Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
| Comment: | When SQLITE_MAX_SQL_LENGTH is 0, disable the limit. Make the default 0. Once again build the sqlite3 CLI from individual source files so that it can be built on systems that lack tclsh. Tickets #2845 and #2846. (CVS 4636) |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
07aeca3b9c51e538ba7939950a970f62 |
| User & Date: | drh 2007-12-17 16:20:07 |
|
2007-12-18
| ||
| 11:19 | Fix for typo in main.mk: the output of target sqlite3 was testcli. (CVS 4637) (check-in: 15675dc5 user: danielk1977 tags: trunk) | |
|
2007-12-17
| ||
| 16:20 | When SQLITE_MAX_SQL_LENGTH is 0, disable the limit. Make the default 0. Once again build the sqlite3 CLI from individual source files so that it can be built on systems that lack tclsh. Tickets #2845 and #2846. (CVS 4636) (check-in: 07aeca3b user: drh tags: trunk) | |
|
2007-12-14
| ||
| 17:39 | Version 3.5.4 (CVS 4635) (check-in: cf4a11b2 user: drh tags: trunk) | |
Changes to Makefile.in.
313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 |
libtclsqlite3.la: tclsqlite.lo libsqlite3.la
$(LTLINK) -o libtclsqlite3.la tclsqlite.lo \
$(LIBOBJ) @TCL_STUB_LIB_SPEC@ $(LIBPTHREAD) \
-rpath $(libdir)/sqlite \
-version-info "8:6:8"
testcli$(TEXE): $(TOP)/src/shell.c libsqlite3.la sqlite3.h
$(LTLINK) $(READLINE_FLAGS) $(LIBPTHREAD) \
-o $@ $(TOP)/src/shell.c libsqlite3.la \
$(LIBREADLINE) $(TLIBS)
sqlite3$(EXE): $(TOP)/src/shell.c sqlite3.c sqlite3.h
$(LTLINK) $(READLINE_FLAGS) -o $@ \
-DSQLITE_MAX_SQL_LENGTH=1000000000 \
-USQLITE_THREADSAFE -DSQLITE_THREADSAFE=0 \
$(TOP)/src/shell.c sqlite3.c \
$(LIBREADLINE) $(TLIBS) $(THREADLIB)
# This target creates a directory named "tsrc" and fills it with
# copies of all of the C source code and header files needed to
# build on the target system. Some of the C source code and header
# files are automatically generated. This target takes care of
# all that automatic generation.
#
target_source: $(SRC) parse.c opcodes.c keywordhash.h $(VDBEHDR)
|
| < < < < < < < |
313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 |
libtclsqlite3.la: tclsqlite.lo libsqlite3.la
$(LTLINK) -o libtclsqlite3.la tclsqlite.lo \
$(LIBOBJ) @TCL_STUB_LIB_SPEC@ $(LIBPTHREAD) \
-rpath $(libdir)/sqlite \
-version-info "8:6:8"
sqlite3$(TEXE): $(TOP)/src/shell.c libsqlite3.la sqlite3.h
$(LTLINK) $(READLINE_FLAGS) $(LIBPTHREAD) \
-o $@ $(TOP)/src/shell.c libsqlite3.la \
$(LIBREADLINE) $(TLIBS)
# This target creates a directory named "tsrc" and fills it with
# copies of all of the C source code and header files needed to
# build on the target system. Some of the C source code and header
# files are automatically generated. This target takes care of
# all that automatic generation.
#
target_source: $(SRC) parse.c opcodes.c keywordhash.h $(VDBEHDR)
|
Changes to main.mk.
