
64007	** if pCur->iPage>=0). But this is not so if the database is corrupted
64008	** in such a way that page pRoot is linked into a second b-tree table
64009	** (or the freelist). */
64010	assert( pRoot->intKey==1 \|\| pRoot->intKey==0 );
64011	if( pRoot->isInit==0 \|\| (pCur->pKeyInfo==0)!=pRoot->intKey ){
64012	return SQLITE_CORRUPT_PGNO(pCur->apPage[pCur->iPage]->pgno);
64013	}
64014
64015	skip_init:
64016	pCur->ix = 0;
64017	pCur->info.nSize = 0;
	@@ -64198,20 +64212,23 @@
64212	return SQLITE_OK;
64213	}
64214	/* If the requested key is one more than the previous key, then
64215	** try to get there using sqlite3BtreeNext() rather than a full
64216	** binary search. This is an optimization only. The correct answer
64217	** is still obtained without this case, only a little more slowely */
64218	if( pCur->info.nKey+1==intKey && !pCur->skipNext ){
64219	*pRes = 0;
64220	rc = sqlite3BtreeNext(pCur, 0);
64221	if( rc==SQLITE_OK ){

64222	getCellInfo(pCur);
64223	if( pCur->info.nKey==intKey ){
64224	return SQLITE_OK;
64225	}
64226	}else if( rc==SQLITE_DONE ){
64227	rc = SQLITE_OK;
64228	}else{
64229	return rc;
64230	}
64231	}
64232	}
64233	}
64234
	@@ -64263,11 +64280,13 @@
64280	for(;;){
64281	i64 nCellKey;
64282	pCell = findCellPastPtr(pPage, idx);
64283	if( pPage->intKeyLeaf ){
64284	while( 0x80 <= *(pCell++) ){
64285	if( pCell>=pPage->aDataEnd ){
64286	return SQLITE_CORRUPT_PGNO(pPage->pgno);
64287	}
64288	}
64289	}
64290	getVarint(pCell, (u64*)&nCellKey);
64291	if( nCellKey<intKey ){
64292	lwr = idx+1;
	@@ -64336,11 +64355,11 @@
64355	testcase( nCell<0 ); /* True if key size is 2^32 or more */
64356	testcase( nCell==0 ); /* Invalid key size: 0x80 0x80 0x00 */
64357	testcase( nCell==1 ); /* Invalid key size: 0x80 0x80 0x01 */
64358	testcase( nCell==2 ); /* Minimum legal index key size */
64359	if( nCell<2 ){
64360	rc = SQLITE_CORRUPT_PGNO(pPage->pgno);
64361	goto moveto_finish;
64362	}
64363	pCellKey = sqlite3Malloc( nCell+18 );
64364	if( pCellKey==0 ){
64365	rc = SQLITE_NOMEM_BKPT;
	@@ -64441,47 +64460,44 @@
64460	}
64461	return n;
64462	}
64463
64464	/*
64465	** Advance the cursor to the next entry in the database.
64466	** Return value:
64467	**
64468	** SQLITE_OK success
64469	** SQLITE_DONE cursor is already pointing at the last element
64470	** otherwise some kind of error occurred
64471	**
64472	** The main entry point is sqlite3BtreeNext(). That routine is optimized
64473	** for the common case of merely incrementing the cell counter BtCursor.aiIdx
64474	** to the next cell on the current page. The (slower) btreeNext() helper
64475	** routine is called when it is necessary to move to a different page or
64476	** to restore the cursor.
64477	**
64478	** If bit 0x01 of the flags argument is 1, then the cursor corresponds to
64479	** an SQL index and this routine could have been skipped if the SQL index
64480	** had been a unique index. The flags argument is a hint to the implement.
64481	** SQLite btree implementation does not use this hint, but COMDB2 does.




64482	*/
64483	static SQLITE_NOINLINE int btreeNext(BtCursor *pCur, int flags){
64484	int rc;
64485	int idx;
64486	MemPage *pPage;
64487
64488	assert( cursorOwnsBtShared(pCur) );
64489	assert( pCur->skipNext==0 \|\| pCur->eState!=CURSOR_VALID );
64490	assert( flags==0 );
64491	if( pCur->eState!=CURSOR_VALID ){
64492	assert( (pCur->curFlags & BTCF_ValidOvfl)==0 );
64493	rc = restoreCursorPosition(pCur);
64494	if( rc!=SQLITE_OK ){
64495	return rc;
64496	}
64497	if( CURSOR_INVALID==pCur->eState ){
64498	return SQLITE_DONE;

64499	}
64500	if( pCur->skipNext ){
64501	assert( pCur->eState==CURSOR_VALID \|\| pCur->eState==CURSOR_SKIPNEXT );
64502	pCur->eState = CURSOR_VALID;
64503	if( pCur->skipNext>0 ){
	@@ -64509,19 +64525,18 @@
64525	if( rc ) return rc;
64526	return moveToLeftmost(pCur);
64527	}
64528	do{
64529	if( pCur->iPage==0 ){

64530	pCur->eState = CURSOR_INVALID;
64531	return SQLITE_DONE;
64532	}
64533	moveToParent(pCur);
64534	pPage = pCur->apPage[pCur->iPage];
64535	}while( pCur->ix>=pPage->nCell );
64536	if( pPage->intKey ){
64537	return sqlite3BtreeNext(pCur, flags);
64538	}else{
64539	return SQLITE_OK;
64540	}
64541	}
64542	if( pPage->leaf ){
	@@ -64528,71 +64543,66 @@
64543	return SQLITE_OK;
64544	}else{
64545	return moveToLeftmost(pCur);
64546	}
64547	}
64548	SQLITE_PRIVATE int sqlite3BtreeNext(BtCursor *pCur, int flags){
64549	MemPage *pPage;
64550	assert( cursorOwnsBtShared(pCur) );
64551	assert( flags==0 \|\| flags==1 );

64552	assert( pCur->skipNext==0 \|\| pCur->eState!=CURSOR_VALID );
64553	pCur->info.nSize = 0;
64554	pCur->curFlags &= ~(BTCF_ValidNKey\|BTCF_ValidOvfl);
64555	if( pCur->eState!=CURSOR_VALID ) return btreeNext(pCur, 0);

64556	pPage = pCur->apPage[pCur->iPage];
64557	if( (++pCur->ix)>=pPage->nCell ){
64558	pCur->ix--;
64559	return btreeNext(pCur, 0);
64560	}
64561	if( pPage->leaf ){
64562	return SQLITE_OK;
64563	}else{
64564	return moveToLeftmost(pCur);
64565	}
64566	}
64567
64568	/*
64569	** Step the cursor to the back to the previous entry in the database.
64570	** Return values:
64571	**
64572	** SQLITE_OK success
64573	** SQLITE_DONE the cursor is already on the first element of the table
64574	** otherwise some kind of error occurred
64575	**
64576	** The main entry point is sqlite3BtreePrevious(). That routine is optimized
64577	** for the common case of merely decrementing the cell counter BtCursor.aiIdx
64578	** to the previous cell on the current page. The (slower) btreePrevious()
64579	** helper routine is called when it is necessary to move to a different page
64580	** or to restore the cursor.
64581	**
64582	**
64583	** If bit 0x01 of the flags argument is 1, then the cursor corresponds to
64584	** an SQL index and this routine could have been skipped if the SQL index
64585	** had been a unique index. The flags argument is a hint to the implement.
64586	** SQLite btree implementation does not use this hint, but COMDB2 does.



64587	*/
64588	static SQLITE_NOINLINE int btreePrevious(BtCursor *pCur, int flags){
64589	int rc;
64590	MemPage *pPage;
64591
64592	assert( cursorOwnsBtShared(pCur) );
64593	assert( flags==0 );

64594	assert( pCur->skipNext==0 \|\| pCur->eState!=CURSOR_VALID );
64595	assert( (pCur->curFlags & (BTCF_AtLast\|BTCF_ValidOvfl\|BTCF_ValidNKey))==0 );
64596	assert( pCur->info.nSize==0 );
64597	if( pCur->eState!=CURSOR_VALID ){
64598	rc = restoreCursorPosition(pCur);
64599	if( rc!=SQLITE_OK ){
64600	return rc;
64601	}
64602	if( CURSOR_INVALID==pCur->eState ){
64603	return SQLITE_DONE;

64604	}
64605	if( pCur->skipNext ){
64606	assert( pCur->eState==CURSOR_VALID \|\| pCur->eState==CURSOR_SKIPNEXT );
64607	pCur->eState = CURSOR_VALID;
64608	if( pCur->skipNext<0 ){
	@@ -64612,41 +64622,38 @@
64622	rc = moveToRightmost(pCur);
64623	}else{
64624	while( pCur->ix==0 ){
64625	if( pCur->iPage==0 ){
64626	pCur->eState = CURSOR_INVALID;
64627	return SQLITE_DONE;

