Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Add more code to enforce the limits specified in limits.h. (CVS 3946) |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
c59d436095b5258d7132a432c0cb6cd5 |
| User & Date: | drh 2007-05-08 13:58:27 |
Context
|
2007-05-08
| ||
| 14:39 | Fix a potential buffer overrun in the replace() function. (CVS 3947) check-in: b0fb4a3c user: danielk1977 tags: trunk | |
| 13:58 | Add more code to enforce the limits specified in limits.h. (CVS 3946) check-in: c59d4360 user: drh tags: trunk | |
| 13:57 | Avoid evaluating (INT_MIN/-1) with 32 bit signed numbers. It can cause SIGFPE. (CVS 3945) check-in: 2f186e91 user: danielk1977 tags: trunk | |
Changes
Changes to src/build.c.
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
...
906
907
908
909
910
911
912
913
914
915
916
917
918
919
|
** CREATE INDEX ** DROP INDEX ** creating ID lists ** BEGIN TRANSACTION ** COMMIT ** ROLLBACK ** ** $Id: build.c,v 1.426 2007/05/08 01:08:49 drh Exp $ */ #include "sqliteInt.h" #include <ctype.h> /* ** This routine is called when a new SQL statement is beginning to ** be parsed. Initialize the pParse structure as needed. ................................................................................ */ void sqlite3AddColumn(Parse *pParse, Token *pName){ Table *p; int i; char *z; Column *pCol; if( (p = pParse->pNewTable)==0 ) return; z = sqlite3NameFromToken(pName); if( z==0 ) return; for(i=0; i<p->nCol; i++){ if( STRICMP(z, p->aCol[i].zName) ){ sqlite3ErrorMsg(pParse, "duplicate column name: %s", z); sqliteFree(z); return; |
|
>
>
>
>
|
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
...
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
|
** CREATE INDEX ** DROP INDEX ** creating ID lists ** BEGIN TRANSACTION ** COMMIT ** ROLLBACK ** ** $Id: build.c,v 1.427 2007/05/08 13:58:27 drh Exp $ */ #include "sqliteInt.h" #include <ctype.h> /* ** This routine is called when a new SQL statement is beginning to ** be parsed. Initialize the pParse structure as needed. ................................................................................ */ void sqlite3AddColumn(Parse *pParse, Token *pName){ Table *p; int i; char *z; Column *pCol; if( (p = pParse->pNewTable)==0 ) return; if( p->nCol+1>SQLITE_MAX_COLUMN ){ sqlite3ErrorMsg(pParse, "too many columns on %s", p->zName); return; } z = sqlite3NameFromToken(pName); if( z==0 ) return; for(i=0; i<p->nCol; i++){ if( STRICMP(z, p->aCol[i].zName) ){ sqlite3ErrorMsg(pParse, "duplicate column name: %s", z); sqliteFree(z); return; |
Changes to src/limits.h.
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
..
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
** May you find forgiveness for yourself and forgive others. ** May you share freely, never taking more than you give. ** ************************************************************************* ** ** This file defines various limits of what SQLite can process. ** ** @(#) $Id: limits.h,v 1.1 2007/05/08 01:08:49 drh Exp $ */ /* ** The maximum length of a TEXT or BLOB in bytes. This also ** limits the size of a row in a table or index. ** ** The hard limit is the ability of a 32-bit signed integer ................................................................................ ** The hard upper limit here is 32676. Most database people will ** tell you that in a well-normalized database, you usually should ** not have more than a dozen or so columns in any table. And if ** that is the case, there is no point in having more than a few ** dozen values in any of the other situations described above. */ #ifndef SQLITE_MAX_COLUMN # define SQLITE_MAX_COLUMN 1000 #endif /* ** The maximum length of a single SQL statement in bytes. ** The hard limit here is the same as SQLITE_MAX_LENGTH. */ #ifndef SQLITE_MAX_SQL_LENGTH |
|
|
|
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
..