273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 |
# all: sqlite3.h libsqlite3.a sqlite3$(EXE) libsqlite3.a: $(LIBOBJ) $(AR) libsqlite3.a $(LIBOBJ) $(RANLIB) libsqlite3.a testcli$(EXE): $(TOP)/src/shell.c libsqlite3.a sqlite3.h $(TCCX) $(READLINE_FLAGS) -o testcli$(EXE) \ $(TOP)/src/shell.c \ libsqlite3.a $(LIBREADLINE) $(TLIBS) $(THREADLIB) sqlite3$(EXE): $(TOP)/src/shell.c sqlite3.c sqlite3.h $(TCCX) $(READLINE_FLAGS) -o sqlite3$(EXE) \ -DSQLITE_MAX_SQL_LENGTH=1000000000 \ -USQLITE_THREADSAFE -DSQLITE_THREADSAFE=0 \ $(TOP)/src/shell.c sqlite3.c \ $(LIBREADLINE) $(TLIBS) $(THREADLIB) objects: $(LIBOBJ_ORIG) # This target creates a directory named "tsrc" and fills it with # copies of all of the C source code and header files needed to # build on the target system. Some of the C source code and header # files are automatically generated. This target takes care of # all that automatic generation. |
| < < < < < < < |
273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 |
#
all: sqlite3.h libsqlite3.a sqlite3$(EXE)
libsqlite3.a: $(LIBOBJ)
$(AR) libsqlite3.a $(LIBOBJ)
$(RANLIB) libsqlite3.a
sqlite3$(EXE): $(TOP)/src/shell.c libsqlite3.a sqlite3.h
$(TCCX) $(READLINE_FLAGS) -o testcli$(EXE) \
$(TOP)/src/shell.c \
libsqlite3.a $(LIBREADLINE) $(TLIBS) $(THREADLIB)
objects: $(LIBOBJ_ORIG)
# This target creates a directory named "tsrc" and fills it with
# copies of all of the C source code and header files needed to
# build on the target system. Some of the C source code and header
# files are automatically generated. This target takes care of
# all that automatic generation.
|
Changes to src/sqliteLimit.h.
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
..
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
** May you find forgiveness for yourself and forgive others. ** May you share freely, never taking more than you give. ** ************************************************************************* ** ** This file defines various limits of what SQLite can process. ** ** @(#) $Id: sqliteLimit.h,v 1.5 2007/12/13 21:54:11 drh Exp $ */ /* ** The maximum length of a TEXT or BLOB in bytes. This also ** limits the size of a row in a table or index. ** ** The hard limit is the ability of a 32-bit signed integer ................................................................................ */ #ifndef SQLITE_MAX_COLUMN # define SQLITE_MAX_COLUMN 2000 #endif /* ** The maximum length of a single SQL statement in bytes. ** The hard limit is 1 million. */ #ifndef SQLITE_MAX_SQL_LENGTH # define SQLITE_MAX_SQL_LENGTH 1000000 #endif /* ** The maximum depth of an expression tree. This is limited to ** some extent by SQLITE_MAX_SQL_LENGTH. But sometime you might ** want to place more severe limits on the complexity of an ** expression. A value of 0 (the default) means do not enforce |
|
|
|
|
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
..
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
** May you find forgiveness for yourself and forgive others. ** May you share freely, never taking more than you give. ** ************************************************************************* ** ** This file defines various limits of what SQLite can process. ** ** @(#) $Id: sqliteLimit.h,v 1.6 2007/12/17 16:20:07 drh Exp $ */ /* ** The maximum length of a TEXT or BLOB in bytes. This also ** limits the size of a row in a table or index. ** ** The hard limit is the ability of a 32-bit signed integer ................................................................................ */ #ifndef SQLITE_MAX_COLUMN # define SQLITE_MAX_COLUMN 2000 #endif /* ** The maximum length of a single SQL statement in bytes. ** A value of zero means there is no limit. */ #ifndef SQLITE_MAX_SQL_LENGTH # define SQLITE_MAX_SQL_LENGTH 0 #endif /* ** The maximum depth of an expression tree. This is limited to ** some extent by SQLITE_MAX_SQL_LENGTH. But sometime you might ** want to place more severe limits on the complexity of an ** expression. A value of 0 (the default) means do not enforce |
Changes to src/tokenize.c.
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
...
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
|
************************************************************************* ** An tokenizer for SQL ** ** This file contains C code that splits an SQL input string up into ** individual tokens and sends those tokens one-by-one over to the ** parser for analysis. ** ** $Id: tokenize.c,v 1.136 2007/08/27 23:26:59 drh Exp $ */ #include "sqliteInt.h" #include <ctype.h> #include <stdlib.h> /* ** The charMap() macro maps alphabetic characters into their ................................................................................ pParse->zTail = pParse->zSql = zSql; while( !db->mallocFailed && zSql[i]!=0 ){ assert( i>=0 ); pParse->sLastToken.z = (u8*)&zSql[i]; assert( pParse->sLastToken.dyn==0 ); pParse->sLastToken.n = getToken((unsigned char*)&zSql[i],&tokenType); i += pParse->sLastToken.n; if( i>SQLITE_MAX_SQL_LENGTH ){ pParse->rc = SQLITE_TOOBIG; break; } switch( tokenType ){ case TK_SPACE: case TK_COMMENT: { if( db->u1.isInterrupted ){ |
|
|
|
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
...