64628	}
64629	moveToParent(pCur);
64630	}
64631	assert( pCur->info.nSize==0 );
64632	assert( (pCur->curFlags & (BTCF_ValidOvfl))==0 );
64633
64634	pCur->ix--;
64635	pPage = pCur->apPage[pCur->iPage];
64636	if( pPage->intKey && !pPage->leaf ){
64637	rc = sqlite3BtreePrevious(pCur, flags);
64638	}else{
64639	rc = SQLITE_OK;
64640	}
64641	}
64642	return rc;
64643	}
64644	SQLITE_PRIVATE int sqlite3BtreePrevious(BtCursor *pCur, int flags){
64645	assert( cursorOwnsBtShared(pCur) );
64646	assert( flags==0 \|\| flags==1 );

64647	assert( pCur->skipNext==0 \|\| pCur->eState!=CURSOR_VALID );

64648	pCur->curFlags &= ~(BTCF_AtLast\|BTCF_ValidOvfl\|BTCF_ValidNKey);
64649	pCur->info.nSize = 0;
64650	if( pCur->eState!=CURSOR_VALID
64651	\|\| pCur->ix==0
64652	\|\| pCur->apPage[pCur->iPage]->leaf==0
64653	){
64654	return btreePrevious(pCur, 0);
64655	}
64656	pCur->ix--;
64657	return SQLITE_OK;
64658	}
64659
	@@ -64750,11 +64757,11 @@
64757	** the freelist is empty. */
64758	iTrunk = get4byte(&pPage1->aData[32]);
64759	}
64760	testcase( iTrunk==mxPage );
64761	if( iTrunk>mxPage \|\| nSearch++ > n ){
64762	rc = SQLITE_CORRUPT_PGNO(pPrevTrunk ? pPrevTrunk->pgno : 1);
64763	}else{
64764	rc = btreeGetUnusedPage(pBt, iTrunk, &pTrunk, 0);
64765	}
64766	if( rc ){
64767	pTrunk = 0;
	@@ -64779,11 +64786,11 @@
64786	*ppPage = pTrunk;
64787	pTrunk = 0;
64788	TRACE(("ALLOCATE: %d trunk - %d free pages left\n", *pPgno, n-1));
64789	}else if( k>(u32)(pBt->usableSize/4 - 2) ){
64790	/* Value of k is out of range. Database corruption */
64791	rc = SQLITE_CORRUPT_PGNO(iTrunk);
64792	goto end_allocate_page;
64793	#ifndef SQLITE_OMIT_AUTOVACUUM
64794	}else if( searchList
64795	&& (nearby==iTrunk \|\| (iTrunk<nearby && eMode==BTALLOC_LE))
64796	){
	@@ -64813,11 +64820,11 @@
64820	** page in this case.
64821	*/
64822	MemPage *pNewTrunk;
64823	Pgno iNewTrunk = get4byte(&pTrunk->aData[8]);
64824	if( iNewTrunk>mxPage ){
64825	rc = SQLITE_CORRUPT_PGNO(iTrunk);
64826	goto end_allocate_page;
64827	}
64828	testcase( iNewTrunk==mxPage );
64829	rc = btreeGetUnusedPage(pBt, iNewTrunk, &pNewTrunk, 0);
64830	if( rc!=SQLITE_OK ){
	@@ -64878,11 +64885,11 @@
64885	}
64886
64887	iPage = get4byte(&aData[8+closest*4]);
64888	testcase( iPage==mxPage );
64889	if( iPage>mxPage ){
64890	rc = SQLITE_CORRUPT_PGNO(iTrunk);
64891	goto end_allocate_page;
64892	}
64893	testcase( iPage==mxPage );
64894	if( !searchList
64895	\|\| (iPage==nearby \|\| (iPage<nearby && eMode==BTALLOC_LE))
	@@ -65148,11 +65155,12 @@
65155	pPage->xParseCell(pPage, pCell, pInfo);
65156	if( pInfo->nLocal==pInfo->nPayload ){
65157	return SQLITE_OK; /* No overflow pages. Return without doing anything */
65158	}
65159	if( pCell+pInfo->nSize-1 > pPage->aData+pPage->maskPage ){
65160	/* Cell extends past end of page */
65161	return SQLITE_CORRUPT_PGNO(pPage->pgno);
65162	}
65163	ovflPgno = get4byte(pCell + pInfo->nSize - 4);
65164	assert( pBt->usableSize > 4 );
65165	ovflPageSize = pBt->usableSize - 4;
65166	nOvfl = (pInfo->nPayload - pInfo->nLocal + ovflPageSize - 1)/ovflPageSize;
	@@ -67363,12 +67371,12 @@
67371	** from the internal node. The 'previous' entry is used for this instead
67372	** of the 'next' entry, as the previous entry is always a part of the
67373	** sub-tree headed by the child page of the cell being deleted. This makes
67374	** balancing the tree following the delete operation easier. */
67375	if( !pPage->leaf ){
67376	rc = sqlite3BtreePrevious(pCur, 0);
67377	assert( rc!=SQLITE_DONE );
67378	if( rc ) return rc;
67379	}
67380
67381	/* Save the positions of any other cursors open on this table before
67382	** making any modifications. */
	@@ -71024,11 +71032,11 @@
71032	if( enc!=SQLITE_UTF8 ){
71033	rc = sqlite3VdbeChangeEncoding(pVal, enc);
71034	}
71035	}else if( op==TK_UMINUS ) {
71036	/* This branch happens for multiple negative signs. Ex: -(-5) */
71037	if( SQLITE_OK==valueFromExpr(db,pExpr->pLeft,enc,affinity,&pVal,pCtx)
71038	&& pVal!=0
71039	){
71040	sqlite3VdbeMemNumerify(pVal);
71041	if( pVal->flags & MEM_Real ){
71042	pVal->u.r = -pVal->u.r;
	@@ -73578,21 +73586,22 @@
73586	** statement. This is now set at compile time, rather than during
73587	** execution of the vdbe program so that sqlite3_column_count() can
73588	** be called on an SQL statement before sqlite3_step().
73589	*/
73590	SQLITE_PRIVATE void sqlite3VdbeSetNumCols(Vdbe *p, int nResColumn){

73591	int n;
73592	sqlite3 *db = p->db;
73593
73594	if( p->nResColumn ){
73595	releaseMemArray(p->aColName, p->nResColumn*COLNAME_N);
73596	sqlite3DbFree(db, p->aColName);
73597	}
73598	n = nResColumn*COLNAME_N;
73599	p->nResColumn = (u16)nResColumn;
73600	p->aColName = (Mem)sqlite3DbMallocRawNN(db, sizeof(Mem)n );
73601	if( p->aColName==0 ) return;
73602	initMemArray(p->aColName, n, db, MEM_Null);
73603	}
73604
73605	/*
73606	** Set the name of the idx'th column to be returned by the SQL statement.
73607	** zName must be a pointer to a nul terminated string.
	@@ -74238,14 +74247,14 @@
74247	sqlite3BeginBenignMalloc();
74248	if( db->pErr==0 ) db->pErr = sqlite3ValueNew(db);
74249	sqlite3ValueSetStr(db->pErr, -1, p->zErrMsg, SQLITE_UTF8, SQLITE_TRANSIENT);
74250	sqlite3EndBenignMalloc();
74251	db->bBenignMalloc--;
74252	}else if( db->pErr ){
74253	sqlite3ValueSetNull(db->pErr);

74254	}
74255	db->errCode = rc;
74256	return rc;
74257	}
74258
74259	#ifdef SQLITE_ENABLE_SQLLOG
74260	/*
	@@ -75149,23 +75158,24 @@
75158	** comparison function directly */
75159	return pColl->xCmp(pColl->pUser,pMem1->n,pMem1->z,pMem2->n,pMem2->z);
75160	}else{
75161	int rc;
75162	const void v1, v2;

75163	Mem c1;
75164	Mem c2;
75165	sqlite3VdbeMemInit(&c1, pMem1->db, MEM_Null);
75166	sqlite3VdbeMemInit(&c2, pMem1->db, MEM_Null);
75167	sqlite3VdbeMemShallowCopy(&c1, pMem1, MEM_Ephem);
75168	sqlite3VdbeMemShallowCopy(&c2, pMem2, MEM_Ephem);
75169	v1 = sqlite3ValueText((sqlite3_value*)&c1, pColl->enc);

