From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Victor Costan <pwnall@chromium.org>
Date: Fri, 11 Jan 2019 04:21:21 -0800
Subject: [PATCH 14/17] Fix another problem found by Matthew Denton's new
 fuzzer.

This backports https://sqlite.org/src/info/2b690dbdffe144bd

Bug: 911253
---
 third_party/sqlite/src/src/expr.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/third_party/sqlite/src/src/expr.c b/third_party/sqlite/src/src/expr.c
index 05c9521b2030..c61528288baf 100644
--- a/third_party/sqlite/src/src/expr.c
+++ b/third_party/sqlite/src/src/expr.c
@@ -141,8 +141,8 @@ CollSeq *sqlite3ExprCollSeq(Parse *pParse, Expr *pExpr){
   while( p ){
     int op = p->op;
     if( p->flags & EP_Generic ) break;
-    if( (op==TK_AGG_COLUMN || op==TK_COLUMN
-          || op==TK_REGISTER || op==TK_TRIGGER)
+    if( op==TK_REGISTER ) op = p->op2;
+    if( (op==TK_AGG_COLUMN || op==TK_COLUMN || op==TK_TRIGGER)
      && p->y.pTab!=0
     ){
       /* op==TK_REGISTER && p->y.pTab!=0 happens when pExpr was originally
@@ -158,7 +158,7 @@ CollSeq *sqlite3ExprCollSeq(Parse *pParse, Expr *pExpr){
       p = p->pLeft;
       continue;
     }
-    if( op==TK_COLLATE || (op==TK_REGISTER && p->op2==TK_COLLATE) ){
+    if( op==TK_COLLATE ){
       pColl = sqlite3GetCollSeq(pParse, ENC(db), 0, p->u.zToken);
       break;
     }
--
2.18.0