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
|
************************************************************************* ** An tokenizer for SQL ** ** This file contains C code that splits an SQL input string up into ** individual tokens and sends those tokens one-by-one over to the ** parser for analysis. ** ** $Id: tokenize.c,v 1.137 2007/12/17 16:20:07 drh Exp $ */ #include "sqliteInt.h" #include <ctype.h> #include <stdlib.h> /* ** The charMap() macro maps alphabetic characters into their ................................................................................ pParse->zTail = pParse->zSql = zSql; while( !db->mallocFailed && zSql[i]!=0 ){ assert( i>=0 ); pParse->sLastToken.z = (u8*)&zSql[i]; assert( pParse->sLastToken.dyn==0 ); pParse->sLastToken.n = getToken((unsigned char*)&zSql[i],&tokenType); i += pParse->sLastToken.n; if( SQLITE_MAX_SQL_LENGTH>0 && i>SQLITE_MAX_SQL_LENGTH ){ pParse->rc = SQLITE_TOOBIG; break; } switch( tokenType ){ case TK_SPACE: case TK_COMMENT: { if( db->u1.isInterrupted ){ |
Changes to src/vdbe.c.
39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 ... 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 ... 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 ... 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 ... 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 |
** ** Various scripts scan this source file in order to generate HTML ** documentation, headers files, or other derived files. The formatting ** of the code in this file is, therefore, important. See other comments ** in this file for details. If in doubt, do not deviate from existing ** commenting and indentation practices when changing or adding code. ** ** $Id: vdbe.c,v 1.660 2007/12/13 21:54:11 drh Exp $ */ #include "sqliteInt.h" #include <ctype.h> #include "vdbeInt.h" /* ** The following global variable is incremented every time a cursor ................................................................................ ** P3 points to a nul terminated UTF-8 string. This opcode is transformed ** into an OP_String before it is executed for the first time. */ case OP_String8: { /* same as TK_STRING */ assert( pOp->p3!=0 ); pOp->opcode = OP_String; pOp->p1 = strlen(pOp->p3); assert( SQLITE_MAX_SQL_LENGTH <= SQLITE_MAX_LENGTH ); assert( pOp->p1 <= SQLITE_MAX_LENGTH ); #ifndef SQLITE_OMIT_UTF16 if( encoding!=SQLITE_UTF8 ){ pTos++; sqlite3VdbeMemSetStr(pTos, pOp->p3, -1, SQLITE_UTF8, SQLITE_STATIC); if( SQLITE_OK!=sqlite3VdbeChangeEncoding(pTos, encoding) ) goto no_mem; if( SQLITE_OK!=sqlite3VdbeMemDynamicify(pTos) ) goto no_mem; ................................................................................ pTos->flags |= MEM_Static; if( pOp->p3type==P3_DYNAMIC ){ sqlite3_free(pOp->p3); } pOp->p3type = P3_DYNAMIC; pOp->p3 = pTos->z; pOp->p1 = pTos->n; assert( pOp->p1 <= SQLITE_MAX_LENGTH ); /* Due to SQLITE_MAX_SQL_LENGTH */ break; } #endif /* Otherwise fall through to the next case, OP_String */ } /* Opcode: String P1 * P3 ** ** The string value P3 of length P1 (bytes) is pushed onto the stack. */ case OP_String: { assert( pOp->p1 <= SQLITE_MAX_LENGTH ); /* Due to SQLITE_MAX_SQL_LENGTH */ pTos++; assert( pOp->p3!=0 ); pTos->flags = MEM_Str|MEM_Static|MEM_Term; pTos->z = pOp->p3; pTos->n = pOp->p1; pTos->enc = encoding; break; ................................................................................ ** ** The first time this instruction executes, in transforms itself into a ** 'Blob' opcode with a binary blob as P3. */ case OP_HexBlob: { /* same as TK_BLOB */ pOp->opcode = OP_Blob; pOp->p1 = strlen(pOp->p3)/2; assert( SQLITE_MAX_SQL_LENGTH <= SQLITE_MAX_LENGTH ); assert( pOp->p1 <= SQLITE_MAX_LENGTH ); if( pOp->p1 ){ char *zBlob = sqlite3HexToBlob(db, pOp->p3); if( !zBlob ) goto no_mem; if( pOp->p3type==P3_DYNAMIC ){ sqlite3_free(pOp->p3); } pOp->p3 = zBlob; ................................................................................ ** by the compiler. Instead, the compiler layer specifies ** an OP_HexBlob opcode, with the hex string representation of ** the blob as P3. This opcode is transformed to an OP_Blob ** the first time it is executed. */ case OP_Blob: { pTos++; assert( pOp->p1 <= SQLITE_MAX_LENGTH ); /* Due to SQLITE_MAX_SQL_LENGTH */ sqlite3VdbeMemSetStr(pTos, pOp->p3, pOp->p1, 0, 0); pTos->enc = encoding; break; } #endif /* SQLITE_OMIT_BLOB_LITERAL */ /* Opcode: Variable P1 * * |
| < < | > > > > > | < | | > | |
39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 ... 756 757 758 759 760 761 762 763 764 765 766 767 768 769 ... 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 ... 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 ... 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 |
** ** Various scripts scan this source file in order to generate HTML ** documentation, headers files, or other derived files. The formatting ** of the code in this file is, therefore, important. See other comments ** in this file for details. If in doubt, do not deviate from existing ** commenting and indentation practices when changing or adding code. ** ** $Id: vdbe.c,v 1.661 2007/12/17 16:20:07 drh Exp $ */ #include "sqliteInt.h" #include <ctype.h> #include "vdbeInt.h" /* ** The following global variable is incremented every time a cursor ................................................................................ ** P3 points to a nul terminated UTF-8 string. This opcode is transformed ** into an OP_String before it is executed for the first time. */ case OP_String8: { /* same as TK_STRING */ assert( pOp->p3!=0 ); pOp->opcode = OP_String; pOp->p1 = strlen(pOp->p3); #ifndef SQLITE_OMIT_UTF16 if( encoding!=SQLITE_UTF8 ){ pTos++; sqlite3VdbeMemSetStr(pTos, pOp->p3, -1, SQLITE_UTF8, SQLITE_STATIC); if( SQLITE_OK!=sqlite3VdbeChangeEncoding(pTos, encoding) ) goto no_mem; if( SQLITE_OK!=sqlite3VdbeMemDynamicify(pTos) ) goto no_mem; ................................................................................ pTos->flags |= MEM_Static; if( pOp->p3type==P3_DYNAMIC ){ sqlite3_free(pOp->p3); } pOp->p3type = P3_DYNAMIC; pOp->p3 = pTos->z; pOp->p1 = pTos->n; if( pOp->p1>SQLITE_MAX_LENGTH ){ goto too_big; } break; } #endif if( pOp->p1>SQLITE_MAX_LENGTH ){ goto too_big; } /* Fall through to the next case, OP_String */ } /* Opcode: String P1 * P3 ** ** The string value P3 of length P1 (bytes) is pushed onto the stack. */ case OP_String: { pTos++; assert( pOp->p3!=0 ); pTos->flags = MEM_Str|MEM_Static|MEM_Term; pTos->z = pOp->p3; pTos->n = pOp->p1; pTos->enc = encoding; break; ................................................................................ ** ** The first time this instruction executes, in transforms itself into a ** 'Blob' opcode with a binary blob as P3. */ case OP_HexBlob: { /* same as TK_BLOB */ pOp->opcode = OP_Blob; pOp->p1 = strlen(pOp->p3)/2; if( pOp->p1>SQLITE_MAX_LENGTH ){ goto too_big; } if( pOp->p1 ){ char *zBlob = sqlite3HexToBlob(db, pOp->p3); if( !zBlob ) goto no_mem; if( pOp->p3type==P3_DYNAMIC ){ sqlite3_free(pOp->p3); } pOp->p3 = zBlob; ................................................................................ ** by the compiler. Instead, the compiler layer specifies ** an OP_HexBlob opcode, with the hex string representation of ** the blob as P3. This opcode is transformed to an OP_Blob ** the first time it is executed. */ case OP_Blob: { pTos++; assert( pOp->p1 <= SQLITE_MAX_LENGTH ); sqlite3VdbeMemSetStr(pTos, pOp->p3, pOp->p1, 0, 0); pTos->enc = encoding; break; } #endif /* SQLITE_OMIT_BLOB_LITERAL */ /* Opcode: Variable P1 * * |
Changes to test/sqllimits1.test.