75170	v2 = sqlite3ValueText((sqlite3_value*)&c2, pColl->enc);
75171	if( (v1==0 \|\| v2==0) ){
75172	if( prcErr ) *prcErr = SQLITE_NOMEM_BKPT;
75173	rc = 0;
75174	}else{
75175	rc = pColl->xCmp(pColl->pUser, c1.n, v1, c2.n, v2);
75176	}
75177	sqlite3VdbeMemRelease(&c1);
75178	sqlite3VdbeMemRelease(&c2);
75179	return rc;
75180	}
75181	}
	@@ -77397,12 +77407,14 @@
77407	pVar = &p->aVar[i-1];
77408	rc = sqlite3VdbeMemSetStr(pVar, zData, nData, encoding, xDel);
77409	if( rc==SQLITE_OK && encoding!=0 ){
77410	rc = sqlite3VdbeChangeEncoding(pVar, ENC(p->db));
77411	}
77412	if( rc ){
77413	sqlite3Error(p->db, rc);
77414	rc = sqlite3ApiExit(p->db, rc);
77415	}
77416	}
77417	sqlite3_mutex_leave(p->db->mutex);
77418	}else if( xDel!=SQLITE_STATIC && xDel!=SQLITE_TRANSIENT ){
77419	xDel((void*)zData);
77420	}
	@@ -77705,12 +77717,23 @@
77717	if( !pStmt ){
77718	(void)SQLITE_MISUSE_BKPT;
77719	return 0;
77720	}
77721	#endif
77722	if( op==SQLITE_STMTSTATUS_MEMUSED ){
77723	sqlite3 *db = pVdbe->db;
77724	sqlite3_mutex_enter(db->mutex);
77725	v = 0;
77726	db->pnBytesFreed = (int*)&v;
77727	sqlite3VdbeClearObject(db, pVdbe);
77728	sqlite3DbFree(db, pVdbe);
77729	db->pnBytesFreed = 0;
77730	sqlite3_mutex_leave(db->mutex);
77731	}else{
77732	v = pVdbe->aCounter[op];
77733	if( resetFlag ) pVdbe->aCounter[op] = 0;
77734	}
77735	return (int)v;
77736	}
77737
77738	/*
77739	** Return the SQL associated with a prepared statement
	@@ -78861,11 +78884,11 @@
78884	u8 resetSchemaOnFault = 0; /* Reset schema after an error if positive */
78885	u8 encoding = ENC(db); /* The database encoding */
78886	int iCompare = 0; /* Result of last comparison */
78887	unsigned nVmStep = 0; /* Number of virtual machine steps */
78888	#ifndef SQLITE_OMIT_PROGRESS_CALLBACK
78889	unsigned nProgressLimit; /* Invoke xProgress() when nVmStep reaches this */
78890	#endif
78891	Mem aMem = p->aMem; / Copy of p->aMem */
78892	Mem pIn1 = 0; / 1st input operand */
78893	Mem pIn2 = 0; / 2nd input operand */
78894	Mem pIn3 = 0; / 3rd input operand */
	@@ -78893,10 +78916,12 @@
78916	#ifndef SQLITE_OMIT_PROGRESS_CALLBACK
78917	if( db->xProgress ){
78918	u32 iPrior = p->aCounter[SQLITE_STMTSTATUS_VM_STEP];
78919	assert( 0 < db->nProgressOps );
78920	nProgressLimit = db->nProgressOps - (iPrior % db->nProgressOps);
78921	}else{
78922	nProgressLimit = 0xffffffff;
78923	}
78924	#endif
78925	#ifdef SQLITE_DEBUG
78926	sqlite3BeginBenignMalloc();
78927	if( p->pc==0
	@@ -79070,11 +79095,11 @@
79095	** of VDBE ops have been executed (either since this invocation of
79096	** sqlite3VdbeExec() or since last time the progress callback was called).
79097	** If the progress callback returns non-zero, exit the virtual machine with
79098	** a return code SQLITE_ABORT.
79099	*/
79100	if( nVmStep>=nProgressLimit && db->xProgress!=0 ){
79101	assert( db->nProgressOps!=0 );
79102	nProgressLimit = nVmStep + db->nProgressOps - (nVmStep%db->nProgressOps);
79103	if( db->xProgress(db->pProgressArg) ){
79104	rc = SQLITE_INTERRUPT;
79105	goto abort_due_to_error;
	@@ -79612,11 +79637,11 @@
79637
79638	#ifndef SQLITE_OMIT_PROGRESS_CALLBACK
79639	/* Run the progress counter just before returning.
79640	*/
79641	if( db->xProgress!=0
79642	&& nVmStep>=nProgressLimit
79643	&& db->xProgress(db->pProgressArg)!=0
79644	){
79645	rc = SQLITE_INTERRUPT;
79646	goto abort_due_to_error;
79647	}
	@@ -80783,11 +80808,13 @@
80808	Mem pReg; / PseudoTable input register */
80809
80810	pC = p->apCsr[pOp->p1];
80811	p2 = pOp->p2;
80812
80813	/* If the cursor cache is stale (meaning it is not currently point at
80814	** the correct row) then bring it up-to-date by doing the necessary
80815	** B-Tree seek. */
80816	rc = sqlite3VdbeCursorMoveto(&pC, &p2);
80817	if( rc ) goto abort_due_to_error;
80818
80819	assert( pOp->p3>0 && pOp->p3<=(p->nMem+1 - p->nCursor) );
80820	pDest = &aMem[pOp->p3];
	@@ -82265,21 +82292,35 @@
82292	sqlite3_search_count++;
82293	#endif
82294	if( oc>=OP_SeekGE ){ assert( oc==OP_SeekGE \|\| oc==OP_SeekGT );
82295	if( res<0 \|\| (res==0 && oc==OP_SeekGT) ){
82296	res = 0;
82297	rc = sqlite3BtreeNext(pC->uc.pCursor, 0);
82298	if( rc!=SQLITE_OK ){
82299	if( rc==SQLITE_DONE ){
82300	rc = SQLITE_OK;
82301	res = 1;
82302	}else{
82303	goto abort_due_to_error;
82304	}
82305	}
82306	}else{
82307	res = 0;
82308	}
82309	}else{
82310	assert( oc==OP_SeekLT \|\| oc==OP_SeekLE );
82311	if( res>0 \|\| (res==0 && oc==OP_SeekLT) ){
82312	res = 0;
82313	rc = sqlite3BtreePrevious(pC->uc.pCursor, 0);
82314	if( rc!=SQLITE_OK ){
82315	if( rc==SQLITE_DONE ){
82316	rc = SQLITE_OK;
82317	res = 1;
82318	}else{
82319	goto abort_due_to_error;
82320	}
82321	}
82322	}else{
82323	/* res might be negative because the table is empty. Check to
82324	** see if this is the case.
82325	*/
82326	res = sqlite3BtreeEof(pC->uc.pCursor);
	@@ -83381,16 +83422,14 @@
83422	** invoked. This opcode advances the cursor to the next sorted
83423	** record, or jumps to P2 if there are no more sorted records.
83424	*/
83425	case OP_SorterNext: { /* jump */
83426	VdbeCursor *pC;

83427
83428	pC = p->apCsr[pOp->p1];
83429	assert( isSorter(pC) );
83430	rc = sqlite3VdbeSorterNext(db, pC);

83431	goto next_tail;
83432	case OP_PrevIfOpen: /* jump */
83433	case OP_NextIfOpen: /* jump */
83434	if( p->apCsr[pOp->p1]==0 ) break;
83435	/* Fall through */
	@@ -83397,16 +83436,13 @@
83436	case OP_Prev: /* jump */
83437	case OP_Next: /* jump */
83438	assert( pOp->p1>=0 && pOp->p1<p->nCursor );
83439	assert( pOp->p5<ArraySize(p->aCounter) );
83440	pC = p->apCsr[pOp->p1];

83441	assert( pC!=0 );
83442	assert( pC->deferredMoveto==0 );
83443	assert( pC->eCurType==CURTYPE_BTREE );


83444	assert( pOp->opcode!=OP_Next \|\| pOp->p4.xAdvance==sqlite3BtreeNext );
83445	assert( pOp->opcode!=OP_Prev \|\| pOp->p4.xAdvance==sqlite3BtreePrevious );
83446	assert( pOp->opcode!=OP_NextIfOpen \|\| pOp->p4.xAdvance==sqlite3BtreeNext );
83447	assert( pOp->opcode!=OP_PrevIfOpen \|\| pOp->p4.xAdvance==sqlite3BtreePrevious);
83448
	@@ -83417,25 +83453,25 @@
83453	\|\| pC->seekOp==OP_Rewind \|\| pC->seekOp==OP_Found);
83454	assert( pOp->opcode!=OP_Prev \|\| pOp->opcode!=OP_PrevIfOpen
83455	\|\| pC->seekOp==OP_SeekLT \|\| pC->seekOp==OP_SeekLE
83456	\|\| pC->seekOp==OP_Last );
83457
83458	rc = pOp->p4.xAdvance(pC->uc.pCursor, pOp->p3);
83459	next_tail:
83460	pC->cacheStatus = CACHE_STALE;
83461	VdbeBranchTaken(rc==SQLITE_OK,2);
83462	if( rc==SQLITE_OK ){

