/ Check-in [7cac614d]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Limit the size of SrcList objects to 200 entries (compile-time configurable using -DSQLITE_MAX_SRCLIST=n). The maximum number of tables in a join has always been 64, so this is not a real constraint on capability. Limiting the size of a SrcList prevents DOS attacks (discovered by OSSFuzz) using crazy nexted CTE joins.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 7cac614d5df55eb092b863163483b6782b942b21bd15fd787576fef5619fa849
User & Date: drh 2019-01-17 14:34:46
Context
2019-01-17
15:40
Revamp the SrcList allocator routines to be methods of Parse instead of being methods of the "sqlite3" object, so that they can leave better error messages when the SrcList object grows too large. check-in: df08d472 user: drh tags: trunk
14:34
Limit the size of SrcList objects to 200 entries (compile-time configurable using -DSQLITE_MAX_SRCLIST=n). The maximum number of tables in a join has always been 64, so this is not a real constraint on capability. Limiting the size of a SrcList prevents DOS attacks (discovered by OSSFuzz) using crazy nexted CTE joins. check-in: 7cac614d user: drh tags: trunk
04:40
Fix a corner-case for the logic that cause an insert of a NULL into an INTEGER PRIMARY KEY column to be converted into a valid integer key, when the NULL results from a CASE expression that lacks an ELSE clause. check-in: 9a425051 user: drh tags: trunk
Changes
Unified Diffs Side-by-Side Diffs Patch

Changes to src/build.c.

Changes to test/join.test.

Changes to test/with1.test.