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
** May you find forgiveness for yourself and forgive others. ** May you share freely, never taking more than you give. ** ************************************************************************* ** ** This file defines various limits of what SQLite can process. ** ** @(#) $Id: limits.h,v 1.2 2007/05/08 13:58:28 drh Exp $ */ /* ** The maximum length of a TEXT or BLOB in bytes. This also ** limits the size of a row in a table or index. ** ** The hard limit is the ability of a 32-bit signed integer ................................................................................ ** The hard upper limit here is 32676. Most database people will ** tell you that in a well-normalized database, you usually should ** not have more than a dozen or so columns in any table. And if ** that is the case, there is no point in having more than a few ** dozen values in any of the other situations described above. */ #ifndef SQLITE_MAX_COLUMN # define SQLITE_MAX_COLUMN 2000 #endif /* ** The maximum length of a single SQL statement in bytes. ** The hard limit here is the same as SQLITE_MAX_LENGTH. */ #ifndef SQLITE_MAX_SQL_LENGTH |
Changes to src/parse.y.
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
...
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
|
** ************************************************************************* ** This file contains SQLite's grammar for SQL. Process this file ** using the lemon parser generator to generate C code that runs ** the parser. Lemon will also generate a header file containing ** numeric codes for all of the tokens. ** ** @(#) $Id: parse.y,v 1.222 2007/05/04 18:30:41 drh Exp $ */ // All token codes are small integers with #defines that begin with "TK_" %token_prefix TK_ // The type of the data attached to each token is Token. This is also the // default type for non-terminals. ................................................................................ %ifndef SQLITE_OMIT_CAST expr(A) ::= CAST(X) LP expr(E) AS typetoken(T) RP(Y). { A = sqlite3Expr(TK_CAST, E, 0, &T); sqlite3ExprSpan(A,&X,&Y); } %endif SQLITE_OMIT_CAST expr(A) ::= ID(X) LP distinct(D) exprlist(Y) RP(E). { A = sqlite3ExprFunction(Y, &X); sqlite3ExprSpan(A,&X,&E); if( D && A ){ A->flags |= EP_Distinct; } } expr(A) ::= ID(X) LP STAR RP(E). { A = sqlite3ExprFunction(0, &X); sqlite3ExprSpan(A,&X,&E); } term(A) ::= CTIME_KW(OP). { |
|
>
>
>
>
>
|
|
|
|
>
|
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
...
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
|
** ************************************************************************* ** This file contains SQLite's grammar for SQL. Process this file ** using the lemon parser generator to generate C code that runs ** the parser. Lemon will also generate a header file containing ** numeric codes for all of the tokens. ** ** @(#) $Id: parse.y,v 1.223 2007/05/08 13:58:28 drh Exp $ */ // All token codes are small integers with #defines that begin with "TK_" %token_prefix TK_ // The type of the data attached to each token is Token. This is also the // default type for non-terminals. ................................................................................ %ifndef SQLITE_OMIT_CAST expr(A) ::= CAST(X) LP expr(E) AS typetoken(T) RP(Y). { A = sqlite3Expr(TK_CAST, E, 0, &T); sqlite3ExprSpan(A,&X,&Y); } %endif SQLITE_OMIT_CAST expr(A) ::= ID(X) LP distinct(D) exprlist(Y) RP(E). { if( Y->nExpr>SQLITE_MAX_FUNCTION_ARG ){ sqlite3ErrorMsg(pParse, "too many arguments on function %T", &X); sqlite3ExprListDelete(Y); A = 0; }else{ A = sqlite3ExprFunction(Y, &X); sqlite3ExprSpan(A,&X,&E); if( D && A ){ A->flags |= EP_Distinct; } } } expr(A) ::= ID(X) LP STAR RP(E). { A = sqlite3ExprFunction(0, &X); sqlite3ExprSpan(A,&X,&E); } term(A) ::= CTIME_KW(OP). { |
Changes to src/prepare.c.
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
...