83463	pC->nullRow = 0;
83464	p->aCounter[pOp->p5]++;
83465	#ifdef SQLITE_TEST
83466	sqlite3_search_count++;
83467	#endif
83468	goto jump_to_p2_and_check_for_interrupt;


83469	}
83470	if( rc!=SQLITE_DONE ) goto abort_due_to_error;
83471	rc = SQLITE_OK;
83472	pC->nullRow = 1;
83473	goto check_for_interrupt;
83474	}
83475
83476	/* Opcode: IdxInsert P1 P2 P3 P4 P5
83477	** Synopsis: key=r[P2]
	@@ -83542,12 +83578,12 @@
83578	pC->cacheStatus = CACHE_STALE;
83579	pC->seekResult = 0;
83580	break;
83581	}
83582
83583	/* Opcode: DeferredSeek P1 * P3 P4 *
83584	** Synopsis: Move P3 to P1.rowid if needed
83585	**
83586	** P1 is an open index cursor and P3 is a cursor on the corresponding
83587	** table. This opcode does a deferred seek of the P3 table cursor
83588	** to the row that corresponds to the current row of P1.
83589	**
	@@ -83570,15 +83606,15 @@
83606	** the end of the index key pointed to by cursor P1. This integer should be
83607	** the rowid of the table entry to which this index entry points.
83608	**
83609	** See also: Rowid, MakeRecord.
83610	*/
83611	case OP_DeferredSeek:
83612	case OP_IdxRowid: { /* out2 */
83613	VdbeCursor pC; / The P1 index cursor */
83614	VdbeCursor pTabCur; / The P2 table cursor (OP_DeferredSeek only) */
83615	i64 rowid; /* Rowid that P1 current points to */
83616
83617	assert( pOp->p1>=0 && pOp->p1<p->nCursor );
83618	pC = p->apCsr[pOp->p1];
83619	assert( pC!=0 );
83620	assert( pC->eCurType==CURTYPE_BTREE );
	@@ -83600,11 +83636,11 @@
83636	rowid = 0; /* Not needed. Only used to silence a warning. */
83637	rc = sqlite3VdbeIdxRowid(db, pC->uc.pCursor, &rowid);
83638	if( rc!=SQLITE_OK ){
83639	goto abort_due_to_error;
83640	}
83641	if( pOp->opcode==OP_DeferredSeek ){
83642	assert( pOp->p3>=0 && pOp->p3<p->nCursor );
83643	pTabCur = p->apCsr[pOp->p3];
83644	assert( pTabCur!=0 );
83645	assert( pTabCur->eCurType==CURTYPE_BTREE );
83646	assert( pTabCur->uc.pCursor!=0 );
	@@ -86827,13 +86863,13 @@
86863
86864	int n1;
86865	int n2;
86866	int res;
86867
86868	getVarint32(&p1[1], n1);
86869	getVarint32(&p2[1], n2);
86870	res = memcmp(v1, v2, (MIN(n1, n2) - 13)/2);
86871	if( res==0 ){
86872	res = n1 - n2;
86873	}
86874
86875	if( res==0 ){
	@@ -88624,13 +88660,17 @@
88660	vdbeSorterRewindDebug("rewinddone");
88661	return rc;
88662	}
88663
88664	/*
88665	** Advance to the next element in the sorter. Return value:
88666	**
88667	** SQLITE_OK success
88668	** SQLITE_DONE end of data
88669	** otherwise some kind of error.
88670	*/
88671	SQLITE_PRIVATE int sqlite3VdbeSorterNext(sqlite3 db, const VdbeCursor pCsr){
88672	VdbeSorter *pSorter;
88673	int rc; /* Return code */
88674
88675	assert( pCsr->eCurType==CURTYPE_SORTER );
88676	pSorter = pCsr->uc.pSorter;
	@@ -88640,25 +88680,26 @@
88680	assert( pSorter->bUseThreads==0 \|\| pSorter->pReader );
88681	assert( pSorter->bUseThreads==1 \|\| pSorter->pMerger );
88682	#if SQLITE_MAX_WORKER_THREADS>0
88683	if( pSorter->bUseThreads ){
88684	rc = vdbePmaReaderNext(pSorter->pReader);
88685	if( rc==SQLITE_OK && pSorter->pReader->pFd==0 ) rc = SQLITE_DONE;
88686	}else
88687	#endif
88688	/if( !pSorter->bUseThreads )/ {
88689	int res = 0;
88690	assert( pSorter->pMerger!=0 );
88691	assert( pSorter->pMerger->pTask==(&pSorter->aTask[0]) );
88692	rc = vdbeMergeEngineStep(pSorter->pMerger, &res);
88693	if( rc==SQLITE_OK && res ) rc = SQLITE_DONE;
88694	}
88695	}else{
88696	SorterRecord *pFree = pSorter->list.pList;
88697	pSorter->list.pList = pFree->u.pNext;
88698	pFree->u.pNext = 0;
88699	if( pSorter->list.aMemory==0 ) vdbeSorterRecordFree(db, pFree);
88700	rc = pSorter->list.pList ? SQLITE_OK : SQLITE_DONE;

88701	}
88702	return rc;
88703	}
88704
88705	/*
	@@ -89308,44 +89349,37 @@
89349	** Invoke sqlite3WalkSelect() for subqueries in the FROM clause and
89350	** on the compound select chain, p->pPrior.
89351	**
89352	** If it is not NULL, the xSelectCallback() callback is invoked before
89353	** the walk of the expressions and FROM clause. The xSelectCallback2()
89354	** method is invoked following the walk of the expressions and FROM clause,
89355	** but only if both xSelectCallback and xSelectCallback2 are both non-NULL
89356	** and if the expressions and FROM clause both return WRC_Continue;
89357	**
89358	** Return WRC_Continue under normal conditions. Return WRC_Abort if
89359	** there is an abort request.
89360	**
89361	** If the Walker does not have an xSelectCallback() then this routine
89362	** is a no-op returning WRC_Continue.
89363	*/
89364	SQLITE_PRIVATE int sqlite3WalkSelect(Walker pWalker, Select p){
89365	int rc;
89366	if( p==0 \|\| pWalker->xSelectCallback==0 ) return WRC_Continue;
89367	do{
89368	rc = pWalker->xSelectCallback(pWalker, p);
89369	if( rc ) return rc & WRC_Abort;






89370	if( sqlite3WalkSelectExpr(pWalker, p)
89371	\|\| sqlite3WalkSelectFrom(pWalker, p)
89372	){

89373	return WRC_Abort;
89374	}
89375	if( pWalker->xSelectCallback2 ){
89376	pWalker->xSelectCallback2(pWalker, p);
89377	}
89378	p = p->pPrior;
89379	}while( p!=0 );
89380	return WRC_Continue;

89381	}
89382
89383	/************ End of walker.c ********************************************/
89384	/************ Begin file resolve.c ***************************************/
89385	/*
	@@ -90778,41 +90812,33 @@
90812	Expr pExpr / The expression to be analyzed. */
90813	){
90814	u16 savedHasAgg;
90815	Walker w;
90816
90817	if( pExpr==0 ) return SQLITE_OK;









90818	savedHasAgg = pNC->ncFlags & (NC_HasAgg\|NC_MinMaxAgg);
90819	pNC->ncFlags &= ~(NC_HasAgg\|NC_MinMaxAgg);
90820	w.pParse = pNC->pParse;
90821	w.xExprCallback = resolveExprStep;
90822	w.xSelectCallback = resolveSelectStep;
90823	w.xSelectCallback2 = 0;


90824	w.u.pNC = pNC;
90825	#if SQLITE_MAX_EXPR_DEPTH>0
90826	w.pParse->nHeight += pExpr->nHeight;
90827	if( sqlite3ExprCheckHeight(w.pParse, w.pParse->nHeight) ){
90828	return SQLITE_ERROR;
90829	}
90830	#endif
90831	sqlite3WalkExpr(&w, pExpr);
90832	#if SQLITE_MAX_EXPR_DEPTH>0
90833	w.pParse->nHeight -= pExpr->nHeight;
90834	#endif



90835	if( pNC->ncFlags & NC_HasAgg ){
90836	ExprSetProperty(pExpr, EP_Agg);
90837	}
90838	pNC->ncFlags \|= savedHasAgg;
90839	return pNC->nErr>0 \|\| w.pParse->nErr>0;
90840	}
90841
90842	/*
90843	** Resolve all names for all expression in an expression list. This is
90844	** just like sqlite3ResolveExprNames() except that it works for an expression
	@@ -90849,13 +90875,13 @@
90875	NameContext pOuterNC / Name context for parent SELECT statement */
90876	){
90877	Walker w;
90878
90879	assert( p!=0 );

