SQLite

Check-in [fba5fddb1c]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Handle some obscure "row value misused" cases that could cause segfaults or assertion failures.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: fba5fddb1c40af75634b01c1f06d2610df697e01
User & Date: dan 2016-11-11 15:49:01.962
Context
2016-11-23
19:43
Handle some obscure "row value misused" cases that could cause segfaults or assertion failures. (check-in: 794763fd6c user: drh tags: branch-3.15)
2016-11-11
16:33
Add the test/ossfuzz.c interface adaptor for OSS-FUZZ. Make previsions for testing the adaptor using fuzzcheck.c. (check-in: 119d6ef847 user: drh tags: trunk)
15:49
Handle some obscure "row value misused" cases that could cause segfaults or assertion failures. (check-in: fba5fddb1c user: dan tags: trunk)
14:54
Back out the "--raw" option on ".read" in the command-line shell. Instead, fix the command-line shell so that if EOF is reached without seeing a final semicolon, it goes ahead and passes the accumulated SQL text to SQLite. (check-in: f98c8ac8c4 user: drh tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/resolve.c.
395
396
397
398
399
400
401




402
403
404
405
406
407
408
          assert( pExpr->pLeft==0 && pExpr->pRight==0 );
          assert( pExpr->x.pList==0 );
          assert( pExpr->x.pSelect==0 );
          pOrig = pEList->a[j].pExpr;
          if( (pNC->ncFlags&NC_AllowAgg)==0 && ExprHasProperty(pOrig, EP_Agg) ){
            sqlite3ErrorMsg(pParse, "misuse of aliased aggregate %s", zAs);
            return WRC_Abort;




          }
          resolveAlias(pParse, pEList, j, pExpr, "", nSubquery);
          cnt = 1;
          pMatch = 0;
          assert( zTab==0 && zDb==0 );
          goto lookupname_end;
        }







>
>
>
>







395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
          assert( pExpr->pLeft==0 && pExpr->pRight==0 );
          assert( pExpr->x.pList==0 );
          assert( pExpr->x.pSelect==0 );
          pOrig = pEList->a[j].pExpr;
          if( (pNC->ncFlags&NC_AllowAgg)==0 && ExprHasProperty(pOrig, EP_Agg) ){
            sqlite3ErrorMsg(pParse, "misuse of aliased aggregate %s", zAs);
            return WRC_Abort;
          }
          if( sqlite3ExprVectorSize(pOrig)!=1 ){
            sqlite3ErrorMsg(pParse, "row value misused");
            return WRC_Abort;
          }
          resolveAlias(pParse, pEList, j, pExpr, "", nSubquery);
          cnt = 1;
          pMatch = 0;
          assert( zTab==0 && zDb==0 );
          goto lookupname_end;
        }
772
773
774
775
776
777
778

779
780
781
782
783
784
785
786
787
788
789
790
791







792

793
794
795
796
797
798
799
800
801

802
803
804
805
806
807
808
      }
      break;
    }
    case TK_VARIABLE: {
      notValid(pParse, pNC, "parameters", NC_IsCheck|NC_PartIdx|NC_IdxExpr);
      break;
    }

    case TK_EQ:
    case TK_NE:
    case TK_LT:
    case TK_LE:
    case TK_GT:
    case TK_GE:
    case TK_IS:
    case TK_ISNOT: {
      int nLeft, nRight;
      if( pParse->db->mallocFailed ) break;
      assert( pExpr->pRight!=0 );
      assert( pExpr->pLeft!=0 );
      nLeft = sqlite3ExprVectorSize(pExpr->pLeft);







      nRight = sqlite3ExprVectorSize(pExpr->pRight);

      if( nLeft!=nRight ){
        testcase( pExpr->op==TK_EQ );
        testcase( pExpr->op==TK_NE );
        testcase( pExpr->op==TK_LT );
        testcase( pExpr->op==TK_LE );
        testcase( pExpr->op==TK_GT );
        testcase( pExpr->op==TK_GE );
        testcase( pExpr->op==TK_IS );
        testcase( pExpr->op==TK_ISNOT );

        sqlite3ErrorMsg(pParse, "row value misused");
      }
      break; 
    }
  }
  return (pParse->nErr || pParse->db->mallocFailed) ? WRC_Abort : WRC_Continue;
}