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
...
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
|
# May you share freely, never taking more than you give. # #*********************************************************************** # # This file contains tests to verify that the limits defined in # sqlite source file limits.h are enforced. # # $Id: sqllimits1.test,v 1.20 2007/11/28 22:36:41 drh Exp $ set testdir [file dirname $argv0] source $testdir/tester.tcl # Test organization: # # sqllimits-1.*: SQLITE_MAX_LENGTH ................................................................................ INSERT INTO t4 SELECT 2+x FROM t4; } catchsql { SELECT group_concat(hex(randomblob(20000))) FROM t4; } } {1 {string or blob too big}} db eval {DROP TABLE t4} #-------------------------------------------------------------------- # Test cases sqllimits-2.* test that the SQLITE_MAX_SQL_LENGTH limit # is enforced. # do_test sqllimits-2.1 { set sql "SELECT 1 WHERE 1==1" set N [expr {$::SQLITE_MAX_SQL_LENGTH / [string length " AND 1==1"]}] append sql [string repeat " AND 1==1" $N] catchsql $sql } {1 {String or BLOB exceeded size limit}} #-------------------------------------------------------------------- # Test cases sqllimits-3.* test that the limit set using the # max_page_count pragma. # do_test sqllimits-3.1 { execsql { |
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>
>
>
|
|
>
>
>
>
|
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
...
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
|
# May you share freely, never taking more than you give. # #*********************************************************************** # # This file contains tests to verify that the limits defined in # sqlite source file limits.h are enforced. # # $Id: sqllimits1.test,v 1.21 2007/12/17 16:20:07 drh Exp $ set testdir [file dirname $argv0] source $testdir/tester.tcl # Test organization: # # sqllimits-1.*: SQLITE_MAX_LENGTH ................................................................................ INSERT INTO t4 SELECT 2+x FROM t4; } catchsql { SELECT group_concat(hex(randomblob(20000))) FROM t4; } } {1 {string or blob too big}} db eval {DROP TABLE t4} set ::SQLITE_MAX_SQL_LENGTH 0 set strvalue [string repeat A $::SQLITE_MAX_LENGTH] do_test sqllimits-1.16 { catchsql "SELECT '$strvalue'" } [list 0 $strvalue] do_test sqllimits-1.17 { catchsql "SELECT 'A$strvalue'" } [list 1 {string or blob too big}] set blobvalue [string repeat 41 $::SQLITE_MAX_LENGTH] do_test sqllimits-1.18 { catchsql "SELECT x'$blobvalue'" } [list 0 $strvalue] do_test sqllimits-1.19 { catchsql "SELECT '41$blobvalue'" } [list 1 {string or blob too big}] unset strvalue unset blobvalue #-------------------------------------------------------------------- # Test cases sqllimits-2.* test that the SQLITE_MAX_SQL_LENGTH limit # is enforced. # do_test sqllimits-2.1 { set ::SQLITE_MAX_SQL_LENGTH 50000 set sql "SELECT 1 WHERE 1==1" set tail " /* A comment to take up space in order to make the string\ longer without increasing the expression depth */\ AND 1 == 1" set N [expr {($::SQLITE_MAX_SQL_LENGTH / [string length $tail])+1}] append sql [string repeat $tail $N] catchsql $sql } {1 {String or BLOB exceeded size limit}} do_test sqllimits-2.2 { set ::SQLITE_MAX_SQL_LENGTH 0 catchsql $sql } {0 1} #-------------------------------------------------------------------- # Test cases sqllimits-3.* test that the limit set using the # max_page_count pragma. # do_test sqllimits-3.1 { execsql { |