90880	w.xExprCallback = resolveExprStep;
90881	w.xSelectCallback = resolveSelectStep;
90882	w.xSelectCallback2 = 0;
90883	w.pParse = pParse;
90884	w.u.pNC = pOuterNC;
90885	sqlite3WalkSelect(&w, p);
90886	}
90887
	@@ -92384,11 +92410,13 @@
92410	}
92411	pList = pNew;
92412	pList->nAlloc *= 2;
92413	}
92414	pItem = &pList->a[pList->nExpr++];
92415	assert( offsetof(struct ExprList_item,zName)==sizeof(pItem->pExpr) );
92416	assert( offsetof(struct ExprList_item,pExpr)==0 );
92417	memset(&pItem->zName,0,sizeof(*pItem)-offsetof(struct ExprList_item,zName));
92418	pItem->pExpr = pExpr;
92419	return pList;
92420
92421	no_mem:
92422	/* Avoid leaking memory if malloc has failed. */
	@@ -92668,14 +92696,16 @@
92696	pWalker->eCode = 0;
92697	return WRC_Abort;
92698	}
92699	static int exprIsConst(Expr *p, int initFlag, int iCur){
92700	Walker w;

92701	w.eCode = initFlag;
92702	w.xExprCallback = exprNodeIsConstant;
92703	w.xSelectCallback = selectNodeIsConstant;
92704	#ifdef SQLITE_DEBUG
92705	w.xSelectCallback2 = sqlite3SelectWalkAssert2;
92706	#endif
92707	w.u.iCur = iCur;
92708	sqlite3WalkExpr(&w, p);
92709	return w.eCode;
92710	}
92711
	@@ -92759,13 +92789,13 @@
92789	** optimization, so we take the easy way out and simply require the
92790	** GROUP BY to use the BINARY collating sequence.
92791	*/
92792	SQLITE_PRIVATE int sqlite3ExprIsConstantOrGroupBy(Parse pParse, Expr p, ExprList *pGroupBy){
92793	Walker w;

92794	w.eCode = 1;
92795	w.xExprCallback = exprNodeIsConstantOrGroupBy;
92796	w.xSelectCallback = 0;
92797	w.u.pGroupBy = pGroupBy;
92798	w.pParse = pParse;
92799	sqlite3WalkExpr(&w, p);
92800	return w.eCode;
92801	}
	@@ -92789,14 +92819,16 @@
92819	** Walk an expression tree. Return 1 if the expression contains a
92820	** subquery of some kind. Return 0 if there are no subqueries.
92821	*/
92822	SQLITE_PRIVATE int sqlite3ExprContainsSubquery(Expr *p){
92823	Walker w;

92824	w.eCode = 1;
92825	w.xExprCallback = sqlite3ExprWalkNoop;
92826	w.xSelectCallback = selectNodeIsConstant;
92827	#ifdef SQLITE_DEBUG
92828	w.xSelectCallback2 = sqlite3SelectWalkAssert2;
92829	#endif
92830	sqlite3WalkExpr(&w, p);
92831	return w.eCode==0;
92832	}
92833	#endif
92834
	@@ -95797,12 +95829,12 @@
95829	*/
95830	SQLITE_PRIVATE int sqlite3FunctionUsesThisSrc(Expr pExpr, SrcList pSrcList){
95831	Walker w;
95832	struct SrcCount cnt;
95833	assert( pExpr->op==TK_AGG_FUNCTION );

95834	w.xExprCallback = exprSrcCount;
95835	w.xSelectCallback = 0;
95836	w.u.pSrcCount = &cnt;
95837	cnt.pSrc = pSrcList;
95838	cnt.nThis = 0;
95839	cnt.nOther = 0;
95840	sqlite3WalkExprList(&w, pExpr->x.pList);
	@@ -95970,13 +96002,17 @@
96002	}
96003	}
96004	return WRC_Continue;
96005	}
96006	static int analyzeAggregatesInSelect(Walker pWalker, Select pSelect){
96007	UNUSED_PARAMETER(pSelect);
96008	pWalker->walkerDepth++;
96009	return WRC_Continue;
96010	}
96011	static void analyzeAggregatesInSelectEnd(Walker pWalker, Select pSelect){
96012	UNUSED_PARAMETER(pSelect);
96013	pWalker->walkerDepth--;
96014	}
96015
96016	/*
96017	** Analyze the pExpr expression looking for aggregate functions and
96018	** for variables that need to be added to AggInfo object that pNC->pAggInfo
	@@ -95986,13 +96022,14 @@
96022	** This routine should only be called after the expression has been
96023	** analyzed by sqlite3ResolveExprNames().
96024	*/
96025	SQLITE_PRIVATE void sqlite3ExprAnalyzeAggregates(NameContext pNC, Expr pExpr){
96026	Walker w;

96027	w.xExprCallback = analyzeAggregate;
96028	w.xSelectCallback = analyzeAggregatesInSelect;
96029	w.xSelectCallback2 = analyzeAggregatesInSelectEnd;
96030	w.walkerDepth = 0;
96031	w.u.pNC = pNC;
96032	assert( pNC->pSrcList!=0 );
96033	sqlite3WalkExpr(&w, pExpr);
96034	}
96035
	@@ -100633,11 +100670,15 @@
100670	}
100671	pTable->zName = zName;
100672	pTable->iPKey = -1;
100673	pTable->pSchema = db->aDb[iDb].pSchema;
100674	pTable->nTabRef = 1;
100675	#ifdef SQLITE_DEFAULT_ROWEST
100676	pTable->nRowLogEst = sqlite3LogEst(SQLITE_DEFAULT_ROWEST);
100677	#else
100678	pTable->nRowLogEst = 200; assert( 200==sqlite3LogEst(1048576) );
100679	#endif
100680	assert( pParse->pNewTable==0 );
100681	pParse->pNewTable = pTable;
100682
100683	/* If this is the magic sqlite_sequence table used by autoincrement,
100684	** then record a pointer to this table in the main database structure
	@@ -104984,11 +105025,11 @@
105025	** It is easier just to erase the whole table. Prior to version 3.6.5,
105026	** this optimization caused the row change count (the value returned by
105027	** API function sqlite3_count_changes) to be set incorrectly.
105028	**
105029	** The "rcauth==SQLITE_OK" terms is the
105030	** IMPLEMENTATION-OF: R-17228-37124 If the action code is SQLITE_DELETE and
105031	** the callback returns SQLITE_IGNORE then the DELETE operation proceeds but
105032	** the truncate optimization is disabled and all rows are deleted
105033	** individually.
105034	*/
105035	if( rcauth==SQLITE_OK
	@@ -105090,11 +105131,11 @@
105131	sqlite3VdbeAddOp4(v, OP_MakeRecord, iPk, nPk, iKey,
105132	sqlite3IndexAffinityStr(pParse->db, pPk), nPk);
105133	sqlite3VdbeAddOp4Int(v, OP_IdxInsert, iEphCur, iKey, iPk, nPk);
105134	}else{
105135	/* Add the rowid of the row to be deleted to the RowSet */
105136	nKey = 1; /* OP_DeferredSeek always uses a single rowid */
105137	sqlite3VdbeAddOp2(v, OP_RowSetAdd, iRowSet, iKey);
105138	}
105139	}
105140
105141	/* If this DELETE cannot use the ONEPASS strategy, this is the
	@@ -109354,14 +109395,14 @@
109395	Trigger pTrigger; / List of triggers on pTab, if required */
109396	int tmask; /* Mask of trigger times */
109397	#endif
109398
109399	db = pParse->db;

109400	if( pParse->nErr \|\| db->mallocFailed ){
109401	goto insert_cleanup;
109402	}
109403	dest.iSDParm = 0; /* Suppress a harmless compiler warning */
109404
109405	/* If the Select object is really just a simple VALUES() list with a
109406	** single row (the common case) then keep that one row of values
109407	** and discard the other (unused) parts of the pSelect object
109408	*/
	@@ -117550,11 +117591,11 @@
117591	/*
117592	** Allocate a KeyInfo object sufficient for an index of N key columns and
117593	** X extra columns.
117594	*/
117595	SQLITE_PRIVATE KeyInfo sqlite3KeyInfoAlloc(sqlite3 db, int N, int X){
117596	int nExtra = (N+X)(sizeof(CollSeq)+1) - sizeof(CollSeq*);
117597	KeyInfo *p = sqlite3DbMallocRawNN(db, sizeof(KeyInfo) + nExtra);
117598	if( p ){
117599	p->aSortOrder = (u8*)&p->aColl[N+X];
117600	p->nField = (u16)N;
117601	p->nXField = (u16)X;
	@@ -121129,10 +121170,29 @@
121170	SQLITE_PRIVATE int sqlite3ExprWalkNoop(Walker NotUsed, Expr NotUsed2){
121171	UNUSED_PARAMETER2(NotUsed, NotUsed2);
121172	return WRC_Continue;
121173	}
121174
121175	/*
121176	** No-op routine for the parse-tree walker for SELECT statements.
121177	** subquery in the parser tree.
121178	*/
121179	SQLITE_PRIVATE int sqlite3SelectWalkNoop(Walker NotUsed, Select NotUsed2){
121180	UNUSED_PARAMETER2(NotUsed, NotUsed2);
121181	return WRC_Continue;
121182	}
121183
121184	#if SQLITE_DEBUG
121185	/*
121186	** Always assert. This xSelectCallback2 implementation proves that the
121187	** xSelectCallback2 is never invoked.
121188	*/
121189	SQLITE_PRIVATE void sqlite3SelectWalkAssert2(Walker NotUsed, Select NotUsed2){
121190	UNUSED_PARAMETER2(NotUsed, NotUsed2);
121191	assert( 0 );
121192	}
121193	#endif
121194	/*
121195	** This routine "expands" a SELECT statement and all of its subqueries.
121196	** For additional information on what it means to "expand" a SELECT
121197	** statement, see the comment on the selectExpand worker callback above.
121198	**
	@@ -121144,15 +121204,15 @@
121204	** The calling function can detect the problem by looking at pParse->nErr
121205	** and/or pParse->db->mallocFailed.
121206	*/
121207	static void sqlite3SelectExpand(Parse pParse, Select pSelect){
121208	Walker w;

