Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Handle some obscure "row value misused" cases that could cause segfaults or assertion failures. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
fba5fddb1c40af75634b01c1f06d2610 |
| User & Date: | dan 2016-11-11 15:49:01.962 |
Context
|
2016-11-23
| ||
| 19:43 | Handle some obscure "row value misused" cases that could cause segfaults or assertion failures. (check-in: 794763fd6c user: drh tags: branch-3.15) | |
|
2016-11-11
| ||
| 16:33 | Add the test/ossfuzz.c interface adaptor for OSS-FUZZ. Make previsions for testing the adaptor using fuzzcheck.c. (check-in: 119d6ef847 user: drh tags: trunk) | |
| 15:49 | Handle some obscure "row value misused" cases that could cause segfaults or assertion failures. (check-in: fba5fddb1c user: dan tags: trunk) | |
| 14:54 | Back out the "--raw" option on ".read" in the command-line shell. Instead, fix the command-line shell so that if EOF is reached without seeing a final semicolon, it goes ahead and passes the accumulated SQL text to SQLite. (check-in: f98c8ac8c4 user: drh tags: trunk) | |
Changes
Changes to src/resolve.c.
| ︙ | ︙ | |||
395 396 397 398 399 400 401 402 403 404 405 406 407 408 |
assert( pExpr->pLeft==0 && pExpr->pRight==0 );
assert( pExpr->x.pList==0 );
assert( pExpr->x.pSelect==0 );
pOrig = pEList->a[j].pExpr;
if( (pNC->ncFlags&NC_AllowAgg)==0 && ExprHasProperty(pOrig, EP_Agg) ){
sqlite3ErrorMsg(pParse, "misuse of aliased aggregate %s", zAs);
return WRC_Abort;
}
resolveAlias(pParse, pEList, j, pExpr, "", nSubquery);
cnt = 1;
pMatch = 0;
assert( zTab==0 && zDb==0 );
goto lookupname_end;
}
| > > > > | 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 |
assert( pExpr->pLeft==0 && pExpr->pRight==0 );
assert( pExpr->x.pList==0 );
assert( pExpr->x.pSelect==0 );
pOrig = pEList->a[j].pExpr;
if( (pNC->ncFlags&NC_AllowAgg)==0 && ExprHasProperty(pOrig, EP_Agg) ){
sqlite3ErrorMsg(pParse, "misuse of aliased aggregate %s", zAs);
return WRC_Abort;
}
if( sqlite3ExprVectorSize(pOrig)!=1 ){
sqlite3ErrorMsg(pParse, "row value misused");
return WRC_Abort;
}
resolveAlias(pParse, pEList, j, pExpr, "", nSubquery);
cnt = 1;
pMatch = 0;
assert( zTab==0 && zDb==0 );
goto lookupname_end;
}
|
| ︙ | ︙ | |||
772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 |
}
break;
}
case TK_VARIABLE: {
notValid(pParse, pNC, "parameters", NC_IsCheck|NC_PartIdx|NC_IdxExpr);
break;
}
case TK_EQ:
case TK_NE:
case TK_LT:
case TK_LE:
case TK_GT:
case TK_GE:
case TK_IS:
case TK_ISNOT: {
int nLeft, nRight;
if( pParse->db->mallocFailed ) break;
| > < > > > > > > > | > > | 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 |
}
break;
}
case TK_VARIABLE: {
notValid(pParse, pNC, "parameters", NC_IsCheck|NC_PartIdx|NC_IdxExpr);
break;
}
case TK_BETWEEN:
case TK_EQ:
case TK_NE:
case TK_LT:
case TK_LE:
case TK_GT:
case TK_GE:
case TK_IS:
case TK_ISNOT: {
int nLeft, nRight;
if( pParse->db->mallocFailed ) break;
assert( pExpr->pLeft!=0 );
nLeft = sqlite3ExprVectorSize(pExpr->pLeft);
if( pExpr->op==TK_BETWEEN ){
nRight = sqlite3ExprVectorSize(pExpr->x.pList->a[0].pExpr);
if( nRight==nLeft ){
nRight = sqlite3ExprVectorSize(pExpr->x.pList->a[1].pExpr);
}
}else{
assert( pExpr->pRight!=0 );
nRight = sqlite3ExprVectorSize(pExpr->pRight);
}
if( nLeft!=nRight ){
testcase( pExpr->op==TK_EQ );
testcase( pExpr->op==TK_NE );
testcase( pExpr->op==TK_LT );
testcase( pExpr->op==TK_LE );
testcase( pExpr->op==TK_GT );
testcase( pExpr->op==TK_GE );
testcase( pExpr->op==TK_IS );
testcase( pExpr->op==TK_ISNOT );
testcase( pExpr->op==TK_BETWEEN );
sqlite3ErrorMsg(pParse, "row value misused");
}
break;
}
}
return (pParse->nErr || pParse->db->mallocFailed) ? WRC_Abort : WRC_Continue;
}
|
| ︙ | ︙ |
Changes to test/rowvalue.test.
| ︙ | ︙ | |||
261 262 263 264 265 266 267 268 269 |
do_execsql_test 12.1 {
DROP TABLE IF EXISTS t1;
CREATE TABLE t1(a,b); INSERT INTO t1 VALUES(1,2);
DROP TABLE IF EXISTS t2;
CREATE TABLE t2(x,y); INSERT INTO t2 VALUES(3,4);
SELECT *,'x' FROM t1 LEFT JOIN t2 ON (a,b)=(x,y);
} {1 2 {} {} x}
finish_test
| > > > > > > > > > > > > > | 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 |
do_execsql_test 12.1 {
DROP TABLE IF EXISTS t1;
CREATE TABLE t1(a,b); INSERT INTO t1 VALUES(1,2);
DROP TABLE IF EXISTS t2;
CREATE TABLE t2(x,y); INSERT INTO t2 VALUES(3,4);
SELECT *,'x' FROM t1 LEFT JOIN t2 ON (a,b)=(x,y);
} {1 2 {} {} x}
foreach {tn sql} {
0 "SELECT (1,2) AS x WHERE x=3"
1 "SELECT (1,2) BETWEEN 1 AND 2"
2 "SELECT 1 BETWEEN (1,2) AND 2"
3 "SELECT 2 BETWEEN 1 AND (1,2)"
4 "SELECT (1,2) FROM (SELECT 1) ORDER BY 1"
5 "SELECT (1,2) FROM (SELECT 1) GROUP BY 1"
} {
do_catchsql_test 13.$tn $sql {1 {row value misused}}
}
finish_test
|