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
|
** May you share freely, never taking more than you give. ** ************************************************************************* ** This file contains the implementation of the sqlite3_prepare() ** interface, and routines that contribute to loading the database schema ** from disk. ** ** $Id: prepare.c,v 1.48 2007/05/08 01:08:49 drh Exp $ */ #include "sqliteInt.h" #include "os.h" #include <ctype.h> /* ** Fill the InitData structure with an error message that indicates ................................................................................ return SQLITE_LOCKED; } } memset(&sParse, 0, sizeof(sParse)); sParse.db = db; if( nBytes>=0 && zSql[nBytes]!=0 ){ char *zSqlCopy = sqlite3StrNDup(zSql, nBytes); if( zSqlCopy ){ sqlite3RunParser(&sParse, zSqlCopy, &zErrMsg); sqliteFree(zSqlCopy); } sParse.zTail = &zSql[nBytes]; }else{ sqlite3RunParser(&sParse, zSql, &zErrMsg); |
|
>
>
>
>
|
|
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
...
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
|
** May you share freely, never taking more than you give. ** ************************************************************************* ** This file contains the implementation of the sqlite3_prepare() ** interface, and routines that contribute to loading the database schema ** from disk. ** ** $Id: prepare.c,v 1.49 2007/05/08 13:58:28 drh Exp $ */ #include "sqliteInt.h" #include "os.h" #include <ctype.h> /* ** Fill the InitData structure with an error message that indicates ................................................................................ return SQLITE_LOCKED; } } memset(&sParse, 0, sizeof(sParse)); sParse.db = db; if( nBytes>=0 && zSql[nBytes]!=0 ){ char *zSqlCopy; if( nBytes>SQLITE_MAX_SQL_LENGTH ){ return SQLITE_TOOBIG; } zSqlCopy = sqlite3StrNDup(zSql, nBytes); if( zSqlCopy ){ sqlite3RunParser(&sParse, zSqlCopy, &zErrMsg); sqliteFree(zSqlCopy); } sParse.zTail = &zSql[nBytes]; }else{ sqlite3RunParser(&sParse, zSql, &zErrMsg); |
Changes to src/select.c.
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 .... 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 .... 2496 2497 2498 2499 2500 2501 2502 2503 2504 2505 2506 2507 2508 2509 |
** May you find forgiveness for yourself and forgive others. ** May you share freely, never taking more than you give. ** ************************************************************************* ** This file contains C code routines that are called by the parser ** to handle SELECT statements in SQLite. ** ** $Id: select.c,v 1.341 2007/05/06 20:04:25 drh Exp $ */ #include "sqliteInt.h" /* ** Delete all the content of a Select structure but do not deallocate ** the select structure itself. ................................................................................ } sqliteFree(zTName); } } sqlite3ExprListDelete(pEList); p->pEList = pNew; } return rc; } #ifndef SQLITE_OMIT_COMPOUND_SELECT /* ** This routine associates entries in an ORDER BY expression list with ** columns in a result. For each ORDER BY expression, the opcode of ................................................................................ ){ int i; ExprList *pEList = pNC->pEList; /* The result set of the SELECT */ Parse *pParse = pNC->pParse; /* The result set of the SELECT */ assert( pEList ); if( pOrderBy==0 ) return 0; for(i=0; i<pOrderBy->nExpr; i++){ int iCol; Expr *pE = pOrderBy->a[i].pExpr; if( sqlite3ExprIsInteger(pE, &iCol) ){ if( iCol>0 && iCol<=pEList->nExpr ){ CollSeq *pColl = pE->pColl; int flags = pE->flags & EP_ExpCollate; |
| > > > > > > > > |
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 .... 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 .... 2500 2501 2502 2503 2504 2505 2506 2507 2508 2509 2510 2511 2512 2513 2514 2515 2516 2517 |