121209	w.xExprCallback = sqlite3ExprWalkNoop;
121210	w.pParse = pParse;
121211	if( pParse->hasCompound ){
121212	w.xSelectCallback = convertCompoundSelectToSubquery;
121213	w.xSelectCallback2 = 0;
121214	sqlite3WalkSelect(&w, pSelect);
121215	}
121216	w.xSelectCallback = selectExpander;
121217	w.xSelectCallback2 = selectPopWith;
121218	sqlite3WalkSelect(&w, pSelect);
	@@ -121208,11 +121268,11 @@
121268	** Use this routine after name resolution.
121269	*/
121270	static void sqlite3SelectAddTypeInfo(Parse pParse, Select pSelect){
121271	#ifndef SQLITE_OMIT_SUBQUERY
121272	Walker w;
121273	w.xSelectCallback = sqlite3SelectWalkNoop;
121274	w.xSelectCallback2 = selectAddSubqueryTypeInfo;
121275	w.xExprCallback = sqlite3ExprWalkNoop;
121276	w.pParse = pParse;
121277	sqlite3WalkSelect(&w, pSelect);
121278	#endif
	@@ -121789,10 +121849,13 @@
121849	VdbeNoopComment((v, "materialize \"%s\"", pItem->pTab->zName));
121850	}
121851	pPrior = isSelfJoinView(pTabList, pItem);
121852	if( pPrior ){
121853	sqlite3VdbeAddOp2(v, OP_OpenDup, pItem->iCursor, pPrior->iCursor);
121854	explainSetInteger(pItem->iSelectId, pPrior->iSelectId);
121855	assert( pPrior->pSelect!=0 );
121856	pSub->nSelectRow = pPrior->pSelect->nSelectRow;
121857	}else{
121858	sqlite3SelectDestInit(&dest, SRT_EphemTab, pItem->iCursor);
121859	explainSetInteger(pItem->iSelectId, (u8)pParse->iNextSelectId);
121860	sqlite3Select(pParse, pSub, &dest);
121861	}
	@@ -122948,10 +123011,11 @@
123011	/* Make an entry in the sqlite_master table */
123012	v = sqlite3GetVdbe(pParse);
123013	if( v==0 ) goto triggerfinish_cleanup;
123014	sqlite3BeginWriteOperation(pParse, 0, iDb);
123015	z = sqlite3DbStrNDup(db, (char*)pAll->z, pAll->n);
123016	testcase( z==0 );
123017	sqlite3NestedParse(pParse,
123018	"INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')",
123019	db->aDb[iDb].zDbSName, MASTER_NAME, zName,
123020	pTrig->table, z);
123021	sqlite3DbFree(db, z);
	@@ -127755,14 +127819,14 @@
127819	** function generates code to do a deferred seek of cursor iCur to the
127820	** rowid stored in register iRowid.
127821	**
127822	** Normally, this is just:
127823	**
127824	** OP_DeferredSeek $iCur $iRowid
127825	**
127826	** However, if the scan currently being coded is a branch of an OR-loop and
127827	** the statement currently being coded is a SELECT, then P3 of OP_DeferredSeek
127828	** is set to iIdxCur and P4 is set to point to an array of integers
127829	** containing one entry for each column of the table cursor iCur is open
127830	** on. For each table column, if the column is the i'th column of the
127831	** index, then the corresponding array entry is set to (i+1). If the column
127832	** does not appear in the index at all, the array entry is set to 0.
	@@ -127777,11 +127841,11 @@
127841	Vdbe v = pParse->pVdbe; / Vdbe to generate code within */
127842
127843	assert( iIdxCur>0 );
127844	assert( pIdx->aiColumn[pIdx->nColumn-1]==-1 );
127845
127846	sqlite3VdbeAddOp3(v, OP_DeferredSeek, iIdxCur, 0, iCur);
127847	if( (pWInfo->wctrlFlags & WHERE_OR_SUBCLAUSE)
127848	&& DbMaskAllZero(sqlite3ParseToplevel(pParse)->writeMask)
127849	){
127850	int i;
127851	Table *pTab = pIdx->pTable;
	@@ -131579,11 +131643,11 @@
131643	iGap = (iGap*2)/3;
131644	}else{
131645	iGap = iGap/3;
131646	}
131647	aStat[0] = iLower + iGap;
131648	aStat[1] = pIdx->aAvgEq[nField-1];
131649	}
131650
131651	/* Restore the pRec->nField value before returning. */
131652	pRec->nField = nField;
131653	return i;
	@@ -132332,20 +132396,21 @@
132396	}
132397	}
132398
132399	/*
132400	** Search the list of WhereLoops in *ppPrev looking for one that can be
132401	** replaced by pTemplate.
132402	**
132403	** Return NULL if pTemplate does not belong on the WhereLoop list.
132404	** In other words if pTemplate ought to be dropped from further consideration.
132405	**
132406	** If pX is a WhereLoop that pTemplate can replace, then return the
132407	** link that points to pX.
132408	**
132409	** If pTemplate cannot replace any existing element of the list but needs
132410	** to be added to the list as a new entry, then return a pointer to the
132411	** tail of the list.
132412	*/
132413	static WhereLoop **whereLoopFindLesser(
132414	WhereLoop **ppPrev,
132415	const WhereLoop *pTemplate
132416	){
	@@ -132486,12 +132551,14 @@
132551	#if WHERETRACE_ENABLED /* 0x8 */
132552	if( sqlite3WhereTrace & 0x8 ){
132553	if( p!=0 ){
132554	sqlite3DebugPrintf("replace: ");
132555	whereLoopPrint(p, pBuilder->pWC);
132556	sqlite3DebugPrintf(" with: ");
132557	}else{
132558	sqlite3DebugPrintf(" add: ");
132559	}