>










<


>
>
>
>
>
>
>
|
>









>







776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793

794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
      }
      break;
    }
    case TK_VARIABLE: {
      notValid(pParse, pNC, "parameters", NC_IsCheck|NC_PartIdx|NC_IdxExpr);
      break;
    }
    case TK_BETWEEN:
    case TK_EQ:
    case TK_NE:
    case TK_LT:
    case TK_LE:
    case TK_GT:
    case TK_GE:
    case TK_IS:
    case TK_ISNOT: {
      int nLeft, nRight;
      if( pParse->db->mallocFailed ) break;

      assert( pExpr->pLeft!=0 );
      nLeft = sqlite3ExprVectorSize(pExpr->pLeft);
      if( pExpr->op==TK_BETWEEN ){
        nRight = sqlite3ExprVectorSize(pExpr->x.pList->a[0].pExpr);
        if( nRight==nLeft ){
          nRight = sqlite3ExprVectorSize(pExpr->x.pList->a[1].pExpr);
        }
      }else{
        assert( pExpr->pRight!=0 );
        nRight = sqlite3ExprVectorSize(pExpr->pRight);
      }
      if( nLeft!=nRight ){
        testcase( pExpr->op==TK_EQ );
        testcase( pExpr->op==TK_NE );
        testcase( pExpr->op==TK_LT );
        testcase( pExpr->op==TK_LE );
        testcase( pExpr->op==TK_GT );
        testcase( pExpr->op==TK_GE );
        testcase( pExpr->op==TK_IS );
        testcase( pExpr->op==TK_ISNOT );
        testcase( pExpr->op==TK_BETWEEN );
        sqlite3ErrorMsg(pParse, "row value misused");
      }
      break; 
    }
  }
  return (pParse->nErr || pParse->db->mallocFailed) ? WRC_Abort : WRC_Continue;
}
Changes to test/rowvalue.test.
261
262
263
264
265
266
267













268
269
do_execsql_test 12.1 {
  DROP TABLE IF EXISTS t1;
  CREATE TABLE t1(a,b); INSERT INTO t1 VALUES(1,2);
  DROP TABLE IF EXISTS t2;
  CREATE TABLE t2(x,y); INSERT INTO t2 VALUES(3,4);
  SELECT *,'x' FROM t1 LEFT JOIN t2 ON (a,b)=(x,y);
} {1 2 {} {} x}














finish_test







>
>
>
>
>
>
>
>
>
>
>
>
>


261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
do_execsql_test 12.1 {
  DROP TABLE IF EXISTS t1;
  CREATE TABLE t1(a,b); INSERT INTO t1 VALUES(1,2);
  DROP TABLE IF EXISTS t2;
  CREATE TABLE t2(x,y); INSERT INTO t2 VALUES(3,4);
  SELECT *,'x' FROM t1 LEFT JOIN t2 ON (a,b)=(x,y);
} {1 2 {} {} x}


foreach {tn sql} {
  0 "SELECT (1,2) AS x WHERE x=3"
  1 "SELECT (1,2) BETWEEN 1 AND 2"
  2 "SELECT 1 BETWEEN (1,2) AND 2"
  3 "SELECT 2 BETWEEN 1 AND (1,2)"
  4 "SELECT (1,2) FROM (SELECT 1) ORDER BY 1"
  5 "SELECT (1,2) FROM (SELECT 1) GROUP BY 1"
} {
  do_catchsql_test 13.$tn $sql {1 {row value misused}}
}


finish_test