** May you find forgiveness for yourself and forgive others. ** May you share freely, never taking more than you give. ** ************************************************************************* ** This file contains C code routines that are called by the parser ** to handle SELECT statements in SQLite. ** ** $Id: select.c,v 1.342 2007/05/08 13:58:28 drh Exp $ */ #include "sqliteInt.h" /* ** Delete all the content of a Select structure but do not deallocate ** the select structure itself. ................................................................................ } sqliteFree(zTName); } } sqlite3ExprListDelete(pEList); p->pEList = pNew; } if( p->pEList && p->pEList->nExpr>SQLITE_MAX_COLUMN ){ sqlite3ErrorMsg(pParse, "too many columns in result set"); rc = SQLITE_ERROR; } return rc; } #ifndef SQLITE_OMIT_COMPOUND_SELECT /* ** This routine associates entries in an ORDER BY expression list with ** columns in a result. For each ORDER BY expression, the opcode of ................................................................................ ){ int i; ExprList *pEList = pNC->pEList; /* The result set of the SELECT */ Parse *pParse = pNC->pParse; /* The result set of the SELECT */ assert( pEList ); if( pOrderBy==0 ) return 0; if( pOrderBy->nExpr>SQLITE_MAX_COLUMN ){ sqlite3ErrorMsg(pParse, "too many terms in %s BY clause", zType); return 1; } for(i=0; i<pOrderBy->nExpr; i++){ int iCol; Expr *pE = pOrderBy->a[i].pExpr; if( sqlite3ExprIsInteger(pE, &iCol) ){ if( iCol>0 && iCol<=pEList->nExpr ){ CollSeq *pColl = pE->pColl; int flags = pE->flags & EP_ExpCollate; |
Changes to src/tokenize.c.
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
...
417
418
419
420
421
422
423
424
425
426
427
428
429
430
|
************************************************************************* ** An tokenizer for SQL ** ** This file contains C code that splits an SQL input string up into ** individual tokens and sends those tokens one-by-one over to the ** parser for analysis. ** ** $Id: tokenize.c,v 1.126 2007/04/16 15:06:25 danielk1977 Exp $ */ #include "sqliteInt.h" #include "os.h" #include <ctype.h> #include <stdlib.h> /* ................................................................................ pParse->zTail = pParse->zSql = zSql; while( !sqlite3MallocFailed() && zSql[i]!=0 ){ assert( i>=0 ); pParse->sLastToken.z = (u8*)&zSql[i]; assert( pParse->sLastToken.dyn==0 ); pParse->sLastToken.n = getToken((unsigned char*)&zSql[i],&tokenType); i += pParse->sLastToken.n; switch( tokenType ){ case TK_SPACE: case TK_COMMENT: { if( db->u1.isInterrupted ){ pParse->rc = SQLITE_INTERRUPT; sqlite3SetString(pzErrMsg, "interrupt", (char*)0); goto abort_parse; |
|
>
>
>
>
|
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
...
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
|
************************************************************************* ** An tokenizer for SQL ** ** This file contains C code that splits an SQL input string up into ** individual tokens and sends those tokens one-by-one over to the ** parser for analysis. ** ** $Id: tokenize.c,v 1.127 2007/05/08 13:58:28 drh Exp $ */ #include "sqliteInt.h" #include "os.h" #include <ctype.h> #include <stdlib.h> /* ................................................................................ pParse->zTail = pParse->zSql = zSql; while( !sqlite3MallocFailed() && zSql[i]!=0 ){ assert( i>=0 ); pParse->sLastToken.z = (u8*)&zSql[i]; assert( pParse->sLastToken.dyn==0 ); pParse->sLastToken.n = getToken((unsigned char*)&zSql[i],&tokenType); i += pParse->sLastToken.n; if( i>SQLITE_MAX_SQL_LENGTH ){ pParse->rc = SQLITE_TOOBIG; break; } switch( tokenType ){ case TK_SPACE: case TK_COMMENT: { if( db->u1.isInterrupted ){ pParse->rc = SQLITE_INTERRUPT; sqlite3SetString(pzErrMsg, "interrupt", (char*)0); goto abort_parse; |