132560	whereLoopPrint(pTemplate, pBuilder->pWC);
132561	}
132562	#endif
132563	if( p==0 ){
132564	/* Allocate a new WhereLoop to add to the end of the list */
	@@ -134387,12 +134454,12 @@
134454	/* The current candidate is no better than any of the mxChoice
134455	** paths currently in the best-so-far buffer. So discard
134456	** this candidate as not viable. */
134457	#ifdef WHERETRACE_ENABLED /* 0x4 */
134458	if( sqlite3WhereTrace&0x4 ){
134459	sqlite3DebugPrintf("Skip %s cost=%-3d,%3d,%3d order=%c\n",
134460	wherePathName(pFrom, iLoop, pWLoop), rCost, nOut, rUnsorted,
134461	isOrdered>=0 ? isOrdered+'0' : '?');
134462	}
134463	#endif
134464	continue;
134465	}
	@@ -134406,30 +134473,40 @@
134473	jj = mxI;
134474	}
134475	pTo = &aTo[jj];
134476	#ifdef WHERETRACE_ENABLED /* 0x4 */
134477	if( sqlite3WhereTrace&0x4 ){
134478	sqlite3DebugPrintf("New %s cost=%-3d,%3d,%3d order=%c\n",
134479	wherePathName(pFrom, iLoop, pWLoop), rCost, nOut, rUnsorted,
134480	isOrdered>=0 ? isOrdered+'0' : '?');
134481	}
134482	#endif
134483	}else{
134484	/* Control reaches here if best-so-far path pTo=aTo[jj] covers the
134485	** same set of loops and has the same isOrdered setting as the
134486	** candidate path. Check to see if the candidate should replace
134487	** pTo or if the candidate should be skipped.
134488	**
134489	** The conditional is an expanded vector comparison equivalent to:
134490	** (pTo->rCost,pTo->nRow,pTo->rUnsorted) <= (rCost,nOut,rUnsorted)
134491	*/
134492	if( pTo->rCost<rCost
134493	\|\| (pTo->rCost==rCost
134494	&& (pTo->nRow<nOut
134495	\|\| (pTo->nRow==nOut && pTo->rUnsorted<=rUnsorted)
134496	)
134497	)
134498	){
134499	#ifdef WHERETRACE_ENABLED /* 0x4 */
134500	if( sqlite3WhereTrace&0x4 ){
134501	sqlite3DebugPrintf(
134502	"Skip %s cost=%-3d,%3d,%3d order=%c",
134503	wherePathName(pFrom, iLoop, pWLoop), rCost, nOut, rUnsorted,
134504	isOrdered>=0 ? isOrdered+'0' : '?');
134505	sqlite3DebugPrintf(" vs %s cost=%-3d,%3d,%3d order=%c\n",
134506	wherePathName(pTo, iLoop+1, 0), pTo->rCost, pTo->nRow,
134507	pTo->rUnsorted, pTo->isOrdered>=0 ? pTo->isOrdered+'0' : '?');
134508	}
134509	#endif
134510	/* Discard the candidate path from further consideration */
134511	testcase( pTo->rCost==rCost );
134512	continue;
	@@ -134438,16 +134515,16 @@
134515	/* Control reaches here if the candidate path is better than the
134516	** pTo path. Replace pTo with the candidate. */
134517	#ifdef WHERETRACE_ENABLED /* 0x4 */
134518	if( sqlite3WhereTrace&0x4 ){
134519	sqlite3DebugPrintf(
134520	"Update %s cost=%-3d,%3d,%3d order=%c",
134521	wherePathName(pFrom, iLoop, pWLoop), rCost, nOut, rUnsorted,
134522	isOrdered>=0 ? isOrdered+'0' : '?');
134523	sqlite3DebugPrintf(" was %s cost=%-3d,%3d,%3d order=%c\n",
134524	wherePathName(pTo, iLoop+1, 0), pTo->rCost, pTo->nRow,
134525	pTo->rUnsorted, pTo->isOrdered>=0 ? pTo->isOrdered+'0' : '?');
134526	}
134527	#endif
134528	}
134529	/* pWLoop is a winner. Add it to the set of best so far */
134530	pTo->maskLoop = pFrom->maskLoop \| pWLoop->maskSelf;
	@@ -134951,11 +135028,11 @@
135028	WhereLoop *p;
135029	int i;
135030	static const char zLabel[] = "0123456789abcdefghijklmnopqrstuvwyxz"
135031	"ABCDEFGHIJKLMNOPQRSTUVWYXZ";
135032	for(p=pWInfo->pLoops, i=0; p; p=p->pNextLoop, i++){
135033	p->cId = zLabel[i%(sizeof(zLabel)-1)];
135034	whereLoopPrint(p, sWLB.pWC);
135035	}
135036	}
135037	#endif
135038
	@@ -141333,10 +141410,11 @@
141410	int rc, n;
141411	n = nKey1<nKey2 ? nKey1 : nKey2;
141412	/* EVIDENCE-OF: R-65033-28449 The built-in BINARY collation compares
141413	** strings byte by byte using the memcmp() function from the standard C
141414	** library. */
141415	assert( pKey1 && pKey2 );
141416	rc = memcmp(pKey1, pKey2, n);
141417	if( rc==0 ){
141418	if( padFlag
141419	&& allSpaces(((char*)pKey1)+n, nKey1-n)
141420	&& allSpaces(((char*)pKey2)+n, nKey2-n)
	@@ -143803,10 +143881,16 @@
143881	SQLITE_PRIVATE int sqlite3CantopenError(int lineno){
143882	testcase( sqlite3GlobalConfig.xLog!=0 );
143883	return reportError(SQLITE_CANTOPEN, lineno, "cannot open file");
143884	}
143885	#ifdef SQLITE_DEBUG
143886	SQLITE_PRIVATE int sqlite3CorruptPgnoError(int lineno, Pgno pgno){
143887	char zMsg[100];
143888	sqlite3_snprintf(sizeof(zMsg), zMsg, "database corruption page %d", pgno);
143889	testcase( sqlite3GlobalConfig.xLog!=0 );
143890	return reportError(SQLITE_CORRUPT, lineno, zMsg);
143891	}
143892	SQLITE_PRIVATE int sqlite3NomemError(int lineno){
143893	testcase( sqlite3GlobalConfig.xLog!=0 );
143894	return reportError(SQLITE_NOMEM, lineno, "OOM");
143895	}
143896	SQLITE_PRIVATE int sqlite3IoerrnomemError(int lineno){
	@@ -169165,14 +169249,14 @@
169249	** as fully applied. Otherwise, assuming no error has occurred, save the
169250	** current state of the RBU update appliation to the RBU database.
169251	**
169252	** If an error has already occurred as part of an sqlite3rbu_step()
169253	** or sqlite3rbu_open() call, or if one occurs within this function, an
169254	** SQLite error code is returned. Additionally, if pzErrmsg is not NULL,
169255	** *pzErrmsg may be set to point to a buffer containing a utf-8 formatted
169256	** English language error message. It is the responsibility of the caller to
169257	** eventually free any such buffer using sqlite3_free().
169258	**
169259	** Otherwise, if no error occurs, this function returns SQLITE_OK if the
169260	** update has been partially applied, or SQLITE_DONE if it has been
169261	** completely applied.
169262	*/
	@@ -173024,11 +173108,15 @@
173108	sqlite3_free(p->aBuf);
173109	sqlite3_free(p->aFrame);
173110
173111	rbuEditErrmsg(p);
173112	rc = p->rc;
173113	if( pzErrmsg ){
173114	*pzErrmsg = p->zErrmsg;
173115	}else{
173116	sqlite3_free(p->zErrmsg);
173117	}
173118	sqlite3_free(p->zState);
173119	sqlite3_free(p);
173120	}else{
173121	rc = SQLITE_NOMEM;
173122	*pzErrmsg = 0;
	@@ -177582,15 +177670,16 @@
177670
177671	sessionDiscardData(&p->in);
177672	p->in.iCurrent = p->in.iNext;
177673
177674	op = p->in.aData[p->in.iNext++];
177675	while( op=='T' \|\| op=='P' ){
177676	p->bPatchset = (op=='P');
177677	if( sessionChangesetReadTblhdr(p) ) return p->rc;
177678	if( (p->rc = sessionInputBuffer(&p->in, 2)) ) return p->rc;
177679	p->in.iCurrent = p->in.iNext;
177680	if( p->in.iNext>=p->in.nData ) return SQLITE_DONE;
177681	op = p->in.aData[p->in.iNext++];
177682	}
177683
177684	p->op = op;
177685	p->bIndirect = p->in.aData[p->in.iNext++];
	@@ -189573,14 +189662,15 @@
189662	if( !apNew ) return SQLITE_NOMEM;
189663	memset(apNew, 0, nNewsizeof(Fts5HashEntry));
189664
189665	for(i=0; i<pHash->nSlot; i++){
189666	while( apOld[i] ){
189667	unsigned int iHash;
189668	Fts5HashEntry *p = apOld[i];
189669	apOld[i] = p->pHashNext;
189670	iHash = fts5HashKey(nNew, (u8*)fts5EntryKey(p),
189671	(int)strlen(fts5EntryKey(p)));
189672	p->pHashNext = apNew[iHash];
189673	apNew[iHash] = p;
189674	}
189675	}
189676
	@@ -189879,11 +189969,11 @@
189969	const char pTerm, int nTerm, / Query term */
189970	const u8 *ppDoclist, / OUT: Pointer to doclist for pTerm */
189971	int pnDoclist / OUT: Size of doclist in bytes */
189972	){
189973	unsigned int iHash = fts5HashKey(pHash->nSlot, (const u8*)pTerm, nTerm);
189974	char *zKey = 0;
189975	Fts5HashEntry *p;
189976
189977	for(p=pHash->aSlot[iHash]; p; p=p->pHashNext){
189978	zKey = fts5EntryKey(p);
189979	if( memcmp(zKey, pTerm, nTerm)==0 && zKey[nTerm]==0 ) break;
	@@ -199060,11 +199150,11 @@
199150	int nArg, /* Number of args */
199151	sqlite3_value *apUnused / Function arguments */
199152	){
199153	assert( nArg==0 );
199154	UNUSED_PARAM2(nArg, apUnused);
199155	sqlite3_result_text(pCtx, "fts5: 2017-06-13 04:31:54 35b34bdf0843b49be39e13ed212e918c2d45afdb8374b5cd02ba6d2d5b16b3b9", -1, SQLITE_TRANSIENT);
199156	}
199157
199158	static int fts5Init(sqlite3 *db){
199159	static const sqlite3_module fts5Mod = {
199160	/* iVersion */ 2,
199161

