SQLite

Check-in [794763fd6c]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Handle some obscure "row value misused" cases that could cause segfaults or assertion failures.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | branch-3.15
Files: files | file ages | folders
SHA1: 794763fd6c04cabb16300421ade169131b7d308d
User & Date: drh 2016-11-23 19:43:48.606
Context
2016-11-23
20:12
Mark the ICU extension functions as deterministic. (check-in: 8fd2fccefb user: drh tags: branch-3.15)
19:43
Handle some obscure "row value misused" cases that could cause segfaults or assertion failures. (check-in: 794763fd6c user: drh tags: branch-3.15)
19:40
Take care not to try to generate code for the ATTACH and DETACH commands if there were syntax errors during parsing. Fix for ticket [2f1b168ab4d4844] (check-in: f8cf7ff156 user: drh tags: branch-3.15)
2016-11-11
15:49
Handle some obscure "row value misused" cases that could cause segfaults or assertion failures. (check-in: fba5fddb1c user: dan tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/resolve.c.
395
396
397
398
399
400
401




402
403
404
405
406
407
408
          assert( pExpr->pLeft==0 && pExpr->pRight==0 );
          assert( pExpr->x.pList==0 );
          assert( pExpr->x.pSelect==0 );
          pOrig = pEList->a[j].pExpr;
          if( (pNC->ncFlags&NC_AllowAgg)==0 && ExprHasProperty(pOrig, EP_Agg) ){
            sqlite3ErrorMsg(pParse, "misuse of aliased aggregate %s", zAs);
            return WRC_Abort;




          }
          resolveAlias(pParse, pEList, j, pExpr, "", nSubquery);
          cnt = 1;
          pMatch = 0;
          assert( zTab==0 && zDb==0 );
          goto lookupname_end;
        }







>
>
>
>







395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
          assert( pExpr->pLeft==0 && pExpr->pRight==0 );
          assert( pExpr->x.pList==0 );
          assert( pExpr->x.pSelect==0 );
          pOrig = pEList->a[j].pExpr;
          if( (pNC->ncFlags&NC_AllowAgg)==0 && ExprHasProperty(pOrig, EP_Agg) ){
            sqlite3ErrorMsg(pParse, "misuse of aliased aggregate %s", zAs);
            return WRC_Abort;
          }
          if( sqlite3ExprVectorSize(pOrig)!=1 ){
            sqlite3ErrorMsg(pParse, "row value misused");
            return WRC_Abort;
          }
          resolveAlias(pParse, pEList, j, pExpr, "", nSubquery);
          cnt = 1;
          pMatch = 0;
          assert( zTab==0 && zDb==0 );
          goto lookupname_end;
        }
772
773
774
775
776
777
778

779
780
781
782
783
784
785
786
787
788
789
790
791







792

793
794
795
796
797
798
799
800
801

802
803
804
805
806
807
808
      }
      break;
    }
    case TK_VARIABLE: {
      notValid(pParse, pNC, "parameters", NC_IsCheck|NC_PartIdx|NC_IdxExpr);
      break;
    }

    case TK_EQ:
    case TK_NE:
    case TK_LT:
    case TK_LE:
    case TK_GT:
    case TK_GE:
    case TK_IS:
    case TK_ISNOT: {
      int nLeft, nRight;
      if( pParse->db->mallocFailed ) break;
      assert( pExpr->pRight!=0 );
      assert( pExpr->pLeft!=0 );
      nLeft = sqlite3ExprVectorSize(pExpr->pLeft);







      nRight = sqlite3ExprVectorSize(pExpr->pRight);

      if( nLeft!=nRight ){
        testcase( pExpr->op==TK_EQ );
        testcase( pExpr->op==TK_NE );
        testcase( pExpr->op==TK_LT );
        testcase( pExpr->op==TK_LE );
        testcase( pExpr->op==TK_GT );
        testcase( pExpr->op==TK_GE );
        testcase( pExpr->op==TK_IS );
        testcase( pExpr->op==TK_ISNOT );

        sqlite3ErrorMsg(pParse, "row value misused");
      }
      break; 
    }
  }
  return (pParse->nErr || pParse->db->mallocFailed) ? WRC_Abort : WRC_Continue;
}







>










<


>
>
>
>
>
>
>
|
>









>







776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793

794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
      }
      break;
    }
    case TK_VARIABLE: {
      notValid(pParse, pNC, "parameters", NC_IsCheck|NC_PartIdx|NC_IdxExpr);
      break;
    }
    case TK_BETWEEN:
    case TK_EQ:
    case TK_NE:
    case TK_LT:
    case TK_LE:
    case TK_GT:
    case TK_GE:
    case TK_IS:
    case TK_ISNOT: {
      int nLeft, nRight;
      if( pParse->db->mallocFailed ) break;

      assert( pExpr->pLeft!=0 );
      nLeft = sqlite3ExprVectorSize(pExpr->pLeft);
      if( pExpr->op==TK_BETWEEN ){
        nRight = sqlite3ExprVectorSize(pExpr->x.pList->a[0].pExpr);
        if( nRight==nLeft ){
          nRight = sqlite3ExprVectorSize(pExpr->x.pList->a[1].pExpr);
        }
      }else{
        assert( pExpr->pRight!=0 );
        nRight = sqlite3ExprVectorSize(pExpr->pRight);
      }
      if( nLeft!=nRight ){
        testcase( pExpr->op==TK_EQ );
        testcase( pExpr->op==TK_NE );
        testcase( pExpr->op==TK_LT );
        testcase( pExpr->op==TK_LE );
        testcase( pExpr->op==TK_GT );
        testcase( pExpr->op==TK_GE );
        testcase( pExpr->op==TK_IS );
        testcase( pExpr->op==TK_ISNOT );
        testcase( pExpr->op==TK_BETWEEN );
        sqlite3ErrorMsg(pParse, "row value misused");
      }
      break; 
    }
  }
  return (pParse->nErr || pParse->db->mallocFailed) ? WRC_Abort : WRC_Continue;
}
Changes to test/rowvalue.test.
261
262
263
264
265
266
267













268
269
do_execsql_test 12.1 {
  DROP TABLE IF EXISTS t1;
  CREATE TABLE t1(a,b); INSERT INTO t1 VALUES(1,2);
  DROP TABLE IF EXISTS t2;
  CREATE TABLE t2(x,y); INSERT INTO t2 VALUES(3,4);
  SELECT *,'x' FROM t1 LEFT JOIN t2 ON (a,b)=(x,y);
} {1 2 {} {} x}














finish_test







>
>
>
>
>
>
>
>
>
>
>
>
>


261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
do_execsql_test 12.1 {
  DROP TABLE IF EXISTS t1;
  CREATE TABLE t1(a,b); INSERT INTO t1 VALUES(1,2);
  DROP TABLE IF EXISTS t2;
  CREATE TABLE t2(x,y); INSERT INTO t2 VALUES(3,4);
  SELECT *,'x' FROM t1 LEFT JOIN t2 ON (a,b)=(x,y);
} {1 2 {} {} x}


foreach {tn sql} {
  0 "SELECT (1,2) AS x WHERE x=3"
  1 "SELECT (1,2) BETWEEN 1 AND 2"
  2 "SELECT 1 BETWEEN (1,2) AND 2"
  3 "SELECT 2 BETWEEN 1 AND (1,2)"
  4 "SELECT (1,2) FROM (SELECT 1) ORDER BY 1"
  5 "SELECT (1,2) FROM (SELECT 1) GROUP BY 1"
} {
  do_catchsql_test 13.$tn $sql {1 {row value misused}}
}


finish_test