M src/sqlite3.h

+13 -4

		--- src/sqlite3.h
		+++ src/sqlite3.h
		@@ -119,13 +119,13 @@
119	119	**
120	120	** See also: [sqlite3_libversion()],
121	121	** [sqlite3_libversion_number()], [sqlite3_sourceid()],
122	122	** [sqlite_version()] and [sqlite_source_id()].
123	123	*/
124		-#define SQLITE_VERSION "3.19.3"
125		-#define SQLITE_VERSION_NUMBER 3019003
126		-#define SQLITE_SOURCE_ID "2017-06-08 14:26:16 0ee482a1e0eae22e08edc8978c9733a96603d4509645f348ebf55b579e89636b"
	124	+#define SQLITE_VERSION "3.20.0"
	125	+#define SQLITE_VERSION_NUMBER 3020000
	126	+#define SQLITE_SOURCE_ID "2017-06-15 13:07:56 9afd7a2ffd3a39456190ad05e85ff6485298aae262d9e0698a58c1d73507a36f"
127	127
128	128	/*
129	129	** CAPI3REF: Run-Time Library Version Numbers
130	130	** KEYWORDS: sqlite3_version sqlite3_sourceid
131	131	**
		@@ -5618,11 +5618,13 @@
5618	5618	** column exists. ^The sqlite3_table_column_metadata() interface returns
5619	5619	** SQLITE_ERROR and if the specified column does not exist.
5620	5620	** ^If the column-name parameter to sqlite3_table_column_metadata() is a
5621	5621	** NULL pointer, then this routine simply checks for the existence of the
5622	5622	** table and returns SQLITE_OK if the table exists and SQLITE_ERROR if it
5623		-** does not.
	5623	+** does not. If the table name parameter T in a call to
	5624	+** sqlite3_table_column_metadata(X,D,T,C,...) is NULL then the result is
	5625	+** undefined behavior.
5624	5626	**
5625	5627	** ^The column is identified by the second, third and fourth parameters to
5626	5628	** this function. ^(The second parameter is either the name of the database
5627	5629	** (i.e. "main", "temp", or an attached database) containing the specified
5628	5630	** table or NULL.)^ ^If it is NULL, then all attached databases are searched
		@@ -7131,17 +7133,24 @@
7131	7133	** by the prepared statement if that number is less than or equal
7132	7134	** to 2147483647. The number of virtual machine operations can be
7133	7135	** used as a proxy for the total work done by the prepared statement.
7134	7136	** If the number of virtual machine operations exceeds 2147483647
7135	7137	** then the value returned by this statement status code is undefined.
	7138	+**
	7139	+** [[SQLITE_STMTSTATUS_MEMUSED]] <dt>SQLITE_STMTSTATUS_MEMUSED</dt>
	7140	+** <dd>^This is the approximate number of bytes of heap memory
	7141	+** used to store the prepared statement. ^This value is not actually
	7142	+** a counter, and so the resetFlg parameter to sqlite3_stmt_status()
	7143	+** is ignored when the opcode is SQLITE_STMTSTATUS_MEMUSED.
7136	7144	** </dd>
7137	7145	** </dl>
7138	7146	*/
7139	7147	#define SQLITE_STMTSTATUS_FULLSCAN_STEP 1
7140	7148	#define SQLITE_STMTSTATUS_SORT 2
7141	7149	#define SQLITE_STMTSTATUS_AUTOINDEX 3
7142	7150	#define SQLITE_STMTSTATUS_VM_STEP 4
	7151	+#define SQLITE_STMTSTATUS_MEMUSED 5
7143	7152
7144	7153	/*
7145	7154	** CAPI3REF: Custom Page Cache Object
7146	7155	**
7147	7156	** The sqlite3_pcache type is opaque. It is implemented by
7148	7157

	--- src/sqlite3.h
	+++ src/sqlite3.h
	@@ -119,13 +119,13 @@
119	**
120	** See also: [sqlite3_libversion()],
121	** [sqlite3_libversion_number()], [sqlite3_sourceid()],
122	** [sqlite_version()] and [sqlite_source_id()].
123	*/
124	#define SQLITE_VERSION "3.19.3"
125	#define SQLITE_VERSION_NUMBER 3019003
126	#define SQLITE_SOURCE_ID "2017-06-08 14:26:16 0ee482a1e0eae22e08edc8978c9733a96603d4509645f348ebf55b579e89636b"
127
128	/*
129	** CAPI3REF: Run-Time Library Version Numbers
130	** KEYWORDS: sqlite3_version sqlite3_sourceid
131	**
	@@ -5618,11 +5618,13 @@
5618	** column exists. ^The sqlite3_table_column_metadata() interface returns
5619	** SQLITE_ERROR and if the specified column does not exist.
5620	** ^If the column-name parameter to sqlite3_table_column_metadata() is a
5621	** NULL pointer, then this routine simply checks for the existence of the
5622	** table and returns SQLITE_OK if the table exists and SQLITE_ERROR if it
5623	** does not.


5624	**
5625	** ^The column is identified by the second, third and fourth parameters to
5626	** this function. ^(The second parameter is either the name of the database
5627	** (i.e. "main", "temp", or an attached database) containing the specified
5628	** table or NULL.)^ ^If it is NULL, then all attached databases are searched
	@@ -7131,17 +7133,24 @@
7131	** by the prepared statement if that number is less than or equal
7132	** to 2147483647. The number of virtual machine operations can be
7133	** used as a proxy for the total work done by the prepared statement.
7134	** If the number of virtual machine operations exceeds 2147483647
7135	** then the value returned by this statement status code is undefined.






7136	** </dd>
7137	** </dl>
7138	*/
7139	#define SQLITE_STMTSTATUS_FULLSCAN_STEP 1
7140	#define SQLITE_STMTSTATUS_SORT 2
7141	#define SQLITE_STMTSTATUS_AUTOINDEX 3
7142	#define SQLITE_STMTSTATUS_VM_STEP 4

7143
7144	/*
7145	** CAPI3REF: Custom Page Cache Object
7146	**
7147	** The sqlite3_pcache type is opaque. It is implemented by
7148

	--- src/sqlite3.h
	+++ src/sqlite3.h
	@@ -119,13 +119,13 @@
119	**
120	** See also: [sqlite3_libversion()],
121	** [sqlite3_libversion_number()], [sqlite3_sourceid()],
122	** [sqlite_version()] and [sqlite_source_id()].
123	*/
124	#define SQLITE_VERSION "3.20.0"
125	#define SQLITE_VERSION_NUMBER 3020000
126	#define SQLITE_SOURCE_ID "2017-06-15 13:07:56 9afd7a2ffd3a39456190ad05e85ff6485298aae262d9e0698a58c1d73507a36f"
127
128	/*
129	** CAPI3REF: Run-Time Library Version Numbers
130	** KEYWORDS: sqlite3_version sqlite3_sourceid
131	**
	@@ -5618,11 +5618,13 @@
5618	** column exists. ^The sqlite3_table_column_metadata() interface returns
5619	** SQLITE_ERROR and if the specified column does not exist.
5620	** ^If the column-name parameter to sqlite3_table_column_metadata() is a
5621	** NULL pointer, then this routine simply checks for the existence of the
5622	** table and returns SQLITE_OK if the table exists and SQLITE_ERROR if it
5623	** does not. If the table name parameter T in a call to
5624	** sqlite3_table_column_metadata(X,D,T,C,...) is NULL then the result is
5625	** undefined behavior.
5626	**
5627	** ^The column is identified by the second, third and fourth parameters to
5628	** this function. ^(The second parameter is either the name of the database
5629	** (i.e. "main", "temp", or an attached database) containing the specified
5630	** table or NULL.)^ ^If it is NULL, then all attached databases are searched
	@@ -7131,17 +7133,24 @@
7133	** by the prepared statement if that number is less than or equal
7134	** to 2147483647. The number of virtual machine operations can be
7135	** used as a proxy for the total work done by the prepared statement.
7136	** If the number of virtual machine operations exceeds 2147483647
7137	** then the value returned by this statement status code is undefined.
7138	**
7139	** [[SQLITE_STMTSTATUS_MEMUSED]] <dt>SQLITE_STMTSTATUS_MEMUSED</dt>
7140	** <dd>^This is the approximate number of bytes of heap memory
7141	** used to store the prepared statement. ^This value is not actually
7142	** a counter, and so the resetFlg parameter to sqlite3_stmt_status()
7143	** is ignored when the opcode is SQLITE_STMTSTATUS_MEMUSED.
7144	** </dd>
7145	** </dl>
7146	*/
7147	#define SQLITE_STMTSTATUS_FULLSCAN_STEP 1
7148	#define SQLITE_STMTSTATUS_SORT 2
7149	#define SQLITE_STMTSTATUS_AUTOINDEX 3
7150	#define SQLITE_STMTSTATUS_VM_STEP 4
7151	#define SQLITE_STMTSTATUS_MEMUSED 5
7152
7153	/*
7154	** CAPI3REF: Custom Page Cache Object
7155	**
7156	** The sqlite3_pcache type is opaque. It is implemented by
7157

Fossil SCM

Keyboard Shortcuts